Allinka

Privacy Policy

Last updated: March 4, 2026

Village Micro Fund (“Company,” “we,” “us,” or “our”) operates the Allinka platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website, mobile application, and related services (the “Service”).

We are committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws. Please read this policy carefully to understand our practices.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, and profile details (display name, avatar, bio, location, business name, industry).
  • Onboarding Data: Business stage, primary goals, employee count, yearly revenue, and industry information you share during onboarding.
  • Financial Information: Credit score, monthly revenue, monthly expenses, existing debt, and tax ID when you access financial features such as loans.
  • User Content: Posts, comments, messages, reactions, and media you share on the platform.
  • Payment Information: Payment card details and billing information are collected and processed by our third-party payment processor, Stripe. We do not store your full card number on our servers.
  • Professional Information: Skills, certifications, experience, service areas, portfolio items, and references.
  • Communications: Messages sent through the platform, support requests, and feedback you provide.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, features used, time spent on the platform, clicks, and navigation patterns.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Push Notification Tokens: If you enable push notifications, we collect your device push token or web push subscription endpoint to deliver notifications.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Create and manage your account, display your profile, and deliver platform features.
  • Enable Connections: Facilitate networking, mentorship matching, and community interactions between users.
  • Process Payments: Handle transactions, manage wallets, and process payouts via Stripe.
  • Send Notifications: Deliver push notifications, email notifications, and in-app alerts based on your preferences.
  • Personalize Experience: Customize content, recommendations, and features based on your profile and activity.
  • Improve the Service: Analyze usage patterns to fix bugs, develop new features, and optimize performance.
  • Ensure Safety: Detect and prevent fraud, abuse, and unauthorized access to protect our users and platform.
  • Comply with Law: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service.

Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you requested.
  • Legitimate Interest: Improving our Service, preventing fraud, and ensuring platform security.
  • Consent: Marketing communications, optional data sharing, and push notifications.
  • Legal Obligation: Compliance with applicable laws and regulations.

3. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

  • With Other Users: Your profile information, posts, and public activity are visible to other Allinka users. Messages are shared only with conversation participants.
  • Service Providers: We share data with trusted third-party providers who help us operate the Service:
    • Supabase: Database hosting, authentication, and file storage.
    • Stripe: Payment processing, wallet management, and financial transactions.
    • Hosting Providers: Cloud infrastructure for running the Service.
  • Legal Requirements: When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity.
  • With Your Consent: When you explicitly agree to share your information with a third party.

4. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled without breaking the Service.
  • Functional Cookies: Remember your preferences such as language, theme, and notification settings.
  • Analytics Cookies: Help us understand how you use the Service so we can improve it. These are anonymized where possible.

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account Data: Retained while your account is active and for 30 days after account deletion to allow for recovery.
  • User Content: Retained while your account is active. Posts and comments may persist in anonymized form after account deletion if other users have interacted with them.
  • Financial Records: Retained for 7 years as required by applicable tax and financial regulations.
  • Log Data: Retained for up to 90 days for security and debugging purposes.
  • Communication Data: Messages are retained while accounts involved remain active.

After the applicable retention period, data is either deleted or anonymized so it can no longer be associated with you.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (European Economic Area)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing.

CCPA Rights (California Residents)

  • Right to Know: Request information about the categories and specific pieces of personal data collected.
  • Right to Delete: Request deletion of personal data collected from you.
  • Right to Opt-Out: We do not sell personal data. If this changes, you will have the right to opt out.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@allinka.com. We will respond to verified requests within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Row Level Security (RLS) policies on our database to ensure users can only access their own data.
  • Secure authentication with session management provided by Supabase Auth.
  • Regular security reviews and access controls for our infrastructure.
  • Payment data handled by PCI DSS-compliant Stripe infrastructure.

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in compliance with applicable data protection laws.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@allinka.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, through email or in-app notification. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Village Micro Fund — Data Protection

Email: privacy@allinka.com

Website: allinka.com

If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Back to Allinka