← Back to Mint Write

Privacy Policy

Last updated: 29 April 2026

1. Controller

Mint Write ("we", "us", "our") is the data controller for personal data processed through mintwrite.com and all associated services.

Contact for privacy matters: privacy@mintwrite.com

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: email address, display name, and either a hashed password or an OAuth provider identifier (Google). We never store plaintext passwords.
  • Billing data: Stripe customer ID, subscription plan, billing cycle, invoice references. Payment card details are processed entirely by Stripe and are never stored on our servers.
  • Generated content: your project profiles (name, ticker, tagline, website, social handles) and the inputs and outputs of AI content generation sessions, associated with your account.
  • Technical data: IP address, browser user-agent, and session tokens stored as HttpOnly cookies.

3. Legal Basis for Processing (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR): processing account and billing data is necessary to provide you with the service.
  • Legitimate interest (Art. 6(1)(f) GDPR): fraud prevention, security monitoring, and improving the reliability of the service.
  • Consent (Art. 6(1)(a) GDPR): analytics cookies are only placed if you explicitly accept via the cookie consent banner.

4. Third-Party Processors

We work with the following sub-processors. Each has signed a Data Processing Agreement (DPA) and provides appropriate safeguards for international data transfers:

ProcessorPurposeLocation
Vercel Inc.Application hosting and PostgreSQL databaseUSA (EU–US DPA)
Stripe Inc.Payment processing and subscription managementUSA (EU–US DPA)
Resend Inc.Transactional email delivery (verification, notifications)USA (EU–US DPA)
OpenRouter / AnthropicAI content generation (your prompts are sent to AI models)USA (EU–US DPA)

Important regarding AI generation: your project context and generation inputs are transmitted to OpenRouter and the underlying AI model (currently Anthropic Claude) solely to produce the requested output. We do not use your inputs to train AI models, and we contractually prohibit our AI providers from doing so.

5. Cookies

CookieTypePurposeDuration
mintwrite_sessionStrictly necessaryAuthenticates your session. HttpOnly, Secure.30 days
Analytics cookiesAnalytics (consent)Aggregate usage analytics. Only set with your consent.1 year

6. Data Retention

  • Account and content data: retained for as long as your account is active.
  • Upon account deletion: personal data is deleted within 30 days, except where retention is required by law.
  • Billing records: retained for 7 years to comply with tax and accounting regulations.

7. Your Rights (GDPR)

If you are located in the EU, EEA, or UK, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at privacy@mintwrite.com. We will respond within 30 days.

8. Security

All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt and never stored in plaintext. Session tokens are stored as HttpOnly, Secure cookies to mitigate XSS and CSRF risks. Access to production databases is restricted to authorised personnel only.

9. Children's Privacy

Mint Write is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "last updated" date above. Continued use of the service after notification constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions or data subject requests: privacy@mintwrite.com