Legal

Privacy policy

GenNova Dev Co., Ltd. is committed to protecting the privacy and personal data of customers in line with technical and organizational standards under Vietnamese law and international personal data protection practices. Last updated: 22/05/2026.

This policy applies to websites, applications and services operated by GenNova Dev Co., Ltd. (“GenNova Dev”, “we”). Key terms follow the spirit of Decree 13/2023/ND-CP and implementing guidance:

  • Data subject: an individual identified or identifiable through data (e.g. account registrant, contact person).
  • Personal data: information linked to a specific person or that helps identify that person.
  • Basic personal data: e.g. name, email, contact phone (when you provide it), login account information per Section 2.
  • Sensitive personal data: types listed separately by law. GenNova Dev does not intentionally collect sensitive categories (e.g. politics, religion, health, biometrics…) unless you or your organization voluntarily provide them where necessary for a transaction/support and with a lawful basis.

Data processing roles. When business customers configure sync between systems, the business customer is usually the party deciding purposes and methods of processing their business data (e.g. orders, end customers they manage). GenNova Dev processes data per customer instructions and configuration as a technical platform provider — see Section 5 on API integration. Common English terms: Data Controller / Data Processor; equivalent wording is used in Sections 5 and 10.

Legal bases for processing (one or more may apply): performing the service contract; consent where required; legal obligations (accounting, tax, retention); legitimate interests (security, fraud prevention) within lawful limits.

Cross-border transfers. Data may be transmitted or stored outside Vietnam when you use services with international infrastructure (cloud, email, monitoring) or when content crosses the Internet. We apply appropriate safeguards including TLS encryption, contractual data protection with providers, and internal access controls. Specific deployment status may vary; enterprise contracts may clarify details in annexes.

Your end customers. If personal data belongs to your employees or customers, notice and consent (where required by law) is usually your responsibility. GenNova Dev supports technical aspects (scope configuration, deletion per contract) per Sections 7 and 10.

While providing data sync services, GenNova Dev collects:

a) Personal identification

  • Name, email when registering an account or requesting consulting.
  • Company name, tax ID, address when subscribing to paid plans.
  • Contact phone (if voluntarily provided).

b) Technical and session information

  • IP address, browser type, OS and access times.
  • Login session cookies and auth tokens (JWT / session token).
  • API access logs: call time, endpoint, response code — for debug and performance monitoring.

c) Integration data from third-party platforms

  • API credentials: access tokens, API keys, client secrets for platforms you authorize (Haravan, Nhanh.vn, MISA AMIS, KiotViet, MeInvoice…). Protected by business access controls, not shown publicly, transmitted over HTTPS. Encryption at rest (if any) depends on deployment configuration.
  • Synced business data (orders, products, customers, inventory, invoices): stored only temporarily in processing buffers, not long-term on GenNova Dev.

d) Payment information

  • GenNova Dev does not directly store card numbers, CVV or sensitive payment data. Payments are processed via third-party gateways complying with applicable security standards (e.g. PCI where applicable).
  • We retain transaction IDs, time and amount for reconciliation and receipts.

Collected information is used for:

  • Service delivery and operation: account authentication, API connections, executing sync flows per customer configuration.
  • Technical support and customer care: responding to support requests, debugging, sync status notifications, incident alerts by email.
  • Billing and invoices: recurring payments, receipts, renewal reminders.
  • Product improvement: aggregated, anonymized usage analysis to optimize performance and develop features.
  • Security and fraud prevention: detecting abnormal access, blocking brute-force, API rate limiting.
  • Legal compliance: retaining transaction records per Vietnamese law (minimum 5 years for financial records).

GenNova Dev does not use customer data for third-party advertising, does not sell data, and does not analyze customer business data beyond agreed service scope.

GenNova Dev applies technical and operational safeguards:

a) Encryption and transmission

  • Public network traffic protected by TLS (HTTPS).
  • Sensitive login and integration data handled in environments with account-based access control.
  • User login uses OTP via email (no static password in the default model). Codes expire and have attempt limits.

b) Access control

  • Email OTP for login sessions.
  • Least privilege — each account accesses only its own API database.
  • Session tokens expire after inactivity.

c) Infrastructure and monitoring

  • Cloud deployment with firewalls and security groups.
  • Daily database backups in separate geographic regions.
  • 24/7 monitoring with automated anomaly alerts.
  • Logs retained up to 90 days then deleted.

d) Security incidents

If a data breach affects customers, GenNova Dev commits to notify affected customers within 72 hours of discovery, with incident description and remediation measures.

As a data sync platform, GenNova Dev acts as a processor under customer instructions (Data Processor) between systems customers use. We commit to:

  • Minimum access scope: apps request only necessary permissions from third parties (Haravan, Nhanh.vn, MISA AMIS…).
  • No long-term business data storage: orders, products, inventory and customer data are processed in temporary memory/queues during sync, then removed. GenNova Dev does not build a warehouse from customer business data.
  • Sync logs: summary logs (order ID, status, time) kept up to 90 days for lookup and confirmation, then auto-deleted.
  • Account isolation: each account’s data in separate schemas, logically isolated.
  • Revoking access: customers may revoke API access on source platforms or delete connections on GenNova Dev; sync stops immediately.

Using GenNova Dev means the customer — as controller of data they put into sync flows (Data Controller in that relationship) — authorizes GenNova Dev to process business data within configured scope.

GenNova Dev does not sell, rent or share personal data for commercial purposes. Data is shared only when:

  • Technical service providers: cloud hosting, email delivery, monitoring — under data protection contracts, processing only per GenNova Dev instructions.
  • Mandatory legal requests: from competent authorities per lawful procedure.
  • Protecting legitimate interests: preventing fraud, terms violations, or harm to other users.
  • Business transfer: merger, acquisition or asset sale — after notice and equivalent privacy commitments from the recipient.

Data sent to integrated platforms (Haravan, Nhanh.vn, MISA, etc.) is per customer configuration — GenNova Dev is a technical intermediary, not an independent sharer.

Under Decree 13/2023/ND-CP on personal data protection in Vietnam, you have:

  • Access: request to see personal data we hold about you.
  • Correction: request updates or fixes to inaccurate personal data.
  • Deletion (“right to be forgotten”): request deletion except where law requires retention (e.g. 5-year financial records). Full removal of integration configuration per mapping/shop follows Section 9 when eligible.
  • Objection: object to processing for specific purposes (e.g. statistics, marketing email).
  • Data portability: receive a copy in common formats (JSON/CSV) to move to another provider.
  • Withdraw consent: at any time (withdrawal does not affect lawfulness of prior processing).

Send requests to info@gennovadev.com with subject "[Data rights request] — [Name] — [Account email]". We respond within 15 business days (up to 30 days for complex cases with explanation).

We retain data only as long as necessary:

  • Account data (email, name, company info): while the account is active and up to 2 years after deletion (for dispute resolution).
  • API credentials: while the connection is valid; deleted immediately on disconnect.
  • Sync logs: up to 90 days, then auto-deleted.
  • Payment and invoice records: 5 years per Vietnamese accounting law.
  • System access logs: up to 30 days for security monitoring.
  • Reviews and feedback: indefinitely unless deletion requested — to improve service.

On account deletion request, personal data is removed within 30 days except legally required retention. Integration data removal per shop/mapping follows Section 9.

GenNova Dev applies a data removal policy for each connection configuration (mapping — a Haravan shop, Nhanh store or AMIS/MeInvoice integration). This supplements Section 7 (deletion rights) and Section 8 (retention).

9.1. When removal applies

  • Customer request: formal request via info@gennovadev.com or verified Super Admin process.
  • Non-renewal: all licenses for subscribed sync topics expired and the latest expiry date was at least 90 days ago with no renewal. GenNova Dev may plan removal after notice if a valid contact email exists.

We do not remove a mapping while any license remains active for any sync topic, unless the customer explicitly requests early termination and accepts consequences.

9.2. Scope of removal

  • External disconnect: cancel Haravan webhooks, revoke OAuth/API tokens stored for that mapping.
  • Configuration and catalogs: sync settings, branch/warehouse mapping, cached AMIS/MeInvoice/Nhanh catalogs, callbacks and reports tied to mapping_id.
  • Logs: sync and webhook logs for the mapping/shop within remaining retention.
  • Shop cache: Haravan/Nhanh cache deleted only when no other mapping references the same shop ID.
  • Licenses and linked accounts: license records, email mapping config, internal permissions; unlink mapping_id from user accounts (full email account deletion only on separate request per Section 7).
  • Mapping record: delete the root mapping after the above steps.

Not removed: shared master location data; payment/invoice records (Section 8); audit snapshots of the removal process.

9.3. Process

  • Performed by Super Admin with multi-step confirmation and preview counts per data group.
  • Background task execution; completion time depends on data volume.
  • After completion, mapping no longer appears; sync and webhooks stop permanently.

9.4. Irreversible

Removal under this section is irreversible for deleted configuration and business data on GenNova Dev. Back up data on source platforms before requesting removal.

9.5. Contact

Removal requests: info@gennovadev.com — subject: [Data removal request] — [Shop name / mapping_id] — [Account email]. Initial response within 15 business days; technical completion usually within 30 days after eligibility confirmed.

GenNova Dev uses:

  • Strictly necessary cookies: session login, CSRF token — required for security. Cannot be disabled.
  • Functional cookies: UI preferences (theme, font size), language.
  • Analytics cookies: aggregated, anonymized usage to improve the product.

We currently do not use third-party advertising cookies (Google Ads, Facebook Pixel, etc.).

You may delete or block cookies in browser settings. Blocking necessary cookies will disrupt login and security.

By using GenNova Dev, customers agree to:

  • Account security: protect the email inbox receiving OTP and login sessions. One email links to one API connection database. Do not share accounts with unauthorized third parties.
  • Lawful use: service for lawful purposes only; no fraud, IP infringement, or violation of integrated platform terms.
  • Data responsibility: customers control business data in sync flows and ensure lawful processing including end-customer data where applicable.
  • Plans and payment: fees per chosen billing cycle. Payment delay over 7 days may suspend service. Price changes with 30 days notice.
  • Suspension and termination: we may suspend or terminate for terms violations, prolonged unpaid fees, authority requests, or maintenance/security. Post-termination data handled per Sections 8 and 9.
  • Operational liability limits: we provide the sync platform with reasonable commercial effort but are not liable for third-party API incidents (changes, downtime of Haravan, Nhanh.vn, MISA…). Force majeure handled per Section 12.

License. Within the subscribed plan and paid fees (if any), GenNova Dev grants a non-exclusive, non-transferable, revocable right to use the software/service via the provided interface. No sublicensing, resale or rental without written consent.

Restrictions. Customers must not: (i) use the service unlawfully; (ii) attempt unauthorized access, security breaches, overload or disruption; (iii) reverse engineer except where law permits; (iv) remove or alter copyright/trademark notices.

Intellectual property. UI, server code, architecture, trademarks and documentation belong to GenNova Dev or licensors. Customer configuration and business content remain the customer’s within legal limits.

Disclaimer and liability cap. To the extent permitted by law, GenNova Dev is not liable for indirect damages, lost profits, or data loss beyond reasonable control, or third-party events. Total cumulative liability per customer per calendar year shall not exceed total service fees actually paid to GenNova Dev in the twelve (12) months before the claim (or minimum as mandatory law requires for free/unpaid plans).

Force majeure. Events beyond reasonable control (natural disasters, war, global Internet/cloud outages, government action) may interrupt service; parties excused for delay during such events with mitigation efforts.

Governing law. These terms are governed by Vietnamese law. Disputes resolved by negotiation first; failing that, competent People's Court in Hanoi, Vietnam, unless mandatory law requires otherwise.

GenNova Dev may update this Privacy Policy to reflect operational, legal or product changes.

  • Non-material changes (clarifications, examples): effective upon posting with updated date at top.
  • Material changes (processing purposes, retention, new data types): notice to registered email at least 30 days before effective date. Customers may object or request account deletion during that period.

Continued use after the effective date constitutes acceptance. Prior versions available on request.

For questions, complaints or requests regarding this Privacy Policy and personal data:

  • Company: GenNova Dev Co., Ltd.
  • Tax ID: 0111039570
  • Address: 4th Floor, Building No. 12-16 Doc Ngu Street, Ngoc Ha Ward, Hanoi, Vietnam
  • Privacy email: info@gennovadev.com
  • Response time: Up to 15 business days from receipt.

If you believe we processed your data improperly and the issue is unresolved, you may complain to the Ministry of Public Security (Department of Cyber Security and High-Tech Crime Prevention — A05) or other competent authority under Decree 13/2023/ND-CP.