Privacy Policy
Overview
MicroKorant ("we", "our", "the platform") is a marketing attribution and analytics platform operated by MicroKorant, based in India. This Privacy Policy explains what information we collect, why we collect it, how we use it, and what rights you have over it.
This policy applies to all users of the MicroKorant platform including brand clients, agencies, and affiliates who sign up through a public affiliate program. By using MicroKorant, you agree to the collection and use of information as described in this policy.
If you have questions about this policy, contact us at admin@microkorant.in.
What we collect
- -Name, email address, and password (stored as a bcrypt hash we never store your plain-text password)
- -Brand name and website domain, for clients
- -Agency name and services offered, for agencies
- -Handle, email, phone number, and social media profiles, for affiliates who sign up via a public program
- -Influencer names, handles, redirect slugs, discount codes, and agreed fees
- -Publication names, URLs, target keywords, costs, and publish dates
- -Affiliate program settings including commission rates, triggers, and attribution window
- -Campaign names, budgets, and active status
- -Click events: timestamp, IP address (used only to derive city/country, then discarded), city, country, latitude, longitude, device type, and referrer
- -Sale events: order ID, order value, discount code used, attribution method (code or cookie), commission amount
- -Lead events: signup confirmation signals for per-lead affiliate programs
- -Tracking cookies: a first-party cookie named mk_slug set in the visitor's browser when they click a redirect link. This cookie is used solely for attribution within the defined window (default 30 days) and contains only the affiliate or influencer slug; no personal information
- -WhatsApp Business API credentials (Phone Number ID, access token) stored encrypted in our database and used only to send campaigns on your behalf
- -Contact lists you upload for WhatsApp campaigns name and phone number only
- -Campaign delivery receipts received from Meta delivered, read, and click timestamps
- -Message send logs stored for 90 days for attribution purposes, then deleted
- -Google Search Console: if you connect your GSC account, we store OAuth access and refresh tokens. These are used exclusively to fetch keyword ranking data for your properties. We request read-only access and cannot modify your GSC settings.
- -Webhook data: order and payment event data sent by your payment processor (Shopify, Razorpay, or custom). We store only the fields we need: order ID, order value, discount code, and timestamp.
- -Pages visited within the dashboard, feature usage patterns, and session timestamps used only for product improvement
- -Browser type, device type, and approximate location derived from IP for security purposes only
How we use it
We use the information we collect exclusively to operate the MicroKorant platform:
- -To authenticate users and maintain secure sessions
- -To attribute sales and leads to the correct influencer, affiliate, or publication based on clicks and discount codes
- -To compute performance metrics clicks, conversions, revenue, cost per click, cost per sale displayed in your dashboard
- -To send WhatsApp campaigns on your behalf using your Meta Business API credentials
- -To generate payout records summarising what each influencer or affiliate has earned
- -To track Google Search Console keyword rankings before and after a publication goes live
- -To send activity alerts and the activity feed shown on your dashboard
- -To display audience geography (city and country breakdown) derived from click event locations
- -To communicate service updates, security alerts, and support responses to your registered email
We do not use your data for advertising. We do not build profiles of your customers beyond what is necessary for attribution. We do not sell, rent, or share your data with third parties except as described below.
Google Search Console integration
When a client connects their Google Search Console account, we use Google's OAuth 2.0 protocol. You are redirected to Google's consent screen where you explicitly grant MicroKorant read-only access to your Search Console data.
We store your access token and refresh token in our database, encrypted at rest. These tokens are used only to fetch keyword ranking data for the property you select. We do not access any Google service other than Search Console, and we cannot modify your GSC settings.
You can disconnect MicroKorant's access to your GSC at any time from the Search Console tab in your dashboard. Disconnecting deletes the stored tokens immediately.
MicroKorant's use of Google API data is limited to displaying ranking information within the platform and is not used for advertising, shared with third parties, or used to train any machine learning model.
Data retention
We retain your data for as long as your account is active:
- -Account information: retained until you delete your account
- -Click and sale events: retained for 24 months from the event date, then automatically deleted
- -WhatsApp message logs: retained for 90 days, then deleted
- -WhatsApp contact lists: retained until you delete the list or your account
- -Payout records: retained for 5 years for accounting compliance
- -Google Search Console tokens: deleted immediately upon disconnecting
- -Affiliate signup data: retained until the affiliate is deleted by the brand client
When you delete your account, all associated data is permanently deleted from our systems within 30 days, except where we are required to retain it by law (e.g. payout records for tax compliance).
Security
We take reasonable technical and organisational measures to protect your data:
- -All data is transmitted over HTTPS with TLS encryption
- -Passwords are hashed using bcrypt - we cannot recover your plain-text password
- -OAuth tokens and WhatsApp API credentials are stored encrypted at rest
- -Access to production systems is restricted to authorised personnel only
- -Webhook requests are verified using HMAC signature validation with your webhook secret
No system is perfectly secure. If you discover a security vulnerability, please report it immediately to admin@microkorant.in.
Your rights
Under the Information Technology Act 2000 and the Digital Personal Data Protection Act 2023 (India), you have the following rights:
- -You can request a copy of the personal data we hold about you at any time by emailing admin@microkorant.in.
- -You can update your name, email, and other account information directly from your dashboard settings, or by contacting us.
- -You can request deletion of your account and all associated data by emailing admin@microkorant.in. We will process deletion requests within 30 days.
- -You can disconnect third-party integrations (Google Search Console, WhatsApp Business API) at any time from your dashboard. You can revoke agency access at any time.
- -You can export your payout data as CSV at any time from the Payouts page. Contact us for a full export of your account data.
Children's privacy
MicroKorant is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us at admin@microkorant.in and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account and update the "Last updated" date at the top of this page.
Continued use of MicroKorant after a policy update constitutes acceptance of the updated policy.
Contact us
If you have any questions, concerns, or requests related to this Privacy Policy or your data: