Privacy Policy.
How MintWire collects, uses, shares and protects personal data. Read alongside our Terms of Service and Data Processing Addendum. A plain-language overview is on the Legal page.
Effective date: 30 June 2026.
1. Who we are
MintWire is operated by MintWire Tech OÜ, registry code 11151989, registered office Peterburi tee 90f, 13816 Tallinn, Harju maakond, Estonia. For any privacy question or request, contact hello@mintwire.tech.
2. Our two roles
We process personal data in two capacities. As a controller, we decide how we handle the data of our customers and website visitors — account details, billing data, support correspondence and site analytics. As a processor, we handle the personal data that our business customers put into the service about their own callers, leads, prospects and contacts (“service data”); for that data the customer is the controller, and we process it on their instructions to provide the service. This policy describes our controller activities; our processing of service data is governed by the customer’s instructions and our Data Processing Addendum.
3. Data we process
Account & billing data: name, business name, email, phone, login credentials, plan and add-ons, and payment-related data handled by our payment processor (we do not store full card numbers). Service data (as processor): the content our customers and their visitors submit — chat messages, form submissions, inbound emails, contact details, call audio, summaries or transcripts where the voice features are used, prospect and contact records the customer uploads or generates, and the knowledge base the customer loads. Usage & technical data: log data, device/browser information, approximate location derived from IP (such as country and city), and product analytics used to run and improve the service. Support data: messages you send us.
4. Why we process it and our legal bases
We process personal data to provide, secure and support the service; to take payment and manage subscriptions; to communicate about the service; to maintain security and prevent abuse; to comply with legal obligations; and to understand and improve how the product is used. Where the GDPR applies, our legal bases are: performance of a contract (providing the service and billing), our legitimate interests (security, prevention of abuse, product improvement, and limited analytics), compliance with a legal obligation (such as accounting), and consent where required. For service data we process on a customer’s instructions, the customer is the controller and is responsible for the legal basis.
5. Subprocessors, AI training and sharing
We do not sell personal data, and we do not share it for cross-context behavioural advertising. We share data with vetted service providers (subprocessors) that help us run the service, under agreements that require appropriate protection. The canonical, dated list of subprocessors is Annex 3 of our Data Processing Addendum and currently includes hosting and application infrastructure, database and authentication, payments, AI, telephony and voice, transactional and inbound email, and calendar integration (named providers are listed there). Outbound prospecting emails are sent from the customer’s own mailbox. AI training: we do not use service data to train our own AI models, and our AI provider does not train its models on data sent through its API in the ordinary course. We may also disclose data where required by law or to protect rights, safety and the integrity of the service.
6. International transfers
Some subprocessors may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards — an adequacy decision or the European Commission’s Standard Contractual Clauses — as further described in our Data Processing Addendum.
7. Retention
We keep personal data only as long as needed for the purposes above. As a guide: billing and accounting records are kept for about 7 years to meet Estonian accounting and tax obligations; operational logs and product analytics are kept for up to about 12 months; routine backups are overwritten or purged on an ordinary cycle (normally within about 35 days). Service data we hold as a processor is kept while the customer’s account is active and is deleted or returned within about 30 days of termination in line with the customer’s instructions and our Data Processing Addendum, subject to the backup cycle above. Where the law requires longer retention, we keep data for that period.
8. Security
We use technical and organisational measures appropriate to the risk, including isolation of each business’s data from other tenants, access controls, and encryption of data in transit. No system is perfectly secure, but we work to protect the data we hold and to limit access to those who need it to operate the service.
9. Your rights
Subject to applicable law, you may have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact hello@mintwire.tech; we may need to verify your identity, and we aim to respond within one month. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. If you are in the EEA, you may also lodge a complaint with your local data-protection authority; in Estonia this is the Andmekaitse Inspektsioon. If you are a resident of a US state with a privacy law, we do not sell your personal data or share it for cross-context behavioural advertising, and you may exercise applicable rights via the same contact. If your request concerns data a business holds about you through our service (service data), we will refer you to that business as the controller, or act on its instructions.
10. If a MintWire customer holds your data
If you contacted a business that uses MintWire (for example by calling, chatting, submitting a form, or receiving an outreach email), that business is the controller of your data and decides how it is used. Please direct access, correction, deletion and opt-out requests to that business. We act on their instructions and will support them in responding.
11. Cookies
The marketing site uses only what is necessary to function, plus limited privacy-respecting analytics to understand traffic. The application uses cookies that are required for sign-in and security. We do not use advertising cookies. You can control cookies through your browser settings; blocking essential cookies may break parts of the application.
12. Children
The service is for business use and is not directed to children. We do not knowingly collect personal data from children under 16, and account holders must be 18 or over (see the Terms).
13. Changes
We may update this policy from time to time. If we make material changes, we will update the effective date and, where appropriate, notify you.
14. Contact
MintWire Tech OÜ · Peterburi tee 90f, 13816 Tallinn, Estonia · hello@mintwire.tech. Our Data Processing Addendum for business customers (with the subprocessor list) is published and a countersignable copy is available on request.
