Privacy Policy

We, at Adhikosh Financial Advisory Private Limited ("Kosh" or "We") understand Privacy and

its value. Therefore, it is all the more important for us to make YOU ("You" or "Customer" or

"User"), the User of the website www.getkosh.com (the "Website") and its associated mobile

applications, Kosh App (collectively, the "Platform") understand the reason behind

collection of your information and its usage and the manner in which we collect, use, store

and share information about you ("Privacy Policy"). This Privacy Policy has been prepared in

compliance with:

This Privacy Policy is incorporated into and at all times is subject to and is to be read in

conjunction with the Terms of Use of the Platform.

CONSENT

You hereby expressly consent to provide the information that may be required in relation to

the Services (as deﬁned below) being rendered on the Platform by us. You acknowledge that

we shall collect the information detailed under this Privacy Policy to facilitate lending &

non-lending services by partnering with various ﬁnancial lenders, third parties, service

providers, etc based on your requirement to avail such Services (“Services”).

Kosh will only be using the information for providing the Services to you.

In order to avail any Services being provided by Kosh by itself or in partnership with the

lenders or other third parties it is important that YOU READ, UNDERSTAND, ACKNOWLEDGE

AND UNCONDITIONALLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS

IF YOU DO NOT AGREE TO THIS POLICY OR ANY PART THEREOF, PLEASE DO NOT USE/

ACCESS/ DOWNLOAD/ INSTALL THE PLATFORM OR ANY PART THEREOF.

For the users consenting to continue accessing the Platform and avail the Services, this

of Your information.

Information Technology (Reasonable Security Practices and Procedures and Sensitive

Personal Data or Information) Rules, 2011;

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules,

2021

Guidelines on Digital Lending issued by the Reserve Bank of India (RBI), 2022;

Other applicable acts, regulations and rules which requires the publishing of a privacy

policy for handling of or dealing in personal information including sensitive personal data

or information and all applicable laws, regulations, guidelines provided by applicable

regulatory authorities including but not limited to the RBI.

COLLECTION OF INFORMATION

The collection of information under this Privacy Policy are conducted for the following

categories of services:

(i) Part A: Information for Digital Lending Services: Information collected by Platform for

facilitation of Loans being disbursed by the ﬁnancial lending partners whose details are

available on the Website and the Application and who are registered with the Reserve Bank of

India (“Lending Partners”).

(ii) Part B: Information for Non-Lending Services: Information collected by Platform while

registering a User on the Platform or while providing Value Added Services (i.e. all services

other than facilitation of loans).

A. Information we collect about you

In order to facilitate the lending and non-lending services, Kosh will be required to access,

collect and share Personal Information with its lending partners that may be banks or NBFCs

registered with the Reserve Bank of India or any other third-party providing value added

services in partnership with Kosh. In such cases, Kosh will share the information securely and

ensure that all personal information recipients comply with conﬁdentiality, ﬁdelity and

secrecy obligations and sign covenants in this regard. Kosh may make information available to

third parties that are ﬁnancial and non-ﬁnancial companies, government agencies, courts,

legal investigators, and other non-aliated third parties as requested by You or Your

authorized representative, or otherwise when required or permitted by law.

User Personal Information: The data points we collect from You for both lending and non-

lending services include, inter alia, your full name, email id, PAN, GST Network user id &

password, address, mobile number, postal code.

Social Account Information: Kosh may provide you with the option to register using social

accounts (Google or Facebook) to access the app and shall collect only such registered email

id and user public proﬁle information like name, email, ASID depending on the platform used

by You to log-into the Application during registration/ sign in process in the Platform.

How we use this information: We may collect and store email id, name and address

associated with that account for the purpose of veriﬁcation and to pre-populate relevant

ﬁelds in the course of Platform interface. However, we shall not collect / store account

passwords.

SMS Information: Kosh collects, stores and monitors SMS information from your device.

How we use this information: We use this data to provide you with updates or conﬁrmation of

any actions taken in our Platform during the term of Services. We shall collect any SMS

information for facilitating you any lending services and non-lending service including such

purposes as may be required by the Lending Partners or as per applicable law. This category

of information is only collected for providing the non-lending services or our value-added

services.

Device Information and Installed Apps data: We additionally collect certain device

information provided herein for our lending and non-lending services. Information which the

Application collects, and its usage, depends on how you manage your privacy controls on

your device.

(i) Device Information: When you install the Application, we store the information we collect

with unique identiﬁers tied to the device you are using. We collect information from the

device when you download and install the Application and explicitly seek permissions from

You to get the required information from the device. Additionally, we also collect your Log

information (via the domain server through which the User accesses the App Search queries,

IP address, crashes, date etc for the purpose of improvising the Application functionality. In

addition to the above, we also track and collect the data related to the performance of the

Application and other diagnostic data for identifying and resolving any technical glitches that

may be identiﬁed from such data and also for improving the overall functionality of the

Application.

How we use the information: We collect information about your device to provide automatic

updates and additional security so that your account is not used in other people’s devices. In

addition, the information provides us valuable feedback on your identity as a device holder

as well as your device behaviour, thereby allowing us to improve our products interaction,

quality of services and provide an enhanced customized user experience to you. We further

collect other identiﬁable information such as your transactions history on the Platform when

you set up a free account with us.

(ii) Installed Application Data: We collect and transmit a list of speciﬁc installed applications’

metadata information which includes the application name, package name, installed time,

updated time, version name and version code of each installed application on your device.

This data may be collected even when the app is closed or not in use.

How we use this information: We use this information for your onboarding and Know Your

Customer (KYC) purpose with your explicit consent.

Location, Camera, Microphone Access: We will collect your device location and request

camera and microphone access for facilitating lending services as well as providing any non-

lending services only in accordance with applicable laws.

How we use this information: We shall collect your device location information for verifying

your address, for the KYC and onboarding process for the Services. We may request camera

access to scan and capture the required KYC documents as per the instructions of our

Lending Partners in accordance with applicable laws. We shall transfer such information to

our Lending Partners and shall not store any such data. We require microphone permissions

to enable a two-way communication between our authorised agents and you for the purpose

of performing and completing your Video KYC for the Lending Services. Your audio shall be

recorded for regulatory purpose.

B. Information about you we collect from third parties

For making the Services available to you, we may collect credit information by obtaining

speciﬁc authorisations from you (if required under applicable laws), from certain third parties

such as credit bureaus or credit rating companies as your ‘authorised representative’ from

time to time in accordance with applicable laws during the loan journey as may be requested

by our Lending Partners.

In order to facilitate credit products to you, we may receive certain information pertaining to

document veriﬁcation, repayment status etc from certain third parties including NSDL,

payment gateway providers.

We may further collect your GST details from Ocial GSTIN API stack or other relevant

websites using the GST Network user id and password details or OTP as provided by you.

We may further collect your bank account numbers or UPI payment information on behalf of

our lending partners to facilitate collection and repayment of loan payments.

We shall only collect this information on a need basis strictly for the purpose of providing

you with the Services. The information collected from such third parties are not retained by

us. We collect this information as part of our outsourcing obligations to our Lending Partners

and is directly transferred to the Lending Partners upon collection.

C. Information you give us about you

In due course of using our Services, you are required to submit data to enable our Services.

We use this data to create your proﬁle and provide you with the best available services.

Mentioned below is some of the data we collect from you:

i. Data provided by you by ﬁlling in forms in the Application or on the Website.

ii. Data provided by corresponding with us (for example, by e-mail or chat).

iii. Data and information, you provide when you register to use the Website, download or

Service, and when you report a problem with our App, our Services, or any of our Sites.

iv. Data including your name, address, gender, date of birth, e-mail address, phone number,

username, password and other registration information.

v. PAN Card, Aadhaar Card, ﬁnancial information such as employer name, monthly salary,

bank account no., bank statements, credit information, GST information, copies of

identiﬁcation documents which are forwarded to our Lending Partners for the onboarding of

your application to avail the services.

vi. Data generated by your usage of our Platform.

vii. Contact details (i.e. the phone number)of the third party individuals (including your

relatives and friends) that are voluntarily added by you at the time of loan application.

This data helps us create your proﬁles, complete mandatory KYC as per the requirements of

our Lending Partners who oer you the Services, unlock and approve loans and provide you

with customized support in case of issues. Please note that we do not store any data

provided by you except for the basic information such as name, address, your contact

details etc.

Wherever possible, we indicate the mandatory and the optional ﬁelds. You always have the

option to not provide any information by choosing not to use a particular service or feature

on the Platform. While you can browse some sections of our Platform without being a

registered member as mentioned above, certain activities (such as availing of loans from the

third-party lenders on the Platform) require registration and for you to provide the above

details.

We under no circumstances and at no point take any biometric data from you for any of our

services or operations. In case, if any of our representatives ask for the same from you, we

request you to kindly refrain from doing the same and address this concern to our Grievance

Ocer (the details of the same have been provided below).

D. Storage of Personal Information

For the provision of lending Services, we shall only store basic personal information such as

your name, your address, your contact information which are required to be stored for

carrying out our non-lending services. We ensure that every data or information that we

collect from you is stored in servers located in India and the same is compliance with all the

statutory/regulatory obligations. For other personal information collected as part of our

outsourcing services being provided to our Lending Partners, we shall collect such

information upon the instructions of the Lending Partners and thereafter transfer the same

to the Lending Partners upon the completion of the preliminary onboarding.

E. Collection of Certain Non-Personal Information

We automatically track certain information about you based upon your behaviour on our

Platform. We use this information to do internal research on our users’ demographics,

interests, and behaviour to better understand, protect and serve our users and improve our

services. This information is compiled and analysed on an aggregated basis.

Cookies: Cookies are small data ﬁles that a Website stores on Your computer. We will use

cookies on our Website similar to other lending websites / apps and online marketplace

websites / apps. Use of this information helps Us identify You in order to make our Website

more user friendly. Most browsers will permit You to decline cookies but if You choose to do

this it might aect service on some parts of Our Website.

If you choose to make a purchase through the Platform, we collect information about your

buying behaviour. We retain this information as necessary to resolve disputes, provide

customer support and troubleshoot problems as permitted by law. If you send us personal

correspondence, such as emails or letters, or if other users or third parties send us

correspondence about your activities or postings on the Website, we collect such

information into a ﬁle speciﬁc to you.

PURPOSE OF COLLECTION

We shall use the information collected from you for facilitating the lending and non-lending

Services for the following purposes as detailed below. We understand the importance of

your information and ensure that it is used for the following intended purposes only.

The intended purpose of collecting information provided by you is to:

establish identity and verify the same;

to facilitate your KYC as per instructions from our Lending Partners;

troubleshoot problems, monitor, improve and administer our Platform;

provide our service i.e. facilitating loans to You or providing our value-added services or

non-lending services to you.

design and oer customized products and services oered by our third-party partners;

analyse how the Platform is used, diagnose service or technical problems and maintain

security;

send communications notiﬁcations, information regarding the products or services

requested by You or process queries and applications that You have made on the

Platform;

measure consumer interest and satisfaction in our products and services and manage

Our relationship with You;

marketing and promotional purposes including sending you promotional SMS, Email and

WhatsApp and inform you about online and oline oers, products, services, and

updates;

conduct data analysis in order to improve the Services / Products provided to the User;

use the User information in order to comply with country laws and regulations;

use the User information in other ways permitted by law to enable You to take ﬁnancial

services from our lending partners.

resolve disputes and detect and protect us against suspicious or illegal activity, fraud and

other criminal activity;

customize your experience and enforce our terms and conditions.

the contact details (i.e. the phone number) of the third party individuals (including your

relatives and friends) that are voluntarily added by you at the time of loan application

may be used for the purpose of establishing contact in case we are unable to contact

you, including at the time of collection of installments.

We will use and retain only such basic personal information such as your name, contact

information, address details and such other information which are necessary for the

provision of Services and for such periods as necessary to provide You the Services on the

Platform, to comply with our legal obligations, to resolve disputes, and enforce our

agreements.

DISCLOSURE TO THIRD PARTIES

We will share Your information only with our third parties including our regulated ﬁnancial

partners, vendors etc for facilitation of Services on the Platform.

We will share the information only in such manner as described below:

We may share your personal information with the governmental authorities, quasi-

governmental authorities, judicial authorities, and quasi-judicial authorities if we are acting

under any duty, request, or order as part of our legal obligations and in accordance with the

applicable laws. By accepting this Privacy Policy, you hereby provide your consent to

disclose your personal information for such regulatory disclosure.

We disclose and share Your information with the ﬁnancial service providers, banks or

NBFCs and our Lending Partners for facilitation of a loan or facility or line of credit or

purchase of a product; marketing, ads tracking, campaigns etc.

We share Your information with our third-party partners in order to conduct data analysis

in order to serve You better and provide Services our Platform;

We may disclose Your information, in order to enforce or apply our terms of use or assign

such information in the course of corporate divestitures, mergers, or to protect the

rights, property, or safety of us, our users, or others. This includes exchanging

information with other companies and organizations for the purposes of fraud protection

and credit risk reduction.

We will disclose the data / information provided by a user with other technology partners

to track how the user interact with the Platform on our behalf.

We and our aliates may share Your information with another business entity should we

(or our assets) merge with, or be acquired by that business entity, or re-organization,

amalgamation, restructuring of business for continuity of business. Should such a

transaction occur than any business entity (or the new combined entity) receiving any

such information from us shall be bound by this Policy with respect to your information.

We will disclose the information to our third-party technology or third-party data source

providers;

We will share Your information under a conﬁdentiality agreement with the third parties

and restrict use of the said information by third parties only for the purposes detailed

herein. We warrant that there will be no unauthorised disclosure of your information

shared with third parties.

We shall disclose your KYC journey or any data with respect to the same to the relevant

regulatory authorities as a part of our statutory audit process. Please note that your

Aadhaar number shall never be disclosed.

Any disclosure to third parties is subject to the following:

Usage of your information by such third parties is subject to their privacy policies. We share

limited information with them, strictly to the extent required.

DATA RETENTION AND DELETION

We at Adhikosh Financial Advisory Private Limited promise to protect your personal data

from unauthorized access, misuse, and disclosure using the right security measures based on

the type of data and how we are processing the same. We retain information about you to

provide a seamless experience, to contact you in case of support required and about your

account, to detect, mitigate, prevent, and investigate fraudulent or illegal activities during

the course of the services.

We retain your data for as long as necessary to provide you with our services. We may also

retain and use your basic personal information, inter alia, such as name, contact number,

transactional details, and address details, as necessary to comply with our legal obligations,

resolve disputes, and enforce our agreements, which shall always be in accordance with

applicable laws. Subject to this section, we may delete your data upon reasonable written

request for the same at any stage. However, you may not be able to use our services after

deletion.

LINK TO THIRD-PARTY SDK AND OTHER SITES

The App has links to registered third-party SDKs, Application Programming Interface (API)

integrations, and redirections that collect data on our behalf and store it on a secured server.

We ensure that our third-party service providers take extensive security measures to protect

your personal information against loss, misuse, or alteration of the data as required under the

applicable laws.

Our third-party service providers employ separation of environments and segregation of

duties and have strict role-based access control on a documented, authorized, need-to-use

basis. The stored data is protected and stored by application-level encryption. They enforce

key management services to limit access to data.

1. If we are under a duty to disclose or share your personal data in order to comply with any

legal or regulatory obligation or request, we shall not seek your explicit consent; however,

we shall reasonably endeavour to notify the same to you accordingly as the case may be

as stated under subclause 3.

2. We shall take your express consent in the event we share your personal data with third

parties.

3. We shall share your information with third parties only on a need basis and only for the

purpose stated hereunder, as per the applicable laws.

4. We shall additionally seek express consent through a separate consent for appropriate

stages of data collection, if so required under applicable laws.

Furthermore, our registered third-party service providers provide hosting security – they use

industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection

systems, ﬁle integrity monitoring, and application control solutions.

We don't allow unauthorized access to your non-public personal contacts or ﬁnancial

transaction SMS data with any third party in relation to Lending Services other than our

Lending Partners. However, for Non-Lending Services (Value Added Services, i.e., Expense

Tracker), we may allow third parties to access your ﬁnancial transaction SMS subject to your

explicit consent.

Our platform links to other websites that may collect information about you. We are not

responsible for the privacy practices or the content of those linked websites. With this Policy,

we’re only addressing the disclosure and use of data collected by us. Their data collection

practices, and their policies might be dierent from this Policy, and we do not have control

over any of their policies, nor do we have any liability in this regard.

CHANGES IN THIS PRIVACY POLICY

We reserve the right to modify, update, add, or remove portions of this Privacy Policy at any

time, for any reason. Any updates will be published on the Platform and will become eective

immediately upon posting unless stated otherwise. We encourage you to periodically review

this page for updates regarding our privacy practices. Your continued use of the Services

following any changes signiﬁes your acceptance of the revised Privacy Policy.

SECURITY PRECAUTIONS

We prioritize the protection and accuracy of your information as provided by you. To ensure

this, we implement appropriate physical, administrative, and technical safeguards to prevent

unauthorized access, use, or disclosure. For example, all data transmitted over the internet is

encrypted. Additionally, we require third-party service providers to adhere to stringent

conﬁdentiality and security standards.

Our security measures include:

SSL Encryption: We use Secure Sockets Layers (SSL)-based encryption for data

transmission, aligning with the encryption standards mandated by Indian law.

State-of-the-Art Security: Security is embedded at multiple levels within our products,

employing advanced technologies to counter threats ranging from basic vulnerabilities to

sophisticated attacks.

Certiﬁed Standards:

ISO 9001: Ensuring a robust Quality Management System (QMS) for consistent and

secure service delivery.

We are committed to protecting your information through:

Our compliance practices include adhering to applicable laws and regulatory frameworks

related to data protection and transfers under the Information Technology Act, 2000.

Aadhaar numbers are not disclosed in any form. In case of complaints, we actively engage

with local data protection authorities for resolution.

YOUR RIGHTS

1. Modifying or Rectifying Information

You may correct inaccurate, incomplete, or outdated information at any time. Accurate and

up-to-date data ensures uninterrupted access to our Services. Supporting documents may be

required for veriﬁcation during modiﬁcations.

2. Privacy Controls

You have the ability to manage how your data is collected and used by:

3. Withdrawal/Denial of Consent

While we collect information with your consent, you retain the right to:

Important Considerations:

4. Reporting Issues

You have a right to report a security incident to the GRO (detailed mentioned hereinbelow).

You are entitled shall be entitled to prevent unauthorised such usage of your information by

our personnel/agents by informing us, within 10 days of being informed of the proposed use,

ISO 27001: Providing a comprehensive Information Security Management System

(ISMS) framework to manage risks eectively.

Encrypting data during transit.

Implementing OTP veriﬁcation for account security.

Regular reviews of data collection, storage, and processing practices, including physical

security measures.

Restricting access to personal information to authorized personnel bound by strict

conﬁdentiality agreements, subject to disciplinary action if breached.

Modifying permissions on your device or browser.

Uninstalling the app from your device.

Requesting data removal in accordance with our retention policies.

Deny or withdraw consent for speciﬁc data use.

Request the deletion of your account or personal data by raising a request through the

Platform or emailing us at public@getkosh.com.

Services such as loans will require data retention as mandated by law until obligations

are fully met.

Withdrawal of consent may impact the availability of certain Services.

that you do not wish to disclose such information. You can also exercise the right at any time

by contacting us at public@getkosh.com

Notwithstanding anything to the contrary stated above, the following are speciﬁc scenarios

listed below which may have consequences to your withdrawal of consent:

Grievance Ocer

In accordance with Information Technology Act 2000 and rules made there under, the name

and contact details of the Grievance Ocer are provided below for your reference:

Name: Anindeeta Chakraborty

Address: Adhikosh Financial Advisory Private Limited

Email: anindeeta@getkosh.com

4th ﬂoor, 114, Sector 44, Gurugram, Haryana 122003

1. Marketing and Communication: The consent for this information be withdrawn if You

write an email to the email address provided under clause VIII.

2. Information/data deletion may not be implemented for ongoing Services including loan,

insurance policy or digital gold products.

GRIEVANCE REDRESSAL

3. You may make a request for deleting any information from the Platform at any stage upon

making a request to Us in the following manner: