Privacy Policy
How we collect, use and protect your information
GiftKhata is a free, open community project — not a company. No registered entity, no commercial intent, no investors. This policy is written in plain language so you actually understand how your data is handled.
01 Who runs GiftKhata?
GiftKhata is a personal side project maintained by a small group of volunteers. No registered company, no registered address, no legal entity. "We" or "us" means the volunteer contributors.
Questions? Email support@giftkhata.com.
02 What data we collect
From your sign-in provider
We use OAuth 2.0 (Google, Facebook, Apple, LinkedIn). Your provider shares your name, email address, and profile photo. We store only these three fields. We never see or store your password.
Data you enter yourself
Everything you type — gift records, event details, person names — is stored linked to your account. You own this data. We don't read it or use it for any purpose other than showing it back to you.
Basic usage logs
Firebase / Google Cloud automatically logs standard server data: IP address, browser type, timestamps. No additional analytics or session recording.
03 What we do NOT collect
- Passwords (handled by your sign-in provider)
- Payment or financial account information (the app is free)
- Location data / GPS
- Contacts from your phone
- Advertising identifiers or cross-site tracking cookies
04 How we use your data
We use your data for exactly one purpose: to run the app for you.
- Show your gift ledger, events, persons, and family tree
- Sync your data across your devices when you sign in
- Let you export or delete your data on request
We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.
05 Who can see your data
Your data is private to your account. Volunteer maintainers have admin access solely for keeping the service running and responding to support requests.
- Firebase (Google) — authentication and database hosting, subject to their Privacy Policy.
- Your sign-in provider — for authentication only.
We share data with law enforcement only if required by a valid court order.
06 Your rights
- Export your data — Settings → Account → Export (or email us)
- Delete your account — email support@giftkhata.com; deletion within 30 days
- Correct your data — edit in-app or ask us
- Ask what we hold — email us and we'll tell you
Consistent with the Digital Personal Data Protection Act, 2023 (India).
07 Security
Data is encrypted in transit (HTTPS/TLS) and at rest on Firebase. Authentication is handled by your OAuth provider — we never handle passwords directly.
No internet service is 100% secure. Please don't store critically sensitive information (financial account numbers, government IDs) in the notes fields.
08 Children
GiftKhata is intended for adults (18+). We don't knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account promptly.
09 Cookies
We use only essential session cookies set by Firebase for keeping you signed in. No advertising cookies, no third-party tracking pixels.
10 Changes
Material changes will update the "Last updated" date at the top of this page and, where possible, trigger an in-app notification.
11 Contact
For privacy questions or data deletion requests, email support@giftkhata.com. We respond within a week.