Privacy Policy

MintedBrain ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our website and services.

Scope — International Users (EU/EEA)

Our website is accessible worldwide. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we may process your personal data when you use our site. We comply with the EU General Data Protection Regulation (GDPR) and applicable data protection laws for data of residents in those regions. We are based in the United States but respect your rights regardless of where you are located.

1. Information We Collect

We collect information you provide directly, such as your email address when you subscribe to our waitlist or newsletter. We also collect usage data (e.g., pages visited, events such as task page views and tool clicks, device type, approximate location) through Firebase Analytics, Microsoft Clarity (session replay and heatmaps on our public site), and our backend event logging. See Section 3 for details on cookies and analytics.

1.1 Account Data

When you create an account, we collect:

• Email address — for account identity, communications, and password reset
• Authentication identifier — a unique ID from our authentication provider (Firebase/Google) that links your account to your identity
• Display name — required; used on certificates and in your profile
• Interest categories — category topics you select in your account (e.g., content-creation, productivity); used to personalize your For You recommendations

We collect this data to operate your account, authenticate you, and provide our services. We do not collect more than is necessary for these purposes.

1.2 Learning Progress

When you are signed in, we store your learning progress on our servers, including which courses and learning paths you have started and how far you have progressed. We use this to let you resume where you left off and to personalize your For You feed (e.g., excluding courses you are actively learning from recommendations so you can discover new content).

2. Authentication and Third-Party Sign-In

We use Firebase Authentication (Google) to enable sign-in with Google or email/password. When you sign in with Google, Google shares your email address and basic profile information with us. Firebase and Google process authentication data according to their respective privacy policies:

• Firebase Privacy
• Google Privacy Policy

3. Cookies and Similar Technologies

We use cookies, localStorage, and similar technologies for the purposes described below.

3.1 Essential Cookies

Session cookie — When you sign in, we set a secure session cookie to keep you authenticated. This cookie is:

• HttpOnly — not accessible to JavaScript
• Secure — transmitted only over HTTPS
• SameSite — set to reduce cross-site request risks

Session cookies typically last for a limited period (e.g., up to two weeks) and are used solely for authentication. These are essential for the service and do not require consent.

3.2 Functional Cookies (Progress When Not Signed In)

Regional cookie banner — If you are not signed in, we may show a cookie consent banner when we detect that your connection is from the European Economic Area (EEA), the United Kingdom, or Switzerland. In those regions we ask for your consent before storing certain non-essential cookies, in line with common expectations under the GDPR, UK GDPR, and similar rules. We do not show this banner in other regions, where we may rely on a different legal basis (as described below) to store your progress.

Progress cookie (mb_progress) — When you are not signed in, we can store your learning progress (e.g., courses and paths you have started) in a cookie so you can resume where you left off. If you are in the EEA, UK, or Switzerland, we set this cookie only after you click "Accept" on the banner. If you click "Decline," we do not store that progress in a cookie. If you are elsewhere, we may set this cookie without displaying the banner, consistent with applicable law.

Consent preference — We store your choice (accepted or declined) in your browser's localStorage so we remember your preference on that device. This is not a cookie but functions similarly for consent management. If you have declined, we do not use the progress cookie until you change that preference (where the banner is available) or clear site data.

3.3 Analytics

We use Firebase Analytics (Google Analytics 4) to understand how visitors use our site. Firebase Analytics sets cookies (e.g., _ga, _ga_*) and collects data such as pages visited, events (e.g., task page views, tool clicks, search usage, For You filter and navigation), device type, and approximate location (country-level). We use this data to improve our site, measure engagement, and make product decisions.

Firebase and Google process this data according to their privacy policies. You can learn more and opt out of Google Analytics via:

• Firebase Privacy
• Google Privacy Policy
• Google Analytics Opt-out Browser Add-on

Our legal basis for analytics is our legitimate interest in improving our service and understanding usage. If you are in the EEA and prefer not to have analytics cookies, you can use the Google opt-out add-on or adjust your browser settings to block third-party cookies.

3.4 Microsoft Clarity and Microsoft Advertising

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products and services. Website usage data is captured using first- and third-party cookies and other tracking technologies to determine the popularity of products and services and online activity. We also use this information for site optimization, fraud and security purposes, and advertising. Clarity is not loaded on our admin or internal tools areas of the site. For more information about how Microsoft collects and uses your data, see the Microsoft Privacy Statement.

4. User-Generated Content

If you submit content through our service (e.g., tool submissions, feedback, comments, reviews, or other forms), we process that content to provide our services, improve our offerings, and as described in our Terms of Service. That includes the uses described there for testimonials and promotional communications with your display name (for example on our homepage or in advertising). Optional fields you submit that are labeled only for our internal team are used to operate and improve the service; we do not use them as public testimonials without your separate consent. If you submit a course, path, or skills track review, we may use your account email address to contact you about that review if needed, as described in our Terms of Service and the consent you give on the review form.

5. Email Communications

By subscribing to our waitlist or newsletter, you consent to receive emails from us, including welcome messages, launch announcements, product updates, and (if you opt in) periodic digests. We will send you emails for as long as you remain subscribed. You may unsubscribe at any time using the link in any email or by visiting our unsubscribe page. Unsubscribing stops future emails but does not delete information we have already collected.

6. How We Use Your Information

We use your information to operate our service, authenticate you, send you communications you have requested, improve our website, and comply with legal obligations. We do not sell your personal information to third parties.

Personalized recommendations (For You): If you are signed in, we use your interest categories and learning progress to personalize the For You feed. This includes surfacing tasks, tools, courses, tutorials, and blog posts matched to your interests, and excluding courses you are actively learning so you can discover new content. This processing happens on our servers and is part of providing your account experience.

6.1 Legal Basis (GDPR)

For users in the EEA/UK, we process personal data on the following bases:

• Consent — Newsletter signup; and, where we show the cookie banner (EEA, UK, Switzerland), your choice to accept or decline storage of the anonymous progress cookie when you are not signed in.
• Contract — Account creation, authentication, providing services you have requested, and personalized For You recommendations based on your interests and learning progress.
• Legitimate interest — Analytics to improve our site, security, fraud prevention, and compliance with legal obligations; and, where we do not ask for prior opt-in via the cookie banner, storing anonymous learning progress in a cookie so you can resume your session.

Where we rely on consent, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

7. Data Storage and Security

Account and subscriber data are stored in our database. We use reasonable technical and organizational measures to protect your information, but no method of transmission over the internet is 100% secure.

8. Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period (typically 30 days), except where we must retain it for legal, regulatory, or legitimate business purposes (e.g., resolving disputes, enforcing our terms). Step-by-step instructions for requesting deletion are on our Delete account page.

9. Third Parties

We may use service providers (e.g., hosting, email delivery, authentication) who process data on our behalf under contracts that require them to protect your data. We do not share your information with third parties for their own marketing purposes.

10. Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data
• Portability — request your data in a structured, machine-readable format
• Objection — object to certain processing of your data
• Restriction — request that we restrict processing in certain circumstances
• Withdraw consent — where processing is based on consent

EEA/UK users: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence. A list of EU supervisory authorities is available at edpb.europa.eu.

California users: You may have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights or to submit a privacy request, contact us at hello@mintedbrain.com. We will respond within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

11. Amendments and Changes

We reserve the right to amend or modify this Privacy Policy at any time. The updated policy will be posted on this page with a new effective date. When we make material changes that affect how we use your personal data, we will notify you by email. The email will contain a direct link to the updated Privacy Policy so you can review it.

12. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at hello@mintedbrain.com.