Privacy Policy
Last updated: 17 April 2026
1. Who is the controller
The data controller is AYO Solution ApS (CVR DK42981494), Denmark. Contact: [email protected].
2. What we collect
- Account data — name, email, phone, business details.
- Bookkeeping data — the invoices, receipts, sales summaries, and messages you send us.
- Usage data — logs, device and browser information, and basic analytics.
- Payment data — processed by our payment providers; we do not store card numbers.
3. Why we process it
To run the service, keep your books, respond to support requests, prevent fraud, comply with legal obligations (including tax-related record-keeping in your jurisdiction), and improve the product.
4. Legal basis (GDPR)
We rely on performance of a contract (to deliver the service), legal obligation (to meet record-keeping rules), and legitimate interests (security, anti-fraud, product improvement). Where required, we ask for consent — e.g. for optional marketing emails.
5. AI processing
When you forward a message, receipt, or voice note into WhatsApp, we pass the content to a large language model (LLM) to draft a bookkeeping entry. Our LLM providers are Anthropic (Claude) and OpenAI. Neither provider trains on your data. Drafts are shown to you for review before they are booked.
We do not make solely automated decisions with legal or similarly significant effect. All LLM-generated entries are drafts that require your review and confirmation before being recorded.
6. Sub-processors
We use vetted providers for hosting, email delivery, payments, WhatsApp messaging, OCR, and AI inference. Key sub-processors include:
- Anthropic (AI text inference)
- OpenAI (AI audio transcription and embeddings)
- AWS (hosting and storage — Singapore and Malaysia regions)
A full list is available on request at [email protected].
7. Cookies and similar technologies
We use a small set of strictly necessary cookies to keep you signed in and to secure the service. We also use limited first-party analytics to understand how the product is used. We do not use advertising or cross-site tracking cookies. Where consent is required, we ask for it before setting non-essential cookies.
8. Retention
We keep account and bookkeeping data for as long as your account is active, and for the period required by applicable accounting and tax law afterwards. You can request deletion of non-mandatory data at any time.
9. Your rights
You have the right to access, correct, export, and (where applicable) delete your personal data, to object to or restrict processing, and to lodge a complaint with your supervisory authority. Under Malaysia's PDPA you have equivalent rights of access and correction.
In Denmark, the competent supervisory authority is Datatilsynet (datatilsynet.dk). In Malaysia, it is the Personal Data Protection Commissioner under the Department of Personal Data Protection (pdp.gov.my).
10. Data residency
Your bookkeeping data and attachments are stored in AWS ap-southeast-1 (Singapore) and AWS ap-southeast-5 (Malaysia). We do not transfer your bookkeeping data outside the Singapore and Malaysia regions without your written consent.
11. Security
Data is encrypted in transit and at rest. Access is restricted to staff who need it. We keep audit logs of sensitive actions.
12. International transfers
AI inference requests are processed by Anthropic and OpenAI, whose servers may be located outside Singapore and Malaysia. These transfers are governed by Standard Contractual Clauses or equivalent safeguards. No bookkeeping data is retained by the LLM providers beyond the duration of the API call.
13. Children and minors
The service is intended for business use and is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact [email protected] and we will delete it.
14. Changes
We'll update this policy if our practices change. Material changes will be notified in-app or by email.
15. Contact
Privacy questions: [email protected].