Legal & Compliance

Terms of Service & API Policy

Strict guidelines governing the access and utilization of KenilGlobal infrastructure.

Notice of Restricted Access

KENILGLOBAL TECH (OPC) PRIVATE LIMITED provides highly sensitive verification and intelligence tools. To protect public privacy and prevent misuse, our APIs are strictly walled off from the general public. Access is granted exclusively through a rigorous vetting process.

1. Eligibility and Authorized Users

Our API services are not available to individual consumers. Access to the KenilGlobal infrastructure is exclusively restricted to the following authorized entities:

  • Registered Financial Institutions: Banks, NBFCs, and regulated payment gateways.
  • Law Enforcement Agencies (LEAs): Cyber cells, police departments, and government investigative bodies.
  • Government Organizations: Authorized state and central government departments.
  • Authentic Corporate Entities: Verified enterprises, fintechs, and corporate organizations requiring compliance, KYC, and vendor verification.

2. Mandatory Business Verification (KYB)

Before any API keys are issued, all prospective clients must undergo a stringent Know Your Business (KYB) verification process. We require official company incorporation documents, director identities, and proof of legitimate business use-cases. KenilGlobal reserves the right to deny or revoke access to any entity that fails to meet our security and legitimacy standards.

3. Commitment to Individual Privacy

We care deeply about the privacy of citizens. Our systems are engineered to facilitate trust, compliance, and security—not surveillance or unauthorized tracking. As a condition of using our APIs, clients legally bind themselves to the following:

  • Lawful Basis: Clients must possess a documented, lawful basis for querying individual data (e.g., explicit user consent during onboarding, regulatory KYC mandates, or active, legally sanctioned investigations by LEAs).
  • Prohibition of Resale: API access and the resulting data cannot be resold, aggregated into public databases, or used for unauthorized marketing purposes.
  • Data Minimization: Clients agree to query only the specific data points strictly necessary for their authorized business or investigative function.

4. Acceptable Use and Compliance

Clients must comply with all applicable local, national, and international data protection laws (including but not limited to the IT Act of India and DPDP Act provisions). Any misuse of the API—such as attempting to reverse-engineer our databases, scraping data, or bypassing security rate-limits—will result in immediate termination of the account and potential legal action.

5. Audits and Revocation

KenilGlobal maintains detailed logs of API usage to monitor for anomalies and policy violations. We reserve the right to conduct periodic compliance audits of our clients' usage. If a client is found to be utilizing our APIs outside of their approved scope or compromising individual privacy, we will immediately revoke API access and report the incident to the relevant regulatory authorities if necessary.

6. Use of Website

You agree not to misuse the website. Prohibited activities include, but are not limited to:

  • Hacking, cracking, or obtaining unauthorized access to any part of our web application or server networks.
  • Spreading malware, ransomware, viruses, worms, Trojan horses, or any other destructive logic code.
  • Spamming, phishing, automated scanning, scraping, brute-forcing, or engaging in fraudulent activity.

Any violation of these provisions may result in the immediate termination of your access permissions, destruction of active access keys, and the initiation of strict legal action under civil and criminal frameworks.

7. Intellectual Property Rights

All content, modules, architecture, design layouts, and assets available on this website, including but not limited to:

  • Corporate Logos and Brand Identities
  • UI Icons, Media Elements, and Graphic Elements
  • Product Design Frameworks and Dashboard Configurations
  • Algorithmic Texts, Technical Documentation, Source Scripts, and API Blueprints

are the exclusive intellectual property of KENILGLOBAL TECH (OPC) PRIVATE LIMITED and are heavily protected under applicable intellectual property rights, international patent arrangements, and copyright laws. No unauthorized duplication, mirroring, or reverse-engineering is permitted without written consensus.

8. Limitation of Liability

To the maximum extent permitted by applicable laws, KENILGLOBAL TECH (OPC) PRIVATE LIMITED shall not be held liable for any:

  • Direct, indirect, secondary, consequential, or punitive damages.
  • Loss of digital data, revenue infrastructure, business reputation, operational uptime, or projected business profits.
  • Issues arising explicitly out of the use, execution, reliance, or complete inability to use our website, technical platforms, integrations, APIs, or software products.

9. Digital Personal Data Protection (DPDP) Act, 2023 Compliance

9.1. Statutory Alignment and Legislative Context

The Digital Personal Data Protection Act, 2023 (DPDP Act) represents India’s primary statutory framework governing the processing of digital personal data. It marks a foundational shift in how entities manage individual identities, mandating that the digital processing of personal information must balance an individual’s right to personal data protection with the legal necessity to process data for specified, lawful, and legitimate purposes.

As an enterprise fintech solution provider specializing in verification systems, business validation tools, and identity forensic frameworks, KENILGLOBAL TECH (OPC) PRIVATE LIMITED acts under strict adherence to the DPDP Act, 2023. Our API frameworks are mapped to meet the regulatory bars set by the data governance architectures within the Indian technology sector.

9.2. Categorization of Roles: Data Fiduciary vs. Data Processor

The DPDP Act draws clear distinctions between the entities managing digital records:

  • Data Fiduciary: The entity that determines the purpose and means of processing personal data.
  • Data Processor: Any person or entity who processes personal data on behalf of a Data Fiduciary.

In standard B2B transaction flows, our enterprise client (e.g., a banking institution, non-banking financial company, or corporate enterprise) operates as the Data Fiduciary, since they make the choice to onboard an individual and request validation. KenilGlobal operates primarily as a secure Data Processor executing high-speed, programmatic verification on behalf of the Data Fiduciary.

However, when managing direct onboarding records, security parameters, and account profiles within the KenilGlobal Console, KenilGlobal assumes the responsibilities of a Data Fiduciary for that specific user account dataset. Both parties agree to strictly execute their respective statutory obligations under the Act.

9.3. Grounding for Processing Personal Data

Under the DPDP Act, personal data can only be processed based on clear, specific, and legitimate grounds. In alignment with Section 4(1) of the Act, KenilGlobal enforces two operational grounds:

  • Explicit Consent: The Data Principal (individual citizen) has provided affirmative, unambiguous, specific, and unconditional consent for the processing of their personal data for a particular purpose.
  • Certain Legitimate Uses: Processing necessary for specific functions, such as compliance with laws, court orders, medical emergencies, public safety enforcement, or statutory state functions.

Enterprise clients interacting with the KenilGlobal API infrastructure are strictly required to secure and store evidence of unconditional consent from the Data Principal before initiating any automated verification queries, unless the action falls under a legally sanctioned investigation executed by a Law Enforcement Agency.

9.4. Obligations of Data Fiduciaries Enforced on Our System

To guarantee systemic protection across all API nodes, our clients and our platform maintain strict compliance with the statutory duties outlined in Section 6, 7, and 8 of the DPDP Act:

  • Accuracy and Integrity of Data: When personal data processed through our APIs is used to make decisions that impact the Data Principal, the processing entity must ensure the records are complete, precise, and accurately updated.
  • Technical and Organizational Safeguards: Both KenilGlobal and its enterprise partners must implement robust technical mechanisms, state-of-the-art encryption protocols, and network firewalls to prevent data breaches, unauthorized leaks, or illegitimate system queries.
  • Data Breach Notification Mandate: In the event of a personal data breach or an unauthorized cybersecurity event, the affected party must immediately implement incident response protocols, inform the Data Protection Board of India (DPBI), and notify every impacted Data Principal as prescribed under the law.
  • Data Erasure (Right to be Forgotten): Once the specific operational purpose for which personal data was gathered is achieved, or when the individual withdraws consent, the data must be completely scrubbed and removed from active storage environments, unless retention is strictly required under other Indian financial compliance laws.

9.5. Statutory Rights of the Data Principal

The DPDP Act shifts significant digital legal power directly to the individual citizen. KenilGlobal’s platform architecture is engineered to respect and facilitate these statutory rights:

  • Right to Access Information: Data Principals have the right to request a clear summary of the personal data currently being processed, a history of processing activities, and identities of all Data Fiduciaries with whom their data has been shared.
  • Right to Correction and Erasure: Individuals retain the absolute right to correct inaccurate records, update out-of-date fields, complete gaps in documentation, or trigger complete data erasure through proper channels.
  • Right to Grievance Redressal: Every individual has the right to file systemic complaints with a dedicated Grievance Officer regarding any act or omission by an entity processing their digital personal data.
  • Right to Nominate: Data Principals can nominate another individual to act on their behalf in the event of death, medical emergency, or incapacitation, ensuring persistent control over their personal data assets.

9.6. Non-Compliance and Regulatory Penalty Structures

Violations of the DPDP Act carry heavy financial penalties under the Schedule of the Act. Failure to implement reasonable security safeguards to prevent data breaches can result in statutory fines of up to ₹250 Crore, determined by the Data Protection Board of India.

Any enterprise client using KenilGlobal infrastructure who causes a data breach through credential sharing, API token leakage, or unauthorized automated queries agrees to fully indemnify KENILGLOBAL TECH (OPC) PRIVATE LIMITED against all regulatory fines, legal costs, or structural damages brought about by their operational negligence.

11. Governing Law & Jurisdiction

These Terms & Conditions, and any disputes or claims arising out of or in connection with their subject matter, are governed by and construed strictly in accordance with the laws of India. Any legal disputes, claims, or proceedings shall be subject to the exclusive jurisdiction of the courts located in Rajasthan, India.

12. Contact for Compliance Issues & Grievances

If you suspect that our services are being misused, wish to exercise your rights under the DPDP Act, 2023, or have questions regarding our API compliance policies, please reach out to our legal and compliance team immediately.

Compliance & Data Protection Officer | KenilGlobal Tech

sunil@kenilglobal.com

+91 76270 83968

Corporate Entity: KENILGLOBAL TECH (OPC) PRIVATE LIMITED