Privacy Policy
Effective: March 2026 · Last Updated: March 2026 · Sari Data Sdn. Bhd.
1. Overview
This Privacy Policy explains how Sari Data Sdn. Bhd. ("Sari Data") collects, uses, stores, and protects information when you use the FinDoc service at findoc.my. FinDoc is a computational screening tool for financial documents. Our data handling reflects the confidential nature of the documents our users work with: automated processing with no human access, and source document deletion after processing.
2. Information We Collect
Account information: email address (required), name and organisation (optional). We do not collect physical address, phone number, or government identification. Documents you upload: we temporarily receive your encrypted document, process it using automated systems, and permanently delete the source after your screening report is generated. Screening reports: reports are stored encrypted in your account for 90 days. Reports contain analytical outputs but not copies of source documents. Usage data: standard analytics for pages visited, feature interactions, and device type. No document content is included in analytics. Payment information: handled by Stripe. Sari Data does not store credit card or bank account details.
3. How We Use Your Information
Service delivery (processing documents, generating reports, managing accounts), communication (account notifications, service updates), service improvement (aggregated, anonymised usage patterns), security (fraud detection, abuse prevention), and legal compliance. We do not use your information for advertising or marketing to third parties.
4. AI and Document Processing
Documents are processed through a multi-stage automated pipeline including text extraction, financial data identification, metric computation, risk assessment, and report generation. Natural language processing uses Anthropic's Claude via Amazon Web Services Bedrock. Under Bedrock's terms: customer inputs and outputs are not used for model training, document content is not retained after processing, and processing occurs within AWS enterprise-grade infrastructure. We do not use your documents, reports, or any customer-specific data to train, fine-tune, or improve any AI model.
5. Data Storage and Security
All processing occurs on AWS infrastructure. Data is encrypted in transit (TLS 1.3), at rest (AWS KMS), and client-side before upload (AES-256). No Sari Data employee has access to your documents or reports. Document lifecycle: upload (encrypted client-side) → processing (decrypted in ephemeral memory, no disk writes) → report generation (stored encrypted) → source deletion (immediate, permanent) → report retention (90 days encrypted, user-deletable).
6. Data Sharing
We do not sell, rent, or trade your information. We share limited data with: AWS (infrastructure), AWS Bedrock/Anthropic (document analysis, zero-retention), Stripe (payments). We may disclose information if required by law.
7. Your Rights
Access (request a copy of your data), correction (update account information), deletion (delete account and all data within 30 days), report deletion (immediate, via dashboard), export (download reports during retention period), and objection (opt out of service improvement use). For any of these requests, use the contact form at findoc.my/contact/.
8. Cookies
Essential cookies for authentication and sessions (required). Analytics cookies (can be disabled). No advertising cookies, social tracking pixels, or cross-site tracking.
9. International Data Transfers
Sari Data is incorporated in Malaysia. Data may be processed on AWS infrastructure in multiple regions. By using the service, you consent to this transfer. We rely on AWS compliance certifications (SOC 2, ISO 27001) for adequate data protection.
10. Changes
Material changes will be communicated via email at least 30 days before taking effect.
11. Contact
Privacy enquiries can be submitted through findoc.my/contact/. Sari Data Sdn. Bhd., Kuala Lumpur, Malaysia.