Kivo Money - Smart Portfolio Tracking

Last Updated: January 15, 2026

1. Introduction

Welcome to Kivo Money ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our portfolio tracking service.

2. Information We Collect

2.1 Information You Provide

Google Account Information: When you sign in with Google, we receive your email address, name, and profile picture.
PAN Number: You provide your Permanent Account Number (PAN) to help us identify relevant CAS statements.
PDF Password: The password for your CAS PDF files (processed in memory only, never stored).

2.2 Information from Gmail

CAS Email Access: We access emails from NSDL (nsdlcas@nsdl.co.in) containing your Consolidated Account Statement (CAS).
PDF Attachments: We download CAS PDF attachments to extract your portfolio data.
What We DON'T Access: We do not read, store, or access any of your personal emails, contacts, or other Gmail content beyond CAS emails from NSDL.

2.3 Automatically Collected Information

Usage Data: We collect information about how you interact with our service (e.g., sync frequency, features used).
Technical Data: IP address, browser type, device information, and access times for security and debugging purposes.

3. How We Use Your Information

We use your information solely for the following purposes:

Portfolio Tracking: To extract, parse, and display your investment portfolio from CAS statements.
Authentication: To verify your identity and manage your account.
Service Improvement: To analyze usage patterns and improve our service.
Security: To detect and prevent fraud, abuse, and security incidents.
Legal Compliance: To comply with applicable laws and regulations.

We will NEVER:

Sell your personal information to third parties
Share your portfolio data with advertisers
Use your data for purposes unrelated to portfolio tracking
Read your personal emails or contacts

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely in Google Cloud Firestore, a GDPR-compliant database service. Data is stored in the Asia-South1 region (Mumbai, India).

4.2 Security Measures

Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest.
Access Control: You can only access your own portfolio data. User isolation is enforced at the database level.
Authentication: Secure OAuth 2.0 authentication via Google.
Rate Limiting: Protection against abuse and unauthorized access attempts.
Regular Audits: We regularly review our security practices and update them as needed.

4.3 Data Retention

We retain your portfolio data for as long as your account is active. If you delete your account, all associated data will be permanently deleted within 30 days.

5. Third-Party Services

We use the following third-party services:

Google OAuth & Gmail API: For authentication and accessing CAS emails. Governed by Google's Privacy Policy.
Google Cloud Platform (Firestore): For data storage. Governed by Google Cloud Privacy Notice.
Vercel: For hosting our frontend application. Governed by Vercel's Privacy Policy.

6. Your Rights

You have the following rights regarding your personal data:

Access: You can view all your portfolio data within the application.
Correction: You can update your data by re-syncing your portfolio.
Deletion: You can delete your account and all associated data at any time.
Data Portability: You can export your portfolio data (contact us for assistance).
Revoke Access: You can revoke our access to your Gmail at any time through your Google Account settings.
Complaint: You have the right to lodge a complaint with a data protection authority.

7. Gmail API Disclosure

Gmail API Scopes Usage

Kivo Money's use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope Requested: https://www.googleapis.com/auth/gmail.readonly

Purpose: We use this scope exclusively to:

Search for emails from NSDL (nsdlcas@nsdl.co.in)
Download CAS PDF attachments from these emails
Extract your investment portfolio data from these PDFs

Limitations: We do NOT access, read, store, or process any other emails, contacts, or Gmail data.

8. Cookies and Tracking

We use essential cookies for authentication (NextAuth session cookies). These are necessary for the service to function and cannot be disabled. We do not use advertising or tracking cookies.

9. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@kivomoney.com

Response Time: We aim to respond within 48 hours

← Back to Dashboard