Privacy Policy

MicroNova (“we,” “us,” or “our”) is committed to protecting the privacy and security of all information entrusted to us. This Privacy Policy describes how we collect, use, store, and safeguard information when you use the MicroNova platform (getmicronova.com) — a cloud-based loan management software for microfinance institutions.

By creating an account or using the Service, you agree to the practices described in this policy.

1. Who This Policy Applies To

This policy applies to three categories of individuals:

• Subscribers (Tenants) — microfinance institutions and lending businesses that register for a MicroNova account.
• End-Users — employees, loan officers, branch managers, and other staff who access the platform on behalf of a subscribing organization.
• Borrowers — individual clients whose loan records, personal information, and financial data are managed within the platform by subscribers.

2. Information We Collect

Account & Subscriber Data

• Company name, subdomain, and base currency
• Administrator full name and email address
• Encrypted password (we never store plain-text passwords)
• Subscription plan, billing cycle, and usage metrics
• Payment transaction records (processed by our payment provider — we do not store full card details)

Operational Data (Entered by Subscribers)

Subscribers input borrower and operational data as part of normal platform use. This includes:

• Borrower personal information (full name, NIC/ID number, address, phone number, date of birth)
• Loan records, repayment schedules, disbursement history, and transaction data
• Customer documents uploaded for KYC purposes (ID copies, proof of address, photographs)
• Staff user accounts, assigned roles, and branch affiliations
• Group and center membership data

Technical & Usage Data

• IP addresses and browser or device information
• Application session tokens and authentication logs
• Error logs and performance diagnostics
• Feature usage patterns (used to improve the platform)

3. How We Use Your Information

• To provide, operate, and maintain the MicroNova platform
• To authenticate users and enforce access controls
• To process subscription billing and manage your account
• To respond to support requests and send service-critical notifications
• To detect, investigate, and prevent fraudulent or unauthorized activity
• To improve platform performance, reliability, and features
• To comply with applicable legal and regulatory obligations

We do not use borrower or operational data entered by subscribers for any marketing, analytics, or commercial purposes beyond providing the platform service.

4. Data Controller vs. Data Processor

MicroNova acts as a data processor for all borrower and operational data entered by subscribers into the platform. The subscribing organization (the Tenant) is the data controllerfor their borrowers' personal information and is solely responsible for:

• Obtaining valid legal consent or lawful basis from their borrowers to collect and process personal data
• Complying with applicable data protection laws in their operating jurisdiction
• Ensuring borrower data entered into MicroNova is accurate and lawfully held

5. Information Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

Infrastructure & Service Providers

We use trusted third-party providers to operate the platform. All providers are contractually bound to handle data securely and only for the purpose of delivering services to MicroNova:

• Google Cloud Platform — application hosting and cloud infrastructure
• Supabase — managed PostgreSQL database (data at rest)
• PayHere — subscription payment processing

Legal Requirements

We may disclose information if required to do so by applicable law, court order, or valid request from a regulatory or law enforcement authority.

6. Data Security

We implement multiple layers of technical and organizational security measures:

• Multi-tenant isolation — each organization's data is completely segregated at the database level; no tenant can access another tenant's data
• Encrypted transmission — all data is transmitted over TLS/HTTPS
• Password security — passwords are hashed with bcrypt and never stored in plain text
• Role-based access control — platform access is restricted based on assigned roles within each organization
• Two-factor authentication — optional email OTP-based 2FA for all user accounts
• Audit trails — immutable logs of key actions within the platform

While we implement strong security practices, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and accept no liability for unauthorized access resulting from factors outside our reasonable control.

7. Data Retention

• Active account data is retained for the duration of your subscription
• After account cancellation or expiry, all data is retained for 30 days, during which you may request a full data export
• After the 30-day grace period, all account and borrower data is permanently and irreversibly deleted
• Billing records and transaction logs may be retained for longer periods as required by applicable financial regulations

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — request a machine-readable export of your data
• Objection — object to certain types of processing

To exercise any of these rights, contact us at privacy@getmicronova.com. We will respond within 30 days.

9. Cookies

MicroNova uses only essential session cookies required for authentication and platform functionality. We do not use advertising cookies, behavioral tracking cookies, or third-party analytics cookies. You may disable cookies in your browser settings, but this will prevent you from logging in to the platform.

10. International Data Transfers

Our platform is hosted on Google Cloud Platform infrastructure. Data may be stored and processed in data centers outside your home country. We ensure that appropriate safeguards are in place for any international transfer of personal data, consistent with applicable data protection laws.

11. Children's Privacy

MicroNova is a business platform intended for use by organizations and adults aged 18 and older. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email notification or a prominent in-app notice at least 14 days before they take effect. The “Last Updated” date at the top of this page will always reflect the most recent revision. Continued use of the platform after the effective date constitutes your acceptance of the updated policy.