Privacy Policy

Last updated: January 2026

Overview

Kaarta Platforms Pvt Ltd ("Kaarta," "we," "us," or "our") operates the AI operating system for Indian businesses, an AI employee that operates the tools you connect on your behalf. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Kaarta, you consent to the practices described in this policy. If you do not agree, please do not use our services.

Information We Collect

Account Information

  • Name, email address, phone number
  • Business name, GST number, PAN
  • Billing and payment information

Business Data

  • Invoices, receipts, and bills you share with us
  • Transaction records and categorizations
  • Bank transaction data (via Account Aggregator with your consent)
  • GST filing data and compliance records
  • Vendor and customer information

Communication Data

  • WhatsApp messages sent to our business number
  • Emails forwarded to or sent from our platform
  • Support conversations and feedback

Usage Data

  • Log data (IP address, browser type, device information)
  • Feature usage and interaction patterns
  • Performance and error data

How We Use Your Information

  • Provide Services: Process transactions, generate reports, track compliance, and operate the tools you connect on your behalf.
  • Improve Our Platform: Analyze usage patterns to enhance features, fix bugs, and develop new capabilities.
  • AI Training: Your data may be used to improve our AI models. We use aggregated and anonymized data where possible. You can opt out of AI training by contacting us.
  • Communication: Send service updates, compliance reminders, and respond to your inquiries.
  • Legal Compliance: Meet regulatory requirements and respond to lawful requests from authorities.

Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Cloud hosting (AWS/GCP), payment processors (Razorpay), communication platforms (WhatsApp Business API providers), and AI model providers (for processing only, not training).
  • GST Service Providers (GSPs): To file returns on your behalf with your authorization.
  • Account Aggregators: To fetch bank data with your explicit consent.
  • Your CA or advisor: If you authorize us to share data with them.
  • Legal Requirements: When required by law or to protect our rights.

Browser Extension (Chrome)

The Kaarta Chrome extension is a side panel that lets you act on the page you're viewing with your Kaarta AI assistant. It handles data as follows:

What it accesses, and when

  • Page text, only on an explicit action. When you click the extension's capture button or use the right-click "Capture to Kaarta" menu, it reads the text you have selected (or, if nothing is selected, the visible text of the current page) so you can review and send it to your assistant. It does not run in the background, monitor your browsing, or read pages you have not explicitly captured.
  • Your messages. The messages you type in the side panel are sent to Kaarta to generate the assistant's reply and are stored as part of your conversation history (the same as the web and WhatsApp channels).
  • Authentication. A session token is stored locally in the browser's in-memory session storage. It is never synced across your devices and is cleared when you close the browser.
  • GST portal (GST Refunds only). If you use the GST Refunds workflow, the extension reads a supplier's publicly listed HSN/SAC codes from your already-signed-in GST portal tab. It does not read your portal password, cookies, or session token.

Where it goes

Captured text and your messages are transmitted over HTTPS only to Kaarta's backend (app.kaarta.in) to produce the assistant's response. Extension data is never sold, and is never used for advertising. The permissions the extension requests are limited to what these features require.

Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest (AES-256), access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Financial records are retained for 8 years as required by Indian tax law. You can request deletion of your account and associated data, subject to legal retention requirements.

Your Rights

  • Access: Request a copy of your data.
  • Correction: Update inaccurate information.
  • Deletion: Request deletion of your data (subject to legal requirements).
  • Export: Download your data in a portable format.
  • Opt-out: Opt out of AI training or marketing communications.

To exercise these rights, contact us at privacy@kaarta.in

Cookies

We use essential cookies to operate our platform and analytics cookies to understand usage. You can control cookies through your browser settings.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the platform. Continued use after changes constitutes acceptance.

Contact Us

For privacy-related questions or concerns:

Kaarta Platforms Pvt Ltd
Email: privacy@kaarta.in