Privacy Policy

MintX Technologies Private Limited (“MintX”, “we”, “us”, “our”) operates the MintX platform at mintx.trade. This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you use our platform.

Account data — name, email address, and phone number. We use passwordless sign-in (a one-time 6-digit code emailed to you); we do not store passwords.

Profile data — risk profile answers, watchlist tickers, investment preferences, KYC status, linked broker accounts, and onboarding responses used to personalise your experience.

PMS interest data — if you submit the PMS Interest form, the details you provide (including optional PAN and investment profile) for our team to contact you.

Usage data — pages visited, signals viewed, features used, timestamps, device type, browser, and IP address — collected to improve the platform and for analytics.

Payment data — transaction IDs, subscription plan, and payment status via Razorpay. We do not store card numbers, CVVs, or UPI credentials on our servers.

Communication data — messages sent to our support team and responses to in-app feedback forms.

Push notification tokens — if you grant notification permission, your browser push subscription endpoint and encryption keys are stored on our servers solely to deliver alerts you have requested. You can revoke this at any time from Settings → Notifications.

Browser permission states — when you grant or deny browser permissions (notifications, motion sensor, geolocation) or install the app, we record those states alongside your account to provide a consistent experience across devices. We do not use this data for profiling or advertising.

Contact data — if you voluntarily use the “Invite a Friend” feature, the app opens your device's native contact picker (with your permission). No contact information is transmitted to or stored on our servers. We only record a boolean flag that you used the invite feature.

Motion sensor data — if you grant motion permission (e.g. to enable shake-to-refresh on iOS), accelerometer readings are processed locally on your device only and are never transmitted to our servers.

• To create and manage your account and authenticate your sessions.
• To personalise Fibonacci signals and screener results to your risk profile and watchlist.
• To process subscription payments and send billing confirmations.
• To send transactional notifications (signal alerts, price triggers, account events).
• To improve platform features using aggregated, anonymised analytics.
• To respond to support queries and resolve complaints.
• To comply with applicable Indian laws, SEBI regulations, and legal obligations.

We do not sell your personal data to third parties.

Your data is stored on Supabase (PostgreSQL database hosted on AWS in the ap-south-1 Mumbai region) and protected with row-level security policies, TLS encryption in transit, and AES-256 encryption at rest.

All data is transmitted over encrypted HTTPS/TLS connections; we enforce HTTPS-only access (HSTS preload) and automatically upgrade any insecure requests. We use passwordless email OTP authentication (no passwords to store or leak), HTTP security headers (HSTS, CSP, X-Frame-Options), row-level security, and regular security audits. If you discover a vulnerability, please report it to security@mintx.trade.

Client-side storage — the MintX PWA stores the following data locally on your device: session tokens (required for authentication), preference settings (theme, layout), a service worker cache of app pages for offline access, and optionally a WebAuthn credential ID if you enable App Lock (biometric/PIN). Biometric data — fingerprints, face scans — never leave your device; the WebAuthn standard ensures they are processed entirely by your device's secure enclave.

Client-side encryption— any portfolio data cached locally for offline viewing is encrypted with AES-256-GCM using the Web Crypto API before being written to your device's storage. The encryption key is session-scoped and is discarded when you close the app.

MintX uses the following types of client-side storage:

• Essential cookies — session tokens required for authentication and platform functionality. Cannot be disabled.
• Preference storage (localStorage) — theme preference (light/dark), sidebar state, filter settings, and app lock credential ID (if enabled).
• Session storage (sessionStorage) — temporary encryption keys for offline-cached data and session unlock state. Cleared when you close the app.
• Service worker cache — app shell pages and static assets cached for offline access. You can clear this via your browser's site data settings.
• IndexedDB — a small queue of pending mutations (e.g. portfolio saves attempted while offline) held temporarily and flushed automatically when connectivity is restored. Not retained after successful sync.
• Analytics — anonymised event data sent to Google Analytics (GA4). No personally identifiable information is included.

You may opt out of analytics via Google Analytics Opt-out. All other local storage can be cleared from your browser's settings or by deleting your account via Settings → Data & Privacy.

MintX integrates with the following third parties who may process your data:

• Supabase — database and authentication (AWS ap-south-1)
• Razorpay — payment processing (PCI-DSS certified)
• Google Analytics — anonymised usage analytics
• Vercel — platform hosting and edge network

We retain your account data for as long as your account is active. If you delete your account:

• Profile data and watchlists are permanently deleted within 30 days.
• Anonymised analytics and aggregated usage data may be retained indefinitely.
• Payment records are retained for 7 years as required under the Income Tax Act, 1961 and GST regulations.

Under applicable Indian privacy law, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your account and personal data.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing of your data for specific purposes.

Self-serve: you can export a machine-readable copy of your data and permanently delete your account at any time from Settings → Data & Privacy, in line with the Digital Personal Data Protection Act, 2023 (DPDP).

For any other request, email privacy@mintx.trade from your registered email address. We will respond within 30 days.

MintX is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact privacy@mintx.trade.

We may update this Privacy Policy from time to time. We will notify you by email or in-app notification for material changes. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

For privacy-related queries or data requests:
privacy@mintx.trade
MintX Technologies Private Limited, Mumbai, Maharashtra, India.