1. Who We Are
(Data Controller)
Mlondiem Technologies is the data controller responsible for your personal
information collected through Mlondiem HomeFin. We comply with applicable data protection laws
including the Eswatini Data Protection Act, South Africa's POPIA, the EU GDPR where applicable, and
other relevant national frameworks for our international users.
Data Controller: Mlondiem Technologies
2. What Data We
Collect
We collect only the data necessary to provide you with the HomeFin service:
๐ Account & Identity Data
- Full name
- Email address
- Phone number (to be introduced in a future
update)
- Password (stored as a cryptographic hash - we never see your actual password)
- Account role within your family group (head, member, viewer)
- Date and time of consent to these terms
๐ฐ Financial Data
- Budget categories and amounts you set
- Transaction records (description, amount, date, category, type)
- Requisition records (grouped transactions)
- Family name and currency preference
This data is entered by you voluntarily and used solely to
provide budgeting and reporting features.
๐ง Technical & Usage Data
- Login timestamps and session information
- Browser type and device type (for compatibility)
- IP address (for security and fraud prevention only)
- Error logs (for debugging - no personal financial data included)
What we do NOT collect:
- Bank account numbers or card details
- National identity or passport numbers
- Biometric data
- Location data
- Social media account data
3. Why We Collect
Your Data (Legal Basis)
Consent
You actively agree at registration to us collecting and processing your contact information (name, email, phone number) for account management and service-related communication. You may withdraw consent at any time by contacting us, which will result in account deletion.
Contractual necessity
We process your data to fulfil our service agreement - providing the budgeting, requisition, and reporting features you signed up for.
Legitimate interests
We process limited technical data (IP address, error logs) to maintain security, prevent fraud, and improve the service. This does not override your privacy rights.
Legal obligation
We may retain certain records where required by applicable law.
4. How We Use Your Data
We use your data only for:
- Creating and managing your account and family group
- Providing all features of the HomeFin platform
- Sending account-related communications (password resets, security alerts, service updates)
- Contacting you about issues pertaining to your use of the software
- Improving the platform based on aggregated, anonymised usage patterns
- Complying with legal obligations
We will never:
- Sell your personal data to any third party
- Use your financial data for advertising or profiling
- Share your data with third parties for their own marketing
- Use automated decision-making that produces legal or significant effects on you
5. Data Sharing
We do not sell your personal data with third parties. No sharing of data occurs outside
of the following:
- Hosting providers: Data is stored on secure servers whose operators act as data processors under our instruction, prohibited from using your data for any other purpose.
- Legal requirements: We may disclose data where required by law, court order, or regulatory authority.
- Family members: Data you enter is visible to other members of your family
group within HomeFin, consistent with the collaborative nature of the service.
6. Data Retention
We retain your personal data for as long as your account is active. When you delete your account:
- Your name, email, phone number and password hash will be permanently deleted within 30 days.
- Financial data associated solely with your account will be deleted within the same period.
- Shared family financial data may be retained if other members remain active but will be disassociated from your identity.
- Anonymised, aggregated data may be retained indefinitely for statistical purposes.
7. Data Security
We implement appropriate technical and organisational security measures:
- Passwords hashed using bcrypt (we cannot view your actual password)
- All data transmitted over encrypted HTTPS connections
- Restricted and monitored database access
- Session tokens invalidated on logout
- Rate limiting on authentication to prevent brute-force attacks
In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant data protection authority within the timeframes required by law.
8. Your Rights
Depending on your jurisdiction, you have the following rights:
Right of access
Request a copy of all personal data we hold about you.
Right to rectification
Request correction of inaccurate or incomplete data.
Right to erasure
Request deletion of your personal data.
Right to restriction
Request we limit processing in certain circumstances.
Right to portability
Request your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests.
Right to withdraw consent
Withdraw consent at any time without affecting prior processing.
Right to complain
Lodge a complaint with your national data protection authority.
To exercise any right, contact privacy@mlondiem.com. We will respond within 30 days.
9. Cookies and Local Storage
HomeFin uses:
- Session cookies: Required for authentication. Expire on logout or browser close.
- CSRF tokens: Required to protect against cross-site request forgery.
- Service worker cache: Caches pages for offline PWA access. No personal data stored in cache.
We do not use advertising cookies, tracking pixels, or third-party analytics that
identify you personally.
10. Children's Privacy
HomeFin is not intended for users under 18 without parental consent. If you believe a child has
registered without consent, contact
privacy@mlondiem.com and we will delete the
account promptly.
11. International Data Transfers
As a pan-African and international platform, your data may be stored on servers outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards consistent with applicable data protection laws, including standard contractual clauses where required.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email and display a notice in the app. Continued use of HomeFin after that date constitutes acceptance of the updated policy.
13. Contact Us
Mlondiem Technologies โ Privacy Office
If unsatisfied with our response, you have the right to lodge a complaint with the data protection authority in your country of residence.