1. Introduction

Grāmatvedības Asistentis ("we," "our," or "us") operates the accounting management platform accessible at krisvel.autopal.lv (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Username, email address, first name, last name, and password (hashed and encrypted)
• Customer Information: Name, email, phone number, company name, tax identification number, registration number, address, and business type
• Financial Information: Invoice data, payment records, and related financial documents
• Communication Data: Messages exchanged through the platform and Telegram integration
• Documentation: Files and documents uploaded to Google Drive folders

2.2 Information Collected Automatically

• Usage Data: Information about how you access and use the Service, including IP address, browser type, device information, and timestamps
• Authentication Data: Login timestamps and session information

2.3 Information from Third-Party Services

• Google Account Information: When you authenticate with Google, we collect your email address, name, and profile information
• Google Drive Access: We store OAuth credentials to access your Google Drive folders for document management
• Telegram Information: Telegram username, chat ID, and messages when you use our Telegram bot integration

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our Service
• To process and manage invoices and financial records
• To facilitate communication between accountants and customers
• To create and manage Google Drive folders for document storage
• To send notifications via Telegram and other communication channels
• To authenticate users and ensure account security
• To comply with legal obligations and respond to legal requests
• To detect, prevent, and address technical issues and security threats

4. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Passwords are hashed using industry-standard encryption algorithms
• Data is stored in secure databases with access controls
• Communication between your device and our servers is encrypted using HTTPS/TLS
• Access to personal information is restricted to authorized personnel only
• Regular security audits and updates are performed

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Third-Party Services

Our Service integrates with the following third-party services:

5.1 Google Services

We use Google OAuth for authentication and Google Drive for document storage. When you authenticate with Google, you grant us access to:

• Your Google account email and profile information
• Access to create and manage folders in Google Drive
• Access to upload files to designated customer folders

Your use of Google services is also subject to Google's Privacy Policy.

5.2 Telegram

We use Telegram for messaging and notifications. When you use our Telegram bot, Telegram may collect information in accordance with their Privacy Policy.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Within Your Company: Information is shared with authorized users (accountants and administrators) within your company account
• Service Providers: We may share information with third-party service providers who assist us in operating our Service (e.g., hosting providers, email services)
• Legal Requirements: We may disclose information if required by law, court order, or government regulation
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
• With Your Consent: We may share information with your explicit consent

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Data Portability: Request a copy of your data in a portable format
• Objection: Object to processing of your personal information
• Withdrawal of Consent: Withdraw consent for data processing where applicable

To exercise these rights, please contact us using the information provided in Section 10.

8. Data Retention

We retain your personal information for as long as necessary to provide our Service and comply with legal obligations. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, accounting, or regulatory purposes.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: info@autopal.lv
• Website: autopal.lv

12. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your personal data based on:

• Contractual Necessity: To provide the Service you have requested
• Legitimate Interests: To improve our Service and ensure security
• Consent: Where you have provided explicit consent
• Legal Obligations: To comply with applicable laws

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.