Privacy Policy

Last updated: June 2026

1. Who we are

Klaro Services ('Klaro', 'we', 'us') operates klaro.services — a suite of products including Klaro Books (accounting software), CA Suite (practice management for Chartered Accountants), Lawyer Suite, Artha (legal research), Klaro Pulse, and related services. Our registered address is in India. Contact: privacy@klaro.services

2. What we collect

(a) Account data — name, email, phone, business name, professional registration numbers (ICAI, Bar Council). (b) Business/financial data — for Klaro Books: vouchers, ledgers, invoices, GST records, payroll data, inventory records you create. This is YOUR data — we process it only to provide the service. (c) Usage data — features used, login times, pages visited, actions taken. (d) Payment data — processed by Razorpay. We store only transaction references and invoice amounts, never card/bank details. (e) Technical data — IP address, browser, device type, session identifiers. (f) Analytics data — page views, referrer URLs, UTM parameters (anonymous — no PII in analytics).

3. How we use your data

• To provide and operate Klaro products and services - To process payments and issue GST-compliant invoices - To send transactional communications (account, billing, security alerts) - To improve the platform based on usage patterns - To comply with Indian legal obligations (IT Act, GST Act, Companies Act) - To prevent fraud, abuse, and unauthorised access We do NOT sell your data. We do NOT use your financial/business data for advertising. We do NOT share your data with third parties except as described in Section 5.

4. Financial data — special handling

Klaro Books processes sensitive financial data including your accounting records, GST returns, payroll information, and business transactions. This data is: - Encrypted in transit (TLS 1.3) and at rest (AES-256) - Accessible only to you and users you explicitly authorise - Never used for any purpose other than providing the service - Retained for 8 years after account closure to comply with Indian accounting standards (Companies Act 2013, GST Act) - Backed up daily with point-in-time recovery CA access: If you grant a Chartered Accountant access to your Books data (a paid add-on), they will have read access to your financial records. You may revoke this access at any time.

5. Data sharing

We share data only with: - Razorpay — payment processing (PCI DSS compliant) - Supabase — database hosting (data stored in India/EU) - Anthropic — AI processing for LAM Copilot feature (prompts only, no financial data stored) - Loops.so — email communications (email + name only) - Vercel — application hosting All processors are bound by data processing agreements. We do not share data with government authorities except when legally compelled with a valid court order or statutory requirement.

6. Your rights

Under Indian law (IT Act, DPDP Act 2023) and applicable international standards: - Access: Request a copy of your data - Correction: Update incorrect data - Deletion: Request deletion (subject to legal retention requirements) - Export: Download your complete data in standard formats (CSV, PDF) - Withdraw consent: For marketing communications only Exercise rights: privacy@klaro.services. Response within 30 days.

7. Data retention

Active accounts: Data retained while account is active. After cancellation: Data retained in read-only mode for 90 days for self-service export. After 90 days, moved to cold storage. Financial records: Retained for 8 years as required by Indian law regardless of account status. Analytics data: Anonymised after 24 months. Deleted accounts: Personal data deleted within 90 days except where legally required to retain.

8. Security

We implement industry-standard security including TLS encryption in transit, AES-256 encryption at rest, row-level security (every user can only access their own data), multi-factor authentication (optional), session management, IP-based anomaly detection, and regular security audits. Despite our best efforts, no system is 100% secure. Report security issues to security@klaro.services.

9. Cookies

We use only essential cookies (session management, authentication). We do not use advertising cookies or third-party tracking cookies. Our analytics are first-party (stored in our own database) and do not use cookies.

10. Children

Klaro products are not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact privacy@klaro.services immediately.

11. International transfers

Data is primarily stored in India and the EU (Supabase). AI processing for the LAM Copilot feature involves data transfer to the US (Anthropic). This is covered by standard contractual clauses. No financial record data is transferred for AI processing — only the structure of transactions.

12. Changes

We will notify users of material changes to this policy by email and in-app notification at least 30 days before they take effect.

13. Contact

Privacy Officer: privacy@klaro.services Data Protection queries: legal@klaro.services Registered address: India This policy is governed by Indian law.