Mintly Lifemintly.life
Back to home

Privacy Policy

Effective date: July 1, 2025 · Last updated: July 1, 2025

Mintly Life ("Mintly," "we," "our," "us") provides a community-built music platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to your use of mintly.life, artists.mintly.life, and any related services we operate (the "Service").

1. Information you provide

When you create an account, apply to become an artist, or use the Service, we collect information you provide directly, including:

  • Account information: email address, password (stored as a salted hash with bcrypt; we never see your plaintext password), display name, account type (personal or artist), and your verified status.
  • Profile information: optional biography, profile photo, banner image, accent color, and similar profile attributes that you choose to add or update.
  • Artist content: music recordings, cover art, song titles, record labels, release dates, and other release metadata you upload as an Artist account holder.
  • Communications: messages you send to us (e.g., DMCA notices, support requests, security reports).

2. Information we collect automatically

  • Listening activity: which tracks you play, when, and which artists you follow, like, or add to playlists. This activity powers features such as Daily Mix and monthly listener counts.
  • Device and log data: IP address, user-agent, referrer, request paths, timestamps, and error logs, captured automatically by our servers and used for security, abuse prevention, and operating the Service.
  • Cookies: we use first-party, HttpOnly authentication cookies ("access_token," "refresh_token") to keep you logged in securely. We do not use third-party advertising or tracking cookies. We use one localStorage preference (banner dismissal) for UX continuity.

3. How we use information

  • To provide and operate the Service, including playing music, building playlists, computing monthly listeners and follower counts, and generating personalized recommendations (e.g., Daily Mix).
  • To authenticate you, maintain your session, send password-reset emails, and protect against abuse (e.g., rate limiting, lockouts after repeated failed logins).
  • To review artist applications and music submissions before they go live, and to enforce our Terms of Service.
  • To send transactional emails such as password resets and application status notifications.
  • To respond to your support requests, legal demands, and DMCA notices.

4. Monthly listeners and follower counts

For artists, the "monthly listeners" figure reflects the count of distinct user accounts that have played at least one of the artist's tracks during the current calendar month. Replaying songs from the same account during a month does not change that month's figure. The count resets at the start of each calendar month.

5. How we share information

We share information only as described here:

  • Public profile data (display name, profile photo, bio, accent color, banner, verified badge, follower count, and—for artists—monthly listener count and approved tracks) is visible to anyone who can access the Service.
  • Service providers who help us operate the Service, such as our hosting provider, transactional email provider (Resend), and database provider, and who are bound by contractual confidentiality and security obligations.
  • Legal requirements: we may disclose information to comply with applicable law, valid legal process, or government requests, or to protect the rights, property, or safety of Mintly, our users, or others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of all or part of our business, subject to a successor's agreement to honor this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

6. Data retention

We retain account information for as long as your account is active. Listening events are kept indefinitely so that listening history can power personalization (e.g., Daily Mix). Password-reset tokens are deleted or invalidated after one hour or after first use. Server logs are retained for up to 90 days for security and debugging. When you delete your account, we will delete or anonymize information associated with the account within 30 days, except where retention is necessary for legitimate business reasons (e.g., billing, fraud prevention, compliance with law) or to honor existing licenses granted in your User Content.

7. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information, including HTTPS in transit, salted-bcrypt password hashing, HttpOnly authentication cookies with the Secure and SameSite=None flags, server-side rate limiting on sensitive endpoints, lockouts after repeated failed logins, content security headers (HSTS, X-Frame-Options, Content-Type-Options, Referrer-Policy, Permissions-Policy), CSRF mitigation via custom request headers, automated client (bot) blocking on API endpoints, and short-lived cryptographically random password reset tokens. No system, however, is perfectly secure; please report suspected vulnerabilities to security@mintly.life.

8. Your choices

  • You can edit or remove most profile information directly from your account settings, or from your Artist dashboard if you have an Artist account.
  • You can reset your password from the login page; an email link will be sent through our transactional email provider.
  • You can delete your account by emailing privacy@mintly.life from the email address associated with the account.
  • You can disable cookies in your browser, although doing so will prevent you from staying logged in and will disable parts of the Service.

9. Rights for users in the EEA, UK, Switzerland, and California

Depending on where you live, you may have additional rights regarding your personal information, including the right to access, correct, delete, port, or restrict processing of your information, or to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority. California residents may have the rights described in the California Consumer Privacy Act (CCPA/CPRA), including the right to know, the right to delete, the right to correct, and the right to opt out of sale or sharing—although as noted above, we do not sell personal information. To exercise any of these rights, contact us at privacy@mintly.life; we will verify your identity before responding. You may use an authorized agent where the law permits.

10. Children's privacy

The Service is not directed to children under 13. If you believe a child under 13 has provided us personal information, please contact privacy@mintly.life and we will delete it.

11. International transfers

Mintly is operated from the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to legitimize these transfers.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, provide additional notice through the Service or by email. Your continued use after an update means you accept the revised Policy.

13. Contact

Privacy questions, requests, and complaints can be sent to privacy@mintly.life.

Terms of Service·Back to Mintly Life