Privacy Policy (KOSHA)

**Last updated:** 2025-10-24

Who we are

KOSHA ("we", "us") provides software that helps Indian SMEs accelerate cash collection, automate reconciliation and draft compliance documents. This policy explains how we handle personal data.

The data we process

- **Account & contact data:** name, email, phone, role.

- **Customer operations data:** invoices, payment events, bank-reconciliation metadata, logs generated by our systems.

- **Support artifacts:** chat transcripts, emails, call notes.

- **Technical data:** device, browser, IP, timestamps, diagnostic logs.

Why we process it (lawful purposes)

- To provide and improve the service (contract).

- To secure the service and prevent abuse (legitimate interests).

- To meet legal obligations under India’s DPDP Act and tax laws (legal obligation).

- With your consent for optional communications (consent).

Sharing

We use carefully chosen sub‑processors (cloud hosting, email delivery, analytics). We require contracts and security controls. A current list is available on request at **privacy@usekosha.com**.

International data flows

We prioritize India data residency; where cross‑border processing occurs, we apply contractual and technical safeguards.

Security

We apply encryption in transit and at rest, access controls, logging and regular testing. We are pursuing SOC 2 and ISO 27001 readiness.

Retention

Operational records are kept for as long as needed for contractual, legal, or security reasons, then deleted or anonymized.

Your rights (DPDP)

Access, correction, portability (where applicable) and deletion subject to legal exceptions. Contact **privacy@usekosha.com**.

Cookies/Tracking

We use strictly necessary cookies. Any analytics will be privacy‑respecting and opt‑out compatible.

Contact

- **Data Protection Contact:** privacy@usekosha.com

- **Security:** security@usekosha.com

- **Postal:** Add your registered address here

Changes

We will update this notice and note the effective date above.