Privacy Policy

1. Summary

This Privacy Policy outlines how we collect, use, share, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

a. Personal Information

• Full name
• Email address
• Hashed password
• Login timestamps
• Account creation dates
• Email verification status

b. Business Profile Data

• VAT registration status and numbers
• Work type (agency/freelance)
• Fee structures and commissions
• Business name, address, phone
• Bank details
• Accountant contact
• Uploaded logos

c. Financial Records

• Job details (titles, clients, dates, fees)
• Invoices and VAT info
• Expenses and receipts
• Bank statements and remittance info

d. AI Features (opt-in only)

• Anonymous job pricing
• AI document processing requests
• Assistant conversation logs

e. Authentication Data

• Biometric credentials (WebAuthn / Face ID / Touch ID – opt-in only)
• Session and calendar access tokens

f. Documents

• Templates, generated documents, signatures, and email logs

3. How We Use Your Data

We process your data to:

• Deliver and improve the Minimin service
• Generate and manage invoices, documents, and financial summaries
• Enable optional AI services and smart suggestions (if opted in)
• Comply with legal and tax obligations
• Send service-related communications

We do not use your data for advertising, resale, or third-party analytics.

4. Legal Bases for Processing

We process data under the following legal bases:

• Consent: for AI features and communications preferences
• Contractual necessity: to deliver the service
• Legal obligation: to comply with tax and regulatory duties
• Legitimate interest: for service improvement and security

5. Sharing Your Data

We only share your data with:

• Stripe (invoice/payment processing)
• Resend / SendGrid (email delivery)
• Anthropic Claude (AI data processing – opt-in only)

We will never sell your data or share it with advertisers.

6. Data Storage & Security

• Privacy by Design: Sensitive data is architecturally separated from admin interfaces
• Data Anonymization: Admin dashboards show only hashed identifiers and statistics
• Access Logging: All administrative actions are logged for security monitoring
• Encrypted Database: PostgreSQL with encryption at rest
• Secure File Storage: Local storage with validation and access controls
• Password Security: Hashed using Werkzeug with secure algorithms
• Account Protection: Lockouts and rate limiting against attacks
• Session Security: Secure sessions and token-based password resets
• Email Verification: Required for account activation

7. Cookies

We use essential cookies only, including:

• Authentication session cookies
• CSRF security tokens
• Preference cookies (language, theme)

We do not use Google Analytics, ads, or third-party tracking cookies.

8. Your Rights

You may at any time:

• Access your data
• Request correction or deletion
• Export your data (JSON format)
• Withdraw consent to optional features
• Manage communications preferences

To exercise your rights, contact us at support@minimin.app.

9. Children

Minimin is not intended for use by individuals under 18 years of age.

10. Contact

For privacy inquiries or data access requests:

• Email: support@minimin.app
• Data Controller: Sole Trader operating Minimin
• Jurisdiction: United Kingdom