Legal

Privacy Policy

Last updated: 11 July 2026  ยท  Effective date: 11 July 2026

Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, how we use it, and what rights you have over it. We will never sell your data.

1. Who We Are (Data Controller)

Mlondiem Technologies is the data controller responsible for your personal information collected through Mlondiem HomeFin. We comply with applicable data protection laws including the Eswatini Data Protection Act, South Africa's POPIA, the EU GDPR where applicable, and other relevant national frameworks for our international users.

Data Controller: Mlondiem Technologies
Privacy contact: privacy@mlondiem.com

2. What Data We Collect

We collect only the data necessary to provide you with the HomeFin service:

๐Ÿ“‹ Account & Identity Data
  • Full name
  • Email address
  • Phone number (to be introduced in a future update)
  • Password (stored as a cryptographic hash - we never see your actual password)
  • Account role within your family group (head, member, viewer)
  • Date and time of consent to these terms
๐Ÿ’ฐ Financial Data
  • Budget categories and amounts you set
  • Transaction records (description, amount, date, category, type)
  • Requisition records (grouped transactions)
  • Family name and currency preference

This data is entered by you voluntarily and used solely to provide budgeting and reporting features.

๐Ÿ”ง Technical & Usage Data
  • Login timestamps and session information
  • Browser type and device type (for compatibility)
  • IP address (for security and fraud prevention only)
  • Error logs (for debugging - no personal financial data included)

What we do NOT collect:

  • Bank account numbers or card details
  • National identity or passport numbers
  • Biometric data
  • Location data
  • Social media account data

3. Why We Collect Your Data (Legal Basis)

Consent

You actively agree at registration to us collecting and processing your contact information (name, email, phone number) for account management and service-related communication. You may withdraw consent at any time by contacting us, which will result in account deletion.

Contractual necessity

We process your data to fulfil our service agreement - providing the budgeting, requisition, and reporting features you signed up for.

Legitimate interests

We process limited technical data (IP address, error logs) to maintain security, prevent fraud, and improve the service. This does not override your privacy rights.

Legal obligation

We may retain certain records where required by applicable law.

4. How We Use Your Data

We use your data only for:

  • Creating and managing your account and family group
  • Providing all features of the HomeFin platform
  • Sending account-related communications (password resets, security alerts, service updates)
  • Contacting you about issues pertaining to your use of the software
  • Improving the platform based on aggregated, anonymised usage patterns
  • Complying with legal obligations

We will never:

  • Sell your personal data to any third party
  • Use your financial data for advertising or profiling
  • Share your data with third parties for their own marketing
  • Use automated decision-making that produces legal or significant effects on you

5. Data Sharing

We do not sell your personal data with third parties. No sharing of data occurs outside of the following:

  • Hosting providers: Data is stored on secure servers whose operators act as data processors under our instruction, prohibited from using your data for any other purpose.
  • Legal requirements: We may disclose data where required by law, court order, or regulatory authority.
  • Family members: Data you enter is visible to other members of your family group within HomeFin, consistent with the collaborative nature of the service.

6. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

  • Your name, email, phone number and password hash will be permanently deleted within 30 days.
  • Financial data associated solely with your account will be deleted within the same period.
  • Shared family financial data may be retained if other members remain active but will be disassociated from your identity.
  • Anonymised, aggregated data may be retained indefinitely for statistical purposes.

7. Data Security

We implement appropriate technical and organisational security measures:

  • Passwords hashed using bcrypt (we cannot view your actual password)
  • All data transmitted over encrypted HTTPS connections
  • Restricted and monitored database access
  • Session tokens invalidated on logout
  • Rate limiting on authentication to prevent brute-force attacks

In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant data protection authority within the timeframes required by law.

8. Your Rights

Depending on your jurisdiction, you have the following rights:

Right of access

Request a copy of all personal data we hold about you.

Right to rectification

Request correction of inaccurate or incomplete data.

Right to erasure

Request deletion of your personal data.

Right to restriction

Request we limit processing in certain circumstances.

Right to portability

Request your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests.

Right to withdraw consent

Withdraw consent at any time without affecting prior processing.

Right to complain

Lodge a complaint with your national data protection authority.

To exercise any right, contact privacy@mlondiem.com. We will respond within 30 days.

9. Cookies and Local Storage

HomeFin uses:

  • Session cookies: Required for authentication. Expire on logout or browser close.
  • CSRF tokens: Required to protect against cross-site request forgery.
  • Service worker cache: Caches pages for offline PWA access. No personal data stored in cache.

We do not use advertising cookies, tracking pixels, or third-party analytics that identify you personally.

10. Children's Privacy

HomeFin is not intended for users under 18 without parental consent. If you believe a child has registered without consent, contact privacy@mlondiem.com and we will delete the account promptly.

11. International Data Transfers

As a pan-African and international platform, your data may be stored on servers outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards consistent with applicable data protection laws, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email and display a notice in the app. Continued use of HomeFin after that date constitutes acceptance of the updated policy.

13. Contact Us

Mlondiem Technologies โ€” Privacy Office
Privacy: privacy@mlondiem.com
Support: support@mlondiem.com

If unsatisfied with our response, you have the right to lodge a complaint with the data protection authority in your country of residence.

Terms of Service Create Account Home ยฉ 2026 Mlondiem Technologies