Privacy Policy
Effective date: 22 May 2026 Last updated: 10 June 2026
This Privacy Policy explains what personal data we collect when you use the Mintrin mobile and web apps and the websites at mintrin.app (the "Service"), why we collect it, who we share it with, and the rights you have over it.
The data controller for the personal data processed through the Service is:
- Data controller: Abolfazl Esmaeilinejad, an individual sole trader established in the Netherlands operating the Mintrin service ("Mintrin", "we", "us", "our").
- Contact:
legal@mintrin.app. A postal address is available on request at the same address. - EU representative: not required — the controller is established in the European Union.
- Data Protection Officer (DPO): not appointed. Our processing activities do not meet the thresholds in Article 37 GDPR (we do not carry out large-scale systematic monitoring and we do not process special-category data as a core activity). You can still reach us on any privacy matter at
legal@mintrin.app.
Because the controller is established in the Netherlands and our servers are hosted in Germany (EU), the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Dutch Uitvoeringswet AVG (UAVG) apply to our processing. Users in the UK, California, and other jurisdictions have additional rights described in section 9.
If you have any questions after reading this policy, write to legal@mintrin.app.
1. Summary (TL;DR)
- We collect the account information you give us (email, display name, avatar, bio), the content you create (posts, comments, likes, bookmarks, follows, blocks, reports), and a small amount of technical data needed to operate and secure the Service (IP address, device information, authentication events, crash reports).
- We use it to provide the Service, keep it safe, and make it better — not to sell you ads, and not to sell your data.
- We share it only with the service providers we need to operate (listed in section 4), with authorities when legally required, and with other users according to your privacy settings.
- Our servers are in Germany (EU). Error reports and product analytics may be processed in the US and other regions under appropriate safeguards.
- You can access, correct, export, restrict, object to, and delete your data from Settings or by emailing us.
- We do not knowingly collect personal data from children under 13 (or the higher minimum age in your country).
2. Data we collect
We collect personal data in three ways: (a) you give it to us, (b) we generate it as you use the Service, and (c) we receive it from third parties you have authorized (e.g. Google Sign-In).
2.1 Account and profile
| Data | Provided by | Required? | Notes |
|---|---|---|---|
| Email address | You / your identity provider | Required | Used for login, verification, password reset, security notices, and transactional email. |
| Password | You | Required for email sign-up | Stored only as a salted hash by our authentication system. Never transmitted or stored in clear text. |
| Display name | You | Required | Shown publicly on your profile. |
Handle (@slug) | System, then you | Required | Auto-generated from your display name; you can change it. Shown publicly. |
| Bio | You | Optional (up to 160 chars) | Shown publicly on your profile. |
| Avatar (profile picture) | You | Optional | We remove embedded location and camera metadata, re-encode to a standard image format, and scale down to fit within 1024 pixels before storing. See section 10. |
| Privacy flag (Public / Private) | You | Required, defaults to your choice at signup | Controls whether your posts are visible without a follow. |
| Interests / onboarding choices | You | Optional | Categories you pick during onboarding, used to rank your feed. |
| Data from identity providers (Google and Apple) | The provider, with your consent | Only if you use social sign-in | Typically email, given name, family name, picture. Unlinking a provider disconnects this flow. |
We do not collect: date of birth, phone number, postal address, location data, contacts, calendar, health data, financial data, government ID, biometrics, or data from advertising networks. We also do not ingest your camera or microphone; avatars are picked from your photo library.
2.2 Content you create
- Posts (reviews) and the one-tap rating you give them.
- The media item each post refers to (e.g. a film identifier, an ISBN, a game identifier, a music or article URL).
- Comments and replies.
- Likes, bookmarks, follows, follow requests, blocks.
- Reports you file against other users or content.
- Any feedback or support messages you send us.
- Notifications shown in your Activity feed: likes, follows, replies, mentions, and the outcome of any moderation action that involves you.
2.3 Technical and security data
- IP address at sign-in and at key actions, used for anti-fraud, rate-limiting, and regional troubleshooting.
- Device information your app or browser shares: OS and version, device model, app version, language, time-zone, a platform-generated installation ID, and (for errors) a redacted stack trace.
- Authentication events recorded by our authentication system: sign-ins, sign-outs, failed sign-ins, session rotations, password-reset requests, email-verification sends, identity-provider link events. We keep these for 90 days and then delete them.
- Active devices and sessions currently signed into your account, which you can view and revoke from Settings → Active devices and sessions.
- Push notification token issued by Apple or Google when you allow notifications, so we can deliver alerts to your device. We remove the token when you sign out, turn notifications off, or delete the app.
- Search queries you type in the app are sent to our servers in real time to return results. We do not store them.
- Crash and error reports collected by our error-monitoring provider (see section 4). We configure it to scrub authorization headers, tokens, passwords, and breadcrumbs with obviously sensitive keys; we do not send personally-identifying information in server-side reports.
- Product analytics collected on the mobile app only, limited to a short, predefined list of events (app opened, signup started, signup verified, onboarding choices, post published, post liked, profile followed, cross-medium click, 24-hour return). Session replay is disabled. Automatic capture is off. See section 13.
- Moderation data: records of reports, decisions, and actions taken on accounts and content, kept for the period needed to enforce repeat-offender rules and to defend legal claims.
2.4 Content from third-party catalogues
When you log a book, film, TV show, video game, album, song, podcast, or article, we fetch metadata and cover art from third-party catalogues (TMDB, Google Books, OpenLibrary, RAWG, Apple iTunes Search). We send the catalogue a lookup query or ID but not your identity. The catalogues' privacy practices are their own; see their policies linked in section 4.
2.5 Cookies and similar technologies
- Web: the web app currently does not set tracking, analytics, or advertising cookies. If and when we add analytics to the web app, we will show a consent banner that meets the EU ePrivacy Directive and GDPR standard, and update this section.
- Mobile: we use the mobile operating system's encrypted local storage to hold your session tokens and a few preferences. This is not "cookies" under the ePrivacy Directive, but we treat it with the same care.
2.6 Imports from other services
When you choose to import your activity from another service (today: Goodreads, Letterboxd, and IMDb; Apple Music and Apple Podcasts coming later), you give us an export file you obtained yourself from that service. From that file we extract the titles in your library, your ratings, and any notes or reviews you wrote on the source service, and we add them to your Mintrin vitrine. Imported items are private to your vitrine by default — they are not posted to your followers' feeds unless you choose to publish them later. We keep the raw uploaded file for up to 7 days so that a failed import can be retried, and then delete it. We do not send the file to any third party.
3. How we use your data, and our lawful basis
We process personal data only for the purposes listed below. The "lawful basis" column is the GDPR Article 6(1) ground we rely on; users outside the EEA/UK have equivalent protections under local law.
| Purpose | Data used | Lawful basis (GDPR) |
|---|---|---|
| Create and manage your account; sign you in; verify your email. | Email, password hash, identity-provider data. | Contract — Art. 6(1)(b). |
| Show your profile, posts, and social actions to other users according to your privacy settings. | Display name, handle, avatar, bio, privacy flag, posts, comments, likes, bookmarks, follows. | Contract — Art. 6(1)(b). |
| Send account and security emails (verify email, password reset, login alert, critical notice). | Email, authentication-event data. | Contract — Art. 6(1)(b) and legal obligation — Art. 6(1)(c). |
| Keep the Service safe: detect fraud and abuse, enforce rate limits, rotate and revoke sessions, run the active-devices view, log authentication events. | IP, device info, authentication events, session fingerprint. | Legitimate interests — Art. 6(1)(f). Our interest: securing the Service and protecting all users. |
| Moderate content and enforce the Terms: review reports, take action on violating content or accounts, respond to appeals. | Reports, content, account metadata. | Legitimate interests — Art. 6(1)(f) and legal obligation — Art. 6(1)(c) (e.g. DSA Art. 16, NCMEC reports). |
| Send transactional notices that are not strictly contractual (e.g. "your follow request was accepted"), in-app notifications, and push notifications. | Email, push token. | Legitimate interests — Art. 6(1)(f); consent — Art. 6(1)(a) for push notifications, granted at the OS level. |
| Understand how the product is used so we can improve it, measure feature adoption, and fix bugs. | Product-analytics event stream, error-monitoring reports. | Legitimate interests — Art. 6(1)(f). You can object at any time by writing to legal@mintrin.app. We do not use this data to profile you individually or to sell ads. |
| Comply with law, respond to lawful requests, and defend legal claims. | Any of the above, as needed. | Legal obligation — Art. 6(1)(c) and legitimate interests — Art. 6(1)(f). |
We never carry out automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Art. 22.
4. Third parties we share data with
We share personal data with the following categories of recipients. None of them are permitted to use the data for their own marketing or to resell it.
4.1 Service providers (processors)
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Hetzner | Cloud hosting for our backend, database, authentication system, gateway, and user-media storage. | Everything stored on our servers. | Germany (EU). |
| Backblaze (B2) | Encrypted off-site backups of the database and media. | Same as above. | United States; EU region where offered. Covered by the EU Standard Contractual Clauses and Backblaze's Data Processing Addendum. |
| Resend | Delivery of transactional email (verification, password reset). | Email address, message body. | United States. EU Standard Contractual Clauses. |
| Fastmail | Our inbound mailbox. | Messages you send us. | Australia; subject to Fastmail's data-processing terms. |
| Sentry | Crash and error reporting on the mobile app and backend. | Redacted stack traces, device info, app version, anonymised user id. Personally-identifying information scrubbing is enabled. | United States. EU Standard Contractual Clauses; EU data-residency option where enabled. |
| PostHog (EU Cloud) | Product analytics on the mobile app (not web). | Predefined events listed in section 2.3, sent to an EU endpoint. | European Union (Germany). Data does not leave the EU. |
| Google (Sign-In) | Optional social sign-in. | Google account identifier, email, name, picture (only if you link the provider). | United States; SCCs apply. |
| Apple (Sign in with Apple; App Store; Apple Push Notification service) | Social sign-in; app distribution; delivery of push notifications to iOS devices. | Apple relay email, name (only if you link); device push token; crash and diagnostic data per App Store policy if you opt in at the OS level. | United States / Ireland. |
| Google (Firebase Cloud Messaging) | Delivery of push notifications to Android devices. | Device push token, message payload we ask Google to deliver. | United States; SCCs apply. |
| Expo (Expo Application Services) | Routes push notifications from our server to Apple's and Google's delivery networks. | Device push token, message payload we ask Expo to deliver. | United States; SCCs apply. |
Each processor listed above is bound by a written contract requiring GDPR-compliant processing, confidentiality, sub-processor controls, and security measures.
4.2 Third-party catalogues (independent controllers)
- The Movie Database (TMDB) — films and TV metadata. "This product uses the TMDB API but is not endorsed or certified by TMDB." Privacy policy:
https://www.themoviedb.org/privacy-policy. - Google Books API — book metadata. Privacy policy:
https://policies.google.com/privacy. - OpenLibrary / Internet Archive — book metadata fallback. Privacy policy:
https://archive.org/about/terms.php. - RAWG — video-game metadata. Privacy policy:
https://rawg.io/privacy_policy. - Apple iTunes Search API — music and podcast metadata. Privacy policy:
https://www.apple.com/legal/privacy.
For these services, we send a lookup query or ID (for example "Dune 2021" or a film identifier). We do not share your identity, IP address, or account information with them beyond what their servers see as a standard outbound request from our backend.
4.3 Other users
Your profile, posts, comments, likes, follows, and bookmarks are visible to other users according to your privacy settings. If you make your profile Public, anyone with the link can see your content; if you make it Private, only accepted followers can see it. Content you share is cached and re-rendered on other users' devices, which we cannot recall if they screenshot or save it.
If your profile is Public, a lightweight version of it (display name, handle, avatar, bio, and follower and post counts) is served at mintrin.app/profile/<your-handle> and may be indexed by search engines. Private profiles are served with a noindex directive and should not appear in search results.
4.4 Authorities and legal successors
- Law enforcement, regulators, and courts, where we are required to comply with a lawful, binding request; we apply a minimum-necessary standard and challenge requests that appear overbroad.
- Buyer or successor in connection with a merger, acquisition, reorganization, or sale of assets — subject to a contractual commitment to continued protection at least equivalent to this policy. We will notify you before any such transfer becomes effective.
We do not sell your personal data. We do not share it with data brokers or advertising networks.
5. International data transfers
Our primary infrastructure (backend, database, authentication system, gateway, user-media storage) is in Germany (EU). Some processors listed in section 4.1 operate from the United States or other regions.
When personal data leaves the EEA or the UK, we rely on:
- The European Commission's Standard Contractual Clauses (2021/914) and, for UK data subjects, the UK International Data Transfer Addendum.
- An adequacy decision, where one exists for the destination country.
- Additional technical measures where needed (encryption in transit, encryption at rest, pseudonymization).
You can request a copy of the safeguards in place for a specific processor by emailing legal@mintrin.app.
6. How long we keep your data — retention
| Data category | Retention |
|---|---|
| Account record (email, hashed password, display name, handle, privacy flag, avatar, bio, interests). | Until you delete your account. Grace period of 14 days after a delete request, during which you can cancel the deletion; after that, the record is removed and references are anonymized. |
| Your posts, comments, likes, bookmarks, follows, blocks. | Until you delete them, or until the account that owns them is deleted. |
| Authentication events (sign-ins, sign-outs, failed attempts, session rotations, password-reset sends). | 90 days. |
| Security and rate-limiting logs at the gateway and backend. | 30 days by default; up to 180 days for events under active investigation. |
| Crash and error reports. | 90 days by default; extended only for unresolved issues. |
| Product analytics. | 365 days by default, then aggregated. |
| Notifications shown in your Activity feed. | Kept while your account exists; deleted with the account. |
| Push notification tokens. | Until you sign out, turn off notifications, or delete the app; invalidated tokens are removed automatically. |
| Raw import files (Goodreads / Letterboxd / other exports you upload). | 7 days, then deleted. Imported library entries themselves follow the same rules as your other content. |
| Backups of the database and media. | Up to 35 days. Deletion from production propagates to backups within the rotation window. |
| Moderation and safety records (reports, decisions, sanctions). | 12 months after the last action, longer where needed to detect repeat offenders or defend claims. |
| Legal, tax, and accounting records. | As required by applicable law (typically 6–10 years). |
After the retention period, we delete the data or irreversibly anonymize it so it can no longer be linked to you.
7. Retention after account deletion
When you delete your account from Settings → Account → Delete or by emailing legal@mintrin.app:
- Your profile and posts become invisible to other users immediately.
- During a 14-day grace period, you can cancel by signing in again.
- After the grace period, your account record, posts, comments, likes, bookmarks, follows, blocks, and avatar file are permanently deleted from production. All sessions are revoked.
- Backups containing pre-deletion data roll off within the retention window shown above.
- We may keep, in anonymised or minimised form and only for as long as necessary, records needed to comply with a legal obligation (e.g. DSA transparency reports, tax records), to detect and prevent fraud or ban evasion, to enforce our Terms against other accounts, or to defend a legal claim.
8. Security
Technical and organisational measures we apply:
- Encryption in transit. All traffic is protected with HTTPS/TLS on production domains.
- Encryption at rest. Full-disk encryption on our servers and server-side encryption for off-site backups.
- Password handling. Passwords are never stored by our application backend. Our authentication system stores only salted hashes, with a password policy of 12+ characters (upper and lower case, digit, and symbol) and a reuse-history check.
- Session security. Short-lived sessions with automatic rotation, and replay detection that revokes the entire session if a session token is presented twice.
- Session visibility. You can see and revoke all active sessions from Settings → Active devices and sessions.
- Image sanitisation. Avatars are processed to remove embedded location and camera metadata, re-encoded to a standard image format, and normalised in size before being stored.
- Upload validation. Uploaded files are validated by their actual content, not just by file extension, to prevent users from uploading executable files disguised as images.
- Network isolation. Internal services are isolated from the public internet; only a secured gateway is exposed.
- Access control. Least-privilege database access per service; administrative access to production is limited to named staff using hardware-protected keys, and credentials are rotated on staff change.
- Backups and disaster recovery. Encrypted off-site backups are taken daily and tested periodically; documented restore procedure.
- Secret management. Production secrets are stored encrypted and decrypted only at runtime by the services that need them.
- Monitoring. Errors, anomalous authentication events, and infrastructure alarms are monitored continuously.
No system is perfectly secure. If you suspect a vulnerability, write to legal@mintrin.app — please do not disclose publicly before we have a chance to fix it.
9. Your rights and how to exercise them
9.1 If you are in the EEA, the UK, or Switzerland (GDPR / UK GDPR)
You have the right to:
- Access the personal data we hold about you (Art. 15).
- Rectify inaccurate or incomplete data (Art. 16).
- Erase your data ("right to be forgotten", Art. 17).
- Restrict our processing in certain cases (Art. 18).
- Data portability — receive your data in a structured, machine-readable format, or have it transmitted directly to another controller where technically feasible (Art. 20).
- Object to processing based on our legitimate interests, including to stop receiving non-essential notifications or analytics (Art. 21).
- Withdraw consent at any time, where processing is based on consent (Art. 7(3)). Withdrawal does not affect processing already carried out.
- Lodge a complaint with a supervisory authority (Art. 77), in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. Our lead supervisory authority is the Dutch Autoriteit Persoonsgegevens (AP), Hoge Nieuwstraat 8, 2514 EL Den Haag,
https://autoriteitpersoonsgegevens.nl. You may also complain to the DPA in your own country.
9.2 If you are in California (CCPA/CPRA)
You have the right to know the categories and specific pieces of personal information we have collected, to correct inaccurate information, to delete your information, to limit use of sensitive personal information, and to opt out of "sale" or "sharing" of personal information (we do not sell or share personal information as those terms are defined under the CCPA/CPRA). You will not be discriminated against for exercising these rights. A legally authorized agent may submit requests on your behalf.
9.3 Other regions
Users in Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act), and other jurisdictions have equivalent rights under their local laws. Contact us at legal@mintrin.app and we will honour your request.
9.4 How to exercise your rights
- In-app:
Settings → Accountfor rename, privacy flag, linked accounts, active sessions, delete, and download data. - Email:
legal@mintrin.app. We may ask you to verify your identity (for example, by sending the request from your account email or by completing a sign-in challenge) to protect you from impersonation. - Response time: we respond within 30 days (extendable by 60 days for complex requests; we will tell you if an extension is needed). There is no fee for reasonable requests.
10. Marketing and communications
- We currently do not send marketing email. If we decide to in the future, we will ask for your opt-in consent and offer a one-click unsubscribe in every message. You can also write to
legal@mintrin.appto opt out at any time. - Transactional email (verify your address, password reset, security alert, deletion confirmation, and similar) is necessary to operate your account; you cannot opt out of it while you have an account, but you can delete your account.
- Push notifications are off until you grant permission at the OS level. We use them to tell you about activity on your account (likes, follows, replies, mentions, moderation outcomes) and important security or service notices. You can turn them off at any time in your device's notification settings, or by signing out of the device.
11. Children
Mintrin is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. Higher minimum ages set by national law (for example 14 in Spain, 15 in France and the Czech Republic, 16 in Germany and the Netherlands) apply in those countries.
If you believe a child under the applicable minimum age has given us personal data, please email legal@mintrin.app; we will delete the account and the data promptly.
We do not profile minors for advertising (we do not do advertising at all) and we do not sell or share data about minors.
12. Cookies and similar technologies
- Mobile app. We store your session tokens, a last-foreground timestamp used to measure re-engagement, and a small set of preferences in the device's encrypted local storage. Our mobile analytics identify you by a randomly generated identifier created on your device the first time you open the app — it is not linked to your real name or to any advertising ID. We do not read Apple's Identifier for Advertisers (IDFA) or the Android Advertising ID, we do not install advertising or cross-app tracking SDKs, and analytics events are sent only to our EU analytics service. Because we do not link your activity in Mintrin with data from other companies' apps or websites, our app does not engage in "tracking" as Apple defines it, and the iOS App Tracking Transparency prompt is not shown. If that ever changes, we will show the prompt before any such processing begins and update this policy.
- Websites. The Mintrin websites today set only strictly-necessary cookies: your authentication session cookie during sign-in, a gateway health cookie, and a CSRF token. We do not set analytics, advertising, or social-plugin cookies. If this changes, we will show a GDPR/ePrivacy-compliant consent banner before setting non-essential cookies.
13. Analytics and error reporting
- Error reporting captures crashes and exceptions on the mobile app and the backend. We configure our error-monitoring provider to not collect personally-identifying information on the backend, to redact authorization headers, tokens, passwords, and known-sensitive breadcrumbs on both client and server, and to sample non-error traces at 10% on the backend. You can ask us to delete error-report events linked to your account at
legal@mintrin.app. - Product analytics (mobile only) captures a short, predefined list of events (see section 2.3). Session replay is disabled. Automatic capture is off. To object to this processing or to have your historical events deleted, write to
legal@mintrin.app; we will action the request within 30 days.
14. Do-Not-Track, GPC, and ad preferences
We honour the Global Privacy Control (GPC) signal on any web surfaces that expose it, treating it as an opt-out of "sale" or "sharing" (even though we do not do either today). Browser "Do Not Track" signals are not standardized and do not currently change the behaviour of our apps beyond the defaults described above.
15. Changes to this policy
We will update this Privacy Policy from time to time — for example when we add a new processor, feature, or legal requirement. If the change is material, we will notify you by email, in-app banner, or both, at least 30 days before it takes effect. The "Last updated" date above always reflects the latest version. Previous versions are kept and available on request.
16. How to contact us
- General support:
support@mintrin.app - Privacy, data-subject requests, complaints, security issues, and all other legal matters:
legal@mintrin.app - Data Protection Officer: not appointed; write to
legal@mintrin.app. - EU representative: not required — the controller is established in the Netherlands.
- Postal: a postal address is available on request to
legal@mintrin.app.
If you are unhappy with our response, you have the right to lodge a complaint with a data-protection supervisory authority — see section 9.1.
Annex A — App Store "Privacy Nutrition Label" summary (iOS)
The following mirrors what we declare in the App Store Connect privacy questionnaire.
Data linked to you:
- Contact Info: email address (for app functionality, account management).
- User Content: photos (avatars), text (bio, posts, comments), imported library entries (titles, ratings, notes you upload from other services) (app functionality).
- Identifiers: user ID (app functionality, analytics, product personalization); device push token (app functionality).
- Usage Data: product interactions on a fixed event taxonomy (analytics, product improvement).
- Diagnostics: crash data, performance data (app functionality, diagnostics).
Data not linked to you: none beyond what is listed above when the analytics opt-out is active.
Data used to track you: None. We do not link any user or device data to third-party data for advertising or measurement purposes across other companies' apps and websites.
Annex B — Google Play "Data safety" summary (Android)
Data collected:
- Personal info: name (display name), email address — for account management, app functionality.
- Photos: avatar — for app functionality.
- Other user content: imported library entries (titles, ratings, notes you upload from other services) — for app functionality.
- App activity: in-app actions on a fixed event taxonomy — for analytics.
- App info and performance: crash logs, diagnostics — for app functionality, diagnostics.
- Device or other IDs, including the device push token — for account management, security, and push notification delivery.
Data shared with third parties: no personal data is shared with third parties except as processors listed in section 4.1.
Data encrypted in transit: yes.
You can request data deletion: yes — from Settings or by emailing legal@mintrin.app.
Committed to Google Play's Families Policy: N/A (app is not primarily directed at children).