Back to Home
Privacy

Privacy Policy

Last updated: May 18, 2026

Google API Services — Limited Use Disclosure

Kwata Books' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide bookkeeping features you have explicitly requested — never for advertising, never sold, never shared with third parties.

Our Commitment to Privacy

At Kwata Team Inc., a Canadian corporation incorporated under the laws of the Province of Alberta, privacy is not just a policy—it's a fundamental principle embedded in everything we build. We follow the PESNO framework (Privacy, Ethics & Integrity, Security, Network Isolation/NIS2, OWASP) where your data is protected, handled with integrity, and secured with industry-leading standards.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number when you create an account
  • Business Information: Company name, address, industry (for business services)
  • Financial Data: Bank connections and transaction data (Kwata Books only, with explicit consent)
  • Communication: Messages you send through our contact forms or support channels

Information Collected Automatically

  • Usage Data: How you interact with our Services (anonymized)
  • Device Information: Browser type, operating system, IP address
  • Cookies: Essential cookies for functionality (no tracking cookies without consent)

2. How We Use Your Information

We use your information only for:

  • Providing and improving our Services
  • Processing transactions and sending related information
  • Responding to your requests and support inquiries
  • Sending service-related communications (with your consent for marketing)
  • Ensuring security and preventing fraud
  • Complying with legal obligations

3. Data Minimization

We collect only what's necessary to provide our Services. We do not:

  • Collect data we don't need
  • Sell your personal information to third parties
  • Use your data for behavioral advertising without explicit consent
  • Share your data with data brokers or aggregators

4. Google Sign-In & Google API Integrations

4a. Google Sign-In (OAuth 2.0) — All Apps

Several Kwata Team applications offer Google sign-in. When you sign in with Google, we receive only your name, email address, profile picture, and unique Google ID. These are used solely to create and manage your account.

Scopes requested by application:

  • Most apps (kwatateam.com, Buddy Tutor, Aya Career, KwataReady, Root, MySpot, Kwata Chat): only openid, email, profile — no access to Drive, Gmail, Calendar, or any other Google service.
  • Kwata Books (docs.kwatateam.com): additionally requests drive.readonly and gmail.readonly for automated receipt import. See Section 4b below.

4b. Kwata Books — Google Drive & Gmail Integration

Google API Limited Use Compliance Statement

Kwata Books' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data from Google APIs is used exclusively to provide receipt and expense tracking features to you — never for advertising, profiling, or third-party sharing.

Kwata Books optionally connects to Google Drive and Gmail to automatically import receipts and invoices. These integrations are optional — all core bookkeeping features work without them.

Google Drive (drive.readonly):

  • Read-only access to scan for receipt/invoice files you've stored in a folder you select
  • We never upload, modify, move, or delete any Drive files
  • We do not access personal documents, photos, or non-financial files
  • OAuth tokens are encrypted at rest (AES-256-GCM) and never logged in plaintext

Gmail (gmail.readonly):

  • Read-only access to detect and import receipt/invoice emails (e.g., e-receipts, billing notifications)
  • We do not read personal emails, send emails, delete emails, or modify your Gmail in any way
  • Gmail data is never used for advertising or shared with third parties
  • OAuth tokens are encrypted at rest (AES-256-GCM)

Revoking access: Disconnect at any time from Kwata Books Settings → Integrations, or via myaccount.google.com/permissions. Revocation immediately stops all sync activity and deletes stored tokens.

5. Data Storage and Security

Your data is protected by our PESNO security framework:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • EU-Hosted: Your data is stored on EU-based infrastructure under GDPR jurisdiction — not subject to the US CLOUD Act or Patriot Act
  • Access Controls: Strict role-based access to minimize exposure
  • Regular Audits: Security practices reviewed and updated regularly
  • Privacy-First Analytics: We use Umami (self-hosted, GDPR-compliant) — no Google Analytics or third-party trackers

6. Data Sharing

We may share your information only with:

  • Service Providers: Trusted partners who help operate our Services (bound by confidentiality)
  • Financial Partners: Banks and payment processors (Stripe, Flinks) for transaction processing
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger or acquisition (with notice)

7. Your Rights

Under PIPEDA and applicable privacy laws, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (within 30 days)
  • Portability: Receive your data in a portable format
  • Withdraw Consent: Opt-out of marketing communications at any time
  • Complaint: Lodge a complaint with the Privacy Commissioner of Canada

8. Data Retention

We retain your data only as long as necessary to provide our Services or comply with legal obligations. When you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes).

9. Children's Privacy

For Buddy Tutor (our children's education platform), we take extra precautions:

  • Parental consent required for children under 13
  • Minimal data collection (name and learning progress only)
  • No behavioral advertising to children
  • No social features that expose children's information
  • COPPA compliant practices

10. Data Location & International Transfers

Your data is stored and processed on EU-based infrastructure under GDPR jurisdiction. This means your data is not subject to the US CLOUD Act, FISA, or Patriot Act. We align with PIPEDA (Canada) and GDPR (EU) for the highest level of data protection available to Canadian customers. Where transfers between jurisdictions are required, we apply standard contractual clauses to ensure equivalent protection.

11. Cookies and Tracking

We use:

  • Essential Cookies: Required for Services to function (no consent needed)
  • Analytics: Only with explicit opt-in consent, using privacy-respecting tools
  • No Third-Party Trackers: We don't use Google Analytics, Facebook Pixel, or similar tracking

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our website at least 30 days before the changes take effect.

13. Contact Us

For privacy-related questions or to exercise your rights:

  • Privacy Officer: privacy@kwatateam.com
  • General Support: support@kwatateam.com
  • Address: Calgary, Alberta, Canada

PESNO Commitment: Privacy is the foundation of everything we build at Kwata Team Inc. We believe your data belongs to you, and we're committed to protecting it.