Privacy Policy

We collect account details needed to run the platform, including your username, linked provider identity, profile image, session metadata, and activity tied to escrow and trade operations.

• Account identifiers: display name, email address, provider IDs (Google, Discord).
• Profile data: avatar, bio, and custom settings you configure.
• Session metadata: IP address, device type, browser information, login timestamps.
• Transaction data: deal IDs, wallet addresses, amounts, network types, and escrow status.
• Communication data: messages sent within deal chats and support channels.
• Abuse-prevention signals: device, browser, and connection characteristics used to detect duplicate accounts, automated abuse, or impersonation.
• Image signatures: a non-reversible fingerprint of your profile image, used to detect impersonation of platform staff.

We also collect technical signals from your device and session to keep accounts secure and prevent abuse. This data is retained for as long as needed for that purpose.

IP intelligence data (geolocation, ASN, VPN/proxy/hosting flags) is provided by DB-IP, licensed under CC-BY 4.0.

Data is used to authenticate users, secure accounts, operate escrow workflows, deliver notifications, prevent abuse, and maintain platform reliability.

• Authenticate your identity and manage sign-in sessions.
• Process and secure escrow transactions between trading parties.
• Send system notifications about deal status changes and security events.
• Detect, prevent, and respond to fraud, abuse, or violations of our Terms.
• Run automated bot checks, image moderation, and identity-pattern analysis to keep the platform safe.
• Generate anonymised analytics to improve platform performance and reliability.
• Comply with legal obligations and respond to lawful requests.

We apply layered safeguards, access controls, monitoring, and audit logs to protect account and transaction data. No system is perfect, but security remains a core priority of the platform.

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Two-factor authentication (2FA) available for all accounts.
• Session management with device tracking and revocation capabilities.
• Staff access is role-gated with audit trails for all administrative actions.
• Regular security reviews and vulnerability assessments.

We do not sell personal data. Information is shared only when required to provide core service functionality, satisfy legal obligations, or enforce platform safety.

• Counterparties in escrow deals receive limited information necessary to complete transactions.
• Authentication providers (Google, Discord) receive standard OAuth tokens only.
• A small number of trusted service providers help us operate the platform — including error monitoring, transactional email delivery, bot protection, image moderation, and usage analytics (Google Analytics). They receive only what is necessary to perform their function and may not use it for any other purpose.
• Law enforcement or regulators when required by applicable law or valid legal process.
• We never sell, rent, or trade your personal information to third parties for marketing purposes.

To support platform transparency, brief summaries of completed trades are published in public AutoMint community channels. Summaries may include trade details and participant usernames; private chat content and account information are not shared.

We retain your data for as long as your account is active or as needed to provide our services. Transaction records are maintained for compliance and dispute resolution purposes.

• Account data is retained while your account remains active.
• Transaction and escrow records are retained for a minimum of 2 years after deal completion.
• Session logs are automatically purged after 90 days.
• You may request account deletion at any time through official support channels.

You have the right to access, correct, or request deletion of your personal data, subject to our legal retention obligations.

• Access: Request a copy of the personal data we hold about you.
• Correction: Update inaccurate or incomplete personal information.
• Deletion: Request removal of your account and associated data.
• Portability: Request your data in a structured, machine-readable format.

AutoMint uses essential cookies required for authentication, session management, and security, plus Google Analytics cookies to understand how the platform is used. We do not use advertising or social media tracking cookies.

• Authentication cookies: maintain your signed-in session.
• Security cookies: CSRF protection and platform integrity checks.
• Preference cookies: remember your display settings and theme.
• Analytics cookies: Google Analytics measures page views, approximate location, and device/browser information so we can improve the platform.
• No advertising or social media tracking cookies.

Before analytics data leaves your browser, we strip identifying details from page addresses — usernames, deal IDs, and chat channel IDs are replaced with generic placeholders, and staff/admin areas are never tracked. You can opt out of Google Analytics entirely with the Google Analytics opt-out browser add-on. Google's handling of this data is described in the Google Privacy Policy.

Questions about privacy can be raised through official AutoMint support channels. We aim to respond to all privacy-related enquiries within 30 days.

When you use the AutoMint desktop app, it sends diagnostic data that helps us keep the app reliable and diagnose crashes. This includes a persistent install/device identifier, the app version, and coarse environment data — operating system, locale, timezone, and a hardware summary.

This data is pseudonymous: it is not tied to your name, but the install/device identifier belongs to the same family as the abuse-prevention device and connection signals described in Information We Collect, and it can be linked to your account. The desktop app stores this identifier locally on your device.

The desktop app provides a toggle to turn off detailed feature-usage events. When you turn it off, the app stops sending them.

We process this diagnostic data on the basis of our legitimate interest in product reliability and crash analysis. It is kept only as long as needed for product-reliability analysis. You can object to this processing or request deletion through the deletion and objection path described in Your Rights.