Privacy Policy
Last updated: 2 May 2026
KhataPro Technologies Pvt. Ltd. ("KhataPro", "we", "us", "our") operates the
KhataPro mobile application and related websites at khatapro.app (the
"Service"). This policy explains what we collect, how we use it, and the
rights you have. KhataPro is built specifically for businesses operating in
India and complies with the Information Technology Act 2000, the Digital
Personal Data Protection Act 2023, and Google Play data-safety guidelines.
1. Information we collect
Account information. When you sign up we collect your phone number, an OTP
sent to that number, your name, optional email, preferred language, and the
device identifier required for end-to-end sync.
Business information. Information you enter about your businesses,
customers, suppliers, staff, inventory, ledger transactions, invoices,
attendance, and salary payments.
Transactional information. When you collect a payment via UPI through us,
we receive the payment status, UTR (UPI Transaction Reference), and the
payer's name from the payment processor.
Device information. App version, OS version, device model, crash logs,
and an FCM token used to send notifications.
Usage information. Anonymised events about which features are used so we
can fix bugs and improve the product.
2. How we use your information
- Provide and maintain the Service.
- Authenticate you via OTP.
- Sync your data across your devices.
- Send payment reminders to your customers when you ask us to.
- Send transactional emails (sign-in alerts, deletion confirmations, invoice
- Detect fraud and abuse.
- Comply with Indian tax and regulatory obligations.
copies you initiate) via our email partner Resend.
We do not sell your data, ever.
3. Sharing of information
We share data only with:
- Hosting and database providers (Vercel, Neon Postgres) under strict
- Communication providers (MSG91 for SMS, Resend for email, Gupshup or
- Payment partners (Razorpay) when you accept a payment.
- Government authorities when legally compelled.
data-processing agreements. Data is hosted in India / Asia regions where
available.
similar for WhatsApp Business) only to deliver the message you initiated.
4. Data retention
We keep account and ledger data while your account is active. If you delete
your account, we erase your personally identifiable data within 30 days, and
purge all backups within 90 days. We retain anonymised audit-log entries for
up to 8 years as required by GST law.
5. Your rights
You can:
- Access, correct, or export your data through the app.
- Request deletion of your account at https://khatapro.app/data-deletion or
- Object to processing for non-essential purposes (analytics, marketing).
- Lodge a complaint with the Data Protection Board of India.
by emailing privacy@khatapro.app.
6. Data security
We use TLS 1.2+ for all transport, encrypt data at rest with AES-256 in our
managed Postgres host, hash passwords with bcrypt, and rotate JWT signing keys
quarterly. Access to production data is limited to a small set of named
employees with audited logins.
7. Children
KhataPro is intended for adult business owners in India. We do not knowingly
collect data from children under 18. If you believe a child has used our
Service, contact privacy@khatapro.app and we will delete the account.
8. International transfers
Where data must leave India for technical reasons (e.g. SMS provider
fail-over), we use only providers with Standard Contractual Clauses or
equivalent safeguards.
9. Changes to this policy
We will notify you in-app and via email at least 14 days before any material
change to this policy.
10. Contact
Privacy Officer: privacy@khatapro.app
Grievance Officer (India): grievance@khatapro.app
Postal: KhataPro Technologies Pvt. Ltd., Bengaluru, Karnataka, India.