Privacy Policy

Last updated: 6 May 2026

1. Introduction

Karat ("we", "us", "our") operates the Karat application (app.karat.in) and karat.in website. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

By using Karat, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you activate a license and create an account, we collect:

  • Name, email address, and phone number
  • Shop name and business details
  • License key and activation data
  • Device identifiers (for license enforcement)

2.2 Business Data

Data you enter into Karat during normal use, including:

  • Customer and supplier records
  • Inventory and stock data
  • Invoices, billing records, and payment details
  • Job orders and factory records
  • Financial accounts and reports
  • Scheme enrollment and payment data

2.3 Technical Data

  • Browser type, operating system, and device type
  • IP address and approximate location
  • Usage patterns and feature interaction
  • Error logs and crash reports

3. How We Use Your Information

  • To provide, maintain, and improve the Karat application
  • To authenticate your account and manage your license
  • To process your business transactions as directed by you
  • To send important service notifications (expiry warnings, security alerts)
  • To provide customer support
  • To detect and prevent fraud or abuse

4. Data Storage & Security

Cloud (SaaS) mode: Your data is stored on secure servers hosted by Supabase (AWS infrastructure) in the Asia-Pacific region. All data is encrypted in transit (TLS/SSL) and at rest.

Desktop mode: Your data is stored locally on your device in an encrypted SQLite database. No data leaves your computer unless you explicitly use cloud backup.

We implement industry-standard security measures including encrypted passwords (bcrypt hashing), httpOnly authentication cookies, and role-based access controls.

5. Data Sharing

We do not sell, rent, or trade your personal or business data to third parties. We may share data only in the following circumstances:

  • Service providers: Supabase (database hosting), Vercel (application hosting), Cloudflare (CDN and security) — strictly for providing the service
  • Legal compliance: When required by law, regulation, legal process, or governmental request
  • Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

6. Data Retention

We retain your business data for as long as your account is active. After license expiry:

  • 15-day grace period: read-only access to all data
  • 90 days after expiry: data is preserved but inaccessible
  • After 180 days of inactivity: data may be permanently deleted

You can request a full data export or deletion at any time by contacting us.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Export: Download your business data in standard formats
  • Restriction: Request limitation of data processing

To exercise these rights, contact us at privacy@karat.in.

8. Cookies

Karat uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. The cookies we use are:

  • Authentication cookie: httpOnly, secure, to maintain your login session
  • Locale preference: To remember your language selection

9. Children's Privacy

Karat is a business application not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Karat after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or requests: