Mint Privacy Policy

Effective Date: 23.06.2025

This Privacy Policy explains how Yoma Studio (“Yoma”, “we”, “us”, or “our”) collects, uses, shares, and protects the personal data of individuals who interact with our platform Mint (https://getmint.hipurplemedia.com), a SaaS service that analyzes and improves brand visibility within AI-generated content and large language models (LLMs).

Introduction

This policy is intended to inform users, prospects, and clients of:
  • What personal data we collect;
  • How and why we process this data;
  • The legal basis for processing your data;
  • Your rights under applicable data protection laws;
  • Who is responsible for data processing;
  • How to contact us.

This Privacy Policy supplements any applicable
06.25 Mint GENERAL TERMS AND CONDITIONS OF SALE.pdf or
Mint DATA PROCESSING AGREEMENT (DPA).pdf . In the event of conflict, the DPA
shall prevail for matters relating to data processing.

2. Data We Collect

2.1 Categories of Personal Data

We may collect the following categories of personal data:

  • Identification Data: First name, last name, company name, professional email address, phone number, job title.
  • Technical Data: IP address, device type, operating system, browser type and version, usage logs, session identifiers, cookies, referral URLs.
  • Client Input: URLs, brand names, prompts, keywords, documents, and content identifiers uploaded or submitted for analysis.
  • AI Output Data: Model-generated insights referencing the brand, content, or keywords provided by the user.

2.2 How We Collect Data

  • Directly from users (e.g., via forms, onboarding, email, or chat);
  • Automatically through our website and platform (e.g., cookies, analytics scripts);
  • Indirectly from publicly accessible sources or authorized third-party integrations
Purpose
Purpose Legal Basis
Provide the Mint platform and associated services Contract performance
Contract performance
Account creation, access management, support
Legitimate interest
Improve platform features and AI model outputs Legitimate interest
Legitimate interest
Usage analytics and platform optimization
Consent (where required)
Marketing communications (e.g., newsletters)
Consent
Compliance with legal obligations
Legal obligation
Detection and prevention of fraud or abuse
Legitimate interest

Where processing is based on legitimate interest, we conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

4. Data Sharing and Transfers

We may share personal data with the following categories of recipients:

  • Hosting and Infrastructure Providers (e.g., AWS);
  • Analytics and Tracking Tools (e.g., Google Analytics, Hotjar);
  • AI Service Providers (e.g., OpenAI, Anthropic), where anonymized prompts or brand inputs may be sent for LLM analysis;
  • CRM and Customer Support Tools (e.g., HubSpot, Intercom);
  • Legal or Regulatory Authorities, where required by law or to protect our rights.

Transfers of data outside the European Economic Area (EEA) are conducted in compliance with Chapter V of the GDPR. We rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other legally approved mechanisms to ensure an adequate level of protection

5. Data Retention

We retain personal data only for as long as necessary to:

  • provide our services;
  • comply with applicable laws and regulations;
  • resolve disputes;
  • enforce our agreements.

User data is deleted or anonymized within 24 months after account closure, unless otherwise required by law. We may retain anonymized or aggregated data indefinitely for analytical purposes.

6. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • encryption in transit and at rest;
  • role-based access controls;
  • multi-factor authentication for internal tools;
  • regular security audits, code reviews, and vulnerability assessments.

While we take reasonable steps to secure your data, no system is immune to security risks. You acknowledge and accept this residual risk by using our services.

7. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • access your personal data;
  • correct or update inaccurate data;
  • request deletion of your data (right to be forgotten);
  • restrict or object to specific processing activities;
  • receive your data in a portable format;
  • lodge a complaint with the CNIL (France) or your local data protection authority.

To exercise your rights, contact us at: contact@getmint.ai.

8. Cookies & Tracking

We use cookies and similar technologies to:

  • enable core functionality and improve performance;
  • analyze site traffic and usage patterns;
  • personalize your experience;
  • serve marketing and retargeting campaigns (where consented).

You can manage your cookie preferences via our Cookie Banner or your browser settings. For more information, refer to our Cookie Policy.

9. Data Controller

Yoma Studio
SAS with capital of €1,000
Registered with RCS Paris no. 938 624 061
Registered office: 60 rue François 1er, 75008 Paris, France
Email: contact@getmint.ai

10. Policy Updates

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. If material changes are made, we will notify users via email or a notice on our website. Continued use of our services following such updates constitutes acceptance of the revised Privacy Policy.

Disclaimer: This Privacy Policy does not constitute legal advice. Clients with specific compliance questions should consult legal counsel.