Last updated: 2025
Welcome to Kasha’s privacy policy.
We are Kasha Services UK Limited and Kasha Financial Services UK Limited, (“Kasha”, “we”, “us”, “our”). Our company registration numbers are 15831561 and 16213212 respectively and our registered address is Unit 4.01, 44-354 Grays Inn Road, London WC1X 8BP.
For the purposes of UK and EU laws regarding data protection, the data controller is Kasha, and we are registered with the UK Information Commissioner’s Office (ICO) under registration numbers ZB869482 (Kasha Services UK Limited) and ZB896666 (Kasha Financial Services UK Limited).
This privacy policy applies to: (i) individuals who visit and use our website at https://kasha.io (the “Website”), mobile applications (the “Apps”) and platform (the “Platform”), engage with us via our Website, Apps and Platform, social media accounts, and in connection with any purchases, contracts or related matters; (ii) individuals we deal with in their business capacity, such as representatives of our customers or suppliers or investors; and (iii) individuals that apply for work with us (“you”, “your”).
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
At Kasha, your privacy is important to us. We believe in a responsible and pro-active approach when dealing with your personal information.
This policy sets out how and why we collect, store, use and share personal information generally, our dedication to protect it, as well as your rights in relation to your personal information and details of how to contact us and supervisory authorities if you have a complaint.
If you have any questions about how we use your personal data, please contact dpo@kasha.io.
We may collect and use the following information about you:
Identity Data including your first name and surname.
Contact Data including your billing address, email address, and telephone numbers.
Business Data including the name of the organisation you represent, your position, department and business ID numbers.
Personal Verification Data including passport / ID, and proof of address where required.
Financial Data including bank account and payment card details.
Transactional Data including information about our business dealings, transactions and interactions with you.
Technical Data including your IP address and passwords when you visit or engage with our Website, Apps, Platform or social media accounts.
Usage Data including information about how you use or search our Website, Apps and Platform including any user preferences and notes.
Content Data including website content such as text, images and videos uploaded by you.
Marketing and Communications Data including your preferences in receiving marketing from us, your communication preferences and your language settings.
Customer Client Data including your client’s Identity Data, Contact Data, Business Data, Personal Verification Data, Financial Data, Transactional Data, Technical Data, Usage Data, and Content Data, as described in this section.
Survey Data including data from surveys that we may, from time to time, run on the Website, Apps and the Platform for research purposes, if you choose to respond to, or participate in, them.
Investor Data including information related to your investments in Kasha.
Recruitment Data including data related to your employment history and salary expectations for the purpose of considering and progressing your application to work for us.
We will indicate where any personal information we have requested is mandatory. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to provide you with a certain service.
We will only process your personal data where we have a lawful basis to do so. The lawful basis will depend on the purposes for which we have collected and use your personal information. In almost every case, the lawful basis will be one of the following:
Our legitimate business interests: Where we have a legitimate interest to use personal data regarding you in relation to the operation of our business.
Performance of an agreement with you (or in order to take steps prior to entering into an agreement with you): For example:
where you have provided your information in order to receive details in relation to our services; or
where you have provided your payment information in order to receive our services.
Compliance with the law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.
Consent: Where you have given consent for us to process your personal data for a specific purpose.
Please find a table which sets out each category of personal data we collect below, and the lawful basis for processing it.
We collect most categories of personal data from you directly or when you use our Website, Apps or Platform or engage with us via social media.
Purpose of processing:
To respond to queries.
Category of personal data:
· Identity Data
· Contact Data
· Business Data
· Personal Verification Data
· Financial Data
· Transactional Data
· Content Data
Lawful bases:
Our legitimate interests to respond to queries.
Purpose of processing:
To enter into and fulfil the services for customers.
Category of personal data:
· Identity Data
· Contact Data
· Personal Verification Data
· Financial Data
· Transactional Data
· Marketing and Communications Data
· Business Data
Lawful bases:
Performance of an agreement with you.
Our legitimate interests for our business operations.
Purpose of processing:
Use of our Website, Apps, Platform and social media accounts.
Category of personal data:
· Identity Data
· Contact Data
· Financial Data
· Transactional Data
· Technical Data
· Usage Data
· Content Data
· Survey Data
· Marketing and Communications Data
· Business Data
Lawful bases:
Performance of an agreement with you.
Our legitimate interests for our business operations.
Purpose of processing:
To manage, deliver and improve our Website, Apps, Platform and social media accounts.
Category of personal data:
· Identity Data
· Business Data
· Transactional Data
· Technical Data
· Usage Data
· Content Data
· Customer Client Data
Lawful bases:
Our legitimate interests for our business operations.
Purpose of processing:
To set and operate cookies and similar technologies on our Website, Apps and Platform.
Category of personal data:
· Technical Data
· Usage Data
Lawful bases:
Consent.
Our legitimate interests for our business operations.
Purpose of processing:
For direct marketing.
Category of personal data:
· Identity Data
· Contact Data
· Transactional Data
· Marketing and Communications Data
· Business Data
Lawful bases:
Consent.
Our legitimate interests for our business operations.
Purpose of processing:
To handle complaints and disputes.
Category of personal data:
· All data types
Lawful bases:
Our legitimate interests for our business operations.
Purpose of processing:
To comply with the law and to enforce our legal rights.
Category of personal data:
· All data types
Lawful bases:
To comply with our legal obligations.
Our legitimate interests for our business operations.
Purpose of processing:
To perform our day-to-day business operations including business development.
Category of personal data:
· All data types
Lawful bases:
Our legitimate interests for our business operations.
Purpose of processing:
To make service recommendations.
Category of personal data:
· Identity Data
· Contact Data
· Transactional Data
· Usage Data
· Business Data
Lawful bases:
Consent.
Our legitimate interests for our business operations.
Purpose of processing:
To administer and manage our relationships with our investors.
Category of personal data:
· Identity Data
· Contact Data
· Financial Data
· Investor Data
Lawful bases:
Performance of an agreement with you.
Purpose of processing:
To consider your application for work with us and to allow you to participate in our recruitment processes.
Category of personal data:
· Identity Data
· Contact Data
· Recruitment Data
Lawful bases:
Our legitimate interests for our business operations.
Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel the performance of our services, but we will notify you if this is the case at the time.
We may share your personal information with our suppliers, distributors, business partners, prospective investors and other providers, such as the supplier who hosts our Website, Apps and Platform, or payment gateway and other payment transaction processors. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, these third-party service providers may have their own privacy policies in respect of the information we are required to provide to them. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by them.
Once you leave our Website, Apps and Platform, for example via a link, you are no longer governed by this privacy policy or our Terms & Conditions.
We may disclose your personal information to other third parties in the following cases:
in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request;
in the case of an emergency, in which case we shall share personal data as is necessary and proportionate; or
to protect the rights, property or safety of us or our users, or others, and in order to enforce or apply the terms of our contracts with customers (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where permitted by law or where we have asked for your consent, we may send you marketing materials which we believe may be of interest to you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You may receive marketing communications from us if you have requested information from us or engaged with us and you have not opted out of receiving that marketing.
Third-party marketing. We are committed to protecting and respecting your personal data. We will not sell or rent your personal data to any third parties. We will not share your personal data with third parties for marketing purposes.
Opting out. You can ask us to stop sending you marketing messages at any time by contacting us at any time at dpo@kasha.io.
Our Website and Apps use cookies to distinguish you from other users of our Website and Apps. This helps us to provide you with a good experience when you browse our Website and Apps and also allows us to improve our Website and Apps. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. You can find details of the cookies we use on our Website and Apps via the cookies notifications on our Website and Apps.
By using the Website, Apps and Platform, you represent that you are at least the age necessary to sign up to our services and enter into contracts with us.
Your information is stored in the United Kingdom (“UK”) or European Economic Area (“EEA”), but we may transfer it to countries outside the UK and EEA.
Whenever we transfer your information internationally, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this privacy policy. In these cases, we rely on approved data transfer mechanisms (such as the EU “Standard Contractual Clauses” or UK “International Data Transfer Agreement” or “UK Addendum”) to ensure your information is subject to adequate safeguards in the recipient country.
Kasha takes your privacy very seriously and wants you to be aware of your rights, as follows:
you have the right to request (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
you have the right to have inaccurate personal data rectified, or completed if it is incomplete;
in certain situations, you have the right to have your personal data erased or transmitted directly to another company, where technically feasible;
where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time without impact to any data processing activities that have taken place before such withdrawal;
you have the right not to be subject to any decisions based solely on automated processing, including profiling, which has legal or other similarly significantly effects on you unless we have your consent, it is authorised by law or it is necessary for the performance of an agreement; and
in certain situations, you have the right to restrict or object to our processing of personal data regarding you.
Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please send us an email at dpo@kasha.io if you would like to exercise any of your rights.
In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.
For individuals in the EEA – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK – the contact information for the UK’s data protection regulator can be found here: https://ico.org.uk/make-a-complaint/
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We take steps to ensure that your information is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption or by using pseudonymisation in the case of credit card information on payment, we cannot guarantee the security of your information transmitted via the internet; any transmission is at your own risk.
We have appropriate technical and organisational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other individuals. We maintain these technical and organisational measures and will amend them from time to time to improve the overall security of our systems.
In addition, we limit access to your personal data to those employees and other third parties who have a business need to know.
We may, from time to time, include links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.
We retain your information for as long as it is necessary for the purposes for which it was collected and processed. Additionally, we retain data for the purposes of satisfying any legal, regulatory, accounting, finance, tax, reporting and insurance requirements after which we take steps to destroy or de-identify personal data when the information is no longer required for any purpose for which it may be used or disclosed by us and we are no longer required by law or regulation to retain the information. Please note that this will be assessed on a case by case basis.
After our agreement with you expires or terminates, or our relationship with you has otherwise ended, we may also store your information in an aggregated and anonymised format.
In the event that you wish to make a complaint about how we process your personal data, please contact dpo@kasha.io and we will endeavour to deal with your request as soon as possible.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
If you are in the EEA, you can contact the relevant data protection regulator using the contact information available via the link in section 9 above.
We will generally notify you of any material changes to this policy, through a notice provided via the Website, Apps and Platform or otherwise supplied to you. However, you should look at this policy regularly to check for any changes. We will also update the “Last Updated” date at the top of this policy, which reflects the effective date of such policy. Your continued engagement with us after the date of the updated policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop your engagement with us.
Name and Relevant Service
Adyen (Adyen N.V.)
Merchant Acquiring Services
Google Cloud (Google Cloud EMEA Limited)
Data hosting
Google Workspace (Google Ireland Limited)
Email information exchange and contacts integration
Google (Google LLC)
Single sign on with Google accounts
Open.AI (OpenAI OpCo, LLC)
AI model for AI website builder
RailsR
(PayrNet Limited)
Provision of business accounts and payments services
sanctions.io (sanctions.io Inc.)
Transaction monitoring
SumSub (Sum and Substance Limited)
Provision of AML/KYC services and transaction monitoring
Twilio (Twilio Inc)
Telephony, messaging and video software for the provision of customer support
Azure Cloud (Microsoft Corporation)
Data hosting
Digital Ocean(DigitalOcean Holdings, Inc.)
Data hosting
Posthog
Data analytic tool
Kasha is a trading style of Kasha Services UK Limited and Kasha Financial Services UK Limited, companies registered in the UK with company numbers 15831561 and 16213212 respectively. Registered trading address: Unit 4.01, 44-354 Grays Inn Road, London WC1X 8BP.
Kasha Financial Services UK Limited is a distributor of PayrNet Limited, a company registered in England and Wales with company number 09883437. PayrNet Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FCA reference 900594) for the issuing of electronic money and payment services.
Copyright © 2025 Kasha.io | All Rights Reserved