Last Updated Date : August 25, 2021
We at Kutumba are completely committed to keeping your data secure, we don’t collect any sensitive financial information, and are transparent about our practices.
Kutumba empowers your family by encouraging you to discover, document, risk-proof, and share your financial life information with your family.
Kutumba does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to Kutumba. If Kutumba learns that we have collected personal information from a person under the age of 18, we will delete that information immediately. If you believe that a person under the age of 18 may have provided us with personal information, please contact us at support@Kutumba.one.
What information does Kutumba collect?
We receive and store only that information which you knowingly provide to us or with your explicit consent. You can delete the account by using the web application which deletes all the information stored related to Kutumba members and financial assets added by the customer.You can always delete this information by writing to us at support@Kutumba.one.
Below is the list of information we collect:
Upon creating a New Account : When you create a new account to use the Services, we request for the following information:
- Mobile number, first name, last name, email
- Over a survey we might ask for your profession, date of birth, gender and marital status to understand the customer demographic better
Upon Sign-up : When user logs in to Kutumba:
- Customer will have the option to add the details of their “Kutumba members” (information regarding the family/friends/loved ones with whom the financial life information will be shared).
- Non-sensitive financial information like bank account number, where the bank account is located and similar details for other financial assets may be collected for recording the details of the financial life information.
We DO NOT ask for any sensitive financial information like CVV, password or other financially sensitive information for any of the financial assets covered as part of Kutumba services.
All the information related to the user’s financial assets added manually by the User:
- Details regarding the financial assets like bank accounts, insurance, pension schemes etc. are added by the user using the forms in Kutumba web app manually. Not all the fields in the form are mandatory.
- Details of the family members with whom they want to share the financial life information and the nominee(s) of financial assets which are all added according to the User’s discretion.
Please note that we will never rent or sell your information or data to anyone. We never use or transfer the data collected on our application for serving ads, including retargeting, personalized, or interest-based advertising.
Why does Kutumba ask for this information?
Kutumba is a financial awareness and preparedness tool for you and your family. Currently, we do not support auto discovery of the financial assets for our users and hence all the required information regarding the financial assets and family/friends with whom the financial information is shared is manually added by the user with their consent.
Third Party APIs/Services
To auto-populate the financial information automatically we might use third party applications or services to get your credit score or use the account aggregator, an RBI initiative to discover all the financial information WITH USER CONSENT ONLY.
Cookies & Third Party Analytics Services
We use Local Storage Objects (LSOs) to store content information, preferences and to keep you signed-in. We identify the User’s signed-in state with a token and a userid. The LSO token expires when the User logs out of our website or web application.
We do not collect any information about your online activity when you sign-out and/or leave our services.
We use third party analytic services in order to better understand user engagement with our Services. When a user browses or uses the Services, these third party analytic services may collect the user’s IP address, browser type, and approximate location (based on the IP address). They may also use web logs or web beacons and may set and access cookies on your computer or other device. In order to provide a superior user experience, we provide the third party analytic service providers with User’s demographic information at Kutumba along with User’s movements on Kutumba website and web applications.
These third party analytics services may deploy cookies on your browser. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked.
Does Kutumba Share Personal Information?
We neither rent nor sell your personal Information to anyone. However, we may share your Personal Information with third parties as described in this section:
- We only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface. We may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data are prohibited
- We don’t use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
- We don’t allow humans to read the data, unless :
- (a) We first obtain your affirmative agreement for specific purposes;
- (b) It is necessary for security purposes (such as investigating a bug or abuse);
- (c) It is necessary to comply with applicable law; or
- (d) Our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
These prohibitions of user data apply to all the information/data obtained from you with your explicit consent. Our employees, agents, contractors, and successors comply with this Policy.
Privacy Questions and Access
In certain cases, you may have the ability to view or edit your personal information online. In the event that your information is not accessible online and you wish to change or delete your personal information or any other information that you may have provided, please contact us immediately at support@Kutumba.one
Security and Responsible Disclosure
We at Kutumba are committed to protecting our client’s data and privacy. We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issues up to sophisticated attacks.
If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.
You could submit a bug report to us at support@Kutumba.one with detailed steps required to reproduce the vulnerability.
We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you not to publicly disclose it. Additionally, if you have suggestions on how we could improve our security systems to make it more robust and safe for all users, you can share those with us at support@Kutumba.one
- We will never rent or sell your information or data to anyone. We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising;
- We will never provide any part of your information to anyone unless explicitly agreed by you.
- Kutumba is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure that we can provide you services securely and reliably. Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework. It is within Indian boundary and hosted in Mumbai.
- We use HTTPS protocol for our website and mobile applications (hereinafter referred to as “Platform”). All communication between the Platform and our servers are protected via 256 bit encrypted HTTPS protocol. This prevents MITM (Man in the Middle) attacks on our platform and the connection between us and our user is fully secure. We have strict network segmentation and isolation of environments and services in place.
We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.
- The user log-in is based on One-Time Password (OTP) authentication on Kutumba web application.
- All user data and internal stored data is protected by encryption at rest and sensitive data by application level encryption.
- We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized & need-to-use basis.
- We use key management services to limit access to data except from the data team.
- Stored data is protected by encryption at rest and sensitive data by application level encryption.
- We use data replication for data resiliency & disaster recovery, snapshotting for data durability and backup/restore testing for data reliability.
- We only use anonymized and aggregated data for internal analytics and business intelligence purposes.
Incident and Change Management
- We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the Kutumba experience with maximum assurance and security.
- We have a very aggressive stance on Incident Management on both Systems downtime and Security and Network Operations Center and an Information Security Management System in place which quickly reacts to, remediates or escalates any Incidents arising out of planned or unplanned changes.
Vulnerability Assessment and Penetration Testing
- We have an in-house network security team which uses industry leading products to conduct manual and automated VA/PT activities
- We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration/continuous deployment pipeline.
- We will leverage CERT-IN certified auditors to do periodic external testing and audits.
- We at Kutumba (Sri Vijayadasaru Software Private Limited) are committed to our user’s data and privacy.
- We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures.
- The overall data and privacy security design allow us to defend our systems from various attacks.
- If you are a security enthusiast or a researcher and have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.
- You could submit a bug report to us at firstname.lastname@example.org with detailed steps required to reproduce the vulnerability.
- We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you to not disclose it publicly.