Privacy Policy

Last updated: January 2026

MINT YOUR CARD is committed to protecting your personal data. This policy explains how we collect, use, and secure your information.

Introduction

This Privacy Policy describes how MINT YOUR CARD (hereinafter "we", "our" or "the company") collects, uses, processes, and protects the personal data you provide when using our website https://app.mint-your-card.com.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, you have rights regarding your data.

Article 1 - Data Controller

The data controller for personal data is:

Company name: MINT YOUR CARD
Legal form: SAS (French simplified joint-stock company)
Registered office: 110 Rue Cambronne, 75015 Paris, France
Email: contact@mint-your-card.com

Article 2 - Personal Data Collected

2.1 Data collected when creating an account

When you create an account, we collect:

  • Identity: name, surname, username
  • Contact details: email address, delivery address
  • Connection: IP address, login credentials
  • Profile: profile picture (optional)

2.2 Data collected when placing an order

To process your orders, we collect:

  • Delivery and billing address
  • Phone number (optional)
  • Payment information (processed via Stripe, not stored by us)
  • Order history

2.3 Data collected automatically

We automatically collect certain data through cookies and similar technologies:

  • Analytics cookies: number of visitors, pages viewed
  • Functional cookies: preferences, cart, language
  • Browsing data: IP address, browser type, device used

Article 3 - Legal Basis for Processing

We process your personal data on the following legal bases:

  • Performance of a contract: order processing and product delivery
  • Consent: account creation, newsletter, cookies
  • Legitimate interest: improving our services, fraud prevention
  • Legal obligation: invoicing, accounting

Article 4 - Data Retention Period

Your data is retained for the time necessary to fulfil the purposes for which it was collected:

Data type Retention period
Customer account Duration of the account, then 3 years after closure
Orders 5 years from conclusion of contract (legal requirement)
Invoices 10 years (accounting obligation)
Cookies 13 months maximum for analytics cookies
Browsing data 12 months after last visit

At the end of these periods, your data is either deleted, anonymised, or archived in accordance with legal obligations.

Article 5 - Data Recipients

We do not sell your personal data. In accordance with Article 28 of the GDPR, here is the exhaustive list of our sub-processors:

Hosting and infrastructure

  • Google / Firebase (United States) — database hosting, authentication, serverless functions. Covered by standard contractual clauses and the Data Privacy Framework.
  • Vercel (United States) — web application hosting. Covered by standard contractual clauses.
  • BunnyCDN / Bunny.net (Slovenia, EU) — image and video delivery via CDN.

Payments

  • Stripe (United States / Ireland for EU) — boutique payment processing. PCI-DSS compliant.
  • PayPal (Luxembourg for EU) — P2P payments between users (transactions go directly to the seller).

Shipping and logistics

  • Boxtal (France) — multi-carrier management for boutique orders.
  • Mondial Relay (France) — pickup point delivery.
  • Colissimo / La Poste (France) — home delivery.

Third-party marketplace

  • eBay (Netherlands for EU) — only for users who have connected their eBay account (OAuth tokens encrypted with AES-256-GCM).

Search and features

  • Algolia (United States / France) — full-text search engine for graded cards.
  • Replicate (United States) — AI photo enhancement for cards (Magic Brush). Covered by standard contractual clauses.
  • Google Cloud (Gemini) (United States / Belgium) — AI card name recognition.
  • ipinfo.io (United States) — city-level geolocation for the community map (IP only, never stored).

Transactional communication

  • Brevo (formerly Sendinblue) (France) — transactional and marketing emails (with consent).
  • Resend (United States) — transactional emails backup.

Analytics and quality (with consent)

  • Mixpanel (United States) — product analytics. Activated only after acceptance of the cookie banner.
  • Microsoft Clarity (United States) — anonymized usage analysis (heatmaps, sessions). Activated only after acceptance.
  • Google Tag Manager / Analytics (United States) — tag manager. Activated only after acceptance.

All our sub-processors are contractually bound by a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR and are subject to strict confidentiality obligations. Transfers outside the EU are governed (see Article 9).

Article 6 - Your Rights Regarding Your Data

In accordance with the GDPR, you have the following rights:

6.1 Right of access

You may request a copy of the personal data we hold about you.

6.2 Right to rectification

You may request the correction of inaccurate or incomplete data.

6.3 Right to erasure ("right to be forgotten")

You may request the deletion of your data, subject to legal obligations.

6.4 Right to restriction of processing

You may request that we restrict the use of your data.

6.5 Right to data portability

You may receive your data in a structured format and transfer it to another controller.

6.6 Right to object

You may object to the processing of your data on legitimate grounds.

6.7 Right to withdraw consent

You may withdraw your consent at any time (cookies, newsletter, etc.).

6.8 Right to define the fate of your data after death

You may give instructions concerning the fate of your data after your death.

To exercise your rights:

Contact us by email at contact@mint-your-card.com or via Discord.

We will respond to your request within a maximum of 30 days.

Article 7 - Cookies and Trackers

7.1 What is a cookie?

A cookie is a small text file placed on your device when you visit our website. It helps remember your actions and preferences.

7.2 Types of cookies used

  • Essential cookies: necessary for the website to function (cart, login)
  • Analytics cookies: to analyze website usage
  • Preference cookies: to remember your language or display choices

7.3 Managing cookies

You can manage your cookie preferences via the cookie banner on the website or directly from your browser settings.

Article 8 - Data Security

We implement all appropriate technical and organisational measures to ensure a level of security proportionate to the risk:

  • SSL encryption (HTTPS) for all data transmissions
  • Strong authentication for account access
  • Restricted access to personal data within our teams
  • Regular and secure backups
  • Compliance with PCI-DSS security standards for payments

However, no data transmission over the Internet is guaranteed to be 100% secure. We recommend that you take care of your login credentials.

Article 9 - Data Transfers Outside the European Union

Some of our providers are located outside the European Union (United States, etc.). When we transfer data to these countries, we ensure they offer an adequate level of protection, including through:

  • The EU-US Data Privacy Framework (where applicable)
  • European Commission standard contractual clauses
  • Your explicit consent

Article 10 - Protection of Minors

Our services are not intended for children under 15 years of age (the threshold set by French law for online service consent, in accordance with Article 8 of the GDPR). We do not knowingly collect personal data from minors without parental consent.

If we discover that we have collected data from a minor without parental consent, we will take the necessary steps to delete it promptly.

Article 11 - Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Changes will take effect as soon as they are published online.

Any substantial change will be brought to your attention by:

  • A notification on the website
  • An email for users with an account

We encourage you to check this page regularly for any updates.

Article 12 - Artificial Intelligence Processing

As part of our pre-grading service, your card photos may be analyzed by third-party artificial intelligence services to enhance your experience:

  • Automatic recognition: Google Gemini (Google LLC) is used to automatically identify the name and characteristics of your card from the photo.
  • Image enhancement: Replicate (Replicate, Inc.) is used to improve the visual quality of your photos (background removal, sharpness enhancement).

12.1 Data transmitted

Only card photos are sent to these services. No personal data (name, email, address, account ID) is shared with these providers.

12.2 Data retention

These processes are carried out in real time on secure servers. Images are not retained by these services beyond the time needed for processing (a few seconds).

12.3 Legal basis

This processing is based on your consent, obtained when you first use the card submission feature. You can submit your cards without AI enhancement by choosing the free mode.

Questions about your data?

For any questions regarding this policy or the exercise of your rights:

contact@mint-your-card.com Discord

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): 3 Place de Fontenoy - 75007 Paris, France