Mintall | Privacy Policy

Privacy Policy

Please read it carefully to understand your rights and our practices.

Last updated: September 5, 2025

This Privacy Policy describes how Mintallxyz, Inc. (the “Company”, “we”, “us”, “our”) collects, uses, and shares your information when using this website, associated software, and other related applications (the “Services”). Within the context of this document, “you” and “your” refer to a user (the “User”) of the Services.

Our Services include:

  • Mintall Studio: AI-powered visual creation platform that generates high-quality product images, marketing materials, and brand content for e-commerce businesses
  • Mintall Keep: Digital asset certification service that embeds C2PA credentials and blockchain verification to protect intellectual property rights
  • Mintall Keep for Shopify: Integrated certification service that works directly within your Shopify store to automatically protect product images and content

The Company is the data controller for your information. This means we determine how and why your personal data is processed and are responsible for ensuring compliance with applicable privacy laws.

Table of Contents

  1. Types of Data Collected
  2. Data Processing
  3. Shopify Integration
  4. Your Privacy Rights
  5. Cookies and Tracking
  6. Data Security
  7. Policy Updates

Types of Data Collected

Information You Provide

In order to use some features of the Services, you may be required to directly provide the following information. You may elect to not provide this information, but this may prevent you from using or accessing some of the Services’ features.

Information you may provide includes:

  • Contact information, such as your name and email address
  • Account information, such as your username, password, and profile picture
  • Payment information, such as credit card number and billing address
  • User input, such as images, text prompts, materials, or other content you upload to the Services

Information Collected Automatically

The following data are collected automatically, either by us or by third-party services we use for the purposes of improving the Services:

  • Device information, such as device type, operating system, IP address, and browser information
  • Location information, such as timezone and locale
  • Interaction information, such as log data, timestamps, and clickstream data (e.g. page requests, page views, content viewed)

The above information may be associated with your user account information.

Information Collected from Other Sources

We may receive information about you from other sources, including:

  • Information we receive through your email account, such as when you contact us
  • Information we receive from social media platforms, such as when you interact with us on Instagram, X (Twitter), or Discord

Processing the Data

Service Providers

The following service providers are used for collecting and processing your data.

  • Azure and Google Cloud: for hosting our backend services, storage, and infrastructure
  • Clerk: for user account management and authentication services
  • Stripe: for payment processing and billing management
  • Twilio Segment: for usage analytics and service improvement
  • Zendesk: for customer support and help desk services

Methods of Processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the Services (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Company. The updated list of these parties may be requested at any time.

Place

Data processing occurs at the Company’s operating offices and in any other places where the parties involved in the processing are located.

Depending on the User’s location, data transfers may involve transferring the User’s data to a country other than their own. For international transfers, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or rely on adequacy decisions where available.

Retention Time

Personal data is retained for as long as necessary to provide our Services and fulfill the purposes for which it was collected. Specific retention periods include:

  • Account and user data: Retained until account deletion
  • Payment and billing records: Retained for up to 7 years for financial compliance
  • Blockchain certification data: Permanently stored on blockchain networks and cannot be deleted
  • Legal compliance data: Retained as required by applicable law

We may retain data for longer periods where required by law or with your explicit consent.

Shopify Integration

This section applies to data collected and processed through Mintall Keep’s Shopify integration and supplements our main Privacy Policy.

Account Creation

When you install Mintall Keep for Shopify, we automatically create a Mintall Keep account using information from your Shopify store, unless you already have an existing account. This enables seamless service delivery and cross-platform access to your certified assets.

Shopify Data Compliance

We comply with Shopify’s Partner Program Agreement and:

  • Use your Shopify store data solely for providing our certification services
  • Do not sell, share, or disclose your store data to third parties
  • Store data only for as long as reasonably necessary to provide services
  • Implement industry standard security measures to protect your data
  • Will notify both you and Shopify within required timeframes in case of any data breach

Shopify Integration Data Collection

Data We Collect from Your Shopify Store

  • Store Information: Store name, domain, contact email addresses
  • Product Data: Titles, descriptions, and images you choose to certify
  • Integration Data: Shopify-specific identifiers and session information
  • Usage Analytics: Shopify integration usage patterns to improve our services
  • Technical Data: API access data necessary for Shopify integration functionality

Data We Don’t Collect

  • Customer personal information or purchase history
  • Payment or financial transaction data (except through our standard billing)
  • Sensitive business metrics or sales data
  • Data from products you don’t choose to certify
  • Content from other Shopify apps

Cross-Platform Data

  • Your Mintall Keep account data is shared across all platforms you use
  • Certified assets created through Shopify are accessible on other platforms
  • Shopify credits are separate from other platforms

How We Use Shopify Integration Data

Service Provision

  • Authenticate your Shopify store with your Mintall Keep account
  • Sync certified assets between Shopify and your main account
  • Provide seamless certification services within Shopify admin
  • Enable cross-platform access to your certified content

Integration Improvement

  • Analyze Shopify-specific usage patterns
  • Develop Shopify-optimized features
  • Ensure integration reliability and performance
  • Compare performance across different platform integrations

Platform-Specific Data Handling

Shopify Session Data

  • Temporary session tokens for Shopify authentication
  • Deleted immediately upon app uninstallation from Shopify
  • Not shared with other platform integrations
  • Used only for Shopify-specific functionality

Unified Account Data

  • Main account information shared across all platforms
  • Certified assets accessible regardless of creation platform
  • Shopify billing handled separately through Shopify’s system
  • User preferences synchronized across platforms

Data Sharing and Third Parties

Shopify-Specific Sharing

We share data with:

  • Shopify: For integration functionality and billing (when applicable)
  • Our Core Platform: To maintain unified account and asset access
  • Standard Service Providers: As outlined in our main Privacy Policy

Cross-Platform Data Flow

  • Data flows between Shopify integration and main Mintall Keep platform
  • This enables unified account management and asset access
  • All data sharing follows our standard privacy protections

Data Retention for Shopify Integration

Integration-Specific Data

  • Shopify Session Data: Deleted immediately upon app uninstallation
  • Shopify Store Information: Retained as part of your main account until account deletion
  • Integration Usage Data: Follows our standard 3-year retention policy

Unified Account Data

  • Removing Shopify integration does not delete your main Mintall Keep account
  • Certified assets remain accessible on other platforms
  • Account deletion affects all platform integrations simultaneously

Your Rights Regarding Shopify Integration

Integration-Specific Controls

  • Disconnect Shopify integration while maintaining main account
  • Control which Shopify data is processed through our services
  • Manage integration-specific notification preferences

Unified Account Rights

  • All standard privacy rights apply across platforms
  • Account deletion removes all platform integrations
  • Data portability includes all platform data

Multi-Platform Considerations

Data Consistency

  • We maintain data consistency across all platform integrations
  • Changes made on one platform may affect data on others
  • Certified assets maintain the same verification across all platforms

Platform-Specific Features

  • Some features may be unique to specific platform integrations
  • Data collection may vary based on platform capabilities
  • Privacy controls may be platform-specific where technically necessary

Your Privacy Rights

In accordance with applicable law, you may have the right to:

  • Access your information. Request a copy of the personal data we hold about you
  • Correct your information. Update incorrect or inaccurate information in your account or by contacting us
  • Delete your data. Request deletion of your personal data, subject to legal retention requirements
  • Port your data. Receive your data in a structured, machine-readable format for transfer to another service
  • Restrict processing. Limit how we process your data in certain circumstances
  • Object to processing. Oppose processing based on legitimate interests or for direct marketing
  • Withdraw consent. Revoke consent for data processing where consent is the legal basis
  • Lodge a complaint. File a complaint with your local data protection authority if you believe we’ve mishandled your data

Note: Some rights may be limited by legal requirements, particularly for blockchain-stored certification data which cannot be deleted or modified.

To exercise any of these rights, you may contact us. Please see the contact information provided in this document.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and login status
  • Remember your preferences and settings
  • Analyze website usage and improve our Services
  • Provide personalized content and recommendations

You can control cookies through your browser settings, but disabling certain cookies may limit functionality of our Services.

Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about the breach and steps we’re taking to address it
  • Offer guidance on protective measures you can take
  • Report the breach to relevant authorities as required by law

Children’s Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Information Not Contained in This Privacy Policy

More details concerning the collection or processing of personal data may be requested from us at any time. Please see the contact information provided in this document.

Changes to This Privacy Policy

We reserve the right to amend or otherwise modify this Privacy Policy at any time. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. The continued use of the Services will signify your acceptance of the revised Privacy Policy.

How to Contact Us

By address:
Mintallxyz, Inc.
2261 Market Street STE 10682
San Francisco, CA 94114

For privacy-related questions: privacy@mintall.ai

For general support and inquiries: support@mintall.ai