Page cover

KUBER - Privacy Policy

Introduction

Welcome to Kuber. We prioritize your privacy and are dedicated to protecting it. This Privacy Policy explains what data we collect, how we use it, where we store it, how long we retain it, and the rights you have over your data. By using Kuber’s website, mobile and desktop applications, and related services (collectively, the “Service”), you agree to this policy.

Quick highlights

  • Your data is private. We do not sell personal data.

  • Your rights: access, update, delete, restrict processing, object to processing, and request portability of your data.

  • Storage region: India (Google Cloud region asia-south1 — Mumbai).

  • Contact: [email protected] for privacy requests or concerns.

Scope

This policy applies to:

  • Information collected on our website and through our Service.

  • Information collected in email, text, and other electronic communications between you and Kuber.

  • Information processed through any mobile or desktop applications you download from our website.

This policy describes how we collect, use, retain, disclose, transfer, and safeguard information and your choices about that information.

What information we collect

1. Account & identity data

  • Examples: name, email address, profile picture (if provided), authentication identifiers.

  • Why: to create and manage your account and to authenticate you.

2. Planning & financial data (user-provided)

  • Examples: account balances, budgets, financial goals, transactions that you manually enter or import.

  • Why: to provide Kuber services (goal tracking, projections, budgeting, analytics).

3. Imported/Connected data (including Google Sheets)

  • Examples: content of Sheets or other files you explicitly link to Kuber, or data you permit Kuber to access for sync/import/export.

  • Why: to enable import/export and two-way sync per your instructions.

4. Usage & device data

  • Examples: IP address, device and browser type, pages visited, app usage patterns, crash logs, timestamps.

  • Why: to operate, secure, and improve the Service.

5. Cookies & tracking data

  • We use Strictly Necessary, Functional, Performance, and Targeting cookies and similar technologies. See the Cookies section for details.

6. Tokens & credentials

  • OAuth tokens, refresh tokens, and other credentials used to connect third-party services (encrypted in storage).

  • Why: to enable authenticated connectivity and sync features.

Google sign-in & OAuth scopes (explicit)

When you sign in with Google or connect Google services, Kuber may request the following OAuth scopes (we only request the scopes required for the features you explicitly enable):

  • https://www.googleapis.com/auth/script.container.ui Purpose: display and run Kuber web content (sidebars/prompts) inside Google applications to enable embedded UIs and user interactions initiated by you.

  • https://www.googleapis.com/auth/script.external_request Purpose: allow Google Apps Script to make secure outbound requests to Kuber’s backend for user-authorized operations (for example, to fetch or save synced spreadsheet data).

  • https://www.googleapis.com/auth/spreadsheets (SENSITIVE) Purpose: read, create, edit, and delete Google Sheets spreadsheets that you explicitly connect to Kuber for import, export, or synchronization of your planning and financial data.

Important: spreadsheets is a sensitive scope. Kuber accesses Sheets only when you explicitly instruct it to (e.g., “Connect this Google Sheet”, “Import from Sheet”, “Export to Sheet”, or enable two-way sync). Kuber does not scan or access your other Google Drive or Sheets content.

Revoke access: To revoke Kuber’s Google access, go to Google Account → Security → “Third-party apps with account access” → select Kuber → “Remove Access”, or contact [email protected] for help.

How we use your information

We use collected information to:

  • Provide, personalize, and maintain the Service.

  • Authenticate you and manage your account.

  • Enable imports/exports and sync with services you authorize (for example Google Sheets).

  • Send account-related communications (security alerts, billing, transactional emails).

  • Analyze and improve our services, conduct research and analytics.

  • Detect and prevent fraud, abuse, and security incidents.

  • Fulfil legal obligations and respond to lawful requests.

We do not sell or trade your personal data.

Legal bases for processing

Where applicable (for users protected by laws that require a legal basis), we process personal data on one or more of these bases:

  • Consent — when you consent (for optional features, analytics, marketing).

  • Contractual necessity — to provide requested services and perform your contract with us (account creation, paid services, sync).

  • Legal obligation — to comply with laws or respond to legal requests.

  • Legitimate interests — improving services, security, fraud prevention — balanced against user privacy.

Data retention and deletion (industry-standard defaults)

  • Account basic info (email, name): retained while your account is active and for 90 days after deletion for recovery and dispute resolution.

  • Planning and financial data (manual entries, imported transactions, goals): retained while your account is active. After account deletion, retained for up to 7 years if needed for legal, tax, or audit reasons; otherwise, removed according to the deletion timeline.

  • Usage logs & raw diagnostics: raw logs retained for 90 days, then deleted or aggregated/pseudonymized for analytics (aggregated insights may be retained indefinitely).

  • OAuth tokens & credentials: short-lived access tokens are ephemeral. Refresh tokens (if stored) are encrypted and retained only while your account is active. Refresh tokens will be revoked and removed within 30 days after account deletion.

  • Backups: encrypted backups may be retained for up to 1 year for non-financial data. Backups containing financial records may be retained up to 7 years if required for legal compliance. Backups are purged according to these windows.

Deletion process & timeline

To request deletion:

  • Use Settings → Delete account in the app, or

  • Email [email protected] with the subject line “Delete my account”.

After a deletion request:

  1. We will acknowledge the request within 48 hours.

  2. We will remove your personal data from active systems (databases, live caches) within 90 days.

  3. We will revoke OAuth tokens and third-party access as part of deletion (refresh tokens removed within 30 days).

  4. Backups and archived copies will be removed according to the retention schedules above (generally within 1 year for non-financial backups; up to 7 years for financial records when legally required).

If immediate deletion is needed and no legal hold applies, contact [email protected] and we will evaluate acceleration of the deletion process.

Data portability & access

  • Access & update: You can access and update your personal information via account settings.

  • Portability: On request, we will provide a machine-readable export (JSON or CSV) of your personal data and user-provided planning/financial data. To request a data export, contact [email protected]. We aim to fulfill portability requests within a reasonable timeframe consistent with applicable law.

Your other privacy rights

Depending on your jurisdiction, you may have additional rights such as:

  • Request correction of inaccurate personal data.

  • Request restriction of processing.

  • Object to processing for direct marketing or legitimate interests.

  • Lodge a complaint with a supervisory authority.

To exercise any rights, contact [email protected]. We may ask for information to verify your identity before fulfilling requests.

Storage location & transfers

  • Primary storage and processing occur in India (Google Cloud region asia-south1 — Mumbai).

Security measures

We implement industry-standard technical and organizational measures to protect your data, including:

  • TLS encryption for data in transit.

  • Encryption at rest for sensitive data and tokens.

  • Role-based access controls and logged access to production systems.

  • Secure token handling (server-side storage and usage where possible).

  • Regular security reviews, vulnerability testing, and patching.

  • Key rotation and least-privilege access practices.

No system can be 100% secure; however, we continuously improve our security posture.

Cookies & tracking

Kuber uses cookies and similar technologies to operate and improve the Service:

  • Strictly Necessary Cookies: required for core functionality (e.g., session management).

  • Functional Cookies: remember your preferences and settings.

  • Performance Cookies: collect anonymous usage statistics to improve the Service.

  • Targeting Cookies: measure the effectiveness of advertising and tailor marketing content.

You can manage cookie preferences through our Cookie Settings interface. For more detailed information, see our Cookies Policy (link to the cookies/cookie settings page).

Children’s privacy

Kuber is not intended for children under 13. We do not knowingly collect information from children under 13. If we learn that we have collected personal data of a child under 13 without parental consent, we will delete it promptly. If you believe we have collected such data, contact [email protected].

Changes to this policy

We may update this policy occasionally to reflect changes in our practices or legal requirements. We will post the updated policy with a new Effective date. Significant changes will be communicated by email where required. Continued use of the Service after changes indicates acceptance of the revised policy.

For Google OAuth verification reviewers (short summary)

Kuber requests these Google OAuth scopes only with your explicit consent and only for user-initiated actions:

  • https://www.googleapis.com/auth/script.container.ui — to embed Kuber UI inside Google apps for interactive features.

  • https://www.googleapis.com/auth/script.external_request — to allow authorized Apps Script calls between Google and Kuber’s backend.

  • https://www.googleapis.com/auth/spreadsheetssensitive. Used only when a user explicitly connects a Google Sheet to Kuber for import/export or two-way sync. Kuber does not scan or access other user files. OAuth tokens are stored encrypted; token usage is server-side where possible; refresh tokens are revoked and removed on account deletion. The privacy policy is publicly accessible and hosted at the app’s domain (insert URL in OAuth consent screen). For verification we can provide a short demo showing the explicit consent flows, UI where a user chooses which Sheet to connect, and the revocation steps.

Contact us / How to exercise rights

For any privacy questions, to exercise your rights (access, correction, deletion, portability, restrict processing), or to request a list of third-party processors, contact:

Email: [email protected] Subject line suggestion for deletion: “Delete my account”

We will acknowledge requests within 48 hours and respond in accordance with applicable law.

Acknowledgement By using Kuber, you acknowledge that you have read and understood this Privacy Policy.

openkuber

PreviousDisclaimerNextCookies Policy

Last updated

Was this helpful?