Privacy Policy

Kaarta Labs Pvt Ltd ("Kaarta," "we," "us," or "our") operates an AI-powered back-office platform for Indian SMBs. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Kaarta, you consent to the practices described in this policy. If you do not agree, please do not use our services.

Account Information

• Name, email address, phone number
• Business name, GST number, PAN
• Billing and payment information

Business Data

• Invoices, receipts, and bills you share with us
• Transaction records and categorizations
• Bank transaction data (via Account Aggregator with your consent)
• GST filing data and compliance records
• Vendor and customer information

Communication Data

• WhatsApp messages sent to our business number
• Emails forwarded to or sent from our platform
• Support conversations and feedback

Usage Data

• Log data (IP address, browser type, device information)
• Feature usage and interaction patterns
• Performance and error data

• Provide Services: Process transactions, generate reports, track compliance, and operate our AI agents on your behalf.
• Improve Our Platform: Analyze usage patterns to enhance features, fix bugs, and develop new capabilities.
• AI Training: Your data may be used to improve our AI models. We use aggregated and anonymized data where possible. You can opt out of AI training by contacting us.
• Communication: Send service updates, compliance reminders, and respond to your inquiries.
• Legal Compliance: Meet regulatory requirements and respond to lawful requests from authorities.

We do not sell your personal data. We may share data with:

• Service Providers: Cloud hosting (AWS/GCP), payment processors (Razorpay), communication platforms (WhatsApp Business API providers), and AI model providers (for processing only, not training).
• GST Service Providers (GSPs): To file returns on your behalf with your authorization.
• Account Aggregators: To fetch bank data with your explicit consent.
• Your CA/Accountant: If you authorize us to share data with them.
• Legal Requirements: When required by law or to protect our rights.

We implement industry-standard security measures including encryption in transit (TLS) and at rest (AES-256), access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide services. Financial records are retained for 8 years as required by Indian tax law. You can request deletion of your account and associated data, subject to legal retention requirements.

• Access: Request a copy of your data.
• Correction: Update inaccurate information.
• Deletion: Request deletion of your data (subject to legal requirements).
• Export: Download your data in a portable format.
• Opt-out: Opt out of AI training or marketing communications.

To exercise these rights, contact us at privacy@kaarta.in

We use essential cookies to operate our platform and analytics cookies to understand usage. You can control cookies through your browser settings.

We may update this policy from time to time. We will notify you of significant changes via email or through the platform. Continued use after changes constitutes acceptance.

For privacy-related questions or concerns:

Kaarta Labs Pvt Ltd
Email: privacy@kaarta.in