Privacy Policy

Your privacy and security are our top priorities. Learn how QuickERP protects your data with complete transparency.

Last Updated: October 16, 2025
Version: 1.3.0

Overview

QuickERP is a Chrome extension designed to automate login to the IIT Kharagpur ERP system. This privacy policy explains how we handle your data with complete transparency and industry-standard security measures.

Data Collection

What We Collect

  • ERP Credentials: Username and password for IIT KGP ERP system
  • Security Questions: Answers to ERP security questions
  • Gmail Access Token: OAuth2 token for OTP retrieval (read-only access)
  • Extension Settings: User preferences and configuration

What We DON'T Collect

  • ×Personal emails or email content (beyond OTP messages)
  • ×Browsing history outside ERP domain
  • ×Personal files or documents
  • ×Any data unrelated to ERP login functionality

Data Storage & Security

Local Storage Only

  • All data stored locally on your device using Chrome's secure storage API
  • AES-GCM encrypted storage - credentials protected with industry-standard encryption
  • No cloud storage - your credentials never leave your computer
  • No external servers - we don't operate any backend servers

Data Usage & Purpose Limitation

Purpose Limitation

Your data is used exclusively for the following purposes:

  • ERP Authentication: Storing and using your IIT KGP credentials for automated login
  • OTP Retrieval: Accessing Gmail to retrieve OTP codes from erpkgp@adm.iitkgp.ac.in only
  • Security Questions: Storing and answering ERP security questions automatically
  • Extension Settings: Saving user preferences for optimal functionality

What We DON'T Do

  • ×Sell, share, or rent your data to third parties
  • ×Use your data for advertising or marketing
  • ×Access emails beyond OTP messages from ERP system
  • ×Store data on external servers or in the cloud

Third-Party Services

QuickERP integrates with the following third-party services, each with their own privacy practices:

Google APIs (Gmail & OAuth2)

Used for OAuth2 authentication and read-only Gmail access to retrieve OTP codes from erpkgp@adm.iitkgp.ac.in only.

Scopes: userinfo.email, userinfo.profile, gmail.readonly, openid
Data Shared: None - tokens managed by Chrome's identity API
Google Privacy: policies.google.com/privacy

IIT Kharagpur ERP System

Direct integration with erp.iitkgp.ac.in for authentication and session management.

Data Shared: ERP credentials for authentication only
Purpose: Automated login to official IIT KGP systems
IIT KGP Privacy: Institution-specific privacy policies apply

Data Retention & Deletion

Retention Periods

  • ERP Credentials: Stored until manually deleted or extension uninstalled
  • Gmail Tokens: Refreshed automatically, expired tokens removed immediately
  • Session Data: Cleared after each login session (max 10 minutes)
  • Extension Settings: Persisted until changed or extension reset

Data Deletion

You have complete control over your data:

  • Manual Deletion: Remove individual credentials through extension settings
  • Complete Reset: Clear all data using the "Reset Extension" option
  • Uninstall: All local data automatically removed when extension is uninstalled
  • Gmail Revocation: Disconnect Gmail access through Google Account settings

Cookies & Tracking Technologies

QuickERP does not use cookies or tracking technologies for analytics or advertising purposes.

No Tracking

  • No analytics cookies or tracking pixels
  • No third-party advertising cookies
  • No behavioral tracking or profiling
  • No cross-site tracking

Functional Storage Only

Chrome's local storage API is used solely for:

  • • Storing encrypted ERP credentials
  • • Maintaining extension settings
  • • Caching OAuth2 tokens for Gmail access

Your Privacy Rights

As a user of QuickERP, you have the following rights regarding your personal data:

Access

View all stored data through extension interface

Deletion

Remove any or all data at any time

Portability

Export your data using backup features

Revocation

Revoke Gmail access through Google Account settings

International Data Transfers

Since all data is stored locally on your device, there are no international data transfers. However, when you access external services:

Google Services

OAuth2 authentication may involve Google's global infrastructure. See Google's privacy policy for details on international data transfers.

IIT Kharagpur ERP

ERP access is limited to IIT Kharagpur's infrastructure within India. No international transfers occur for ERP data.

Children's Privacy

QuickERP is designed for IIT Kharagpur students and requires access to institutional ERP systems. The extension is not intended for children under 13 years of age.

Age Requirements

  • Minimum age: 13 years old
  • Requires valid IIT Kharagpur student credentials
  • No collection of data from minors without institutional context

Contact Us & Policy Changes

Contact Information

For privacy-related questions, concerns, or to exercise your rights:

Email: quickerp@rknain.com

GitHub Issues: Report Issues

Response Time: We aim to respond within 48 hours

Policy Updates

This privacy policy may be updated periodically to reflect changes in our practices or legal requirements.

• Updates will be posted on this page

• Significant changes will be communicated

• Continued use constitutes acceptance

• Last updated: October 16, 2025