Legal

Privacy Policy

Last updated: May 12, 2026

Mintlytics (“we”, “us”) helps Pokémon TCG collectors track market data, find deals, and assess card values. This policy explains what data we collect, how we use it, and the rights you have over it. If anything here is unclear, write to privacy@mintlytics.io.

1. What we collect

We collect only what we need to run the service:

  • Account data — name, email address, and a password hash (managed by Clerk, our authentication provider).
  • Collection data — the cards and sealed products you add to your collection, watchlist, sniper, and alerts; purchase prices and grades you record.
  • Usage analytics — page views, feature usage, error reports collected via Sentry. We do not track you across third-party sites.
  • Billing data — payment method, billing address, and subscription tier. Processed by Stripe; card numbers never touch our servers.

2. How we use it

  • To provide the service: authenticate you, store your collection, run market scans, deliver alerts.
  • To send you alerts you've opted into (price alerts, deal notifications, Pokémon Center drops).
  • To improve the product: aggregate, anonymized usage patterns guide what we build next.
  • To bill you and handle support requests.

We do not sell your personal data. We do not share your collection data with advertisers.

3. Third-party services

We rely on a small set of vendors to run Mintlytics:

  • Clerk — authentication and session management.
  • Stripe — subscription billing and payment processing.
  • eBay APIs — to fetch live and sold listings used by the deal sniper and market value calculations.
  • Anthropic (Claude) — to generate AI assessments. Card metadata you submit is sent for inference; your account email is not.
  • Sentry — error monitoring. Stack traces and feature breadcrumbs are sent on errors.
  • Resend — transactional email delivery (alerts, receipts, magic links).
  • Vercel & Neon — application hosting and Postgres database.

4. Data retention

We keep your account data for as long as your account is active. When you delete your account, your personal data is removed within 30 days; aggregated, anonymized analytics may be retained indefinitely. Billing records are kept for 7 years to satisfy tax and audit obligations.

5. Your rights

You can, at any time:

  • Access and export your data from the Settings page.
  • Correct or update your account information.
  • Delete your account, which removes your personal data per Section 4.
  • Opt out of marketing emails via the unsubscribe link.

Email privacy@mintlytics.io for data-subject requests or any privacy question.

6. Security

We use industry-standard practices: encryption in transit (TLS), hashed passwords, scoped database access, and least-privilege cloud roles. No system is perfectly secure; please use a strong, unique password and report suspicious activity to privacy@mintlytics.io.

7. Changes to this policy

We'll update the date at the top whenever this policy changes. Material changes will be announced by email at least 30 days before they take effect.