Kelaro

Privacy Policy

Last Updated: January 2026


1. Introduction

Welcome to Kelaro ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.


2. Important Information and Who We Are

Kelaro is the controller and responsible for your personal data. If you have any questions about this privacy policy, please contact us at support@kelaro.io.


3. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data: includes first name, last name, username or similar identifier.
  • Contact Data: includes email address.
  • Transaction Data: includes details about payments to and from you and other details of products you have purchased from us.
  • Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform on the devices you use to access this website.
  • Usage Data: includes information about how you use our website and service, such as the number of conversions performed.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Specific Note on PDF Processing

When you upload PDF bank statements to Kelaro, they are processed 100% locally in your browser. Your bank statements never leave your device and are not sent to our servers. We do not have access to, store, or retain any content from your bank statements. The only information we record is metadata for billing purposes (number of conversions, timestamps).


5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it:

  • Account Data: Retained until you delete your account or request deletion.
  • Transaction Records: Retained for 7 years as required by Portuguese tax law for commercial records.
  • Technical Logs: Retained for up to 90 days for security and debugging purposes.
  • Bank Statement Content: Never stored — processed locally in your browser only.

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and core functionality. These cannot be disabled.
  • Preference Cookies: Store your language preference and display settings.
  • Analytics Cookies: Help us understand how visitors interact with our website. These are only set with your consent.

You can manage your cookie preferences at any time via our cookie banner or browser settings.


7. Disclosures of Your Personal Data

We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above.

  • Service Providers: acting as processors who provide IT and system administration services (e.g., Vercel for hosting, Supabase for authentication and database).
  • Payment Processors: We use Stripe to process payments. We do not store your credit card details. Stripe's privacy policy can be found at stripe.com/privacy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We have Data Processing Agreements in place with our key service providers.


8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.


9. Your Legal Rights

Under data protection laws, you have the following rights:

  • Right to Access: Request copies of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request temporary halt to processing.
  • Right to Data Portability: Request transfer of your data to another party.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

If you wish to exercise any of the rights set out above, please contact us at support@kelaro.io.


10. Right to Lodge a Complaint

You have the right to make a complaint at any time to the Portuguese Data Protection Authority (CNPD - Comissão Nacional de Proteção de Dados) at cnpd.pt. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD, so please contact us first.


11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. This policy was last updated on the date shown at the top of this page.