Data Rights

Delete Your Account & Data

Last updated: 15 May 2026  ·  Effective date: 15 May 2026

Overview

This page explains how to permanently delete your MudahCukai account, what data is removed when you do, what we keep (and why), and how to contact us if you need help.

Account deletion is available directly inside the mobile app — no email or support ticket required. You can also email us to request deletion if you can no longer access the app.

Method 1 — Delete In-App (Recommended)

The fastest way to permanently delete your account and data is from inside the MudahCukai mobile app:

  1. Open MudahCukai on your iPhone or Android device
  2. Tap Settings
  3. Scroll to Account → tap Delete my account
  4. Read the warning carefully — this action is irreversible
  5. Type your email address to confirm, then tap Delete permanently
  6. Your account is marked for deletion immediately. Personal profile data and uploaded files are removed within minutes; cloud-backed receipt images are purged from our object storage within 24 hours.
✓ Done in under 30 seconds.

You will be logged out automatically. The next time anyone tries to sign in with your email, the app will treat it as a brand-new signup.

Method 2 — Email Request

If you can no longer access the app (uninstalled without deleting, or lost access to your signup email), you can request deletion by email:

  1. Send an email to mudahcukai.official@gmail.com
  2. Subject: Account Deletion Request
  3. Include the email address you used to sign up. We may ask additional verification questions if the request looks suspicious.
  4. We will action your request within 5 working days and email you confirmation when complete.

What is Deleted, Kept, or Anonymised

When you delete your MudahCukai account, the following happens to each type of data we hold about you:

DataActionRetention
Email address Anonymised Replaced with a non-identifying placeholder within 24 hours so deleted-account audit trails remain intact. Your real email becomes unrecoverable.
Phone number (if provided) Deleted Removed immediately.
Full name, IC number, gender, birth date, marital status, city Deleted All profile data removed within 24 hours.
Receipt images and EA-form PDFs Deleted Removed from our cloud storage (Cloudflare R2) within 24 hours.
Receipt records (merchant, amount, date, category) Deleted Removed from our database within 24 hours.
Income records & tax-relief calculations Deleted Removed within 24 hours.
Push notification tokens Deleted Removed immediately so we no longer message your device.
Auth sessions and refresh tokens Deleted Revoked immediately. Every device signed into your account is signed out instantly.
Subscription / payment history Kept (legal) Records of payments processed by Apple App Store, Billplz, or RevenueCat are retained for at least 7 years as required by the Income Tax Act 1967 and Malaysian accounting standards. Personal identifiers are anonymised — only the transaction record itself remains.
Audit / activity logs Anonymised Platform activity records (log-ins, exports, etc.) are anonymised — the actor user-id is replaced with a non-identifying placeholder. Required under PDPA 2010 for fraud investigation and security audits.
Local data on your device Deleted The encrypted SQLite database on your phone is wiped when you delete your account. Uninstalling the app also removes all local data.

Why We Keep Some Data

Two categories of data are retained after account deletion. We keep them for the minimum period required by law, and we anonymise them so they cannot be linked back to you personally:

  • Payment records — Malaysian tax law (Income Tax Act 1967) requires us to keep transaction records for at least 7 years to support our own tax filings and to respond to LHDN audits. We are not permitted to delete these earlier, but the personal identifiers attached to them are anonymised within 24 hours of your account deletion.
  • Audit logs — Aggregated platform activity logs are retained as required by PDPA 2010 for fraud detection and security investigations. Your specific actions remain in the logs but cannot be linked back to you personally after deletion.

Delete Some Data Without Deleting Your Account

You don't have to delete your whole account just to clear specific data. Inside the MudahCukai app you can:

  • Delete individual receipts — open the Receipts list → tap a receipt → Delete. Removes the record and the image from cloud storage immediately.
  • Delete individual income records — from the Income screen, swipe left on any row → Delete.
  • Remove an attached PDF or image from a receipt without deleting the receipt itself — open the receipt → tap the attachment thumbnail → Remove attachment.
  • Clear local cache — Settings → Storage & Quota → "Clear local cache". Cloud data stays untouched; only the on-device copy is rebuilt.

Important Things to Know

Account deletion is permanent and irreversible.

We cannot restore deleted data, even if you contact us afterwards. Export your audit reports BEFORE deleting if you need them for tax filing.

Active subscription?

Deleting your MudahCukai account does not automatically cancel your Apple App Store or Billplz subscription. Cancel your subscription in your respective store before deleting your account:

  • iPhone: Settings → [Your Apple ID] → Subscriptions → MudahCukai → Cancel
  • Android (Billplz): The subscription auto-expires at the end of your current billing cycle. There is no separate "cancel" needed.

Questions or Help

If you have any questions about account deletion, data retention, or your rights under PDPA 2010, please contact us:

We respond to all data-related requests within 5 working days, as required by Malaysia's Personal Data Protection Act 2010 (PDPA).