Artos is a small 4-week pilot built by a student at SMU. This page explains exactly what happens to your data. It is written to align with Singapore's PDPA.
Screenshots and PDFs you upload are processed in memory and released the moment extraction finishes. They are never written to disk and never stored, whether extraction succeeds or fails. There is no file to delete because no file is kept.
Only the extracted transaction details you confirm (date, description, amount, category), your accounts and budgets, your login (email, username, hashed password), and anonymous usage events. The extraction model is told never to return account or card numbers, and we defensively mask any long digit run before saving, so a stored description should never contain an account or card number.
Analytics are aggregate only (counts and rates across all testers, never your individual transactions). As the operator of the database, the founder can technically access stored records for support and debugging, but does not browse them, and never sees your raw statement files because they are never stored.
You can delete all your data at any time from your profile. Deletion is immediate and removes your transactions, budgets, accounts, uploads, and usage events. Your login is kept so you can start fresh, or you can simply stop using the app.
At the end of the 4-week pilot, tester data is deleted unless you have asked to keep your account for the next version. You will be told before any deletion happens.
Data protection contact: Dewa (SMU). Contact: to be added before the pilot opens. Reach out to ask what is stored about you, to correct it, or to request deletion.