Privacy Policy

Kosh collects only the minimum information necessary to provide our services: your name, email address, and optionally your PAN number and date of birth.

Your PAN number, if provided, is encrypted using AES-256-GCM encryption before storage. The encryption key is never stored in the same location as the encrypted data. Kosh staff cannot read your PAN — it is used only to query official government portals on your behalf.

Documents you upload (Form 16, insurance policies, payslips) are stored securely on Uploadthing (S3-backed). After AI parsing, the structured data is stored in our database but the original file is not retained beyond 30 days.

We use your information to: (1) scan government portals for unclaimed money, (2) parse uploaded financial documents, (3) compute tax calculations, (4) send account-related emails.

We do not sell your data to any third party. We do not use your data for advertising. We do not share your data with financial institutions without your explicit consent for each transaction.

Kosh uses the following third-party services: Neon (database hosting, EU/US data centers), Upstash (Redis cache, encrypted at rest), Uploadthing (file storage, S3-backed), Resend (transactional email), Anthropic Claude (document parsing — documents are sent to Claude API for analysis).

When we refer you to financial products (insurance, mutual funds, loans), affiliate links are used. These services may set their own cookies. We do not share your personal data with affiliate partners.

When you use the Money Finder feature, Kosh queries the IEPF, EPFO, UDGAM (RBI), LIC, and MF Central portals on your behalf using your PAN and date of birth. This data is transmitted securely over HTTPS and is not retained after the query is complete.

Kosh is not affiliated with any government agency. We are a private technology company providing a consumer interface to publicly accessible government services.

Account data is retained until you delete your account. You can delete your account and all associated data at any time from the Profile page.

Uploaded document files are automatically deleted after 30 days. Parsed JSON data extracted from documents is retained until account deletion.

Money scan results are retained for 2 years to show you historical data and track claim status.

All data in transit is encrypted with TLS 1.3. PAN numbers are encrypted at rest with AES-256-GCM. Passwords are hashed with bcrypt (cost factor 12). Our infrastructure uses CSP headers, HSTS, and regular security audits.

If you suspect a security issue, please report it immediately to security@jaykotecha.online.

You have the right to access, correct, or delete all personal data we hold about you. To exercise these rights, email privacy@jaykotecha.online or use the Profile page in your account.

We will respond to data requests within 30 days.

For privacy-related questions: privacy@jaykotecha.online

Kosh, Pune, Maharashtra, India.