← Oktra

Oktra Privacy Policy

Last updated: 2026-07-06 · Applies to the Oktra application (app.oktra.ai) and related services ("Oktra", "we", "us") · Contact: privacy@oktra.ai

1. What Oktra does with your data

Oktra is accounting software. To provide the service, we access financial data from systems you choose to connect: your accounting platform (such as QuickBooks Online or Informer) and your bank accounts (via connections you authorize). We use this data for one purpose: doing your bookkeeping - categorizing transactions, posting accounting entries you approve, reconciling accounts, and producing financial reports for you.

We do not sell your data. We do not share it with third parties for marketing. We do not use your financial data to train models for other customers or purposes.

2. Data we collect

CategoryExamplesSource
Account dataName, business name, email, sign-in credentials (passkeys; we never store passwords for your financial accounts)You
Connection metadataWhich institutions/systems you connected, company identifiers, connection statusCreated when you connect
Accounting dataChart of accounts, journal entries, invoices, bills, counterpartiesYour accounting platform, with your authorization
Bank dataAccount details, balances, transaction history (description, amount, date, counterparty)Your bank, via the connection you authorize (see §3)
Technical dataLog records of actions performed in your account, security audit recordsGenerated by the service

We collect only what the service needs. We never receive or store your bank or accounting-system passwords: connections use each provider's authorization flow (e.g. OAuth), and the resulting access credentials are stored encrypted in dedicated per-customer vaults.

Cookies: we use only strictly necessary cookies (sign-in and security); anything beyond that requires your prior opt-in. See our Cookie Policy.

3. Bank connections and Plaid

When you connect a bank account, we may use Plaid Inc. ("Plaid") to establish the connection. You authorize the connection yourself, directly with your bank, through Plaid's interface. Plaid collects and processes your data in accordance with its own end-user privacy policy: https://plaid.com/legal/#end-user-privacy-policy. Our access through Plaid is limited to transaction data (read-only); we cannot move money.

Some banks are connected directly through the bank's own API (for example bunq or Wise) with credentials you provide or authorize; these connections are also read-only.

4. Why we process your data (legal bases)

5. Who we share data with (processors)

We share data only with service providers that host or support Oktra, bound by data-processing terms:

No other sharing occurs except where required by law, or with your explicit direction.

6. Security

Your financial credentials are stored in dedicated, per-customer encrypted vaults with hardware-backed key protection and strict least-privilege access; no Oktra employee has standing access to them. All data is encrypted in transit and at rest. Every posting to your financial systems is recorded in an audit log you can request. Our full security program (access control, monitoring, incident response) is documented in our Information Security Policy, available on request.

7. Retention and deletion

We keep your data while your account is active. When you disconnect an institution, its access credentials are revoked and deleted. When you close your account (or on a verified erasure request), we delete your personal and financial data, except records we must retain to meet legal obligations (e.g. statutory accounting-record retention), which are deleted when those periods expire. Full details, including retention periods per data class and disposal methods, are in our Data Retention and Disposal Policy.

8. Your rights

Depending on your location, you have the right to access, correct, export, restrict, object to processing of, and delete your personal data, and the right to lodge a complaint with your supervisory authority (for EU/EEA residents, under the GDPR). To exercise any right, contact privacy@oktra.ai; we respond within the statutory deadlines.

9. International transfers

Where data is transferred outside the EU/EEA, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses or adequacy decisions).

10. Changes

We will post any changes to this policy on this page and, for material changes, notify you in the application or by email before they take effect.

11. Contact

Oktra - privacy@oktra.ai