Privacy Policy
Last updated: July 14, 2026.
This policy explains what Mint Shelf collects, how we use and disclose it, and the choices available to you.
1. Information we collect
- Account information, including your phone number, email address, authentication records, and public profile details.
- Marketplace activity, including searches, listings, collections, follows, bids, offers, purchases, orders, and reviews.
- Seller information, including business details, team membership, Stripe Connect status, shipping origins, and fulfillment records.
- Transaction and fulfillment information, including payment status, refunds, disputes, shipping addresses, and tracking information.
- Communications, including private messages, comments, support requests, feedback, and survey responses.
- Device and network information, including IP address, device type, browser, operating system, app version, and approximate location.
- Product telemetry, including interactions, navigation, searches, performance, errors, warnings, logs, and session recordings.
- Scout information, including prompts, responses, uploads, tool activity, model details, token usage, cost, and timing.
- SMS consent records, including opt-in status and related preference changes.
2. How we use information
- Operate accounts, authentication, recovery, preferences, and notifications.
- Provide marketplace, seller, payment, shipping, and support features.
- Process payments, payouts, refunds, and disputes through Stripe.
- Prevent fraud, enforce our terms, secure the service, and investigate incidents.
- Measure product usage, improve search and marketplace quality, and understand business outcomes.
- Diagnose errors, performance issues, failed requests, and unreliable workflows.
- Improve Scout prompts, tools, quality, cost, and reliability.
- Meet legal, financial, tax, recordkeeping, and compliance obligations.
3. Service providers and disclosures
We disclose information to service providers that operate Mint Shelf:
- Stripe processes payments, Stripe Connect onboarding, payouts, refunds, and disputes.
- Twilio delivers verification codes and opted-in marketplace text messages.
- PlanetScale, Cloudflare, and Better Auth provide database, storage, delivery, security, email, and authentication services.
- PostHog provides analytics, web analytics, heatmaps, replay, errors, logs, flags, surveys, groups, warehouse data, and Scout AI observability.
- Sentry provides primary incident response through errors, traces, profiles, logs, replay, releases, and source-map processing.
We may also disclose information when legally required, to protect people or the service, or during a business transaction.
We do not sell personal information or share it with advertising networks or for cross-context behavioral advertising.
We do not sell, rent, or disclose SMS opt-in consent or phone numbers for third-party marketing. Text-message originator consent is not shared with third parties.
4. Marketplace visibility
Public profiles, businesses, listings, collections, events, comments, and public-intended images can be visible to other users.
Sellers receive information needed to fulfill orders, including shipping, contact, and transaction details.
Businesses may receive aggregate buyer reputation information for marketplace decisions. Private messages are not included in that aggregate information.
5. PostHog analytics and session replay
PostHog can collect interactions, navigation, searches, page activity, touch activity, performance, errors, logs, surveys, feature-flag use, and group activity.
We permit raw IP collection and GeoIP processing for approved telemetry and server request records.
Replay may include page structure, interactions, public searches, public-intended drafts, Scout prompts, and public marketplace images.
We mask passwords, one-time codes, credentials, payments, addresses, tracking numbers, contact entry, private messages, private uploads, and security-bearing images.
Network replay records metadata only. It excludes request and response bodies, cookies, authorization headers, and sensitive query values.
6. Scout AI observability
When usage tracking is enabled, PostHog may receive full Scout prompts, responses, sanitized tool data, model details, tokens, cost, and timing.
We remove credentials, signed URLs, binary content, raw media, and base64 data before sending Scout telemetry.
Sentry receives Scout metadata, but not full prompts or responses.
7. Warehouse and Stripe data
PostHog reads approved application database tables through restricted, read-only connections.
Approved tables can contain operational, personal, and private content. We exclude credentials, sessions, verification data, passkeys, tokens, secrets, and recovery data.
PostHog also imports approved Stripe-derived transaction and operational records through our database warehouse for reconciliation and trusted financial reporting.
Database and Stripe ingestion can continue after usage tracking is disabled. Source retention and transaction obligations still apply.
8. Your privacy controls
Use “Usage analytics and replay” in Settings to control PostHog analytics, replay, surveys, search events, Scout traces, and tracing headers.
We honor Global Privacy Control and Do Not Track on each browser. These signals override an enabled account preference on that browser.
Anonymous preferences use local storage and the ms_usage_tracking cookie. Signed-in preferences synchronize across devices.
After opt-out, anonymous group-level business outcomes may continue without user identity or content.
Sanitized server reliability events may also continue without user identifiers or content. Sentry reliability monitoring remains active under its existing data restrictions.
9. Your choices and requests
- Access and update profile and preference information in Settings.
- Opt out of text messages by replying STOP.
- Request access, correction, export, or deletion by contacting privacy@mintshelf.com.
- Delete your account through the available account controls or by contacting us.
- Appeal a denied privacy request by replying to our decision.
We may need to verify your identity before completing a request. Applicable law may provide additional rights based on where you live.
10. Cookies and local storage
Mint Shelf uses cookies and local storage for authentication, session persistence, security, product preferences, and permitted analytics.
We do not use third-party advertising trackers.
11. Retention and deletion
Session replay and raw Scout AI content are retained for 30 days. Other product telemetry follows our contracted PostHog retention.
Only named administrators may access raw replay, Scout AI, warehouse, and private-content products.
Account deletion enqueues deletion of the related PostHog person, events, and recordings.
Some order, warehouse, Stripe, fraud, tax, financial, and transaction records may remain when required by law or legitimate operational obligations.
12. Security
We use administrative, technical, and organizational safeguards designed to protect information in transit and at rest.
Payment card data is sent directly to Stripe. We monitor for unauthorized access and will provide notices when required by law.
No service can guarantee absolute security. Contact security@mintshelf.com if you believe you found a security issue.
13. Children
Mint Shelf is not intended for anyone under 18. We do not knowingly collect personal information from children.
Contact us if you believe a child provided information so we can investigate and delete it when appropriate.
14. United States processing
Mint Shelf and the providers listed above may process and store information in the United States.
15. Changes to this policy
We may update this policy as Mint Shelf and its providers change. We will update the date above and provide notice for material changes.
16. Contact
Contact privacy@mintshelf.com for privacy requests. Contact support@mintshelf.com for general help.