Privacy Policy

Last updated: March 16, 2026

1. Introduction

MintTags, operated by Phorphx ("we", "us", "our"), respects your privacy. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

Account Data

When you create an account, we collect your email address and authentication credentials managed through Supabase Auth.

Etsy OAuth Data

When you connect your Etsy shop, we receive an access token and refresh token via Etsy's OAuth 2.0 flow. These tokens are encrypted at rest using AES-256-GCM and stored in our database. We access your shop name, listing titles, descriptions, tags, and basic listing metadata. We do not access your Etsy financial data, customer information, or order history.

Listing Data

Product titles, descriptions, tags, and categories you submit for optimization are processed by our AI and stored in your optimization history. This data is used solely to provide the Service and improve optimization quality.

Billing Data

Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription ID but never store credit card numbers or full payment details. See Stripe's Privacy Policy for details on their data handling.

Usage Data

We track optimization counts for plan limit enforcement. We use standard web analytics to understand how the Service is used.

3. AI Processing

Your listing data is sent to Anthropic's Claude API for optimization. Anthropic processes this data according to their privacy policy. We do not use your data to train AI models. Each optimization request is processed independently and not retained by the AI provider beyond the request lifecycle.

4. Cookies

We use essential cookies for authentication session management (via Supabase Auth) and temporary OAuth state cookies during the Etsy connection flow. We do not use advertising or tracking cookies.

5. Data Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for Etsy API tokens at rest
  • HTTPS-only connections
  • Row-level security policies on our database
  • Secure webhook signature verification for Stripe events
  • PKCE-protected OAuth flows

6. Data Retention

Your optimization history is retained while your account is active. Keyword research results are cached for 24 hours. Upon account deletion, all your data is removed within 30 days.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Disconnect your Etsy shop at any time
  • Export your optimization history

8. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and database hosting
  • Anthropic (Claude) — AI-powered listing optimization
  • Stripe — Payment processing
  • Etsy — Shop and listing data access
  • Vercel — Application hosting
  • Resend — Transactional email delivery

9. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or in-app notification.

10. Contact

For privacy questions or data requests, contact us at privacy@minttags.com.

MintTags is operated by Phorphx.