Privacy Policy

Effective Date: January 10, 2026
Last Updated: January 10, 2026

When you use our services, you entrust us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control. The Microfoundation Institute values your privacy and is committed to protecting your personal information. This notice explains how we collect, use, and share information when you interact with our website, use our services, participate in our research, or engage with our community. 

   1. Who we are (Data Controller)

The Microfoundation Institute determines the purposes and means of processing your personal data. We do so as authorized under applicable data privacy laws, whether as data controller or joint controller (similar terms may be used under applicable law).

   2. Information we collect

We collect personal information to advance our mission and improve our services.

  • Donation/Transaction data: Payment information (which is processed by secure third-party vendors), donation history, and related details. Information you provide voluntarily: Research/Survey Data. Information you share when participating in studies, which may include demographic data, opinions, and feedback. Contact Data: Name, email address, mailing address, and phone number when you sign up for newsletters, register for events, or make donations. 
  • Information collected automatically: Usage and device data. We may collect your IP address, browser type, operating system, and data about how you interact with our website (e.g., pages visited, time spent, links clicked) using cookies and analytics tools. 
  • Microfoundation may also receive personal data about you from third parties, including service providers and data vendors in the course of our business activities. When we collect personal information from third parties, it primarily consists of publicly available information compiled from business websites, public-facing social media platforms, and other widely used public sources. We also acquire deidentified datasets from certain service providers and maintain them in deidentified form. In each instance, we do our best to confirm that the third party has lawfully collected the data from appropriate sources and is authorized to share the data with us for the uses intended by Microfoundation.

   3. How we use your information

We use your data for specific purposes and only when we have a lawful basis to do so.

  • To provide and improve our services, events, and research programs.

  • To process donations and provide tax receipts.

  • To communicate with you about our work, news, and opportunities, consistent with your consent and communication preferences.

  • To analyze website usage and optimize the user experience.

  • To comply with legal obligations and protect the security of our systems.

Microfoundation does not use automated decision-making to make decisions that have a legal impact on you or that significantly affect your rights and liberties. All automated processing activities are conducted with appropriate human supervision and review.

   4. How we share your information

We do not sell or share your personal information with third parties for monetary or other valuable consideration, except as described below.

  • Service providers: We use trusted third-party vendors to perform functions on our behalf (e.g., payment processors, email communication platforms, website analytics). These vendors are required to protect your information and only use it for the purposes we specify.

  • Legal requirements: We may disclose information if required by law or to protect our rights, property, or safety.

  • Research partners: In some research projects, data may be shared with academic partners. In such cases, data is usually aggregated or de-identified to protect your identity, as explained in the specific research consent forms.

   5. Data retention and security

We retain your personal information only as long as necessary for the purposes outlined in this notice or as required by law. We employ reasonable security measures, including physical, technical, and administrative safeguards, to protect your data from unauthorized access or breaches. We will securely delete your personal data promptly after the purposes described in this notice to apply in accordance with the prevailing market practice for such destruction.

Microfoundation protects and safeguards your personal data globally, in accordance with applicable law, our privacy and data security policies, and this Privacy Notice. Microfoundation uses generally accepted standards of technical and operational security to protect your personal data against accidental or unlawful loss, misuse, alteration, or destruction, in consideration of the risks associated with the personal data and its processing, and Microfoundation requires the same level of protection and safeguarding from our subsidiaries and affiliates, our service providers, and third parties. Only authorized personnel of Microfoundation and of our service providers are permitted to access personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions, however, Microfoundation cannot guarantee that unauthorized persons will not obtain access to your personal data.

If you request that we delete your personal data, Microfoundation will comply with applicable law and will make reasonable attempts to delete all instances of the personal data, subject to our right to keep a copy of such data for the purposes mentioned above.

   6. Your data protection rights

Depending on your location and applicable laws, you may have rights regarding your data. These rights may include the right to access, rectify, or erase your personal data, to object to its processing (especially for direct marketing), and to withdraw your consent. 

  • Right to request information about the personal data that we hold about you, including information about how we use your personal data, who has access to it, and the terms under which third parties have access to your personal data;
  • Right to request a copy of the personal data that we hold about you;
  • Right to request portability of your data to permit you to provide a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that personal data to another controller;
  • Right to request that we correct or otherwise amend your personal data if it is not correct or otherwise not complete, timely, and accurate for the purposes for which we are using it;
  • Right to request deletion of your personal data;
  • Right to request that we cease processing or restrict or limit the processing of your personal data;
  • Right to withdraw your consent to our processing of your personal data where the basis of our processing is your consent;
  • Right to not be discriminated against for exercising your individual rights regarding your personal data;
  • Right to seek additional legal remedies regarding our response to your request to exercise your individual data-protection rights, depending upon your jurisdiction, by lodging a complaint with your data-protection authority or initiating a legal proceeding

To exercise any of these rights, please contact us.

   7. How to contact the appropriate authorities

If you have concerns about how we are using your information, you may have the right to lodge a complaint with a data protection supervisory authority.

   8. Changes to this privacy notice

We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page regularly for the latest information.