Kataho Privacy Policy

Effective Date: September 9, 2024

At Addressgraph Nepal Pvt Ltd (“Kataho”, “we”, “us”, or “our”), located at Neel Saraswati Marg -699, Lazimpat, Kathmandu, Nepal (Kataho Address Code: 09 Laksha Niwas 0222, 09 लक्ष्मा निवास 0222), we prioritize your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Kataho Digital Address System, including our mobile application (“App”), website (kataho.app), and related services (collectively, “Services”). Our Services enable you to create a digital address, generate home number plates, verify identity with banks, and share limited data in emergencies, all with your control.

We are committed to transparency and compliance with data protection laws, including Nepal’s Individual Privacy Act 2018, the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Brazil’s General Data Protection Law (LGPD), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and others. This policy applies to all users of our Services (“you”).

Illustration of a mobile phone with digital address system icons and a lock symbol representing privacy and security

Our Promise

  • We collect only essential data: Phone Number and Email ID for account creation, plus optional Location Data with your consent.
  • We never track your live location or access it without permission.
  • KID and Kataho Codes are anonymized, ensuring no personal data is embedded.
  • Data sharing (e.g., with banks or in emergencies) happens only with your explicit consent.
  • We do not sell your data or use it for marketing.
  • You have full control through rights like access, correction, and deletion.

Questions or concerns? Contact us at privacy@kataho.app or +977-9851076298.


1. Data We Collect and How We Use It?

We collect minimal data to provide the Kataho Digital Address System. Below, we detail what we collect, why, and how it’s used, along with our legal basis for processing.

A. Account Creation and Verification

Data Collected Purpose Contract Consent
Phone Number and Email ID, verified to confirm your identity.
  • To set up and manage your Kataho account.
  • To authenticate you during login.
  • To generate digital addresses and home number plates.
  • To send notifications, updates, or support responses.
Necessary to deliver the Services you’ve requested (Nepal Privacy Act S. 13, GDPR Art. 6(1)(b)). Where you explicitly provide this data (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

B. Optional Location Data

Data Collected Purpose Consent

Location Data: Precise location (e.g., address, coordinates) you manually provide.

Notes: We do not track live locations or access them automatically. Location Data requires your explicit permission.

  • To create accurate digital addresses and home number plates.
  • To enable emergency sharing (with consent, see Section 1D).
Collected and processed only with your clear agreement, revocable anytime (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a))
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

C. Bank KYC Verification

Data Collected/ Shared Purpose Contract Consent
Boolean Data: KID or Kataho Code and Phone Number (not full personal details).
  • To verify your location matches bank Know-Your-Customer (KYC) records, enhancing trust in your digital address.
Necessary for bank-related Services (Nepal Privacy Act S. 13, GDPR Art. 6(1)(b)). Shared only with your explicit permission (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

D. Emergency Sharing

Data Collected/ Shared Purpose Consent
Location Data and Phone Number.

Notes: Shared only in emergencies, with your strong, case-by case consent.

  • To share with government authorities(e.g., Nepal Police) and up to two relatives your designate, ensuring your safely.
Requires your explicit approval per instance (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

E. Doorbell QR Code Scans

Data Displayed Purpose Legitimate Interest

Initial letter of your name followed by asterisks (eg. “P******”).

Notes: No personal data is collected or shared during scans.

  • To verify the plate’s validity while protecting your identity.
Ensures security and anonymity (Nepal Privacy Act S. 13, GDPR Art. 6(1)(f)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

F. Chat Feature

Data Collected Purpose Contract Consent

Chat Content: Messages linked to your Phone Number or Email ID.

Notes: Chats auto terminate after 2 minutes to minimize retention.

  • To provide real-time support or communication.
Necessary for service delivery(Nepal Privacy Act S. 13, GDPR Art. 6(1)(b)). Where you initiate chats (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

G. Photo Tagging

Data Collected Purpose Consent

Photo Metadata: Tags you approve(e.g., location, name).

Notes: Tagging requires your explicit consent per photo.

  • To enable sharing of tagged photos with your chosen recipients.
Processed only with your clear approval (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

H. KID and Kataho Codes

Data Collected Purpose Legal Basis

KID and Kataho Codes, created algorithmically.

Notes: These codes are anonymized, contain no personal data, and cannot be linked to you

  • To uniquely identify accounts or digital addresses without storing personal data.
Not applicable, as no personal data is involved.
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

I. Technical Data

Data Collected Purpose Legitimate Interest

Device Information (e.g., device type, operating system).

IP Address (in logs, not linked to your account).

  • To optimize the App for your device.
  • To ensure security and troubleshoot issues.
To provide a secure, functional service (Nepal Privacy Act S. 13, GDPR Art. 6(1)(f)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

J. Map Layers

Data Used Purpose Contract Consent

Co-ordinates displayed via OpensStreetMap, Galli Maps, or Google Maps.

Notes: No personal data is shared with these providers. Accuracy may vary across providers.

  • To show your digital address or saved locations accurately.
Necessary for address generation (Nepal Privacy Act S. 13, GDPR Art. 6(1)(b)). Where location data is provided (Nepal Privacy Act S. 14, GDPR Art. 6(1)(a)).
Illustration showing phone number and email ID verification process with connected devices
Illustration of a mobile phone with login dots representing setup and management of Kataho account

Key Notes:


  • We do not engage in live tracking or automatic location access.
  • We avoid marketing, profiling, or automated decision-making.
  • Usage data is analyzed only in anonymized, aggregated form to enhance our Services.

2. How We Share Your Data

  • We do not sell your data or share it for marketing purposes. Sharing occurs only as follows:

● With Your Consent


  • Boolean Data (KID/Kataho Code, Phone Number) with banks for KYC verification.
  • Location Data and Phone Number with government authorities and up to two relatives in emergencies.
  • Tagged photos with recipients you specify.

● Service Providers


  • Trusted Providers support our operations (e.g., data storage, notifications). Examples include:
  • [Insert Provider, e.g., AWS] for secure storage.
  • [Insert Provider, e.g., SendGrind] for email delivery.
  • Providers sign Data Processing Agreements( DPAs) to protect your data and comply with laws.

● Map Providers


  • OpenStreetMap, Galli Maps, and Google Maps receive only coordinates for display, not personal data.

● Legal Obligations


  • We may share data if required by law (e.g., Nepal Privacy Act S. 17, court orders) or to protect Kataho, users, or the public.

● Business Transfers


  • n case of a sale or merger, your data may be transferred. We’ll notify you in advance.

3. Where We Store and Transfer Your Data

  • Your data is stored securely on servers in [Insert Region, e.g., Nepal or AWS Asia-Pacific]. If you are outside this region, data maybe transferred internationally. We ensure compliance with:

  • Nepal Privacy Act: Local transfer restrictions (S. 15).
  • GDRP: Standard Contractual Clauses (SCCs) or adequacy decisions for EU data outside the EEA.
  • LGPD: Brazil’s international transfer rules.
  • PIPEDA: Equivalent protection for Canadian data.

  • We safeguard your data globally, no matter where it’s processed.

4. Data Security

  • We implement robust measures to protect your data from unauthorized access, loss, or misuse:

  • Encryption: Data is secured in transit (TLS) and at rest (AES-256).
  • Access Control: Only authorized staff access data, on a need-to-know basis.
  • Firewalls: Systems are protected against intrusions.
  • Chat Termination: Chats end after 2 minutes, minimizing exposure.
  • QR Anomity: Scans reveal only “S***” or similar, hiding your identity.
  • Audits: Regular security reviews to address risks

  • While no system is infallible, we strive to reduce risks. In case of a breach, we’ll notify you as required (e.g., Nepal Privacy Act S. 16, GDPR Art. 34).

5. Data Retention

  • We Keep your data only as long as necessary

  • Active Accounts: Phone Number, Email ID, and Location Data are retained until you delete your account.
  • Deletion Requests: Data is erased within 30 days of your request.
  • Inactive Accounts: Deleted after 2 years of inactivity, unless legally required (e.g., Nepal law).
  • Chats: Terminated after 2 minutes, with logs deleted within 30 days.
  • Emergency Shares: Location data is not stored post-sharing.
  • Photo Tags: Removed when you revoke consent or delete the photo.

  • We review retention to comply with Nepal Privacy Act 5.14, GDPR Art. 5, LGPD Art. 6, and PPEDA.

6. Your Rights

  • You have full control over your data. Your rights include:

  • Access: View your data (e.g., Phone Number, Location).
  • Rectification: Correct Inaccuracies via App settings or support.
  • Erasure: Delete your data (Nepal Privacy Act 5.12, GDPR Art. 17).
  • Restriction: Limit processing in certain cases.
  • Portability: Receive data in a structured format.
  • Objection: Challenge legitimate interest processing (e.g., technical data).
  • Withdraw Consent: Stop processing for Location, KYC, emergencies, or photos anytime.
  • Opt-Out of Sale: Under CCPA, opt-out of sales (we do not sell data).
  • Non-Discrimination: No penalties for exercising rights.

How to Exercise Rights:

  • Email: privacy@katahao.app
  • App: "Manage My Data" in settings.
  • Phone: +877-965079298 (business hours, Nepal time).
  • Response: Within 30 days (15 days for LGPD confirmation, Nepal Privacy Act 5.12).

  • If unsatisfied, contact Nepal's Office of the Prime Minister, EU's Data Protection Authority, Brazil's ANPD, Canada's OPC, or other local regulators.

7. Data Breach Notification

  • If a breach risks your rights or safety:

  • We'll notify regulators within 72 hours (Nepal Privacy Act S.16, GDPR Art. 33).
  • You'll be informed promptly if harm is likely.
  • We'll act swiftly to contain and mitigate the issue.

8. Third Party Links and Map Providers

  • Our Services may include links to third-party sites (e.g., support tools). We're not responsible for their privacy practices—please review their policies. We use OpenStreetMap, Gulli Maps, and Google Maps to display digital addresses. These providers receive only coordinates, not personal data. Accuracy may vary.

9. Children's Privacy

  • Kataho is not intended for users under 13. We do not knowingly collect children's data. If discovered, such data is deleted immediately. Parents can contact privacy@kataho.app to address concerns, aligning with Nepal Privacy Act s. 13 and COPPA.

10. Updates to This Policy

  • We may revise this policy to reflect new practices or laws. Significant changes will be communicated via email, App notice, or at kataho.app before taking effect. Please review periodically.

11. Contact Us

Reach Out with questions or requests:


  • Email: privacy@kataho.app.
  • Phone: +977-9851076298 (business hours, Nepal time).
  • Address: Neel Saraswati Marg -699, Iazimpat, Kathmandu, Nepal.
  • General inquiries: info@kataho.app

  • We aim to respond within 3 working days, resolving complex issues within 30 days.

12. Jurisdiction-Specific Information


  • Nepal (Individual Privacy Act 2018): We uphold your rights to privacy, access, and deletion, overseen by the Office of the Prime Minister.
  • California (CCPA): No data sales. Request access or deletion twice yearly, free of charge.
  • EU (GDPR): Transparent, lawful processing. EU representative: [Insert or Remove if Not Applicable].
  • Brazil (LGPD): Access, correction, or anonymization rights. Brazil representative: [Insert or Remove if Not Applicable].
  • Canada (PIPEDA): Consent-driven, secure data handling.

Thank you for using Kataho. We're dedicated to protecting your data and empowering your digital address experience.


How This Policy is Tailored for Kataho

Company-Specific:


  • Uses Addressgraph Nepal Pvt. Ltd, Neel Saraswati Marg-698, Latimpat, Kathmandu, Nepal.
  • Includes Kataho Address Code: 09 Laksha Niwas 0222, ०९ लक्ष निवास ०२२२.
  • Connects: privacy@kataho.app, info@kataho.app, +977-985078298.
  • Effective Date: September 9, 2024.

Kataho Features:


  • Minimal data: Phone Number, Email ID with Verification.
  • Optional Location Data for plates, with consent.
  • Boolean data (kit)/Kataho code, Phone Number) for bank XYC.
  • Emergency Sharing (Location, Phone Number) to government/relatives, with strong consent.
  • QR scans showing "$***" for anonymity.
  • 2-minute chat termination.
  • Photo tagging with per-instance consent.
  • No live tracking.

Compliance


  • Nepal Privacy Act: Consent ($, 14), rights ($, 12), security ($, 16), transfers ($, 15)
  • GDPR: Transparency (Art. 13-14), rights (Art. 15-22), security (Art. 32), SCCs (Art. 46).
  • CCPA: No-sale, access/deletion rights.
  • LGPD: Consent (Art. 8), user rights (Art. 18).
  • PIPEDA: Informed consent, safeguards.
  • COPPA: Under-13 protection.

Unique Elements::


  • Emphasizes Kataho Digital Address System for plates and identity.
  • Highlights anonymized KID/Kataho Codes, like a digital signature.
  • Integrates Nepal-Specific compliance, reflecting local context.

Improvements Over Draft:


  • Adds cross-border transfers, breach protocols, retention details.
  • Clarifies legal bases (contract, consent, legitimate interest).
  • Details map providers and QR/chat features.
  • Enhances user rights and contact options.
  • Removes what3words references, focusing on Kataho’s system.

Ready to get started

Addressing the House Own-self

Questions ? Call at +977-1-4516900

kataho footer images design