Mint Shelf

Privacy Policy

Last updated: July 14, 2026.

This policy explains what Mint Shelf collects, how we use and disclose it, and the choices available to you.

1. Information we collect

2. How we use information

3. Service providers and disclosures

We disclose information to service providers that operate Mint Shelf:

We may also disclose information when legally required, to protect people or the service, or during a business transaction.

We do not sell personal information or share it with advertising networks or for cross-context behavioral advertising.

We do not sell, rent, or disclose SMS opt-in consent or phone numbers for third-party marketing. Text-message originator consent is not shared with third parties.

4. Marketplace visibility

Public profiles, businesses, listings, collections, events, comments, and public-intended images can be visible to other users.

Sellers receive information needed to fulfill orders, including shipping, contact, and transaction details.

Businesses may receive aggregate buyer reputation information for marketplace decisions. Private messages are not included in that aggregate information.

5. PostHog analytics and session replay

PostHog can collect interactions, navigation, searches, page activity, touch activity, performance, errors, logs, surveys, feature-flag use, and group activity.

We permit raw IP collection and GeoIP processing for approved telemetry and server request records.

Replay may include page structure, interactions, public searches, public-intended drafts, Scout prompts, and public marketplace images.

We mask passwords, one-time codes, credentials, payments, addresses, tracking numbers, contact entry, private messages, private uploads, and security-bearing images.

Network replay records metadata only. It excludes request and response bodies, cookies, authorization headers, and sensitive query values.

6. Scout AI observability

When usage tracking is enabled, PostHog may receive full Scout prompts, responses, sanitized tool data, model details, tokens, cost, and timing.

We remove credentials, signed URLs, binary content, raw media, and base64 data before sending Scout telemetry.

Sentry receives Scout metadata, but not full prompts or responses.

7. Warehouse and Stripe data

PostHog reads approved application database tables through restricted, read-only connections.

Approved tables can contain operational, personal, and private content. We exclude credentials, sessions, verification data, passkeys, tokens, secrets, and recovery data.

PostHog also imports approved Stripe-derived transaction and operational records through our database warehouse for reconciliation and trusted financial reporting.

Database and Stripe ingestion can continue after usage tracking is disabled. Source retention and transaction obligations still apply.

8. Your privacy controls

Use “Usage analytics and replay” in Settings to control PostHog analytics, replay, surveys, search events, Scout traces, and tracing headers.

We honor Global Privacy Control and Do Not Track on each browser. These signals override an enabled account preference on that browser.

Anonymous preferences use local storage and the ms_usage_tracking cookie. Signed-in preferences synchronize across devices.

After opt-out, anonymous group-level business outcomes may continue without user identity or content.

Sanitized server reliability events may also continue without user identifiers or content. Sentry reliability monitoring remains active under its existing data restrictions.

9. Your choices and requests

We may need to verify your identity before completing a request. Applicable law may provide additional rights based on where you live.

10. Cookies and local storage

Mint Shelf uses cookies and local storage for authentication, session persistence, security, product preferences, and permitted analytics.

We do not use third-party advertising trackers.

11. Retention and deletion

Session replay and raw Scout AI content are retained for 30 days. Other product telemetry follows our contracted PostHog retention.

Only named administrators may access raw replay, Scout AI, warehouse, and private-content products.

Account deletion enqueues deletion of the related PostHog person, events, and recordings.

Some order, warehouse, Stripe, fraud, tax, financial, and transaction records may remain when required by law or legitimate operational obligations.

12. Security

We use administrative, technical, and organizational safeguards designed to protect information in transit and at rest.

Payment card data is sent directly to Stripe. We monitor for unauthorized access and will provide notices when required by law.

No service can guarantee absolute security. Contact security@mintshelf.com if you believe you found a security issue.

13. Children

Mint Shelf is not intended for anyone under 18. We do not knowingly collect personal information from children.

Contact us if you believe a child provided information so we can investigate and delete it when appropriate.

14. United States processing

Mint Shelf and the providers listed above may process and store information in the United States.

15. Changes to this policy

We may update this policy as Mint Shelf and its providers change. We will update the date above and provide notice for material changes.

16. Contact

Contact privacy@mintshelf.com for privacy requests. Contact support@mintshelf.com for general help.