Last updated: May 2026
This policy applies to klaro.services and covers users in India, the European Union, the United States, Brazil, and other jurisdictions.
Klaro Services ("Klaro", "we", "us") operates klaro.services — practice management software for Chartered Accountants and Lawyers in India, and legal professionals in the US. Our registered address is in India. For privacy matters, contact privacy@klaro.services.
We collect: (a) Account data — name, email, phone, firm name, professional registration numbers (ICAI membership, bar council number). (b) Usage data — features used, login times, actions taken. (c) Professional data — client records, filings, documents, invoices you create within Klaro. (d) Payment data — processed by Razorpay; we store only transaction references, not card or bank details. (e) Technical data — IP address, browser type, device info, cookies.
We use your data to: provide and operate Klaro services; send transactional emails (confirmations, receipts, reminders); process payments; improve the platform; comply with legal obligations; and respond to support requests. We do not sell your personal data to third parties. We do not use your data for advertising.
For EU users under GDPR, we process your data on the following legal bases: (a) Contract — processing necessary to provide the service you signed up for. (b) Legitimate interests — security monitoring, fraud prevention, product improvement. (c) Consent — analytics cookies, marketing emails (withdrawable at any time). (d) Legal obligation — financial records required by applicable law. You may withdraw consent at any time by emailing privacy@klaro.services or using cookie settings in the footer.
California residents have the right to: know what personal information we collect, use, and disclose; delete personal information (with exceptions); opt out of the sale of personal information. Klaro does not sell personal information. To exercise your rights, email privacy@klaro.services with subject "CCPA Request". We will respond within 45 days. We do not discriminate against users who exercise CCPA rights.
For Indian users, Klaro processes your personal data as a Data Fiduciary under the DPDP Act 2023. You have the right to: access your data; correct inaccurate data; erase your data (subject to legal retention requirements); grievance redressal. To exercise these rights, email privacy@klaro.services. We will respond within 72 hours. Our Data Protection Officer can be reached at dpo@klaro.services.
For Brazilian users, we process personal data in accordance with the Lei Geral de Proteção de Dados (LGPD). You have rights of access, correction, deletion, portability, and objection. Contact privacy@klaro.services to exercise these rights.
Account data is retained while your account is active and for 30 days after deletion. Financial records (invoices, payment logs) are retained for 7 years as required under Indian GST and Income Tax law. Security logs are retained for 180 days per CERT-In guidelines. Document files are deleted immediately on your request or account closure.
Your data is stored on Supabase (PostgreSQL) with servers in the US (AWS). Documents are stored on Cloudflare R2 (encrypted at rest). If you are an EU user, data transfer to the US occurs under Standard Contractual Clauses (SCCs). We are working on EU data residency options (target: Q3 2026).
We share data with: Supabase (database hosting), Cloudflare R2 (file storage), Razorpay (payments), Resend (transactional email), Groq and Anthropic (AI features — only the data you submit for analysis), Vercel (hosting), Crisp (live chat — optional). Each processor is bound by data processing agreements.
Klaro uses AI (Groq/Llama and Anthropic/Claude) for features like tax optimisation, notice reading, and document analysis. Data submitted to AI features is processed in real time and not used to train AI models. All AI outputs carry a disclaimer and require human review before acting. Under the EU AI Act, Klaro's AI features are classified as limited-risk systems.
We use essential cookies (Supabase authentication session), functional cookies (preferences), and optional analytics cookies. No advertising cookies are used. You can manage cookie preferences via the banner or footer link. See our Cookie Policy for full details.
We implement industry-standard security: TLS encryption in transit, AES-256 at rest, rate limiting, IP-based attack blocking, security event logging, and CERT-In compliant incident reporting. We conduct regular security audits. In the event of a data breach, we will notify affected users within 72 hours as required by GDPR and DPDP.
Klaro is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact privacy@klaro.services immediately.
We will notify you of material changes by email or in-app notice at least 30 days before they take effect. Continued use after changes constitutes acceptance.
Privacy queries: privacy@klaro.services | Data Protection Officer: dpo@klaro.services | Grievance Officer (India, DPDP): grievance@klaro.services | Response time: 72 hours for DPDP, 30 days for GDPR/CCPA. Klaro Services, India.