Privacy Policy

Last updated: May 29, 2026

Klarti ("we", "us", "our") is a tax automation tool for individual entrepreneurs in Georgia. This policy explains what data we collect, how we use it, and your rights regarding your information.

1. What We Collect

When you sign in with Google, we receive:

  • Email address — to identify your account
  • Name and profile photo — for display within the application

We may also collect anonymized usage analytics (page views, feature usage) through services such as Google Analytics or Yandex Metrika. This data cannot be traced to individual users and never includes financial information. You may opt out at any time through your browser settings or analytics-blocking extensions.

2. What We Do NOT Collect

  • Financial data — not collected or stored on our servers. Your invoices, transactions, and tax data remain exclusively in your Google Drive (see Section 3).
  • RS.GE credentials — used once during filing and immediately discarded. Never written to any database, file, or log (see Section 5).
  • Bank credentials — we do not access your bank accounts. You upload bank statements manually; files are parsed in your browser and never sent to any server.
  • Google password — we never receive or store your Google account password. Authentication is handled entirely by Google via OAuth 2.0.

3. How Your Data Is Stored

All your financial data lives in a Google Sheets spreadsheet in your own Google Drive. Klarti creates and manages this spreadsheet on your behalf. You can view, edit, download, or delete it at any time — just like any other file in your Drive.

On our side, we store only:

  • Your email address (for account identification)
  • Account creation date
  • Subscription status (if applicable in the future)

4. Google OAuth Permissions & Limited Use Disclosure

Klarti requests the following Google API permissions (scopes):

  • Google Drive (drive.file) — to create and access your financial spreadsheet file in your Drive. This single scope covers both Google Sheets read/write and file management. It grants access only to files created by Klarti — we cannot see or access any other files in your Drive.

We do not request access to Gmail, Google Calendar, Google Contacts, or any other Google services.

Google API Services Limited Use Disclosure: Klarti's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve user-facing features that are prominent in our application
  • We do not transfer Google user data to third parties, except as necessary to provide the service, comply with applicable laws, or with your explicit consent
  • We do not use Google user data for serving advertisements, retargeting, or interest-based advertising
  • We do not allow humans to read your Google user data except with your affirmative consent, for security investigations, or to comply with applicable law
  • We do not use Google user data for training generalized AI or ML models

You can revoke Klarti's access at any time through your Google Account permissions.

5. RS.GE Filing

When you submit a tax declaration through Klarti:

  • Your RS.GE username and password are entered by you in the application
  • Credentials are transmitted over HTTPS to a secure proxy that forwards them to RS.GE
  • Session tokens are encrypted with AES-256-GCM and expire after 50 minutes
  • Credentials and session data are never logged, stored, or transmitted to any party other than RS.GE

6. Security Measures

We implement industry-standard security practices:

  • Encryption in transit — all communication between your browser and our services is protected using TLS 1.2+ (HTTPS)
  • No server-side storage of financial data — your data goes directly between your browser and Google's APIs
  • Session security — OAuth access tokens are stored only in your browser's memory and are never written to disk or browser storage
  • Minimal data footprint — we follow the principle of data minimization, collecting only what is strictly necessary to provide the service

7. Third-Party Services

Klarti integrates with the following third-party services:

  • Google — OAuth 2.0 authentication, Google Sheets API (data storage), Google Drive API (file management)
  • Cloudflare — hosting, CDN, and DDoS protection
  • National Bank of Georgia (NBG) — public exchange rate API (no authentication, no personal data transmitted)

Each third-party service operates under its own privacy policy. Beyond the Google-specific commitments in Section 4, we likewise do not sell, rent, or distribute your personal data to any third parties for marketing or advertising purposes.

8. Cookies & Local Storage

Essential storage: Klarti uses browser localStorage and sessionStorage to store your UI preferences (language, theme) and session data. These are not cookies and are not shared with any third party.

If analytics services are enabled (see Section 1), they may set their own cookies. You may opt out at any time through your browser's cookie settings or by using extensions that block analytics scripts.

9. Data Retention & Deletion

Your financial data persists in your Google Drive as long as you keep the file. If you delete the spreadsheet, the data is permanently gone — we have no backup copy.

Your account information (email, creation date) is retained as long as your account is active. You can request account deletion at any time by contacting us at [email protected].

To fully remove your data: delete your spreadsheet from Google Drive, revoke Klarti's access from your Google Account permissions, and contact us to request account deletion.

10. Your Rights

You have the following rights regarding your data:

  • Access — view all your data in your Google Sheets file at any time
  • Portability — download your spreadsheet in any format Google Sheets supports (XLSX, CSV, PDF, ODS)
  • Correction — edit any data directly in your spreadsheet
  • Deletion — see Section 9 for complete deletion instructions
  • Objection — contact us to object to specific processing activities

For any privacy-related requests, email us at [email protected]. We will respond within 30 days.

11. Children's Privacy

Klarti is designed for business use by individual entrepreneurs and is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete that information promptly.

12. Disclaimer, Changes & Governing Law

Klarti is a convenience tool for automating data entry, calculations, and tax filing submissions. It is not a tax advisor, accountant, or legal service and does not make financial or legal decisions on your behalf. You are solely responsible for reviewing and confirming all data before submission to tax authorities.

We may update this Privacy Policy from time to time. Any changes requiring additional data access or permissions will be disclosed before activation. Material changes will be communicated via email or a prominent notice in the application. The "Last updated" date at the top reflects the most recent revision.

This Privacy Policy is governed by the laws of Georgia. Any disputes shall be subject to the exclusive jurisdiction of the courts of Georgia.

Contact

If you have questions about this Privacy Policy, contact us at:
[email protected]