We at Kutumba are completely committed to keeping your data secure, we don’t collect any sensitive financial information, and are transparent about our practices.

Sri Vijayadasaru Software Private Limited operate our web application https://app.kutumba.one/ , our mobile apps and our website https://www.kutumba.one/ under brand names Kutumba, Kutumba.one collectively referred to as  ,“we,” “our,” or “Us” or “Company “.

Kutumba empowers your family by encouraging you to discover, document, risk-proof, and share your financial life information with your family.

Kutumba is committed to operating its website and  applications with the highest ethical standards and appropriate internal controls. We take your privacy extremely seriously. Your privacy is important to us and maintaining your trust is paramount. This Privacy Policy explains how Kutumba collects, uses & protects your information when you access Kutumba website(s) &  apps (collectively referred to as “Services” or “Application”). We encourage you to read this Privacy Policy. By using Kutumba Services you agree to the terms of the Privacy Policy. If you are not comfortable with any of the terms or policies described in this Privacy Policy, you may choose to discontinue usage of Kutumba Services by deleting the Kutumba account. You can also email us at support@Kutumba.one to update or delete your personal information that Kutumba has collected.

Kutumba does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to Kutumba. If Kutumba learns that we have collected personal information from a person under the age of 18, we will delete that information immediately. If you believe that a person under the age of 18 may have provided us with personal information, please contact us at support@Kutumba.one.

The Platform facilitates and enables the User in availing certain online products and services from the Platform, including, documenting, organizing and sharing the personal finance information with their families  (“Services”), in accordance with the terms and conditions of use/Service of the Platform, as available at https://www.kutumba.one/terms-of-use/ (“Terms and Conditions”).

For the purposes of this privacy policy (hereinafter referred to as “Privacy Policy” or “Policy”), wherever the context so requires, references to the terms “User(s)“, “You” or “Your”, shall mean and include the user, registered on the Platform, who uses or access the Platform or avails the Service(s) (as defined below) of the Platform in accordance with the Terms of Use.

This Privacy Policy is published in compliance with the Information Technology Act, 2000, and applicable amendments, rules, regulations and guidelines enacted thereunder from time to time (“IT Act”) with specific mention of regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive personal information) Rules, 2011, and any other national and state laws which relate the processing of data. This Privacy Policy is an electronic record in terms of the IT Act and this electronic record is generated by a computer system and does not require any physical or digital signatures. Any new features and/or services that are added to Our current service at any point in the future shall also be subject to the terms set out in this Policy along with any other future relevant legislations to be incorporated as per the laws of the land. This Privacy Policy shall apply to any person who visits, browses, uses or accesses the Platform or use any Services on the Platform.

This Privacy Policy, inter alia, states: (i) the type of information collected from the Users, including personal information and non-sensitive personal data or information , relating to an individual; (ii) the purpose, means and modes of collection, usage, processing, retention and destruction of such information; (iii) how and to whom We will disclose such information; and (iv) how We will protect the Users’ personal information when they access the Platform.

What is scope and purpose of the Privacy Policy?

This Privacy Policy is published to inform and describe Our Users of Our policies and procedures regarding collection, storage, and processing and sharing of information that We receive from our Users on the Platform or those which are stored or accessed by Us at the time of availing/ registering for the Services on the Platform. We have developed this Policy to familiarize You with Our practices and demonstrate Our commitment to the protection of Your privacy and Your personal information. With regard to this Privacy Policy, the terms “using”, and “processing” information include, without limitation; the use of cookies; and the collection, storage, transfer, evaluation, deletion, disclosure, management, handling, modifying and use of information.

The below mentions the outlined idea of Scope of the Privacy Policy:

• This Privacy Policy is applicable to all Users of this Platform. By using the Services, registering with Us or by otherwise giving Us Your information, You shall be deemed to have read, understood and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by the terms hereof as laid down.
• We respect Your need to understand how and why information is being collected, used, disclosed, transferred and stored. This Privacy Policy sets out the way in which We process Your information when You visit the Platform or use the Services in accordance with applicable relevant data protection laws. By accessing Our Platform or availing the Services, You agree to be bound by the terms of this Policy.
• It is important that You read this Policy together with any or all other policies We may provide on specific occasions when We are collecting or processing your personal information, so that You are fully aware of how and why We are using your personal information.
• This Privacy Policy applies only to information that You provide Us via the Platform. We reserve the right to update this Privacy Policy from time to time to reflect any changes to Our Services. We will do this by amending the Privacy Policy on the Platform and intimate the changes which will take effect automatically as soon as they are posted on the Platform. In addition, We shall notify all Our users Users by email or any specified mode of communication with respect to the changes that are made to the Policy.
• The information contained on this Platform and the information collected by using/ login and /or accessing this Platform are stored at a secured server. It is stated by the server service provider that they have all the best security practices required for the server. The Platform is owned by Us and is located in India. Hence, We are bound by duty to abide by the laws, including but not limited to, regulations, rules, circulars and notifications governing privacy in India.
• This Privacy Policy does not apply to any third-party website(s) and mobile app(s). You are requested to take note that information and privacy practices of Our business partners, advertisers, sponsors or other sites to which We provide hyperlink(s), may be different from this Policy, Hence, it is recommended that You review the Privacy Policy of any such third parties before You interact with such interfaces. Under such circumstances we kindly recommend you to read the policies on the applicable / relevant websites or sources.

You hereby consent to Us collecting, using and sharing and disclosing Your information as described in this Privacy Policy. If You do not agree with this Privacy Policy at any time, time, please do not use any of the services, use or access the Platform or give Us any of Your information

What information does Kutumba collect?

We receive and store only that information which you knowingly provide to us or with your explicit consent. You can delete the account by using the web or mobile application which deletes all the information stored related to Kutumba members and financial assets added by the customer. You can always delete this information by writing to us at support@Kutumba.one.

User Profile
In the Kutumba app there are two types of user profiles:

• The logged-in user’s profile (i.e., your profile), and
• The profiles of the Kutumba (i.e., family) members of the logged-in user (i.e., your Kutumba
  members profiles)   

Under the logged-in user’s profile (i.e., your profile), we ask for the following information:

1. Full name (mandatory) – We require your full name to bring-in an element of
   personalization inside the Kutumba app.
2. Email address (optional) – We optionally allow you to associate your profile with an email
   address. If an email address is available with your profile, then we may use the email
   address to notify you of important events or actions that may happen inside the Kutumba
   app. We do not have access to this email address and will therefore never use this email
   address for sending marketing or promotional messages or share this with third parties.
3. Phone number (mandatory) – We ask for your phone number during the sign-up flow for
   the Kutumba app. We use this phone number as the primary authentication mechanism to
   allow you to successfully login into your Kutumba account (for example, the secure 6-digit
   login OTP or One Time Password is delivered via. an SMS notification to your phone
   number). We use third-party providers (Auth0/Okta and Twilio, Inc.) for generating and
   delivering these secure 6-digit OTPs. We will never use this phone number for marketing or
   promotional messages or share this with any other third parties. 
4. Profile picture (optional) – We optionally allow you to associate your profile with a photo on
   your phone. You may choose to do so to bring an element of personalization or fun into the
   Kutumba app. However, before we do this, we require your explicit consent to allow the
   Kutumba app to access your photos; should you choose to decline this consent the Kutumba
   app will not have access to your photos. We do not have access to these photos and will
   therefore never use these photos in marketing or promotional messages or share these with
   third parties.

Under the profiles of the Kutumba (i.e., family) members of the logged-in user (i.e., your Kutumba
members profiles), we ask for the following information:

1. Full name (mandatory) – We require the full name to help you to uniquely identify your
   Kutumba (i.e., family) member elsewhere in the Kutumba app (for example, when you
   securely share information about your financial asset with your Kutumba member)
2. Relationship (mandatory) – We require the relationship (between you and your Kutumba
   member) to help you to uniquely identify your Kutumba (i.e., family) member elsewhere in the Kutumba app (for example, when you securely share information about your financial
   asset with your Kutumba member)
3. Email address (optional) – We require the email address to notify your Kutumba (i.e.,
   family) member about important events and actions that you take in the Kutumba app (for
   example, when you securely share information about your financial asset with your
   Kutumba member). We do not have access to these email addresses and will therefore
   never use these email addresses for sending marketing or promotional messages or share
   these with third parties.
4. Phone number (mandatory) – We require the phone number to notify your Kutumba (i.e.,
   family) member about important events and actions that you take in the Kutumba app (for
   example, when you securely share information about your financial asset with your
   Kutumba member). We allow you to optionally select a contact from the contact list on your
   phone and use the phone number available for this contact – however, before we do this,
   we require your explicit consent to allow the Kutumba app to access your contacts; should
   you choose to decline this consent the Kutumba app will not have access to your contact list.
   We do not have access to these phone numbers and will therefore never use these phone
   numbers for sending marketing or promotional messages or share these with third parties.
5. Profile picture (optional) – We optionally allow you to associate your Kutumba (i.e., family)
   member with a photo on your phone. You may choose to do so to bring an element of
   personalization or fun into the Kutumba app. However, before we do this, we require your
   explicit consent to allow the Kutumba app to access your photos; should you choose to
   decline this consent the Kutumba app will not have access to your photos. We do not have
   access to these photos and will therefore never use these photos in marketing or
   promotional messages or share these with third parties.
   At all times in the Kutumba app, you are in full control over your own user profile as well as those of
   your Kutumba (i.e., family) members. You can choose to delete a Kutumba (i.e., family) member’s
   profile at any time. You can also choose to delete your own user profile at any time and close your
   Kutumba account.

Upon creating a New Account : When you create a new account to use the Services, we request for the following information:

• Mobile number, first name, last name, email
• Over a survey we might ask for your profession, date of birth, gender and marital status to understand the customer demographic better
• User can optionally add profile photo by providing access to the photos on the phone and save it on their Kutumba account. We never use the user’s profile photo uploaded on our application for serving ads, including retargeting, personalized, or interest-based advertising.

Upon Sign-up : When user logs in to Kutumba:

• Customer will have the option to add the details of their “Kutumba members” (information regarding the family/friends/loved ones with whom the financial life information will be shared) which includes 

1.  Adding their contact numbers by using the contact list saved on the User’s phone (optional) as mentioned in the above section and
2.  With user consent to personalize the application, images for the kutumba member’s profile can be accessed using the photos saved and stored on the user’s phone as mentioned in the above section.

Note: We never use or transfer the photos stored for profiles of Kutumba members or the contact information of the user or their kutumba members saved on our application for serving ads, including retargeting, personalized, or interest-based advertising.

• Non-sensitive financial information like bank account number, where the bank account is located and similar details for other financial assets may be collected for recording the details of the financial life information.

We DO NOT ask for any sensitive financial information like CVV, password or other financially sensitive information for any of the financial assets covered as part of Kutumba services.

All the information related to the user’s financial assets added manually by the User:

• Details regarding the financial assets like bank accounts, insurance, pension schemes etc. are added by the user using the forms in Kutumba app manually. Not all the fields in the form are mandatory.

• Details of the family members with whom they want to share the financial life information and the nominee(s) of financial assets which are all added according to the User’s discretion.

Please note that we will never rent or sell your information or data to anyone. We never use or transfer the data collected on our application for serving ads, including retargeting, personalized, or interest-based advertising.

Why does Kutumba ask for this information?

Kutumba is a financial awareness and preparedness tool for you and your family. Currently, we do not support auto discovery of the financial assets for our users and hence all the required information regarding the financial assets and family/friends with whom the financial information is shared is manually added by the user with their consent.

Third Party APIs/Services
To auto-populate the financial information automatically we might use third party applications or services to get your credit score or use the account aggregator, an RBI initiative to discover all the financial information WITH USER CONSENT ONLY.

Using the credit report services from Decentro Tech Private Limited which in turn uses Equifax, we fetch the credit and loan information for auto discovery feature on Kutumba.one.

Cookies & Third Party Analytics Services

We use Local Storage Objects (LSOs) to store content information, preferences and to keep you signed-in. We identify the User’s signed-in state with a token and a userid. The LSO token expires when the User logs out of our website or  application.

We do not collect any information about your online activity when you sign-out and/or leave our services.

We use third party analytic services in order to better understand user engagement with our Services. When a user browses or uses the Services, these third party analytic services may collect the user’s IP address, browser type, and approximate location (based on the IP address). They may also use web logs or web beacons and may set and access cookies on your computer or other device. In order to provide a superior user experience, we provide the third party analytic service providers with User’s demographic information at Kutumba along with User’s movements on Kutumba website and  applications.

 These third party analytics services may deploy cookies on your browser. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and  applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked.

Does Kutumba Share Personal Information?

We neither rent nor sell your personal Information to anyone. However, we may share your Personal Information with third parties as described in this section:

1. We only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application’s user interface. We may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data are prohibited
2. We don’t use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising; and
3. We don’t allow humans to read the data, unless :
   • (a) We first obtain your affirmative agreement for specific purposes;
   • (b) It is necessary for security purposes (such as investigating a bug or abuse);
   • (c) It is necessary to comply with applicable law; or
   • (d) Our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.

These prohibitions of user data apply to all the information/data obtained from you with your explicit consent. Our employees, agents, contractors, and successors comply with this Policy.

Changes to Privacy Policy

Kutumba reserves the right to change this policy from time to time. Any changes shall be effective immediately upon the posting of the revised Privacy Policy. While we will make reasonable efforts to keep you posted on any updates to this privacy policy, to make sure that you are aware of any changes, we recommend that you review this policy periodically. If you are not comfortable with any of the changes to Privacy Policy you may choose to discontinue the usage of Kutumba website or  applications. You can also email us at  support@Kutumba.one to update or delete your personal information that Kutumba has collected or alternatively delete your account using the Kutumba application.

Privacy Questions and Access

If you have questions, concerns, or suggestions regarding our Privacy Policy, please contact us immediately at support@Kutumba.one 

In certain cases, you may have the ability to view or edit your personal information online. In the event that your information is not accessible online and you wish to change or delete your personal information or any other information that you may have provided, please contact us immediately at support@Kutumba.one

Security and Responsible Disclosure

We at Kutumba are committed to protecting our client’s data and privacy. We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issues up to sophisticated attacks.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.

You could submit a bug report to us at   support@Kutumba.one with detailed steps required to reproduce the vulnerability.

We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you not to publicly disclose it. Additionally, if you have suggestions on how we could improve our security systems to make it more robust and safe for all users, you can share those with us at  support@Kutumba.one

Privacy Practices

• We will never rent or sell your information or data to anyone. We never use or transfer your data for serving ads, including retargeting, personalized, or interest-based advertising;
• We will never provide any part of your information to anyone unless explicitly agreed by you.
• Please refer to our Privacy Policy for more information

Cloud Infrastructure

• Kutumba is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure that we can provide you services securely and reliably. Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework. It is within Indian boundary and hosted in Mumbai.
• We use HTTPS protocol for our website and mobile applications (hereinafter referred to as “Platform”). All communication between the Platform and our servers are protected via 256 bit encrypted HTTPS protocol. This prevents MITM (Man in the Middle) attacks on our platform and the connection between us and our user is fully secure. We have strict network segmentation and isolation of environments and services in place.

Host Security

We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.

Data Security

• The user log-in is based on One-Time Password (OTP) authentication on Kutumba application.
• All user data and internal stored data is protected by encryption at rest and sensitive data by application level encryption.
• We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized & need-to-use basis.
• We use key management services to limit access to data except from the data team.
• Stored data is protected by encryption at rest and sensitive data by application level encryption.
• We use data replication for data resiliency & disaster recovery, snapshotting for data durability and backup/restore testing for data reliability.
• We only use anonymized and aggregated data for internal analytics and business intelligence purposes.

What is your right and how to exercise it?

We respect the exercise of the rights You have in relation to the personal data and information We process or use. You can request access to or a copy of your personal and information collected and processed by Us. You may also request the rectification and removal of personal data and information or the restriction of the processing of Your personal data and information. Users have the right to unilaterally change their e-mail and contact preferences at any time by logging into their “Account” on the Platform and changing the account settings. You also have the right to data portability. If You have an objection to use of Your data under this Policy, please write to Our privacy team at contact information given below. To prevent misuse, We will ask You to identify yourself.

Security

We understand the serious implications of data security and take extensive measures to ensure Your data and information is secured. We take extensive technical and legal measures to safeguard Your personal data and information.

• The Platform uses a reliable SSL certificate to ensure Your personal data and information is not misused in any manner whatsoever. We use SSL encryption when transmitting certain kinds of information, such as financial services information or payment information.
• Our employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every User’s personal information or sensitive personal data and information.
• We have put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data and information from the point of collection to the point of destruction. Any third-party data processor to which We transfer personal data and information shall have to agree to comply with those procedures and policies or put in place adequate measures on their own.
• No administrator of the Platform will have knowledge of Your OTP. It is important for You to protect against any unauthorized access to Your OTP, Your contact details and Your mobile phone. Ensure You log off from the Platform when finished. We do not undertake any liability for any unauthorized use of Your account.
• If You suspect any unauthorized use of Your account, you must immediately notify Us by sending an email to support@kutumba.one . You shall be liable to indemnify Us due to any loss suffered by Us due to such unauthorized use of Your account. Please note that We make all User information accessible to Our employees, agents or partners and third parties only on a need-to-know basis and binds only its employees to strict confidentiality obligations. However, We are not responsible for the confidentiality, security or distribution of Your personal information by Our partners and third parties outside the scope of Our agreement with such partners and third parties.
• In case there is any breach of security, We will make all legally required disclosures concerning the breach and the confidentiality, or integrity of Your unencrypted electronically stored “personal information” to You via email or By posting it on Platform without any unreasonable delay, in as far as is consistent with any legitimate needs of law enforcement and any measures required to determine the scope of the breach and to safeguard the integrity of data.
• We do not guarantee the security and/or privacy of any information, which may be available to all Users and visitors of the Platform publicly. Further, the Platform may contain links to other websites. Please note that We do not endorse any links or websites and are not responsible for the privacy practices of such third-party websites.
• Please note that We maintain a strict no-spam policy and do not rent, sell, disclose or share personal information belonging to You with other people or non-affiliated companies without Your consent, except to provide you the Services which You have requested for or otherwise as specifically provided for in this Policy

Incident and Change Management

• We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the Kutumba experience with maximum assurance and security.
• We have a very aggressive stance on Incident Management on both Systems downtime and Security and Network Operations Center and an Information Security Management System in place which quickly reacts to, remediates or escalates any Incidents arising out of planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

• We have an in-house network security team which uses industry leading products to conduct manual and automated VA/PT activities
• We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration/continuous deployment pipeline.
• We will leverage CERT-IN certified auditors to do periodic external testing and audits.

Responsible Disclosure

• We at Kutumba (Sri Vijayadasaru Software Private Limited) are committed to our user’s data and privacy.
• We blend security at multiple steps within our products with state-of-the-art technology to ensure our systems maintain strong security measures.
• The overall data and privacy security design allow us to defend our systems from various attacks.
• If you are a security enthusiast or a researcher and have found a possible security vulnerability on Kutumba, we encourage you to report the issue to us responsibly.
• You could submit a bug report to us at support@kutumba.one with detailed steps required to reproduce the vulnerability.
• We shall put forth the best of our efforts to investigate and fix legitimate issues in a reasonable time frame. Meanwhile, we request you to not disclose it publicly.

Contact Information

Sri Vijayadasaru Software Private Limited 

206, 16th Main, 24th Cross, Banashankari 2nd Stage

Bangalore – 560070

Email :  grievance@kutumba.one