Legal
Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Navio Labs Pvt. Ltd. (“we”, “us”, or “our”), the operator of the Kleo app and website (the “Service”), collects, uses, shares, and protects your information. Kleo is a personal-finance app that gives you one clear view of your money. Because that means handling sensitive financial data, we keep our practices deliberately simple: your financial data is yours, we use it only to provide the Service to you, and we do not sell it.
1. Information we collect
Information you provide
- Account details — your phone number (used to sign in) and any profile information you choose to add.
- Financial information you upload or enter — transactions, balances, and holdings that you provide by uploading statements or reports (PDF or CSV) from your banks, cards, and brokers, or by entering them manually. This can include investments (mutual funds, ETFs, stocks) and insurance policies and their renewal dates. Kleo does not establish live connections to your financial institutions; it works from the documents and data you give it.
- AI provider API keys — if you enable AI features, the Claude or OpenAI API key you supply. This key is stored securely and synced to your account so your settings follow you across devices.
- Communications — information you send us when you contact support or report an issue.
Information collected automatically
- Device and usage information — such as device type, operating system, app version, and basic interaction and diagnostic data used to keep the Service running and to fix problems.
2. How we use your information
We use your information to:
- Provide, maintain, and secure the Service;
- Aggregate and categorise your transactions and calculate figures such as spending breakdowns and net worth;
- Sync your data and settings across your devices under your account;
- Respond to your support requests and communicate with you;
- Detect, prevent, and address fraud, abuse, security, and technical issues; and
- Comply with legal obligations.
We do not use your financial data for advertising, and we do not sell your personal information.
3. AI processing
When you enable AI categorisation and provide your own AI provider API key, relevant data — such as transaction descriptions — may be sent to the AI provider you selected (for example, Anthropic or OpenAI) using your key, so it can be categorised. That processing is subject to the provider’s own terms and privacy policy. If you do not want data sent to an AI provider, do not enable AI features or do not add an API key. Categorisation that can be handled by local rules on your device does not require an AI provider.
4. How we share information
We do not sell your personal information. We share it only in these limited circumstances:
- Service providers. With vendors who help us operate the Service — such as cloud hosting and infrastructure providers — who process data on our behalf under confidentiality obligations.
- AI provider you choose. If you enable AI features, with the AI provider (such as Anthropic or OpenAI) whose API key you add, in order to categorise the data you asked it to process.
- Legal and safety. When required by law, regulation, legal process, or to protect the rights, property, or safety of you, us, or others.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
5. Data security
We use reasonable technical and organisational measures — including encryption in transit and access controls — designed to protect your information. Your AI provider API key is stored securely. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your device and account credentials safe.
6. Data retention
We retain your information for as long as your account is active or as needed to provide the Service, and thereafter only as required to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where retention is required by law.
7. Your rights and choices
Subject to applicable law, you can:
- Access and review the data in your account;
- Correct inaccurate information, including transaction categories;
- Delete data you have uploaded or remove your AI provider key at any time;
- Delete your account and associated data; and
- Contact us to exercise any privacy rights available to you under applicable law.
To make any of these requests, use the in-app controls or email us at abhay@naviolabs.co.
8. Data deletion
You can request deletion of your account and data at any time from within the app or by emailing abhay@naviolabs.co. Once processed, your personal and financial data will be removed from our active systems, except for anything we are legally required to keep.
9. Children’s privacy
The Service is not intended for anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
10. International data transfers
Your information may be processed and stored on servers located in India or other countries where we or our service providers operate. Where data is transferred across borders, we take steps consistent with applicable law to protect it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
12. Contact us
For any questions, concerns, or requests about this Policy or your data, contact Navio Labs at abhay@naviolabs.co. We take privacy issues seriously and will respond as promptly as we reasonably can.