MintCraft
MintCraft

Privacy Policy

1Overview

MintCraft ("we," "us," or "our") provides a software platform for interacting with the Solana blockchain, including token creation, token management, and liquidity pool operations. This Privacy Policy describes what information we collect, how we use it, with whom we share it, and your rights regarding your data. By using MintCraft (the "Service"), you agree to the practices described in this policy. This Privacy Policy is incorporated into and subject to our Terms of Service.

2Information We Collect

The information we collect depends on how you interact with our Service. We outline each category below:

2.1 Account & Authentication Data

The data we collect depends on how you connect to MintCraft. Please read the section that matches your login method:

If You Use Your Own Wallet (External Wallet)

When you connect an external wallet (Phantom, Solflare, Coinbase Wallet, Backpack), we collect:

  • Your public wallet address only.

We do NOT collect your name, email, private keys, seed phrases, or any personal information. No account is created on our platform. Your wallet and credentials are managed entirely by your chosen wallet provider.

If You Create an Instant Wallet (via Social Login or Email)

When you sign in via social login or email (powered by Privy), we may receive and store:

  • Social Login (Google, Twitter/X, Discord, GitHub): Your display name, email address, profile picture URL, and OAuth identifiers provided by the social platform. We do NOT receive or store your social media passwords.
  • Email Login: Your email address.
  • Privy Identifiers: A Privy decentralized identifier (DID) and your instant wallet's public address.

Private Key Notice: MintCraft does NOT store, view, access, or transmit your private keys at any point. All private key generation, storage, and signing operations occur exclusively within Privy's secure cryptographic enclaves on your device. The communication regarding private keys happens directly between you and Privy — MintCraft is never part of this process. You can export your private key at any time from your account settings.

2.2 Transaction & Activity Data

When you use the Service to perform blockchain operations, we store records of:

  • Transaction signatures and status (pending, confirmed, failed)
  • Token details you create (name, symbol, supply, mint address, metadata)
  • Liquidity pool details (pool type, token addresses, liquidity amounts, fee tier)
  • Fee breakdowns (network fee, priority fee, service fee)
  • The network used (devnet or mainnet)

Note: All blockchain transactions are public by design. Anyone can view transaction data on Solana block explorers regardless of our data practices.

2.3 Payment Data

When you pay for services using a credit/debit card, Apple Pay, or Google Pay:

  • We store: Payment status, USD and SOL amounts, Stripe payment ID, payer wallet address, IP address, and user agent at the time of payment.
  • We do NOT store: Full credit/debit card numbers, CVV codes, or card expiration dates. All card payment data is processed and secured by Stripe, a PCI-DSS compliant payment processor. We never have access to your full card details.

2.4 Uploaded Content

  • Token logo images and metadata files you upload are stored on IPFS (InterPlanetary File System) through providers such as Pinata, NFT.Storage, or Lighthouse. Once uploaded to IPFS, files are decentralized and may persist indefinitely — IPFS content cannot be guaranteed to be deleted.
  • CSV files uploaded for bulk token distribution (airdrop/multisender) are processed in memory and are not permanently stored on our servers.

2.5 Technical & Device Data

When you visit or use the Service, we may automatically collect:

  • IP address
  • Browser type, version, and user agent string
  • Operating system and device type
  • Pages visited, referring URLs, and interaction patterns
  • Timestamps of access

3What We Do NOT Collect or Store

Regardless of how you access MintCraft, the following data is never collected, stored, viewed, or accessed by our servers:

Private keys or seed phrases — not for external wallets, and not for Privy instant wallets. For instant wallets, all private key operations happen directly between you and Privy's secure enclaves. MintCraft is never involved in private key generation, storage, or signing.

Full credit/debit card numbers, CVV codes, or card expiration dates — handled exclusively by Stripe. Card data never touches our servers.

Social media passwords — OAuth authentication is handled entirely by Privy. We never receive or see your social account passwords.

Government-issued ID documents — we do not perform KYC/identity verification.

4How We Use Your Information

We use collected information for the following purposes:

  • Provide the Service: Authenticate your identity, connect your wallet, execute and track blockchain operations, process payments, and display your token/pool dashboard.
  • Process Payments: Facilitate service fee payments via Stripe (card) or on-chain (SOL), track payment status, and sponsor gas fees for card payment users.
  • Improve the Service: Analyze usage patterns, diagnose errors, optimize performance, and enhance user experience.
  • Security & Fraud Prevention: Detect and prevent abuse, unauthorized access, fraudulent transactions, and payment fraud.
  • Legal Compliance: Comply with applicable laws, legal processes, and regulatory requirements.
  • Communication: Send transactional notifications (payment confirmations, service updates) if you have provided an email address.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

5Cookies, Analytics & Tracking Technologies

We use cookies, local storage, and similar technologies to operate and improve the Service. The Service employs the following analytics and tracking services:

  • Google Tag Manager (GTM) & Google Analytics 4 (GA4): We use GTM and GA4 to understand how users interact with the Service, track conversion events (e.g., token creation, wallet connection), and measure platform performance. Google may collect device identifiers, IP addresses, and browsing behavior. See Google's Privacy Policy.
  • Microsoft Clarity: We use Microsoft Clarity for session recording, heatmaps, and user behavior analysis to improve the user experience. Clarity may capture mouse movements, clicks, and scroll behavior. See Microsoft's Privacy Statement.

Managing Cookies: You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. Most browsers allow you to block third-party cookies or clear existing cookies. For GA4 opt-out, you may use the Google Analytics Opt-out Browser Add-on.

6Third-Party Services & Data Processors

We share data with the following third-party services as necessary to provide the Service. Each operates under its own privacy policy:

Privy (Authentication & Instant Wallets)

Privy processes authentication data (email, social login credentials) and creates instant wallets for users who sign in via social login or email. Privy is a non-custodial wallet provider — private keys are generated on your device and secured using tamper-proof cryptographic enclaves. MintCraft does not store, view, or access your private keys at any point. All private key operations happen directly between you and Privy's secure infrastructure. You can export your private key at any time from your MintCraft account settings to move your wallet to any external wallet application.

Privy Privacy Policy | Privy User Terms

Stripe (Payment Processing)

Stripe processes card payments (credit/debit), Apple Pay, and Google Pay transactions. Stripe receives your payment card information, billing details, and IP address. MintCraft does not have access to your full card details. Stripe is PCI-DSS Level 1 certified.

Stripe Privacy Policy | Stripe Services Agreement

OAuth Providers (Google, Twitter/X, Discord, GitHub)

When you use social login, we receive limited profile information (display name, email, profile picture) from the OAuth provider via Privy. We do not receive or store your social media passwords. Your use of social login is governed by the respective provider's terms and privacy policies.

IPFS Storage Providers (Pinata, NFT.Storage, Lighthouse)

Token images and metadata are stored on IPFS through these providers. Content uploaded to IPFS is decentralized and publicly accessible. Once pinned, content may persist indefinitely across the IPFS network.

Analytics Providers (Google Analytics, Microsoft Clarity)

These providers collect browsing behavior, device information, and interaction data as described in Section 5 above.

Blockchain Infrastructure (Solana RPC Providers, Raydium, Metaplex)

Blockchain interactions (transactions, queries) are routed through RPC node providers and interact with on-chain protocols. All on-chain data is public by design and visible to anyone.

External Wallet Providers (Phantom, Solflare, Coinbase Wallet, Backpack)

If you connect an external wallet, the wallet provider may collect usage data according to its own privacy policy. We only receive your public wallet address.

7Data Sharing & Disclosure

We may share your information in the following limited circumstances:

  • Service Providers: With third-party service providers (as listed in Section 6) who process data on our behalf to operate the Service.
  • Legal Requirements: When required by law, court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Fraud Prevention: With law enforcement or regulatory bodies when we detect potential fraud, money laundering, or other illegal activities.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction.

8Your Responsibilities

All Users

  • Blockchain Transparency: All blockchain transactions are public, permanent, and traceable by anyone. If you link your wallet address to your identity elsewhere (e.g., on an exchange, social media, or KYC service), your on-chain activity may become personally identifiable.
  • Uploaded Content: Any images, metadata, or files you upload to IPFS through the Service become part of a decentralized network and cannot be guaranteed to be deleted. Do not upload sensitive personal information as token metadata.

If You Use Your Own Wallet

  • You are responsible for protecting your wallet, private keys, seed phrases, and hardware devices. MintCraft collects only your public wallet address and has no access to your wallet credentials.
  • Since no personal data (email, name, etc.) is collected when you use your own wallet, the data-related sections about social login data, email storage, and account deletion do not apply to you.

If You Use an Instant Wallet (via Privy)

  • Protect your linked accounts: Your social media account (Google, Twitter/X, Discord, GitHub) or email is your key to accessing your wallet. If someone gains unauthorized access to that account, they could access your instant wallet. We strongly recommend enabling two-factor authentication (2FA) on your social media and email accounts to add an extra layer of protection.
  • Export and back up your private key: You can export your private key at any time from your account settings on MintCraft. We recommend doing this and storing the key securely as a backup, allowing you to import your wallet into any external wallet app (Phantom, Solflare, etc.) at any time.
  • Understand the private key architecture: MintCraft does not store, view, or access your private keys. All private key operations happen exclusively between you and Privy's secure infrastructure. If you lose access to both your linked social/email account and your exported private key, neither MintCraft nor Privy can recover your wallet.

9Data Retention

We retain different types of data for different periods:

  • Account Data: Retained as long as your account is active or as needed to provide the Service. You may request deletion (see Section 11).
  • Transaction Records: Retained for a minimum of 5 years to comply with financial record-keeping requirements and potential legal obligations.
  • Payment Records: Retained for a minimum of 7 years for tax and financial compliance purposes.
  • Technical Logs: Server logs and analytics data are periodically purged, typically within 90 days, unless needed for security investigations.
  • Blockchain Data: On-chain data (transactions, token metadata) is permanently recorded on the Solana blockchain and cannot be altered or deleted by us or anyone.
  • IPFS Content: Files uploaded to IPFS are decentralized and may persist indefinitely. We can unpin content from our IPFS providers, but cannot guarantee removal from all IPFS nodes.

10Security

We take security seriously and have designed our platform to protect your data and assets. We implement robust technical and organizational measures, including:

  • Encrypted data transmission (HTTPS/TLS) across all communications
  • Encrypted database storage for all sensitive information
  • Access controls and audit logging for administrative operations

Why We Chose Our Security Partners

We have carefully selected industry-leading partners to handle the most sensitive aspects of our Service:

Privy — Wallet & Authentication Security

We use Privy for authentication and instant wallet creation because of their industry-leading non-custodial architecture. Your private keys are generated and stored exclusively in tamper-proof cryptographic enclaves on your device — MintCraft never sees, stores, or has access to your private keys at any point. All wallet signing operations happen directly between you and Privy's secure infrastructure, with MintCraft never being part of this communication. You can export your private key from your account settings at any time, giving you full control and portability of your wallet.

Stripe — Payment Security

We use Stripe for all card payment processing because they are a PCI-DSS Level 1 certified payment processor — the highest level of security certification in the payments industry. Your card details (card number, CVV, expiration) are processed entirely by Stripe and never touch MintCraft's servers. This ensures your financial information is protected to the highest industry standard.

While we take every reasonable step to protect the platform and carefully select trusted security partners, no system is 100% secure. Blockchain activity itself is public and cannot be altered or deleted. You are responsible for securing your own devices, credentials, social media accounts, and wallet access. We strongly recommend enabling two-factor authentication (2FA) on your social media and email accounts, and taking advantage of any security features offered by your external wallet provider (e.g., Phantom's biometric lock or password protection).

11Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data:

For All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements. Note: blockchain data and IPFS content cannot be deleted.
  • Wallet Export: You may export your Privy instant wallet at any time through Privy's export functionality.

For EEA/UK Residents (GDPR)

If you are a resident of the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) contractual necessity (to provide the Service you requested); (b) legitimate interest (security, fraud prevention, service improvement); and (c) your consent (for analytics and marketing communications, where applicable).
  • Data Portability: You may request your data in a structured, machine-readable format.
  • Restriction: You may request restriction of processing in certain circumstances.
  • Object: You may object to processing based on legitimate interest.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

Important GDPR limitation for blockchain data: Due to the immutable nature of blockchain technology, certain data recorded on-chain (transaction hashes, wallet addresses, token metadata) cannot be modified or deleted. We take a data-minimization approach and avoid storing personal data on-chain where possible. Off-chain personal data (in our database) can be deleted upon request, subject to legal retention obligations.

For California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • No Sale of Data: We do not sell your personal information as defined by the CCPA/CPRA.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (generally 30 days for GDPR, 45 days for CCPA/CPRA).

12International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. Our third-party providers (Stripe, Privy, Google, Microsoft, IPFS providers) may process data in various jurisdictions. Where required by law (e.g., GDPR), we ensure appropriate safeguards are in place for international data transfers, such as Standard Contractual Clauses (SCCs) or reliance on providers' data protection frameworks.

13Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction, whichever is greater). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with personal information, please contact us at [email protected].

14Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or features of the Service. Updates will be reflected by the "Last Updated" date. For material changes, we will make reasonable efforts to provide notice through the Service or via email (if you have provided one). Continued use of the Service after updates means you accept the changes.

15Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, you may contact us at:

Warning: Do not send wallet seed phrases, private keys, or other sensitive secrets in any communication with us. We will never ask for these.

← Back to MintCraft
Last Updated: February 10, 2026