This Privacy Policy explains how Sari Data Sdn. Bhd. (“Sari Data”) collects, uses, stores, and protects information when you use the CIMCalc service at cimcalc.com.
CIMCalc is a computational screening tool for financial documents. Our data handling reflects the confidential nature of the documents our users work with: automated processing with no human access, and source document deletion after processing.
Email address (required), name and organization (optional). We do not collect physical address, phone number, or government identification.
We temporarily receive your encrypted document, process it using automated systems, and permanently delete the source after your screening report is generated.
Reports are stored encrypted in your account for 90 days. Reports contain analytical outputs but not copies of source documents.
Your acquisition thesis text may be retained in anonymized, aggregated form to improve the Service. It is never linked to your identity or documents after processing.
Standard analytics via Google Analytics 4: pages visited, feature interactions, device type, approximate location. No document content is included in analytics.
Handled by Stripe. Sari Data does not store credit card or bank account details.
Service delivery (processing documents, generating reports, managing accounts), communication (account notifications, service updates), service improvement (aggregated, anonymized usage patterns), security (fraud detection, abuse prevention), and legal compliance. We do not use your information for advertising or marketing to third parties.
Documents are processed through a multi-stage automated pipeline including text extraction, financial data identification, metric computation, risk assessment, and report generation.
Natural language processing uses Anthropic’s Claude via Amazon Web Services Bedrock. Under Bedrock’s terms: customer inputs and outputs are not used for model training, document content is not retained after processing, and processing occurs within AWS’s enterprise-grade infrastructure.
We do not use your documents, reports, or any customer-specific data to train, fine-tune, or improve any AI model.
All processing occurs on AWS infrastructure in the United States (us-east-1). Data is encrypted in transit (TLS 1.3), at rest (AWS KMS), and client-side before upload (AES-256). No Sari Data employee has access to your documents or reports.
Upload (encrypted in browser) → Processing (decrypted in ephemeral memory, no disk writes) → Report generation (stored encrypted) → Source deletion (immediate, permanent) → Report retention (90 days encrypted, user-deletable).
We do not sell, rent, or trade your information. We share limited data with: AWS (infrastructure), AWS Bedrock/Anthropic (document analysis, zero-retention), Stripe (payments), Google Analytics (anonymized usage). We may disclose information if required by law.
Access (request a copy of your data), correction (update account information), deletion (delete account and all data within 30 days), report deletion (immediate, via dashboard), export (download reports during retention period), and objection (opt out of service improvement use).
Essential cookies for authentication and sessions (required). Analytics cookies via Google Analytics (can be disabled). No advertising cookies, social tracking pixels, or cross-site tracking.
The Service is not intended for anyone under 18. We do not knowingly collect information from children.
Sari Data is incorporated in Malaysia. Data is processed in the United States. By using the Service, you consent to this transfer. We rely on AWS compliance certifications (SOC 2, ISO 27001) for adequate data protection.
Material changes will be communicated via email at least 30 days before taking effect.
Privacy inquiries: [email protected]
Sari Data Sdn. Bhd.
[Registered Address]