Last updated: 13 December 2025

1. Who we are

KOSHA OPS CLOUD PRIVATE LIMITED (“KOSHA”, “we”, “us”) provides software and related services that help Indian SMEs automate collections, reconciliation and daily cash visibility (the “Services”).

This Privacy Policy explains how we collect, use and protect information when you use our websites (usekosha.com, koshaops.com), products and pilots.

2. Information we collect

• Business & contact details - name, company, designation, phone, email, address.

• Account & usage data - login IDs, configuration settings, logs of actions taken in the product (for example, who triggered a reminder or edited a rule).

• Financial & transaction data (for pilots / customers)

  • AR ageing reports, invoice and receipt details.

  • Customer master data (names, codes, contact details, basic credit terms).

  • Bank / UPI statements via CSV uploads or read-only Account Aggregator / banking APIs, where you choose to connect them.

• Communication data - WhatsApp, SMS, email messages that are sent via or logged in KOSHA as part of your collections and recon workflows.

• Website data - basic analytics (pages visited, device type, referral source).

We usually act as a data processor for business data you share with us - you remain the controller.

3. How we use information

We use information to:

• Provide, configure and improve the Services.

• Run pilots and subscriptions as per your LOI / SOW or other agreement.

• Generate Daily Cash / AR Briefs and exception lists.

• Support you via email, phone, WhatsApp and in-product chat.

• Send service-related communications (alerts, updates, maintenance notices).

• Improve our product based on usage patterns and feedback (aggregated / anonymised where practical).

• Comply with legal obligations, including India’s data-protection and financial-sector rules where applicable.

We do not sell your business data.

4. Legal basis & consent

Where applicable law requires a legal basis, we rely on:

• Performance of a contract - when we provide pilots or paid services.

• Legitimate interest - to secure systems, prevent misuse and improve our Services.

• Consent - where you enable optional integrations (for example, Account Aggregator connections) or agree to receive marketing communications.

When you connect AA / bank integrations, you or your authorised representative will follow the relevant consent flow, and you can revoke access via that provider at any time.

5. Sharing of information

We may share information with:

• Service providers - secure cloud infrastructure, monitoring, communication providers (WhatsApp / SMS gateways, email services) who help us deliver the Services.

• Partners - Account Aggregators, PSPs, banks, ERP providers and practising CAs - but only as required for a specific engagement you approve.

• Professional advisors - lawyers, auditors, accountants where needed.

• Authorities - when required by law, court order or regulatory guidance.

We do not grant third parties the right to use your data for their own independent purposes without your consent.

6. Security

We implement reasonable technical and organisational measures, such as:

• Encryption in transit (TLS) and at rest where supported.

• Role-based access controls and activity logs.

• Minimal data retention consistent with pilot / subscription requirements.

No system is perfectly secure, but we aim to follow good industry practices and will notify you without undue delay if a material data incident affects your business.

7. Data retention

We keep your business data only as long as necessary to:

• deliver the Services,

• comply with legal obligations or

• resolve disputes and enforce our agreements.

For pilots, we can delete or anonymise data within a reasonable period after pilot closure if you request this in writing.

8. Your choices

You can:

• Request access to, correction of or deletion of your data held by us (subject to legal and contractual limits).

• Disable certain integrations or stop sharing specific data sets.

• Opt-out of non-essential marketing emails.

To exercise these rights, email privacy@usekosha.com or your usual KOSHA contact.

9. Children

Our Services are built for businesses. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date will change accordingly. If we make material changes, we will notify you by email or via the product.

11. Contact

For privacy questions or requests, contact:

KOSHA OPS CLOUD PRIVATE LIMITED
Email: privacy@usekosha.com
Bengaluru - 560068, Karnataka - India