Privacy Policy
Last updated: April 12, 2026
Effective date: April 12, 2026 · Policy version: 1.0
About eKosha
eKosha ("we", "our", "us") is a personal asset management and inheritance planning application. We are committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.
1. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity data | Full name, date of birth, gender | Create and maintain your profile |
| Contact data | Email address, phone number | Account authentication, notifications |
| Asset data | Financial account details, insurance policies, property records | Core service — asset vault |
| Usage data | Feature interactions, session timestamps | Improve app performance |
| Device data | Device type, OS version | Crash reporting, compatibility |
2. How We Use Your Data
We process your data solely for the purposes to which you have consented:
- Profile & Asset Data — to provide, operate, and maintain the eKosha service.
- Cross-Border Transfer — to store and process your data on Firebase, Resend, and RevenueCat servers (located in the United States).
- Analytics (optional) — to understand how users interact with the app and improve features.
- Marketing Notifications (optional) — to inform you about new features, tips, and promotions.
3. Data Sharing and Processors
We share your data only with the following processors, and only as necessary. We do not sell your personal data to any third party.
| Processor | Country | Purpose |
|---|---|---|
| Google Firebase | United States | Database, authentication, analytics, crash reporting |
| Resend | United States | Transactional email delivery |
| RevenueCat | United States | In-app subscription management |
4. Cross-Border Data Transfer
Your data is transferred to and stored in the United States. This transfer is covered by your explicit consent given during onboarding. The safeguards in place include contractual clauses and the data processors' compliance with applicable international data protection standards.
5. Data Retention
We retain your data for as long as your account is active, plus a maximum of 30 days after account deletion (grace period for cancellation). Audit logs related to consent are retained for 7 years as required by applicable law.
6. Your Rights Under the DPDP Act 2023
As a Data Principal, you have the following rights:
- ·Right to Information — know what data we hold about you.
- ·Right to Correction — request correction of inaccurate or incomplete data.
- ·Right to Erasure — request deletion of your personal data (subject to legal hold obligations).
- ·Right to Grievance Redressal — lodge a complaint with our Grievance Officer.
- ·Right to Nominate — nominate a person to exercise rights on your behalf in the event of death or incapacity.
To exercise these rights, please contact our Grievance Officer (see Section 9).
7. Data Security
We implement the following security measures:
- ·AES-256-GCM field-level encryption for sensitive asset data.
- ·PBKDF2 key derivation with per-user salt.
- ·Firebase Security Rules restricting access by authenticated UID only.
- ·PIN / biometric lock on mobile devices.
- ·Immutable audit logs for all data access and changes.
8. Children's Data
eKosha is intended for users 18 years of age and older. We do not knowingly collect personal data from minors.
9. Grievance Officer
In accordance with Section 13 of the DPDP Act 2023, we have designated a Grievance Officer. You may contact them at:
Email: grievance@ekosha.co.in
Designation: Privacy Team, eKosha
Response time: Within 30 days of receipt of your complaint.
10. Changes to This Policy
We will notify you of any material changes to this policy through the app. Continued use after notification constitutes acceptance of the updated policy. Where required by law, we will seek fresh consent.
11. Contact Us
For privacy-related questions, email us at privacy@ekosha.co.in.