Privacy Policy

This Privacy Policy explains how Klaro (“we,” “us,” or “our”) collects, uses, stores, and protects information when you use the Klaro iOS application and related backend services (the “Services”). For data-protection inquiries, contact us at [email protected].

By using the Services, you acknowledge that you have read this Privacy Policy. If you do not agree, please stop using the Services.

1. Information we collect

1.1 Information you provide

Category	Examples	Purposes
Account information	Email address	Identification, sign-in, important notices
Credentials	Password (stored only as a one-way hash; we cannot read the plaintext)	Authentication
Portfolio data	Symbols/tickers, position size, cost basis	Generating personalized portfolio reports
Referral & invite codes	Referral or invite codes you provide at registration; referral relationships tied to your account	Access control, referral benefits, and abuse prevention

1.2 Information collected automatically

Category	Examples	Purposes
Push token	Apple Push Notification service (APNs) device token, if you enable notifications	Notifying you when reports are ready or for similar transactional notices
Product analytics	In-app events (for example screen views and key actions), as implemented	Product improvement and experience optimization
Technical logs	Server timestamps, error logs, client IP in ordinary server logs	Reliability, security monitoring, troubleshooting

1.3 What we do not collect for the core product

We do not ask for your legal name, government ID, phone number, address book, photos, precise location, or biometric data for the core Services described here.
We do not integrate third-party advertising SDKs or use advertising identifiers (such as IDFA) for ads.
We do not use your data for third-party ad profiling or behavioral advertising.

2. How we use information

We use the information we collect to:

Provide the Services — including reports and portfolio features powered by automated analysis of public market data and related context together with your portfolio inputs.
Manage accounts — registration, sign-in, password reset, email verification.
Send push notifications — only where you have allowed notifications on your device (for example when a report is ready).
Improve the product — usage statistics and diagnostics to understand feature usage and fix issues.
Keep the Services safe — detect abuse, fraud, or technical problems.
Comply with law — where we are legally required to respond to competent authorities.

3. AI processing

The Services use artificial intelligence to analyze public market data and news together with your portfolio inputs to generate reports. In that process:

Portfolio inputs needed to generate your report may be sent to third-party AI inference services as subprocessors. We aim to transmit the minimum information reasonably necessary for that purpose.
We do not send your email address to those services for report generation.
How each provider treats API data (including whether it may be used to train models) is governed by that provider’s published policies; we select providers and configurations with user privacy in mind.
Generated reports are stored on our systems and linked to your account.

4. Sharing and subprocessors

We share information only as needed to operate the Services, including with:

Recipient type	Role	Typical data involved
AI inference services	Generate report content	Portfolio symbols, sizes, cost basis, and related market/news context as needed for your report
Apple (APNs; App Store / TestFlight)	Push notifications; app distribution	Device push token where you opt in; standard data Apple collects under its policies
Email delivery services	Transactional or verification email	Email address and message metadata needed to deliver mail
Crash and diagnostics services	Crash reporting and stability monitoring	Crash logs, device model, OS version, and diagnostic data needed to identify and fix issues
Subscription management services	In-app purchase and subscription lifecycle	An internal user identifier and purchase/subscription status needed to manage entitlements
Infrastructure and backup providers	Hosting, storage, encrypted backups	Data required to host and restore the Services
Market data providers	Public quotes and related market data	Generally no personal data beyond what is needed to fulfill your requests

We may also disclose information if we reasonably believe it is necessary to: comply with law or legal process; enforce our terms; protect the rights, safety, and property of Klaro, our users, or others; or in connection with a merger, acquisition, or sale of assets, subject to applicable law.

5. Payments

Paid features, if offered, are purchased through Apple In-App Purchase. Apple processes payments under Apple’s terms and privacy policy. We do not receive your full payment card number from Apple for those purchases.

6. Storage, security, and retention

6.1 Storage and security

Your account data is stored on infrastructure we control or contract for.
Passwords are stored using industry-standard one-way hashing.
API traffic uses HTTPS.
Access to non-public data requires authentication (for example JWT-based access with expiry).

No method of transmission or storage is completely secure. We work to protect your information but cannot guarantee absolute security.

6.2 Retention

Account and portfolio data are kept while your account exists.
Reports are kept while your account exists so you can read history in the app.
When you delete your account, we delete data associated with your account (including holdings, reports, and push tokens). That action cannot be undone.
Aggregated or de-identified statistics may be retained after deletion in a form that does not identify you.
Technical logs are generally retained for up to 90 days, unless a longer period is needed for security or legal reasons.

7. International processing

We may process and store information in more than one country, including where our servers or subprocessors are located. Portfolio-related inputs sent for AI inference may be processed outside your country of residence. We take steps designed to protect your information when it is handled across borders.

8. Your choices and rights

Depending on applicable law where you live, you may have rights to access, correct, delete, export, or restrict certain processing of your personal information.

View and edit — portfolio and certain account details in the app.
Delete your account — where the app provides account deletion; this removes associated personal data as described above.
Push notifications — disable at any time in iOS Settings.
Contact us — for privacy questions or requests, email [email protected]. We may need to verify your identity before fulfilling certain requests.

9. Children

The Services are not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe someone under 18 has provided personal information to us, contact us and we will take appropriate steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date on this page. If changes are material, we will provide additional notice when appropriate (for example in the app).

Continued use of the Services after an update means you accept the revised policy.

11. Contact

For questions about this Privacy Policy or your personal information:

Email: [email protected]

We will respond within a reasonable time.