K
KwataTeam

Privacy Policy

Kwata Team Inc. is committed to protecting your privacy across all our applications and services. This policy explains how we collect, use, and protect your information.

Last updated: March 18, 2026  |  Effective: March 18, 2026
Kwata Team Inc. — Calgary, Alberta, Canada  |  PIPEDA & COPPA Compliant

Google API Services — Limited Use Disclosure

Kwata Books' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google APIs is used only to provide and improve Kwata Books features directly to you — it is never used for advertising, never sold, and never shared with third parties except as required to deliver the service.

1
Scope — Kwata Team Platform

This Privacy Policy applies to Kwata Team Inc., a Canadian corporation incorporated under the laws of Alberta, and covers all products and services we operate, including:

kwatateam.com

Main company website and AI team services

https://kwatateam.com

Buddy Tutor

Children's educational platform

https://tutor.kwatateam.com

Aya Career

AI-powered career management platform

https://career.kwatateam.com

Kwata Books

Canadian bookkeeping platform

https://docs.kwatateam.com

KwataReady

Cleaning and service management

https://kwataready.kwatateam.com

Root AI Receptionist

Automated call handling and scheduling

https://phone.kwatateam.com

MySpot

AI-powered queue management with Kai

https://myspot.kwatateam.com

Kwata Chat

AI concierge and customer service

https://chat.kwatateam.com

By using any Kwata Team application, you agree to this Privacy Policy. Each application may also have its own supplemental privacy notice for app-specific data practices.

2
Information We Collect

Information You Provide Directly

  • Account details: name, email address, phone number
  • Business information: company name, address, industry (for business services)
  • Financial data: bank connections and transactions (Kwata Books only, with explicit consent)
  • Child profile data: first name and age range only (Buddy Tutor — no personal identifiers)
  • Communications: messages sent through contact forms or support channels
  • Appointment and scheduling data (KwataReady, Root AI Receptionist)

Information Collected Automatically

  • Usage data: how you interact with our Services (anonymized and aggregated)
  • Device information: browser type, operating system, IP address (hashed for privacy)
  • Essential cookies: for login sessions and functionality only — no tracking cookies without consent
  • Learning progress and scores (Buddy Tutor — used only to personalize education)

3
Google Sign-In (OAuth 2.0)

Several Kwata Team applications offer the option to sign in using your Google account. When you choose to sign in with Google, we receive the following information from Google LLC:

  • Your name (first and last name as set in your Google account)
  • Your email address associated with your Google account
  • Your Google profile picture (where applicable and available)
  • A unique Google user identifier (used solely to link your account)

Scopes Requested — By Application

Most Kwata Team apps (kwatateam.com, Buddy Tutor, Aya Career, KwataReady, Root, MySpot, Kwata Chat) request basic sign-in scopes only: openid, email, profile. These apps do not access your Gmail, Google Drive, Google Calendar, Google Contacts, or Google Photos.

Kwata Books (docs.kwatateam.com) additionally requests drive.readonly and gmail.readonly to enable its bookkeeping automation features. See Section 3b below for full details.

How we use Google sign-in data: The name and email received from Google are used solely to create and manage your Kwata Team account. We do not store your Google password. Your Google credentials are managed entirely by Google.

Revoking access: You can revoke Kwata Team's access to your Google account at any time by visiting myaccount.google.com/permissions. Revoking access will not delete your Kwata Team account — contact us at privacy@kwatateam.com for account deletion.

Google's Privacy Policy: Your use of Google sign-in is also subject to Google's Privacy Policy at policies.google.com/privacy.

3b
Kwata Books — Google Drive & Gmail Integration

Google API Limited Use Compliance Statement

Kwata Books' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Information received from Google APIs is used exclusively to deliver and improve Kwata Books features to you directly. It is never used for serving advertisements, never sold to third parties, and never transferred to third parties except as strictly necessary to operate the Kwata Books service.

Kwata Books (docs.kwatateam.com) is an AI-powered Canadian bookkeeping platform. To automate receipt capture and expense tracking, Kwata Books optionally connects to your Google Drive and Gmail with your explicit consent. This section explains exactly what access is requested, why, and how it is used.

Google Drive Access (drive.readonly)

We request read-only access to your Google Drive solely to scan for uploaded receipts and financial documents you've saved there. We never modify, delete, or upload anything to your Drive.

  • We read receipt files (PDFs, images) you have stored in your Drive to extract transaction data
  • We do NOT access your personal documents, photos, videos, or non-financial files
  • We do NOT modify, delete, move, or create any files in your Drive
  • We do NOT share Drive contents with any third party beyond the Kwata Books AI processing pipeline
  • Drive data is never used for advertising or profiling
  • Access tokens are encrypted at rest using AES-256-GCM and stored only in your Kwata Books account

Gmail Access (gmail.readonly)

We request read-only access to your Gmail solely to detect and import receipts and invoices from emails — for example, e-receipts from vendors, subscription billing notifications, or invoice PDFs.

  • We scan your inbox for emails that appear to be receipts, invoices, or billing notifications
  • We read only the emails we identify as financial documents — we do NOT read personal emails
  • We do NOT send emails, delete emails, modify labels, or change any Gmail settings
  • We do NOT access email attachments that are not financial documents
  • Gmail data is never used for advertising, profiling, or shared with third parties
  • You control which emails are imported — you can review and reject any detected item
  • Gmail access tokens are encrypted at rest using AES-256-GCM and never logged in plaintext

Consent & Connection

Google Drive and Gmail connections are optional and require your explicit consent each time they are connected. You will be presented with a Google OAuth consent screen that clearly lists the scopes being requested before granting access. Kwata Books works without these integrations — they are an optional enhancement for automated receipt capture.

Revoking Access

You can disconnect Kwata Books' access to your Google Drive or Gmail at any time:

  • From within Kwata Books: go to Settings → Integrations and click "Disconnect"
  • Via Google: visit myaccount.google.com/permissions, find Kwata Books, and click "Remove Access"
  • Via privacy@kwatateam.com: email us and we will revoke and delete all stored tokens immediately

Revoking Google access does not delete your Kwata Books account or any financial data already imported. It only stops future automated syncing.

4
Children's Privacy (COPPA Compliant)

Applies to: Buddy Tutor (tutor.kwatateam.com)

Buddy Tutor is designed for children under parental supervision. We comply with the Children's Online Privacy Protection Act (COPPA) and take extra precautions to protect children's privacy.

  • Parental consent is required before any child under 13 uses the platform
  • We collect only first name and age range for child profiles — no personal identifiers
  • No behavioral advertising to children — ever
  • No social features that expose children's data to strangers
  • Children's Google sign-in is handled through parent accounts only
  • Parents can access, correct, or delete all data collected about their child at any time
  • Child data is automatically deleted after 2 years of account inactivity

5
How We Use Your Information

Service Delivery

Providing, maintaining, and improving our applications and AI services.

Account Management

Creating and managing your account, including Google sign-in authentication.

Personalization

Customizing educational content (Buddy Tutor) and AI recommendations to your needs.

Communication

Sending service-related updates, support responses, and appointment confirmations.

Security & Fraud Prevention

Detecting and preventing unauthorized access and abuse of our services.

Legal Compliance

Complying with applicable Canadian laws, PIPEDA, COPPA, and other regulations.

We do not use your data for behavioral advertising, sell your information to third parties, or use it for any purpose beyond what is stated here.

6
Data Protection & Security (PESNO Framework)

All Kwata Team applications are built under our PESNO security framework (Privacy, Ethics & Integrity, Security, Network Isolation, OWASP) — security and privacy by design, not as an afterthought.

Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Canadian Servers: Your data is stored on servers located in Canada (Contabo VPS)
Access Controls: Strict role-based access — minimum necessary access principle
No Third-Party Trackers: We do not use Google Analytics, Facebook Pixel, or similar tracking
Regular Security Audits: CVE monitoring, penetration testing, and security reviews
Network Isolation: Services are isolated — databases are never directly internet-exposed

7
Data Sharing & Third Parties

We do not sell your personal information. Period.

We may share your information only in these limited circumstances:

  • Service Providers: Trusted partners who help deliver our services (hosting, payment processing, email delivery) — bound by confidentiality agreements.
  • Payment Processors: Stripe (for billing) and Flinks (for bank connections in Kwata Books) — each governed by their own privacy policies.
  • Google (OAuth): When you sign in with Google, limited data is exchanged as described in Section 3. We do not share your data back to Google beyond authentication.
  • Legal Requirements: When required by Canadian law, court order, or to protect our rights and the safety of our users.
  • Business Transfers: In the event of a merger or acquisition, with 30 days advance notice to users.

8
Your Rights (PIPEDA)

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable privacy laws, you have the right to:

Access: Request a copy of all personal information we hold about you
Correction: Update or correct any inaccurate information
Deletion: Request deletion of your data (processed within 30 days)
Portability: Receive your data in a machine-readable format
Withdraw Consent: Opt-out of marketing communications at any time
Complaint: Lodge a complaint with the Privacy Commissioner of Canada

9
Data Retention

We retain your data only as long as necessary to provide our services or comply with legal obligations.

  • Active accounts: data retained while the account is active
  • Inactive accounts: automatically deleted after 2 years of inactivity
  • Account deletion requests: personal data deleted within 30 days
  • Financial records: retained for 7 years as required by Canadian tax law (Kwata Books)
  • Chat conversations: retained for 90 days then permanently deleted

10
Cookies & Tracking

We use:

  • Essential Cookies: Required for login sessions and service functionality (no consent needed)
  • Analytics: Only with explicit opt-in consent, using Umami — a privacy-respecting, self-hosted analytics tool
  • No Third-Party Trackers: We do not use Google Analytics, Facebook Pixel, or similar cross-site tracking technologies

11
Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our website at least 30 days before the changes take effect. Continued use of our services after changes constitutes acceptance of the updated policy.

Privacy Questions?

We're committed to transparency. For privacy questions, data access requests, or to exercise your rights, contact us:

Privacy Officer

privacy@kwatateam.com

AI Support

+1 (587) 333-2772

Available 24/7

Address

Calgary, Alberta, Canada

PESNO Commitment: Privacy is the foundation of everything we build at Kwata Team Inc. We believe your data belongs to you, and we are committed to protecting it.

Kwata Assistant

Hello! 👋
My name is Root, customer service agent at Kwata Team. How can I assist you today?