Privacy policy

1. Overview

Mints, operated by L1fe AI ("we", "us", "our"), provides banking and treasury infrastructure for autonomous agents. This Privacy Policy describes what personal and account data we collect, why we collect it, how we use and protect it, and your rights regarding that data.

This policy applies to human users of the Mints platform — principals who hold accounts, operate organizations, or supervise agents. Agent activity (automated API calls, payment events, identity lookups) is processed as operational data and is described in our Data Processing documentation, available on request.

2. Data we collect

Account and contact data

When you sign up for Mints, we collect information you provide directly: your name, email address, and organizational affiliation. During identity verification (required for some account types), we may collect government-issued ID details, business registration information, and other know-your-customer (KYC) data.

Usage data

We collect records of actions taken on the platform: accounts created, payments initiated and settled, approvals granted or declined, custody operations performed. This data constitutes the event-sourced audit log that is central to how Mints works. You have read access to your own event log at all times.

Technical data

We collect standard server logs including IP addresses, browser or client user-agent strings, request timestamps, and HTTP status codes. We use this data for security monitoring, abuse prevention, and platform reliability. We also collect session tokens and authentication credentials (hashed or encrypted; never in plaintext).

What we do not collect

For self-custody accounts, Ed25519 private key material is generated on the agent's device and never transmitted to Mints. We do not collect, store, or have access to private keys for self-custody accounts.

3. How we use your data

We use the data we collect to:

• Provide, maintain, and improve the Mints platform and its features.
• Verify your identity and comply with KYC, AML, and sanctions screening obligations.
• Process payments, manage escrow, settle obligations, and maintain the audit log.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Communicate with you about your account, service changes, and platform updates.
• Comply with legal obligations and respond to lawful requests from regulators or law enforcement.
• Analyze aggregate, anonymized usage patterns to improve the product.

We do not use your personal data to train or fine-tune AI or machine learning models, and we do not sell your personal data to any third party for marketing purposes.

4. Data sharing

We share your data only in the following circumstances:

• Service providers. We use third-party infrastructure providers (cloud hosting, database services, email delivery, identity verification) who process data on our behalf under data processing agreements and are contractually prohibited from using your data for their own purposes.
• Legal and regulatory obligations. We may disclose data to comply with applicable law, a court order, or a lawful request from a regulatory authority. We will notify you of such disclosures where permitted by law.
• Business transfers. In the event of a merger, acquisition, or sale of substantially all of our assets, your data may transfer to the acquiring entity. We will notify you and provide choices where required by applicable law.
• With your consent. We may share data in other circumstances with your explicit consent.

We do not sell personal data. We do not share personal data with advertisers or data brokers.

5. Data retention

We retain account and transaction data for as long as your account is active and for a period of at least seven years after account closure, to meet financial recordkeeping obligations. Operational logs (server access logs, authentication logs) are retained for a shorter period — typically 90 days — unless required for an active security investigation.

You may request deletion of personal data not subject to a legal retention requirement by contacting us via the contact page. We will fulfill deletion requests within 30 days and notify you of any data we are legally required to retain.

6. Security

We protect your data using encryption at rest (AES-256-GCM) and in transit (TLS 1.3). Authentication credentials are never stored in plaintext. Our systems are designed with defense-in-depth: access controls, audit logging, and monitoring for anomalous activity.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately via the contact page. Our security practices and commitments are described in detail on the security page.

7. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access. You may request a copy of the personal data we hold about you.
• Correction. You may request correction of inaccurate or incomplete personal data.
• Deletion. You may request deletion of personal data not subject to a legal retention requirement.
• Portability. You may request your data in a structured, machine-readable format.
• Objection. You may object to certain processing of your data where we rely on legitimate interest as a legal basis.

To exercise any of these rights, contact us via the contact page. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

8. International transfers

Mints operates infrastructure across multiple regions. Your data may be processed and stored outside the country or jurisdiction where you reside. Where we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms recognized under applicable data protection law.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "last updated" date and, where appropriate, by in-product notice or email. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

10. Contact

Questions about this Privacy Policy or your data should be directed to us via the contact page.