"Your jewellery data never reaches our servers. It is encrypted on your device before any backup occurs."
1. Who we are
Karat is a physical jewellery inventory app developed by The Software Factory (thesoftwarefactory.team@gmail.com). We help Indian families track, organise, and protect records of the physical gold and jewellery they already own.
Karat is not a digital gold trading platform, investment service, or financial advisor. We do not buy, sell, or broker any gold transactions.
2. What data we collect
We collect almost nothing. Karat is designed so that your personal inventory data never reaches our servers.
- Jewellery inventory data — item names, weights, purities, purchase prices, photos, bills, pledges, and storage locations — stored exclusively on your device and, if you opt in, your own Google Drive account. We have no access to this data.
- Gold price data — we publish daily gold rate updates to our systems so the app can display live prices. This is one-way: the app reads prices from us, we receive nothing from you.
- Crash reports — if the app crashes, anonymised crash data (device model, OS version, stack trace) may be sent to help us fix bugs. No jewellery data is included in crash reports.
We do not collect names, email addresses, phone numbers, KYC details, financial account information, location data, or behavioural analytics. No account is required to use Karat.
3. How your data is protected
Every piece of data you enter is encrypted on your device before it is written to storage or backed up anywhere.
- Vault encryption: AES-256-GCM. Industry-standard authenticated encryption. Your data is unreadable without the decryption key.
- PIN hashing: PBKDF2-SHA256 with 100,000 iterations. Your PIN is never stored in plain text — not on your device, not anywhere.
- Backup encryption: If you enable Google Drive backup, your data is encrypted by Karat on your device before it is uploaded. Google Drive stores only ciphertext. Google cannot read your jewellery data.
- Keys stay on your device: Your encryption keys are derived from your PIN and stored only on your device. We do not hold, escrow, or have any way to recover your keys.
4. Google Drive backup
Enabling Google Drive backup is optional. When enabled:
- Karat connects to your personal Google account using Google's official OAuth flow.
- We request only the minimum permissions needed to read and write a single backup file in your Drive.
- Your data is encrypted by Karat on your device before it is sent to Google Drive. We never see the plaintext.
- The backup file belongs to your Google account. You can delete it at any time from Google Drive.
- Karat does not share your Google account access or backup data with any third party.
5. Data sharing and third parties
We do not sell your data. We do not share your data. Ever.
We do not use advertising networks, data brokers, or behavioural analytics platforms. We do not share any information about you or your jewellery with any third party, except:
- Google Drive — only if you choose to enable backup, and only ciphertext that neither we nor Google can read.
- Crash reporting services — anonymised technical data only, with no jewellery content.
- Legal obligation — if we are required by law to disclose information, we will comply but will notify you where legally permitted.
6. Data retention and deletion
Because your data lives on your device (and optionally your own Google Drive), you are in full control of it:
- You can delete individual items, documents, or your entire vault from within the app at any time.
- Uninstalling the app removes all locally stored data.
- If you enabled Google Drive backup, you can delete the backup file directly from Google Drive.
- We do not retain copies of your jewellery data on our servers because we never receive it in the first place.
7. Children's privacy
Karat is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through Karat, please contact us and we will take appropriate action.
8. Changes to this policy
We may update this Privacy Policy from time to time. Significant changes will be communicated through an in-app notice. The "Last updated" date at the top of this page reflects when changes were last made. Continued use of Karat after changes take effect constitutes acceptance of the updated policy.
9. Contact
Questions about this Privacy Policy or your data? Write to us at thesoftwarefactory.team@gmail.com. We aim to respond within 5 business days.