📒

Khata

Money Tracker

← Back to Login

Privacy Policy

Last Updated: June 11, 2026

1. Introduction

At Khata Money Tracker ("Khata", "we", "our"), we respect your privacy and are committed to protecting your personal and financial data. This Privacy Policy describes how we collect, use, process, and secure information when you use our application, with specific emphasis on our Gmail OAuth integration.

2. Information We Collect

  • Account Information: Name, email address, password hash (encrypted), and account status.
  • Ledger & Expenses: Transactions, categories, descriptions, and amounts that you enter manually.
  • Gmail Integration Data (Optional): If you choose to link your Gmail account, we collect your connected email address and OAuth credentials (access and refresh tokens).

3. Google OAuth & Gmail API Data Usage

To provide auto-importing expense tracking, Khata requests read-only access to your Gmail messages via the https://www.googleapis.com/auth/gmail.readonly scope.

  • Targeted Fetching: We only search for and retrieve emails sent by pre-defined financial institutions (e.g., eSewa, Fonepay, NIC Asia Bank, Citizens Bank, Laxmi Sunrise Bank, and other digital wallets or banks).
  • Parsing Logic: Our service parses only relevant financial transaction details (amount, transaction code, merchant/receiver name, and date) to automatically log them as expenses or income inside your Khata account.
  • No Human Reading: We do NOT read, store, or display personal emails.
  • Google API Limited Use: Khata's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Encryption & Security

Your privacy and security are paramount. We implement strict security controls:

  • Gmail OAuth refresh tokens are encrypted at rest using Fernet symmetric encryption.
  • All network communications between the user, Google APIs, and our backend are encrypted using SSL/TLS (HTTPS).
  • Databases are hosted in isolated cloud networks with access controls.

5. Data Sharing & Disclosure

We do NOT sell, trade, rent, or share your financial data or Gmail emails with any third-party advertisers, companies, or brokers. All data remains private to your user account and is used solely to generate your expense tracking dashboard.

6. Your Rights & Data Control

You have full control over your data:

  • You can disconnect your Gmail account at any time via the Gmail Management screen. This revokes our access to your Google account and immediately deletes all stored OAuth credentials from our database.
  • You can manually edit or delete any auto-imported transaction records.

7. Contact Us

If you have any questions or concerns about this Privacy Policy, or wish to request data removal, please contact us at: [email protected].