Privacy Policy
Overview
MicroKorant ("we", "our", "the platform") is a marketing attribution and analytics platform operated by MicroKorant ("the Company"), based in India. This Privacy Policy explains what information we collect, why we collect it, how we use it, and what rights you have over it.
This policy applies to all users of the MicroKorant platform; including brand clients, agencies, and affiliates who sign up through a public affiliate program. By using MicroKorant, you agree to the collection and use of information as described in this policy.
If you have questions about this policy, contact us at admin@microkorant.in.
What we collect
- โName, email address, and password (stored as a bcrypt hash; we never store your plain-text password)
- โBrand name and website domain, for clients
- โAgency name and the services your agency offers, for agencies
- โHandle, email, phone number, and social media profiles, for affiliates who sign up via a public program
- โInfluencer names, handles, redirect slugs, discount codes, and agreed fees
- โPublication names, URLs, target keywords, costs, and publish dates
- โAffiliate program settings including commission rates, triggers, and attribution window
- โCampaign names, budgets, and active status
- โClick events: timestamp, IP address (used only to derive city/country, then discarded), city, country, latitude, longitude, device type, and referrer
- โSale events: order ID, order value, discount code used, attribution method (code or cookie), commission amount
- โLead events: signup confirmation signals for per-lead affiliate programs
- โTracking cookies: a first-party cookie named mk_slug set in the visitor's browser when they click a redirect link. This cookie is used solely for attribution within the defined window (default 30 days) and contains only the affiliate or influencer slug; no personal information
- โGoogle Search Console: if you connect your GSC account, we store OAuth access and refresh tokens in our database. These are used exclusively to fetch keyword ranking data for your properties. We request read-only access and cannot modify your GSC settings.
- โWebhook data: order and payment event data sent to us by your payment processor (Shopify, Razorpay, or custom). We store only the fields we need: order ID, order value, discount code, and timestamp.
- โPages visited within the dashboard, feature usage patterns, and session timestamps; used only for product improvement and debugging
- โBrowser type, device type, and approximate location derived from IP for security purposes only
How we use it
We use the information we collect exclusively to operate the MicroKorant platform. Specifically:
- โTo authenticate users and maintain secure sessions
- โTo attribute sales and leads to the correct influencer, affiliate, or publication based on clicks and discount codes
- โTo compute performance metrics clicks, conversions, revenue, cost per click, cost per sale displayed in your dashboard
- โTo generate payout records summarising what each influencer or affiliate has earned in a given month
- โTo track Google Search Console keyword rankings before and after a publication goes live
- โTo send activity alerts and the activity feed shown on your dashboard
- โTo display audience geography (city and country breakdown) derived from click event locations
- โTo communicate service updates, security alerts, and support responses to your registered email
We do not use your data for advertising. We do not build profiles of your customers beyond what is necessary for attribution. We do not sell, rent, or share your data with third parties except as described in the section below.
Google Search Console integration
When a client connects their Google Search Console account to MicroKorant, we use Google's OAuth 2.0 protocol. You are redirected to Google's consent screen where you explicitly grant MicroKorant read-only access to your Search Console data.
We store your access token and refresh token in our database, encrypted at rest. These tokens are used only to fetch keyword ranking data for the property you select. We do not access any Google service other than Search Console, and we cannot modify your GSC settings, add or remove properties, or take any action within your account.
You can disconnect MicroKorant's access to your GSC at any time from the Search Console tab in your dashboard. Disconnecting deletes the stored tokens immediately.
MicroKorant's use of Google API data is limited to displaying ranking information within the platform and is not used for advertising, shared with third parties, or used to train any machine learning model.
Data retention
We retain your data for as long as your account is active. Specifically:
- โAccount information: retained until you delete your account
- โClick and sale events: retained for 24 months from the event date, then automatically deleted
- โPayout records: retained for 5 years for accounting compliance purposes
- โGoogle Search Console tokens: deleted immediately upon disconnecting the integration
- โAffiliate signup data: retained until the affiliate is deleted from the system by the brand client
When you delete your account, all associated data is permanently deleted from our systems within 30 days, except where we are required to retain it by law (e.g. payout records for tax compliance).
Security
We take reasonable technical and organisational measures to protect your data:
- โAll data is transmitted over HTTPS with TLS encryption
- โPasswords are hashed using bcrypt we cannot recover your plain-text password
- โOAuth tokens are stored encrypted at rest in our database
- โAccess to production systems is restricted to authorised personnel only
- โWebhook requests are verified using HMAC signature validation with your webhook secret
No system is perfectly secure. If you discover a security vulnerability, please report it immediately to admin@microkorant.in.
Your rights
Under the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023 (India), you have the following rights:
- โYou can request a copy of the personal data we hold about you at any time by emailing admin@microkorant.in.
- โYou can update your name, email, and other account information directly from your dashboard settings, or by contacting us.
- โYou can request deletion of your account and all associated data by emailing admin@microkorant.in. We will process deletion requests within 30 days.
- โYou can disconnect third-party integrations (such as Google Search Console) at any time from your dashboard. You can also revoke agency access at any time.
- โYou can export your payout data as CSV at any time from the Payouts page. Contact us for a full export of your account data.
Children's privacy
MicroKorant is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us at admin@microkorant.in and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account and update the "Last updated" date at the top of this page.
Continued use of MicroKorant after a policy update constitutes acceptance of the updated policy.
Contact us
If you have any questions, concerns, or requests related to this Privacy Policy or your data, contact us at: