Legal

Privacy Policy

Effective May 29, 2026Last updated May 29, 2026

This Privacy Policy explains what data MintSlide ("we", "us") collects, how we use it, and the rights you have over it. It applies to your use of mintslide.com ("the Service"). By using the Service you agree to this policy.

1. What we collect

  • Account data. Email address and a hashed password. We never store passwords in plain text.
  • Deck content. Titles, slide content, themes, speaker notes, and any images you upload or generate ("Your Content"). Stored in your account.
  • Usage data. 24-hour rolling counters of how many AI prompts and image generations you've used. Used solely for enforcing plan quotas.
  • Diagnostic data. Error logs, performance traces, and crash reports captured during your session (including HTTP status, error message, page URL, browser/OS, and an anonymized user ID). Retained for up to 90 days.
  • Billing data (when paid plans are available). Stripe collects and stores your payment information; we receive only your customer/subscription identifiers and billing status. We never see your card number, CVC, or full billing address. The Service currently has no paid plans.

We don't intentionally collect special categories of personal data (health, biometric, political opinions, religious beliefs, etc.). Please don't put such information in your decks.

2. How we use it

  • To provide the Service: save your decks, render exports, enforce quotas, send confirmation and password-reset emails, and (in the future) bill subscriptions.
  • To respond to support requests sent to hello@mintslide.com.
  • To diagnose bugs and improve reliability. We use aggregated and anonymized data for product analytics; we may publish anonymized statistics about overall usage patterns (no personally identifying data).
  • To enforce these Terms and detect abuse (e.g. spotting bots or quota-bypass attempts).
  • To comply with legal obligations and respond to lawful requests from authorities.

What we don't do: We don't sell your data. We don't train AI models on Your Content. We don't serve ads. We don't use cross-site tracking cookies or third-party advertising pixels.

3. Third parties we share with

We rely on the following service providers to operate the Service. Each receives only the data needed for their function, under their own privacy and security terms:

  • Supabase (database, auth, file storage) — privacy policy. Hosted in the region selected at project creation (default: US-Central).
  • Anthropic, OpenAI, and/or Google (AI models) — when you trigger an AI action, the prompt and relevant slide context are sent to the provider configured for your environment. Per our agreements with these providers, your inputs are not used to train their future models. Each provider's privacy policy governs their handling of the request.
  • Unsplash (stock-photo search) — when you search for a stock image, your query is sent to Unsplash. No account info is shared.
  • Browserless / headless Chromium (PDF rendering) — runs inside our infrastructure and processes Your Content when you click "Export PDF".
  • Sentry (error monitoring) — receives diagnostic data described in §1 when an error occurs. Personally identifiable fields are scrubbed where possible.
  • Stripe (payment processing, when paid plans exist) — privacy policy.

We may add or change service providers and will update this policy when we do. We're not responsible for how these third parties handle data they collect directly from you on their own properties.

4. Aggregated and anonymized data

We may produce data that doesn't identify you (statistics, trends, aggregated usage figures). Once data is genuinely de-identified, we may use and share it freely for any purpose, including product improvement, research, and marketing.

5. Cookies and local storage

We use first-party cookies only for authentication sessions. We don't use third-party tracking cookies, ad pixels, or cross-site fingerprinting.

The Service stores some non-sensitive state in your browser's localStorage (e.g. the currently-edited deck for fast reload) and uses a BroadcastChannel to sync state between tabs. None of this is sent to our servers; it stays on your device until you clear browser data or delete your account.

6. Security

Data is transmitted over HTTPS and encrypted at rest by Supabase. Access to the production database, storage, and service-role credentials is restricted to the application's own server-side processes; we apply least-privilege principles for internal access.

No system is perfectly secure. If we experience a breach affecting your personal data, we'll notify you by email within 72 hours of discovery and report to regulators when required.

7. Data retention

We retain account and deck data as long as your account is active. When you request account deletion, your account is queued for permanent removal: active records are removed within 30 days. Encrypted off-site backups may retain residual copies for up to a further 30 days, after which they're overwritten in the normal backup rotation. Diagnostic and error logs are retained for up to 90 days.

For free-tier accounts, we may also terminate or delete accounts (and their content) that have not been accessed for more than 180 consecutive days, as described in the Terms of Service.

We may retain limited information longer when required by law, to respond to law- enforcement requests, to resolve disputes, to prevent fraud or abuse, to enforce these Terms, or for legitimate business records.

8. Your rights

  • Access. Request a copy of all data we hold about you. Email us and we'll provide it in machine-readable form within 30 days.
  • Deletion. Request account deletion anytime from Account settings. Deletion is queued and active records are removed within 30 days (see §7 for backup retention).
  • Correction. Update your email and password from Account settings (when those features are exposed in-app; meanwhile, contact us).
  • Portability. Export your decks via "Save offline" (HTML) or "Export PDF" in the editor.
  • Object / restrict / withdraw consent. Where applicable (e.g. under GDPR), you may object to or restrict certain processing. Email us.

To exercise any of these rights, email hello@mintslide.com. We may need to verify your identity before acting on a request.

9. Do Not Track

We don't currently respond to Do Not Track browser signals because there is no consistent industry standard. We don't do cross-site tracking either way.

10. International users

MintSlide is operated from the United States. By using the Service from outside the US, you consent to your data being transferred to and processed in the US, subject to the protections described in this policy. Where Supabase or other service providers operate in regions other than the US, your data may also be processed in those regions.

11. Children

The Service isn't intended for users under 13. We don't knowingly collect data from children under 13. If we learn that we've collected such data, we delete it. If you believe we have collected information from a child, contact us and we'll act promptly.

12. Business transfers

If we're involved in a merger, acquisition, reorganization, asset sale, bankruptcy, or similar event, your data may be transferred as part of that transaction. We'll notify you of any such transfer that would change how your data is handled.

13. Changes to this policy

We'll post material changes here and update the "Effective" date at the top. For significant changes, we'll also email you at least 30 days before they take effect (or sooner if required by law).

14. Contact

Privacy questions, requests, or complaints? hello@mintslide.com.

See also: Terms of Service

Back to top ↑