heshi_

Privacy Policy

Last Updated: March 25, 2026

1. Introduction

Heshi Pte. Ltd. ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

Account Information

Name, email address, company name, job title, and phone number when you register, book a demo, or contact us.

Financial Data (Clients Only)

When you engage our services, we access and process:

  • Accounting software data (Xero, QuickBooks, NetSuite) via read-only API connections you authorize
  • Blockchain wallet addresses and on-chain transaction data (publicly available)
  • Exchange balances via read-only API keys you provide
  • Financial statements, journal entries, and reconciliation data generated during service delivery

Website Analytics

Page views, browser type, device information, IP address (anonymized), and referral source. We use privacy-friendly analytics.

3. How We Use Your Information

  • To provide and improve our accounting and financial operations services
  • To process transactions and send service-related communications
  • To respond to inquiries and support requests
  • To send marketing communications (with your consent; you can opt out anytime)
  • To comply with legal obligations
  • To detect and prevent fraud or security incidents

4. AI Processing Disclosure

We use AI models (large language models) to process financial data as part of our service delivery. This includes transaction classification, reconciliation, journal entry preparation, and report generation. Your data is:

  • Processed only for the purpose of delivering your contracted services
  • NOT used for AI model training
  • NOT shared with AI model providers in identifiable form
  • Reviewed by qualified human professionals before any output is delivered to you

5. Data Sharing

We do NOT sell your personal data. We may share data with:

  • Service providers: Cloud hosting (Vercel, Supabase), accounting software APIs (Xero, QuickBooks), blockchain data providers, as necessary to deliver services
  • Professional advisors: Lawyers, auditors, insurers as required
  • Legal requirements: When required by law, regulation, or legal process

We will NEVER share your financial data with other clients.

6. Data Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls and comprehensive audit logging
  • Regular security assessments and penetration testing
  • Incident response procedures with 24-hour notification commitment
  • SOC 2 Type II compliance (in progress)

7. Data Retention

  • Active client data: Retained for the duration of the service engagement
  • Post-termination: Data returned or securely deleted within 30 days per client instruction
  • Regulatory records: Retained as required by applicable law (typically 5-7 years)
  • Website analytics: Retained for 24 months, then anonymized

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@heshi.ai.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are privacy-friendly and can be opted out of at any time.

10. International Data Transfers

Your data may be processed in Singapore, the United States (cloud infrastructure), and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for all international transfers in compliance with applicable data protection laws.

11. Singapore PDPA Compliance

For Singapore-based data processing, we comply with the Personal Data Protection Act 2012 (PDPA). Our Data Protection Officer can be reached at dpo@heshi.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent website notice at least 30 days before changes take effect.

13. Contact

Heshi Pte. Ltd.
Email: privacy@heshi.ai