Last Updated Date : January 19, 2023
We at Kutumba are completely committed to keeping your data secure, we don’t collect any sensitive financial information, and are transparent about our practices.
Sri Vijayadasaru Software Private Limited operate our web application https://app.kutumba.one/ , our mobile apps and our website https://www.kutumba.one/ under brand names Kutumba, Kutumba.one collectively referred to as ,“we,” “our,” or “Us” or “Company “.
Kutumba empowers your family by encouraging you to discover, document, risk-proof, and share your financial life information with your family.
Kutumba does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to Kutumba. If Kutumba learns that we have collected personal information from a person under the age of 18, we will delete that information immediately. If you believe that a person under the age of 18 may have provided us with personal information, please contact us at support@Kutumba.one.
The Platform facilitates and enables the User in availing certain online products and services from the Platform, including, documenting, organizing and sharing the personal finance information with their families (“Services”), in accordance with the terms and conditions of use/Service of the Platform, as available at https://www.kutumba.one/terms-of-use/ (“Terms and Conditions”).
- It is important that You read this Policy together with any or all other policies We may provide on specific occasions when We are collecting or processing your personal information, so that You are fully aware of how and why We are using your personal information.
- The information contained on this Platform and the information collected by using/ login and /or accessing this Platform are stored at a secured server. It is stated by the server service provider that they have all the best security practices required for the server. The Platform is owned by Us and is located in India. Hence, We are bound by duty to abide by the laws, including but not limited to, regulations, rules, circulars and notifications governing privacy in India.
What information does Kutumba collect?
We receive and store only that information which you knowingly provide to us or with your explicit consent. You can delete the account by using the web or mobile application which deletes all the information stored related to Kutumba members and financial assets added by the customer. You can always delete this information by writing to us at support@Kutumba.one.
In the Kutumba app there are two types of user profiles:
- The logged-in user’s profile (i.e., your profile), and
- The profiles of the Kutumba (i.e., family) members of the logged-in user (i.e., your Kutumba
Under the logged-in user’s profile (i.e., your profile), we ask for the following information:
- Full name (mandatory) – We require your full name to bring-in an element of
personalization inside the Kutumba app.
- Email address (optional) – We optionally allow you to associate your profile with an email
address. If an email address is available with your profile, then we may use the email
address to notify you of important events or actions that may happen inside the Kutumba
app. We do not have access to this email address and will therefore never use this email
address for sending marketing or promotional messages or share this with third parties.
- Phone number (mandatory) – We ask for your phone number during the sign-up flow for
the Kutumba app. We use this phone number as the primary authentication mechanism to
allow you to successfully login into your Kutumba account (for example, the secure 6-digit
login OTP or One Time Password is delivered via. an SMS notification to your phone
number). We use third-party providers (Auth0/Okta and Twilio, Inc.) for generating and
delivering these secure 6-digit OTPs. We will never use this phone number for marketing or
promotional messages or share this with any other third parties.
- Profile picture (optional) – We optionally allow you to associate your profile with a photo on
your phone. You may choose to do so to bring an element of personalization or fun into the
Kutumba app. However, before we do this, we require your explicit consent to allow the
Kutumba app to access your photos; should you choose to decline this consent the Kutumba
app will not have access to your photos. We do not have access to these photos and will
therefore never use these photos in marketing or promotional messages or share these with
Under the profiles of the Kutumba (i.e., family) members of the logged-in user (i.e., your Kutumba
members profiles), we ask for the following information:
- Full name (mandatory) – We require the full name to help you to uniquely identify your
Kutumba (i.e., family) member elsewhere in the Kutumba app (for example, when you
securely share information about your financial asset with your Kutumba member)
- Relationship (mandatory) – We require the relationship (between you and your Kutumba
member) to help you to uniquely identify your Kutumba (i.e., family) member elsewhere in the Kutumba app (for example, when you securely share information about your financial
asset with your Kutumba member)
- Email address (optional) – We require the email address to notify your Kutumba (i.e.,
family) member about important events and actions that you take in the Kutumba app (for
example, when you securely share information about your financial asset with your
Kutumba member). We do not have access to these email addresses and will therefore
never use these email addresses for sending marketing or promotional messages or share
these with third parties.
- Phone number (mandatory) – We require the phone number to notify your Kutumba (i.e.,
family) member about important events and actions that you take in the Kutumba app (for
example, when you securely share information about your financial asset with your
Kutumba member). We allow you to optionally select a contact from the contact list on your
phone and use the phone number available for this contact – however, before we do this,
we require your explicit consent to allow the Kutumba app to access your contacts; should
you choose to decline this consent the Kutumba app will not have access to your contact list.
We do not have access to these phone numbers and will therefore never use these phone
numbers for sending marketing or promotional messages or share these with third parties.
- Profile picture (optional) – We optionally allow you to associate your Kutumba (i.e., family)
member with a photo on your phone. You may choose to do so to bring an element of
personalization or fun into the Kutumba app. However, before we do this, we require your
explicit consent to allow the Kutumba app to access your photos; should you choose to
decline this consent the Kutumba app will not have access to your photos. We do not have
access to these photos and will therefore never use these photos in marketing or
promotional messages or share these with third parties.
At all times in the Kutumba app, you are in full control over your own user profile as well as those of
your Kutumba (i.e., family) members. You can choose to delete a Kutumba (i.e., family) member’s
profile at any time. You can also choose to delete your own user profile at any time and close your
Upon creating a New Account : When you create a new account to use the Services, we request for the following information:
- Mobile number, first name, last name, email
- Over a survey we might ask for your profession, date of birth, gender and marital status to understand the customer demographic better
- User can optionally add profile photo by providing access to the photos on the phone and save it on their Kutumba account. We never use the user’s profile photo uploaded on our application for serving ads, including retargeting, personalized, or interest-based advertising.
Upon Sign-up : When user logs in to Kutumba:
- Customer will have the option to add the details of their “Kutumba members” (information regarding the family/friends/loved ones with whom the financial life information will be shared) which includes
- Adding their contact numbers by using the contact list saved on the User’s phone (optional) as mentioned in the above section and
- With user consent to personalize the application, images for the kutumba member’s profile can be accessed using the photos saved and stored on the user’s phone as mentioned in the above section.
Note: We never use or transfer the photos stored for profiles of Kutumba members or the contact information of the user or their kutumba members saved on our application for serving ads, including retargeting, personalized, or interest-based advertising.
- Non-sensitive financial information like bank account number, where the bank account is located and similar details for other financial assets may be collected for recording the details of the financial life information.
We DO NOT ask for any sensitive financial information like CVV, password or other financially sensitive information for any of the financial assets covered as part of Kutumba services.
All the information related to the user’s financial assets added manually by the User:
- Details regarding the financial assets like bank accounts, insurance, pension schemes etc. are added by the user using the forms in Kutumba app manually. Not all the fields in the form are mandatory.
- Details of the family members with whom they want to share the financial life information and the nominee(s) of financial assets which are all added according to the User’s discretion.
Please note that we will never rent or sell your information or data to anyone. We never use or transfer the data collected on our application for serving ads, including retargeting, personalized, or interest-based advertising.
Why does Kutumba ask for this information?
Kutumba is a financial awareness and preparedness tool for you and your family. Currently, we do not support auto discovery of the financial assets for our users and hence all the required information regarding the financial assets and family/friends with whom the financial information is shared is manually added by the user with their consent.
Third Party APIs/Services
To auto-populate the financial information automatically we might use third party applications or services to get your credit score or use the account aggregator, an RBI initiative to discover all the financial information WITH USER CONSENT ONLY.
Using the credit report services from Decentro Tech Private Limited which in turn uses Equifax, we fetch the credit and loan information for auto discovery feature on Kutumba.one.
Cookies & Third Party Analytics Services
We use Local Storage Objects (LSOs) to store content information, preferences and to keep you signed-in. We identify the User’s signed-in state with a token and a userid. The LSO token expires when the User logs out of our website or application.
We do not collect any information about your online activity when you sign-out and/or leave our services.
We use third party analytic services in order to better understand user engagement with our Services. When a user browses or uses the Services, these third party analytic services may collect the user’s IP address, browser type, and approximate location (based on the IP address). They may also use web logs or web beacons and may set and access cookies on your computer or other device. In order to provide a superior user experience, we provide the third party analytic service providers with User’s demographic information at Kutumba along with User’s movements on Kutumba website and applications.
These third party analytics services may deploy cookies on your browser. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked.
Does Kutumba Share Personal Information?
We neither rent nor sell your personal Information to anyone. However, we may share your Personal Information with third parties as described in this section:
- We only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface. We may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data are prohibited
- We don’t use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
- We don’t allow humans to read the data, unless :
- (a) We first obtain your affirmative agreement for specific purposes;
- (b) It is necessary for security purposes (such as investigating a bug or abuse);
- (c) It is necessary to comply with applicable law; or
- (d) Our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
These prohibitions of user data apply to all the information/data obtained from you with your explicit consent. Our employees, agents, contractors, and successors comply with this Policy.
Privacy Questions and Access
In certain cases, you may have the ability to view or edit your personal information online. In the event that your information is not accessible online and you wish to change or delete your personal information or any other information that you may have provided, please contact us immediately at support@Kutumba.one
Security and Responsible Disclosure
We at Kutumba are committed to protecting our client’s data and privacy. We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issues up to sophisticated attacks.
If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.
You could submit a bug report to us at support@Kutumba.one with detailed steps required to reproduce the vulnerability.
We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you not to publicly disclose it. Additionally, if you have suggestions on how we could improve our security systems to make it more robust and safe for all users, you can share those with us at support@Kutumba.one
- We will never rent or sell your information or data to anyone. We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising;
- We will never provide any part of your information to anyone unless explicitly agreed by you.
- Kutumba is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure that we can provide you services securely and reliably. Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework. It is within Indian boundary and hosted in Mumbai.
- We use HTTPS protocol for our website and mobile applications (hereinafter referred to as “Platform”). All communication between the Platform and our servers are protected via 256 bit encrypted HTTPS protocol. This prevents MITM (Man in the Middle) attacks on our platform and the connection between us and our user is fully secure. We have strict network segmentation and isolation of environments and services in place.
We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.
- The user log-in is based on One-Time Password (OTP) authentication on Kutumba application.
- All user data and internal stored data is protected by encryption at rest and sensitive data by application level encryption.
- We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized & need-to-use basis.
- We use key management services to limit access to data except from the data team.
- Stored data is protected by encryption at rest and sensitive data by application level encryption.
- We use data replication for data resiliency & disaster recovery, snapshotting for data durability and backup/restore testing for data reliability.
- We only use anonymized and aggregated data for internal analytics and business intelligence purposes.
What is your right and how to exercise it?
We respect the exercise of the rights You have in relation to the personal data and information We process or use. You can request access to or a copy of your personal and information collected and processed by Us. You may also request the rectification and removal of personal data and information or the restriction of the processing of Your personal data and information. Users have the right to unilaterally change their e-mail and contact preferences at any time by logging into their “Account” on the Platform and changing the account settings. You also have the right to data portability. If You have an objection to use of Your data under this Policy, please write to Our privacy team at contact information given below. To prevent misuse, We will ask You to identify yourself.
We understand the serious implications of data security and take extensive measures to ensure Your data and information is secured. We take extensive technical and legal measures to safeguard Your personal data and information.
- The Platform uses a reliable SSL certificate to ensure Your personal data and information is not misused in any manner whatsoever. We use SSL encryption when transmitting certain kinds of information, such as financial services information or payment information.
- Our employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every User’s personal information or sensitive personal data and information.
- We have put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data and information from the point of collection to the point of destruction. Any third-party data processor to which We transfer personal data and information shall have to agree to comply with those procedures and policies or put in place adequate measures on their own.
- No administrator of the Platform will have knowledge of Your OTP. It is important for You to protect against any unauthorized access to Your OTP, Your contact details and Your mobile phone. Ensure You log off from the Platform when finished. We do not undertake any liability for any unauthorized use of Your account.
- If You suspect any unauthorized use of Your account, you must immediately notify Us by sending an email to email@example.com . You shall be liable to indemnify Us due to any loss suffered by Us due to such unauthorized use of Your account. Please note that We make all User information accessible to Our employees, agents or partners and third parties only on a need-to-know basis and binds only its employees to strict confidentiality obligations. However, We are not responsible for the confidentiality, security or distribution of Your personal information by Our partners and third parties outside the scope of Our agreement with such partners and third parties.
- In case there is any breach of security, We will make all legally required disclosures concerning the breach and the confidentiality, or integrity of Your unencrypted electronically stored “personal information” to You via email or By posting it on Platform without any unreasonable delay, in as far as is consistent with any legitimate needs of law enforcement and any measures required to determine the scope of the breach and to safeguard the integrity of data.
- We do not guarantee the security and/or privacy of any information, which may be available to all Users and visitors of the Platform publicly. Further, the Platform may contain links to other websites. Please note that We do not endorse any links or websites and are not responsible for the privacy practices of such third-party websites.
- Please note that We maintain a strict no-spam policy and do not rent, sell, disclose or share personal information belonging to You with other people or non-affiliated companies without Your consent, except to provide you the Services which You have requested for or otherwise as specifically provided for in this Policy
Incident and Change Management
- We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the Kutumba experience with maximum assurance and security.
- We have a very aggressive stance on Incident Management on both Systems downtime and Security and Network Operations Center and an Information Security Management System in place which quickly reacts to, remediates or escalates any Incidents arising out of planned or unplanned changes.
Vulnerability Assessment and Penetration Testing
- We have an in-house network security team which uses industry leading products to conduct manual and automated VA/PT activities
- We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration/continuous deployment pipeline.
- We will leverage CERT-IN certified auditors to do periodic external testing and audits.
- We at Kutumba (Sri Vijayadasaru Software Private Limited) are committed to our user’s data and privacy.
- We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures.
- The overall data and privacy security design allow us to defend our systems from various attacks.
- If you are a security enthusiast or a researcher and have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.
- You could submit a bug report to us at firstname.lastname@example.org with detailed steps required to reproduce the vulnerability.
- We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you to not disclose it publicly.
Sri Vijayadasaru Software Private Limited
206, 16th Main, 24th Cross, Banashankari 2nd Stage
Bangalore – 560070
Email : email@example.com