What Mintdrop collects and why.
Last updated: May 2026.
What we collect
When you subscribe to a Mintdrop vault, we collect: your email address (account login), your billing details (handled by Stripe — Mintdrop never sees full card numbers), the practice name and specialty you give us, and any brand kit you upload (logo, brand colors, social handles).
We collect basic analytics on which captions you copy and which days you visit the app. We do this to improve which captions ship in future drops. We do not sell this data.
What we don't collect
- We never collect patient data, intake forms, or medical records. Mintdrop is not a HIPAA-covered service.
- We don't store credit-card numbers — Stripe handles payments end-to-end.
- We don't sell or share customer data with third-party advertisers.
Cookies
We use session cookies for login and a small set of first-party analytics cookies (Vercel Web Analytics). We don't run third-party ad cookies.
Where your data lives
Customer data is stored on Supabase (US region) and Stripe (US). Brand-kit assets are stored on Supabase Storage. AI personalization (Phase 2+) runs through OpenAI's API on our account; we do not allow OpenAI to train on customer data.
Your rights
You can request a copy of your data, ask us to correct it, or ask us to delete your account by emailing hello@mintdrop.ai. We respond within thirty days. California (CCPA) and EU (GDPR) residents have additional rights enumerated on request.
Changes
We'll update this page when our practices change. Material changes get a heads-up email; small clarifications happen here.