🔒 THE VAULT

We keep it minimal. Here's what MintLore collects when you roll through: • Email address — for OTP login only. No passwords, no drama. • Display handle — the name you choose to flex. • Avatar — if you upload one. • Definitions, votes, comments, and bookmarks — your public activity on the platform. • Aura score and rank — calculated from your activity. • Device and browser info — basic analytics to keep the app running smooth. • IP address — for rate limiting and abuse prevention only.

Your data fuels the MintLore experience. Here's the breakdown: • Authentication — verifying you're you via email OTP. • Platform features — displaying your definitions, tracking Aura, maintaining leaderboards. • Abuse prevention — detecting bots, spam, and alt accounts trying to game the system. • Platform improvement — understanding how people use MintLore to make it better. We do NOT sell your data. We do NOT run targeted ads based on your profile. Full stop.

MintLore uses minimal cookies and local storage: • Session tokens — to keep you logged in. Essential, not optional. • Visitor ID — a random anonymous identifier stored locally for anonymous voting. No tracking across sites. • Theme/UI preferences — remembering your settings. We don't use third-party tracking cookies. No Google Analytics stalking you across the internet. No ad pixels. Just the essentials.

Your data is stored in Supabase with PostgreSQL — industry-standard infrastructure with: • Row Level Security (RLS) — database-level access controls so users can only access their own data. • Encrypted connections — all data in transit uses TLS/SSL. • No plain-text passwords — we use OTP-only authentication. There are no passwords to leak. • Stripe for payments — we never see or store your card details. No system is 100% bulletproof, but we take security seriously and follow best practices.

We share data with a limited set of services that make MintLore work: • Supabase — database and authentication provider. • Stripe — payment processing for Doorman tips. They have their own privacy policy. • Vercel — hosting provider for the web application. That's the full list. We don't share your data with advertisers, data brokers, or anyone else.

You have full control over your data: • Delete your account — removes your profile, avatar, and personal data. Your minted definitions become anonymous. • Delete definitions — remove any definition you've minted at any time. • Export your data — contact us and we'll provide a copy of your data. • Opt out — you can stop using MintLore at any time. We don't hold your data hostage. For users in the EU/EEA, you have additional rights under GDPR including the right to access, rectify, and port your data. For California residents, you have rights under CCPA. To exercise any of these rights, email support@mintlore.app.