k

Khatabook
Pocket cashbook for small businesses

Privacy Policy

Last updated: 2026-05-06

Khatabook ("we", "us") is built and operated by Snakescript. This page explains what data the Khatabook mobile app collects, why, where it is stored, and how you can access or delete it.

1. Local-first by default

The app works fully offline. Every contact, transaction, business name, category, and reminder you enter is stored only on your device, in a private SQLite database the operating system sandboxes for our app. Other apps cannot read it. We cannot read it. It does not leave your phone unless you choose to sign in and sync.

2. What we collect when you sign in

Sign-in is optional. If you tap "Continue with Google", we ask Google for your basic identity using the standard OAuth scopes openid email profile:

• Your Google account ID (an opaque string Google calls sub).
• Your email address.
• Your display name and profile picture URL.

We do not request access to your Gmail, Drive, contacts, calendar, or any other Google service. We do not use your data for advertising or share it with third parties.

3. What syncs to our server

When you tap "Sync now", the app uploads a single JSON snapshot of your ledger (contacts, transactions, business name) to our server, tagged with your Google account ID. We store one such snapshot per user. New syncs overwrite the previous snapshot. We do not retain version history.

The connection is over HTTPS (TLS 1.2 or higher). At rest, the snapshot sits in a PostgreSQL database on a server we control, accessible only to the application process and authenticated server administrators.

4. Data we do not collect

• No analytics, telemetry, ad-tracking, or behavioural events.
• No third-party SDKs that phone home in the background.
• No location data, contacts list, or photos.
• No advertising identifier (AAID/IDFA).

5. Your rights

• Export — from Settings → Export data, you can save your full ledger as a JSON file and share it anywhere.
• Delete locally — Settings → Clear all data wipes every contact and transaction from your phone immediately.
• Delete from cloud — signing out then signing back in with the same account, choosing "Use this device" in any conflict prompt, replaces the cloud copy. To permanently delete your cloud snapshot, email us at snakescripts@gmail.com from the address tied to your Google account and we will remove it within 7 days.
• Uninstall — uninstalling the app removes all local data on the device. Cloud data, if any, persists until you request deletion.

6. Children

Khatabook is not directed at children under 13. We do not knowingly collect personal information from anyone under 13.

7. Changes to this policy

If we materially change how the app handles data, we will update this page and bump the "Last updated" date. We will also note the change in the app's release notes.

8. Contact

Questions or requests: snakescripts@gmail.com.