Privacy & Security Policy
Last updated on: 20th Jan 2021
https://kissht.com and its Android and iOS apps are owned and operated by OnEMI Technology Solutions Pvt Ltd , hereinafter referred to as 'Kissht' or 'https://kissht.com' interchangeably. Kissht is committed to maintaining the confidentiality, integrity and security of all the personal information of our users. This Privacy & Security Policy explains how we protect personal information provided through our websites such as https://kissht.com and our Android and iOS apps and how we use that information in connection with our service offered through the Site (the "Service").
"Personal Information" for purposes of this Policy means information that identifies you, such as your name, address, phone number or email address. By providing your number at https://kissht.com you are authorizing Kissht & its representatives to give you a call to offer you our services for the product you have opted for, imparting product knowledge, offering promotional offers running on website. Irrespective of the fact that you have registered yourself under DND or DNC service, you are still authorizing us, our representatives & our partners to communicate with you for the above mentioned purposes. There is no DNC check required a number you enter while using Kissht services.
To register with us you must be 18 years of age or older and Indian residents. Minors are strictly forbidden from using the service.
1. How Kissht collects information?
1.1 Information provided by you with Kissht
If you intend to open a loan account with Kissht, you would be required to provide details like your name, E-mail address, Mailing address, Mobile number, PAN number, employment & income details and other such information which may be needed to assess your creditworthiness. In order to provide your bank statements or pay-slips electronically/physically along with your loan application, you also must provide your third-party account credentials ("Account Credentials") to allow https://kissht.com to retrieve your account data ("Account Information") from those financial institutions. Your Account Credentials are only used once to retrieve your bank statements/pay-slips and are not stored in our system.
Access to your Registration Information, Account Information, and any other Personal Information you provide is strictly confidentials and used only in accordance with specific internal procedures and safeguards governing access, in order to operate, develop or improve the Service. We may also use third party service providers to help us provide the Service to you, such as sending e-mail messages or SMS on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality of the information we provide to them. If you telephone us we may also record and/or monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
In order to provide seamless approval and determine instant creditworthiness of customers, we explicitly request for certain permissions after users complete the signup process:
We don’t collect, read or store your personal SMS from your inbox. We collect and monitor only financial SMS sent by 6-digit alphanumeric senders to see your transaction behaviour, monthly income and expenses across all your linked accounts and financial service providers. While using the app, we use secure APIs to intermittently access such financial SMS information to our server.
The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like Advertising ID; SIM information that includes network operator, WIFI information and mobile network information to uniquely identify the devices and prevent multiple applicants accessing your device to apply for loan offers.
We require camera access to take selfie, scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields.
1.2 Information that Kissht collects from your activities
Your information would get collected when you visit Kissht website or mobile apps using your phone or computer. This information may include your IP address, contact details, device information including but not limited to identifier, name and type, operating system, location. We do not access your location or restricted data in the background for any marketing purposes. However, we may access the data in foreground with continual usage for tracking purposes and preventing frauds.
If enabled, we may place cookies on your machine that store small amounts of data on your computer about your visit to any of the pages of this website. Cookies can identify the pages that are being viewed and this can assist us in tracking which of our features appeal the most to you and what content you may have viewed on past visits.
2. How Kissht protects your personal details?
2.1 We keep your data secure
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it using secure cryptographic techniques over HTTPS APIs. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect https://kissht.com accounts and systems from unauthorized access.
Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted. No employee may put any sensitive content on any unsecure machine (i.e., nothing can be taken from the database and put on an insecure laptop).
2.2 Encryption and secure communication
All communications between your computer and https://kissht.com that contain any personal information are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
2.3 Login id and password confidentiality
You are responsible for maintaining the security of your Login ID and Password, and may not provide these credentials to any third party. If you believe they have been stolen or been made known to others, you must contact us immediately on firstname.lastname@example.org.
3. How Kissht can utilize your information?
The intended purpose of collecting information provided by you is to
1. Establish identity and verify the same;
2. To complete your Video KYC;
3. Monitor, improve and administer our Platform;
4. Provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
5. Design and offer customized products and services offered by our third party financial partners;
6. Analyse how the Platform is used, diagnose service or technical problems and maintain security;
7. Send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Platform;
8. Manage Our relationship with You and inform You about other products or services We think You might find of some use;
9. Conduct data analysis in order to improve the Services / Products provided to the User;
10. Use the User information in order to comply with country laws and regulations;
11. Conduct KYC for our third party lending partners based on the information shared by the User;
12. Use the User information in other ways permitted by law to enable You to take financial services from our lending partners.
We will use and retain the information for such periods as necessary to provide You the Services on the Platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
4. When you share information with Kissht
All other information shall be treated as non-confidential and non-proprietary and Kissht shall be under no obligation of any kind with respect to such information and shall be free to reproduce, use, disclose, and distribute the information to others without limitation. Additionally, Kissht shall be free to use any ideas, concepts, know-how, or techniques contained in such information for any purpose whatsoever including, but not limited to, developing or marketing services incorporating such information.
There is no legal obligation to destruct the data from the server upon you closing the account or non-usage of our services from your end. The data will be retained securely on our server and shall help Kissht:
- To comply with legal duties and requirements, either statutory or regulatory;
- To avoid liability through "spoliation," the improper destruction or alteration of documents in a litigation situation;
- To support or oppose a position in an investigation or litigation;
- To protect from unnecessary expense and time during discovery;
- To maintain control over discovery and e-discovery, and
- To keep documents confidential and avoid leakage to attackers or competitors.
We do not retain your personal data for longer than required for the purpose for which the information may be lawfully used. For any other information, we may entertain your request for deletion, however, you may not be able to use our Services at all after such deletion.
5. Information sharing with Third parties
We do not sell or misuse your data and we ensure that data is protected from being accessed by unrelated 3rd parties. We do not share your personal identifiable information and Government IDs with these parties. However, we may get into the data-sharing agreement with the 3rd party in order to enrich the offerings and provide loan services and repayment services.
3rd Party Service Providers:
We work with third-party service providers to execute various functionalities of the App and we may share your information with such service providers to help us provide the App. Some of these functionalities may include:
- Validating and authenticating the official verification documents provided by you.
- Validating your preferred bank account, as well as transferring the loan amounts to you.
- E-signing of the User Loan Agreement, populating the User Loan Agreement. The information shared with these service providers is retained for auditing of the agreements.
- eNACH set-up to enable autopay.
- Analyzing customer behaviour and to automate our marketing and outreach efforts.
- Detection and flagging of fraud.
- Gathering of additional information regarding your bank account and statement details, in case adequate information has not been provided by you or through the other service providers we work with.
- For manually collecting any sums owed by you to our Lending Partner
However, usage of such third-party services is subject to their privacy policies and not within our control. We recommend that you have a look at their privacy policies before agreeing to use their services.
3rd Party SDK:
Our application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third-party service provider takes security measures in order to protect your personal information against loss, misuse or alteration of the data. Kissht app looks at the current transaction state, and usage patterns across the workflow with the marketing partners such as Facebook, Google, Appsflyer, and WebEngage. These tools offer capabilities to target customers with smart, personalized notifications and retargeting ads on social media and other websites to remind customers to complete their journey or use our services after a considerable time of inactivity. We do not share any personal information with them. We share limited information such as Device IDs, Android IDs, Page status, Location, Workflow events with analytics service providers that are non-personal.
Our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
To verify your creditworthiness and complete the KYC formalities, we request you to enter few government-issued ID numbers such as PAN Number, Aadhaar Card, or Virtual ID (VID) number. This data remains completely safe and secure with us and is never shared with any 3rd party. However, your information is passed to the authorized 3rd party APIs and government websites for you to fill up the information and help us validate your KYC credentials.
Law Enforcement Agencies:
If any governmental authority or law enforcement officers request or require any information and we think disclosure is required or appropriate in order to comply with laws, regulations, or a legal process.
6. Data Security Practice
By setting up a Kissht Account, you agree to our and the Lending Partner’s processing, storage, usage, and sharing of the data provided by you pursuant to this Policy. Please note that if you revoke any mandatory permissions or revoke the consent to process and store information such as your Kissht Account data, Financial and KYC Information and/or any other information needed to facilitate your loan amounts, then we may have to cease the provision of Services to you. You cannot withdraw your consent once you have availed a loan using the App till you have repaid the loan amount and all related charges in its entirety.
7. Contact Kissht
In case of any grievance / review of information you may contact the grievance officer Mr. Raj Pandey on the coordinates provided below:
Address:Onemi Technology Solutions Private Limited
2nd Floor, Der Deutsche Parkz,
Subhash Nagar Rd, Nahur Station,
Nahur West, Industrial Area,
Bhandup West, Mumbai, Maharashtra 400078