Privacy Policy

Last Updated: May 19, 2026

KLARO Solutions, Inc. ("KLARO," "Company," "we," "us," or "our") is committed to protecting your privacy and handling your personal and business data with transparency and care. This Privacy Policy explains what information we collect, how we use and store it, with whom we share it, and what rights you have over your data when you use the KLARO platform (the "Service").

This Policy is issued in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR), and applies to all users who access or use the Service.

1. Information We Collect

We collect the following categories of information in the course of operating the Service, including data points manually entered, uploaded, or ingested through OCR and related processing workflows:

a. Personal Account Data

  • First name and last name
  • Username (unique identifier chosen at registration)
  • Email address (stored in lowercase)
  • Password (stored as a cryptographic hash — never in plain text)
  • Unique user code (system-generated UUID)
  • Account creation date and last login timestamp
  • Role within your enterprise (Owner, Admin, or Staff)
  • If registered via Google Workspace OAuth: name, email address, and email verification status as provided by Google

b. Enterprise Information

  • Enterprise name and description
  • Enterprise location details (for example region, area, locality/city or municipality, and barangay)
  • Date of business establishment and date joined KLARO
  • Configured operational parameters (e.g., fixed expenses, lead times, review periods, inventory settings)
  • Enterprise members or team members: names, usernames, email addresses, and assigned roles

c. Product and Supply Catalogue

  • Product names, categories, SKUs, unit selling prices, and product descriptions
  • Supply/ingredient names, units of measurement, unit costs, and pack sizes
  • Bill of materials: recipe components mapping products to their required supplies and quantities

d. Supplier Information

  • Supplier name and type of supply provided
  • Contact person name, contact number, and email address
  • Supplier address and payment terms
  • Lead times and other supplier metadata

e. Sales and Logbook Data

  • Uploaded images of sales records (tally sheets, handwritten logbooks, screenshots, and point-of-sale outputs)
  • Extracted sales entries: product name, quantity sold, unit price at time of entry, and total sale value
  • Payment method summaries (e.g., cash, card, online payment)
  • Log dates, log titles, and user notes associated with each entry
  • Confidence scores and extraction metadata generated during AI processing

f. Inventory Data

  • Uploaded images of vendor receipts and stock intake records
  • Extracted inventory inflow records: supply name, quantity received, unit cost, and total cost
  • Calculated supply usage and end-of-day inventory balances
  • Inventory action board parameters, stock-on-hand figures, and other on-hand inventory balances

g. Fixed Expense Records

  • Expense category names and amounts (in Philippine Peso)
  • Timestamps of each expense entry

h. Subscription and Usage Data

  • Subscription plan tier (Trial, Starter, Pro, or Enterprise)
  • Subscription status, billing cycle, start and end dates
  • Monthly OCR scan usage count and applicable scan limit

i. Technical and Session Data

  • IP address
  • Browser type, device type, and operating system
  • Session cookie (expires after 1 hour of inactivity, or 30 days if "Remember Me" is selected)
  • CSRF token (required for secure form submission)

j. Lead and Contact Form Data

  • Name, email address, business type, and message body submitted via contact or waitlist forms

2. How We Use Your Information

We use the information we collect strictly to operate and improve the Service. Specific purposes include:

  • Creating and managing your account and enterprise profile
  • Processing uploaded images through AI-assisted OCR to extract sales and inventory data
  • Populating your dashboard, analytics, and inventory management outputs
  • Calculating inventory levels, supply usage, cost of goods, and business performance metrics
  • Managing subscription plans and enforcing usage limits
  • Ensuring platform security, detecting fraud, and enforcing our Terms and Conditions
  • Responding to support inquiries and communicating platform updates or service notices
  • Complying with applicable legal and regulatory obligations

We do not sell your personal data. We do not use your data for advertising or marketing to third parties.

3. Data Processing via Third-Party Service Providers

Certain features of the Service require transmitting your data to trusted third-party service providers. By using the Service, you consent to this processing as described below.

a. AI-Assisted Image Processing
When you upload images to the scanning feature, those images are transmitted to third-party AI service providers for optical character recognition (OCR) and data extraction. These providers receive your image files and, in some cases, your enterprise’s product and supply masterlist to improve extraction accuracy. These providers operate under data processing agreements with KLARO and are contractually prohibited from retaining, using, or disclosing your data for any purpose other than performing the contracted service. They are not authorized to use your data to train AI models or for any commercial purpose of their own.

b. Authentication via Google Workspace
If you choose to register or log in using Google Workspace OAuth, you will be redirected to Google’s authentication service. KLARO requests only your basic profile information (name, email address, and email verification status). KLARO does not request access to your Google Drive, Calendar, Contacts, or any other Google services. Google’s processing of your data during this flow is governed by Google’s Privacy Policy.

c. Cloud Infrastructure
The Service is hosted on third-party cloud infrastructure. Your data, including uploaded images and extracted records, is stored on servers managed by our cloud provider, which operates under a data processing agreement with KLARO.

d. Internal Notification Services
Submissions made through the contact and waitlist forms (name, email, and message) are forwarded to an internal notification channel for review by our team. This data is also stored in the KLARO database for business record purposes.

4. Legal Basis for Processing

We process your personal data on the following lawful bases under RA 10173:

  • Consent: You provide explicit consent at registration by accepting these policies
  • Contractual necessity: Processing is required to provide the Service you have signed up for
  • Legal obligation: We process data where required by Philippine law or regulatory authorities
  • Legitimate interests: We process data to maintain platform security, prevent fraud, and improve the Service, provided these interests do not override your fundamental rights

5. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise transfer your personal or business data to third parties for commercial gain. We may share your data only in the following limited circumstances:

  • Within your enterprise: Members of your enterprise can access shared enterprise data (catalogues, logbooks, inventory) according to their assigned role
  • Third-party service providers: As described in Section 3, limited data is shared with AI processing providers, cloud infrastructure providers, and authentication services under strict contractual data protection obligations
  • Legal requirements: We may disclose your data to government authorities, law enforcement agencies, or courts when required to comply with applicable law, a valid legal process, or to protect the rights, property, or safety of KLARO, our users, or the public
  • Business transfers: In the event of a merger, acquisition, or sale of all or substantially all assets, user data may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service prior to such transfer

6. Data Retention

We retain your data for as long as:

  • Your account remains active on the platform
  • Required to fulfill the purposes described in this Policy
  • Required by applicable law or regulatory obligation

Temporary image files created during AI processing are automatically deleted from our servers immediately after extraction is complete. Original uploaded images are retained as part of your account records until your account is deleted.

Upon account deletion, all personal and enterprise data associated with your account is permanently and irreversibly removed from the platform, including uploaded images, extracted records, catalogues, and all related data. Contact and waitlist form submissions are retained separately as business records.

7. Data Security

We implement reasonable and appropriate technical and organizational security measures to protect your data, including:

  • Encrypted transmission of data over HTTPS (TLS)
  • Cryptographic hashing of passwords (PBKDF2 with SHA-256)
  • HTTPOnly session cookies to prevent client-side script access
  • Cross-site request forgery (CSRF) protection on all form submissions
  • Rate limiting on all public-facing endpoints to mitigate abuse
  • Role-based access controls limiting data visibility within enterprises

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. Use of the Service is at your own risk. If you believe your account has been compromised, contact us immediately at info@meetklaro.com.

8. Cookies and Session Management

KLARO uses the following browser cookies:

  • Session cookie: Maintains your authenticated session. Expires after 1 hour of inactivity by default. If you select "Remember Me" at login, the session persists for 30 days. This cookie is HTTPOnly and cannot be accessed by JavaScript.
  • CSRF token cookie: Required to secure all form submissions and prevent cross-site request forgery attacks.

KLARO does not use third-party advertising cookies, tracking pixels, or behavioral analytics cookies. You may disable cookies in your browser settings, but doing so will prevent you from logging in or using the Service.

9. Your Rights as a Data Subject

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights:

  • Right to be Informed: To be notified of how your data is collected, used, and stored
  • Right to Access: To request a copy of the personal data we hold about you
  • Right to Rectification: To request correction of inaccurate or incomplete personal data
  • Right to Erasure or Blocking: To request deletion or blocking of your personal data under certain conditions
  • Right to Object: To object to the processing of your personal data on legitimate grounds
  • Right to Data Portability: To receive your personal data in a structured, commonly used format
  • Right to Damages: To be indemnified for any damages sustained due to inaccurate, incomplete, outdated, or unlawfully obtained personal data
  • Right to File a Complaint: To lodge a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph if you believe your rights under RA 10173 have been violated

To exercise any of these rights, contact us at info@meetklaro.com. We will respond within a reasonable time and in accordance with the requirements of RA 10173.

10. Third-Party Links

The Service may contain links to third-party websites or tools. KLARO is not responsible for the privacy practices, content, or data handling of any third-party sites. We encourage you to review the privacy policies of any external services you access.

11. Children’s Privacy

KLARO is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from minors. If we become aware that a minor has created an account without parental consent, we will take steps to delete the account and associated data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When material changes are made, we will notify you through the Service or via your registered email address prior to the changes taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop using the Service.

13. Contact and Data Privacy Inquiries

For all privacy-related inquiries, data subject requests, or concerns regarding this Policy:

Business Name: KLARO Solutions, Inc.
Business Address: 50 Esteban Abada St., Loyola Heights, Quezon City, Metro Manila, Philippines 1108
Email: info@meetklaro.com

You also have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your privacy rights have been violated: www.privacy.gov.ph