← Minerval

Privacy Policy

How Minerval collects, uses, shares, retains, and protects personal data.

Effective version: 2026-07-14

1. Responsibilities

The school decides which student data is recorded and why. Minerval processes that data on the school's behalf. Minerval directly determines the processing of account, subscription, security, and platform operations data.

Accounts are for authorized institution representatives. Minor students do not create Minerval accounts. The school must have authority to provide student data and inform parents or legal guardians.

2. Data we process

  • Institution and user data: name, email, role, contact details, registration, and subscription information.
  • Student data: name, school identifier, class, level, fee amount, and payment position.
  • Payer and transaction data: phone number, mobile-money network, amount, status, references, and receipt. Minerval never asks for a mobile-money PIN.
  • Technical and security data: IP address, device, access logs, errors, and audit trails.

3. Purposes

  • Create and secure accounts, manage permissions, and provide the requested service.
  • Initiate, confirm, reconcile, and pay out transactions, produce receipts, and prevent fraud.
  • Manage subscriptions, provide support, diagnose incidents, and meet legal obligations.
  • Improve service reliability using aggregated statistics and technical logs.

4. Recipients and service providers

Data is not sold. It is available to authorized school users and, where necessary, providers supporting hosting, databases, mobile-money payments, subscriptions, email, and technical monitoring. These currently include Supabase, Railway, SerdiPay, Stripe, Resend, and Minerval's payment proxy infrastructure.

Some providers may process data outside the DRC. Minerval limits the data shared, applies access controls, and uses contractual commitments appropriate to the relevant service.

5. Retention

Data is kept for the life of the account and as long as necessary to provide the service, resolve disputes, maintain security, or meet accounting and legal duties. Data with no continuing retention requirement is deleted or anonymized after a valid request and the end of technical backup periods.

Payment, payout, and audit records may be kept longer than the account to protect schools, payers, and Minerval and to meet applicable financial requirements.

6. Your rights

Depending on your situation, you may request access, correction, updating, objection, restriction, or deletion. For student data, contact the student's school first so it can verify the requester's identity and authority. Minerval may retain information required by law or fraud prevention.

7. Security and incidents

Minerval uses access controls, encryption in transit, audit logs, backups, and incident monitoring. No system is infallible. If an incident affects personal data, Minerval assesses the risk, contains the incident, and notifies affected parties where required.

8. Contact

Use the privacy address below for a personal-data question or request. Identity or authority verification may be required before disclosure or deletion.

Minerval

Contact: support@minerval.org

Privacy: privacy@minerval.org