Bhabhar Khata always places the highest priority on safeguarding users' privacy. Our Bhabhar Khata application (hereinafter referred to as "this application" or "Bhabhar Khata") provides professional and comprehensive accounting services, aiming to assist you in efficiently managing your personal finances.
To avoid leakage and misuse of this information, We will transfer user data to the following address: https://qk.cyperyprivate.com
Before you start using Bhabhar Khata services, please read this privacy policy carefully. It explains the information we collect, how we use it, and the measures we take to protect your privacy. We are committed to handling your personal information strictly in accordance with this policy and may update it periodically to adapt to business developments and legal requirements. Continuing to use Bhabhar Khata products or services indicates your acceptance of the updated privacy policy.
To provide you with superior accounting experience and ensure smooth service operation, we collect the following types of information with your explicit consent when you use Bhabhar Khata. Refusal to provide certain information may affect the functionality of some features.
Primarily used for:
Account Security: Providing instant alerts via phone for abnormal login attempts (e.g., from new devices or remote IPs), enabling you to swiftly address potential risks.
Emergency Contact: Ensuring you receive critical notifications like bill reminders or service disruption notices when email systems are unavailable.
Primarily used for:
Account Management: Receiving verification codes, service notifications (e.g., updates, feature releases), and financial reports.
User Communication: Periodically offering personalized financial advice and usage tips to enhance your accounting experience.
Used for setting or updating your profile avatar, or uploading accounting receipts, bills, etc. Permissions are activated only when you actively choose to capture or select an image, and do not access other unrelated photos or videos on your device.
We may collect basic information (name and phone number) of an emergency contact you provide. This information is used to offer assistance during account anomalies or verification issues.
User ID: Used to identify your account, linking it to your activity history and transaction records.
Device ID: Enables data synchronization across multiple devices and helps detect abnormal login attempts, enhancing account security.
Advertising ID: Used to deliver personalized offers or service recommendations. You can turn off or reset this ID in your device settings at any time.
We collect city-level location data (via network or GPS) for:
Expense Tagging: Automatically adding location context to transactions (e.g., "Dining in Manila"), improving the accuracy of financial records.
Service Optimization: Analyzing regional user habits to provide localized features (e.g., currency conversion tips for travelers).
We collect crash reports, error logs, and performance data (e.g., startup duration) generated during app operation to:
Quickly diagnose and resolve technical issues, enhancing app stability. Analyze abnormal usage scenarios, improving the product user experience.
Note: This data does not contain personal identifying information and is used solely for technical improvement.
With your separate authorization, we collect a list of installed applications on your device to:
Detect potential security threats (e.g., malware or apps conflicting with financial services). Optimize app compatibility (e.g., identifying commonly used tools for better data synchronization).
Note: We only obtain the list of app names, not their content.
We request permission to access your call logs (CallLog) for specific and limited purposes only:
Account Verification: When registering and needing to verify your mobile phone number, we will conduct account verification via phone. After inputting your number, the app will request permission to read call logs to initiate a call disconnection process from a third-party service. Once the call is disconnected, a response will be triggered on your device, and the permission will be automatically revoked through this process to finalize the verification.
Permission Limitation: It is important to note that without your additional consent, call logs will never be used for any other purposes unrelated to this verification process.
We collect device details including storage status, battery information, Bluetooth information, hardware information, memory information, network status information, and sensor information, for:
App Adaptability: Ensuring compatibility and smooth operation across different device models and OS versions.
Performance Optimization: Diagnosing and resolving performance issues during app operation, enhancing stability and responsiveness.
Diagnostic Analysis: Used for troubleshooting and continuous improvement of the user experience.
By integrating multi-dimensional information like phone numbers, email addresses, and User ID/Device ID, we establish a robust identity verification system. For example, password resets require verification via email or phone OTP, combined with Device ID matching, to ensure requests originate from legitimate users and safeguard account and financial information.
We use email addresses and phone numbers to send personalized content:
Feature Guidance: When new features are launched, operational guides are sent via email.
Subscription Management: Reminders for premium service (e.g., professional financial reports) renewal deadlines are sent.
Security Notifications: In case of account anomalies, instant notifications via phone or SMS are sent, assisting with account freezing or password changes.
We regularly analyze user financial data, usage behavior (e.g., feature click rates, operation durations), crash logs, and device information to identify and address service pain points. For instance:
If users frequently make errors in a specific function, we simplify its workflow and add automatic validation prompts. Based on frequently used income/expense categories, we optimize default classification options to reduce manual input.
Through continuous data analysis and user feedback, we iteratively enhance product functionality and usability.
We employ industry-leading AES-256 encryption algorithms for double-encryption of data during transmission (e.g., accounting records submitted over the network) and storage (e.g., account passwords, transaction details). This ensures that even if data is intercepted, attackers cannot decrypt it.
Physical Security: Your information is stored in ISO 27001-certified data centers with strict access controls, firewalls, and intrusion detection systems.
Permission Management: Only authorized personnel can access user data, requiring multi-factor authentication (e.g., fingerprint + password) for login. Employee actions on data are real-time audited and recorded.
We commission independent third-party security agencies to conduct quarterly penetration testing and vulnerability scanning, promptly identifying and fixing potential risks. Our internal security team daily monitors server logs, triggering early warnings for abnormal access behaviors, ensuring rapid response to security incidents.
During Service Use: We retain necessary account and accounting data to support your real-time access to historical records and financial report generation.
After Service Termination:
Legal Compliance: Some financial records (e.g., transaction vouchers) are legally required to be retained for at least 5 years to address potential tax audits or legal disputes.
Dispute Resolution: If you request data access after account closure, upon identity verification, we will provide historical data review services for a reasonable period.
If you decide to stop using Bhabhar Khata and delete personal information, you may do so via the following channels:
Email Request: Send an email to info@cyperyprivate.com with the subject "Personal Information Deletion Request," including your registered email, account nickname, and reason for deletion. We will complete review within 5 business days and notify you of the result via email.
Automatic Deletion: If you remain inactive for 12 consecutive months, we will send an email reminder about account deactivation. If no response is received within 30 days, your account data will be automatically deleted to protect your privacy.
In some scenarios, we share information with trusted third-party partners, strictly limited to the minimum scope necessary for service improvement:
Data Analysis: Collaborating with professional data agencies to analyze anonymized user behavior (e.g., feature heatmaps) for interface and function optimization. Sensitive information (e.g., phone numbers, emails) is hashed to prevent personal association.
Technical Support: When third parties provide server maintenance or SMS delivery services, we sign strict confidentiality agreements, requiring them to process data only as instructed and prohibiting secondary use.
If legally required to disclose personal information by valid legal documents (e.g., court summons, government investigation orders), we will verify the documents and provide relevant information as required, notifying you in advance where legally permitted.
For any questions, suggestions, or complaints about this privacy policy, please contact us via:
Customer Service Email: info@cyperyprivate.com
Response Time: We commit to replying in detail within 10 business days. If further verification is needed, we will inform you of progress in advance.