Privacy & Security Policy

Introduction & Commitment

Kosha is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy & Security Policy outlines how we collect, use, disclose, and safeguard your information when you use our services.

We comply with applicable privacy laws, including India's Digital Personal Data Protection Act, 2023 (DPDPA), the Gramm-Leach-Bliley Act (GLBA) in the United States, and other relevant state laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Information We Collect

We collect the following types of information:

Personal Identifiable Information (PII)

• Name, email address, phone number, and contact details
• Authentication credentials (password is stored in encrypted form)
• Demographic information such as location

Financial Information

• Linked account details (we use tokenized access, not your actual credentials)
• Account balances and transaction history
• Financial institution information

Note: We store aggregated and tokenized financial data rather than full account details whenever possible.

Technical Data

• IP address and device information
• Browser type and version
• Usage data and interaction with our services

We collect this information based on your consent, our need to provide services to you, and our legal obligations as a financial service provider.

How We Use Information

We use your information for the following purposes:

• Providing and improving the Kosha service
• Account aggregation and unified financial dashboard creation
• Generating insights and financial recommendations
• Personalization through Rishika AI, your financial assistant
• Security monitoring and fraud prevention
• Customer support and service improvement
• Regulatory compliance and reporting

Access to sensitive financial data is strictly limited to what is necessary for service delivery.

Data Security Measures

We implement robust security measures to protect your information:

Data Sharing & Third Parties

We may share your information with the following types of third parties:

• Regulated financial institutions for account linking and verification
• Service providers bound by confidentiality and data protection agreements
• Analytics providers (using anonymized data only)
• Customer support tools and services

We conduct due diligence on all third-party security and privacy practices.

We do not sell your personal information to third parties.

User Rights

For Users in India (DPDPA)

• Right to access information about your personal data
• Right to correct or erase personal data
• Right to grievance redressal
• Right to nominate another person in case of death/incapacity
• Right to withdraw consent

For Users in the USA (GLBA/CCPA/CPRA)

• Right to know what personal information is collected/used/shared
• Right to access, delete, and correct personal information
• Right to opt-out of sale/sharing of personal information
• Right to non-discrimination for exercising privacy rights

To exercise any of these rights, please contact us at privacy@kosha.app.

Contact Information

If you have any questions or concerns about our Privacy & Security Policy, please contact us: