Privacy Policy

Last updated: October 24, 2025

1. Introduction

At MICACE, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information in accordance with applicable laws, including the European Union General Data Protection Regulation (GDPR).
We strive for transparency in our operations and adhere to the principle of privacy by design.
This document explains our role as a Data Controller (when we determine the purposes and means of processing your personal data) and as a Data Processor (when we process data on behalf of clients, e.g., via integrations with Google Sheets or Google Data Studio). Please read this policy carefully to understand our practices.

2. Our Role as Data Processor

When you use our "Click Tracker" or "Affiliate 360°" products, MICACE acts as a Data Processor on your behalf. As a Data Processor, we handle your customers' data with the highest level of security.

• No Permanent Storage: We do not permanently store your data on our systems. In most cases, data is processed in real time. For performance optimization, we may temporarily cache query results on our servers, but all stored data uses strong encryption and is deleted when no longer needed or when you stop using our services.
• Employee Access & Training: Our staff receive regular training on secure data handling. Access to your data is strictly limited and only permitted when necessary, such as for debugging or issue resolution at your explicit written request. All access is audited.
• No Third-Party Sharing: We do not share processed data with any third parties.
• Geographical Processing: If you choose to process your data in specific regions or data centers, we comply with your choices. Any changes to processing locations will be communicated to you in advance.
• Secure APIs & Authentication: We use official APIs and apply OAuth for secure authentication with most data sources (e.g., Google, Facebook, Microsoft). This means you authenticate directly with the data source, and we do not store your passwords. For services requiring usernames, passwords, or API keys, all credentials are encrypted in our system.
• Trusted Data Centers: Data processing and storage occur in secure, scalable data centers managed by trusted providers such as Google, Microsoft, and Amazon.
• Regular Audits: Our security measures are audited annually by an independent third party to ensure industry compliance.

3. Our Role as Data Controller

As a Data Controller, we process personal data to provide services, manage customer relationships, and improve our products. This section applies to personal data provided by customers (e.g., MICACE license holders) or visitors to our website.

3.1 Data Controller Information

• Company Name: MICACE
• Address: 3rd Floor, Lot (23+24+25), C2-NO, Nam Trung Yen Urban Area, Trung Hoa Ward, Cau Giay District, Hanoi City
• Phone: +84 34 209 4254
• Email: [email protected]
• Data Protection Contact: Nguyen Tuan Anh, CTO, [email protected]

3.2 Personal Data Collected & Sources

We collect the following personal data:

• Name: To identify you or your organization.
• Email Address: For communication and account management.
• Payment Information: For processing payments and invoicing (e.g., billing address, payment details).
• Technical Data: Such as IP address, browser type, operating system, or device information, which may be linked to your personal data for analytics and optimization.
• Product-Specific Data (as Data Processor): When our clients use our Click Tracker or Affiliate 360° products, we process data on their behalf. This may include click IDs, timestamps, IP addresses, browser User-Agent, referral URLs, conversion data, and other parameters necessary for affiliate link tracking and conversion attribution.

We collect this data directly from you when you register for our services, via website forms, or when you contact us. Failure to provide required personal data may prevent us from entering into agreements or providing certain services.

3.3 Purposes of Processing

• Contractual Obligations: To enter into and manage agreements with you or your represented entity, including processing payments, providing customer support, and handling technical issues.
• Communication: To send you or your organization necessary updates about our services or changes to our Terms and this Privacy Policy.
• Analytics & Improvement: To generate reports and statistics on service usage, optimize workflows, and enhance product/service quality. Where possible, we use anonymized or non-personal data for these purposes.

3.4 Legal Basis for Processing

• Contractual Necessity: To fulfill our obligations under agreements with you.
• Legitimate Interests: For analytics, service improvement, and system security, provided these do not override your rights.
• Consent: Where required, such as for optional data processing or marketing communications.
• Legal Obligations: To comply with applicable laws.

3.5 Data Retention

We retain your personal data only as long as necessary for the purposes stated in this policy or to comply with legal requirements.

• Contractual data (e.g., payment information) is retained for the duration of the agreement and as required by tax or accounting laws.
• Technical data (e.g., IP address) is retained for a limited period (e.g., 90-180 days) to ensure system security and performance.
• Cached data (as Data Processor) is deleted when no longer needed or when you terminate service use.

3.6 Data Sharing

We do not sell or share your personal data with third parties for marketing purposes. We only share data in the following cases:

• Service Providers: With trusted service providers who help us deliver our services, under strict data protection agreements. These include payment processors, cloud infrastructure providers, and email service providers.
• Legal Requirements: When required by law or to protect our rights, safety, or property.

3.7 Your Rights (GDPR)

You have the following rights regarding your personal data, as provided by law:

• Access: Request a copy of your personal data we hold.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data, where appropriate.
• Restriction: Request restriction of processing in certain cases.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw your consent at any time, where processing is based on consent.

You also have the right to lodge a complaint with your national data protection authority in the EU. To exercise your rights, please contact us at [email protected].

3.8 Your Rights for U.S. Residents

If you are a resident of a U.S. state with applicable privacy laws (such as California, Virginia, or Colorado), you may have additional rights, including:

• Right to Know: The right to request details about the categories and specific pieces of personal information we have collected.
• Right to Delete: The right to request the deletion of your personal information.
• Right to Opt-Out of Sale or Sharing: We do not "sell" your personal data in the traditional sense. However, "sharing" may include providing data to third parties for cross-contextual advertising. You have the right to opt-out of this sharing.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at [email protected].

3.9 Security Measures

• Encryption of sensitive data during transmission (SSL/TLS) and at rest.
• Regular security audits and vulnerability assessments.
• Strict access controls to restrict data access to authorized personnel only.
• Secure data centers with industry-standard certifications.

3.10 International Data Transfers

If your data is transferred outside your country or region (e.g., to data centers in other jurisdictions), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other mechanisms as required by law, to protect your data.

3.11 Children's Privacy

Our services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete it immediately.

3.12 Cookies & Tracking Technologies

We use cookies and similar technologies on our website and in our products.

A. Website Cookies

Our website (micace.com) uses cookies to enhance user experience, ensure website functionality, and analyze usage. These may include:

• Essential Cookies: Necessary for the website to function (e.g., managing your session).
• Analytics Cookies: Help us understand how visitors interact with our website.
• Marketing Cookies: Used to personalize content or advertising on our own site.

B. Product Tracking Cookies (for Click Tracker & Affiliate 360°)

When we act as a Data Processor for our clients using our Click Tracker and Affiliate 360° products, our technology places cookies on behalf of our clients.

• Purpose: These are functional tracking cookies used solely for the purpose of conversion attribution. They allow our clients (e.g., advertisers and affiliates) to determine if a click on a link resulted in a subsequent action (like a sale or a lead).
• Data: These cookies typically store an anonymous click identifier and do not store personal data like names or email addresses.
• Client Responsibility: Our clients are responsible for informing their own end-users about the use of these cookies and obtaining any necessary consent, in accordance with applicable laws (such as ePrivacy Directive and GDPR).

You can manage your cookie preferences for our website via your browser settings or our website's cookie consent tool. For details on managing cookies set by our clients, you must refer to their individual privacy and cookie policies. For more details, please refer to our full Cookie Policy.

3.13 Third-Party Advertising and Google Disclosures

As a Data Controller, we may use third-party advertising services, including Google Ads, to promote our own services.

We are required by Google's policies to provide the following disclosures regarding advertising and data:

• Third-party vendors, including Google, use cookies or other device identifiers to serve ads based on a user's prior visits to our website or other websites.
• Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to our sites and/or other sites on the Internet.
• This site may use data from Google's Interest-based advertising or 3rd-party audience data (such as age, gender, and interests) with Google Analytics for our own analytics and marketing purposes.

How to Opt-Out:

Users can opt out of personalized advertising by visiting Google's Ad Settings at https://www.google.com/search?q=https://www.google.com/settings/ads.

Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting the Network Advertising Initiative's opt-out page at https://optout.networkadvertising.org/ or the Digital Advertising Alliance's tool at https://optout.aboutads.info/.

3.14 Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing activities, please contact:
Nguyen Tuan Anh, CTO
Email: [email protected]
Phone: +84 34 209 4254
Address: Tầng 3, Lô (23+24+25), Ô C2-NO, khu đô thị Nam Trung Yên, phường Trung Hoà, quận Cầu giấy, thành phố Hà Nội
We are committed to resolving your concerns promptly and transparently.

4. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or via our website. The updated policy will take effect upon posting, unless otherwise stated.