Privacy Policy
At Minopa, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Minopa ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform at https://minopa.com (the "Service").
Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
Account Information
When you create an account, we collect:
- Full name (first and last name)
- Email address
- Password (stored securely in hashed form, for email/password registration)
- Profile picture/avatar (provided by you or imported from your Google account if you sign in with Google)
Workspace and Team Information
When you create or join a Workspace, we collect:
- Workspace name and settings
- Team member roles and permissions
- Invitation details (email addresses of invited members)
Content and Media
When you use the Service to create and publish content, we collect:
- Post text, captions, titles, and hashtags
- Uploaded images, videos, and other media files
- Scheduling preferences and publish dates
- Draft and archived content
Billing Information
When you subscribe to a paid plan, our payment processor Stripe collects:
- Payment method details (credit/debit card information)
- Billing address
- Transaction history
Note: Minopa does not directly store your full payment card details. All payment information is processed and stored securely by Stripe. See Stripe's Privacy Policy for details.
Communications
- Support requests and correspondence
- Feedback and suggestions
1.2 Information Collected Automatically
Usage Data
When you use the Service, we automatically collect:
- Pages visited and features used
- Click patterns and navigation behavior
- Session duration and frequency
- Device type, browser type, and operating system
- Screen resolution and viewport size
- IP address
- Referring URL
Cookie and Tracking Data
We use cookies and similar technologies to collect data. See Section 5 (Cookies and Tracking Technologies) for details.
Error and Performance Data
We collect technical data to maintain and improve the Service:
- Error reports and stack traces (via Sentry)
- Page load times and performance metrics
- API response times
1.3 Information from Third-Party Platforms
When you connect Social Accounts to the Service, we receive information from third-party platforms including:
| Platform | Information Collected |
|---|---|
| Account name, avatar, username, post data, media, engagement metrics | |
| Facebook Pages | Page name, avatar, page data, post data, engagement metrics |
| Profile name, avatar, company page data, post data | |
| X (Twitter) | Username, display name, avatar, tweet data, engagement metrics |
| Threads | Account name, avatar, post data |
| TikTok | Username, avatar, video data, engagement metrics |
| Username, display name, avatar, board data, pin data, engagement metrics | |
| YouTube | Channel name, avatar, video data, engagement metrics |
| Canva | User ID, team ID, display name, design titles, thumbnails, exported design files (images/videos) |
| Google Drive | Email, display name, storage quota, file names, file metadata, imported files (images/videos/documents) |
The specific data accessed depends on the permissions you grant when connecting each platform.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Service Delivery
- Authenticate your identity and manage your account
- Enable content creation, scheduling, and publishing across social media platforms
- Manage Workspaces, team members, and permissions
- Process subscription payments and manage billing
- Provide analytics and insights about your social media performance
2.2 Service Improvement
- Analyze usage patterns to improve the Platform
- Identify and fix bugs and technical issues
- Develop new features and functionality
- Monitor and optimize Service performance
2.3 Communication
- Send service-related notifications (e.g., scheduled post confirmations, failed post alerts)
- Respond to your support requests and inquiries
- Send important updates about your account or the Service
- Notify you of changes to our Terms or Privacy Policy
- Send newsletter emails about new blog posts and product updates
- Send marketing emails about features, tips, and promotions
When you verify your email address, you are automatically subscribed to our newsletter and marketing emails. You can manage your email preferences at any time through Settings → Email Preferences in your account or by using the unsubscribe link provided in every email.
2.4 Legal and Compliance
- Comply with legal obligations
- Enforce our Terms and Conditions
- Protect against fraudulent, unauthorized, or illegal activity
- Track legal document acceptance (Terms of Service, Privacy Policy) including acceptance timestamp, version, IP address, and user agent
3. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
3.1 Third-Party Service Providers
We share information with third-party services that help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google (OAuth) | Optional social login | Email, name, profile picture (only when using Google sign-in) |
| Stripe | Payment processing | Billing details, transaction data |
| Google Analytics | Website analytics | Usage data, device info, IP address (anonymized) |
| Microsoft Clarity | Session recordings and heatmaps | Usage patterns, click behavior, scroll behavior, device info |
| Sentry | Error tracking and monitoring | Error reports, device info, IP address, user identifiers |
| Resend | Transactional and marketing email | Email address, name, email subscription preferences |
| Hetzner | Server hosting and infrastructure | Access logs, IP address |
3.2 Social Media Platforms
When you publish content through the Service, we transmit your Content and associated data to the respective social media platforms (Instagram, Facebook, LinkedIn, X, Threads, TikTok, Pinterest, YouTube) as directed by you.
3.3 Design and Storage Platforms
When you connect a design or storage platform (such as Canva or Google Drive), we access your files and import them as media files to your Workspace media library as directed by you. Imported files are stored on our infrastructure (Hetzner) and treated as your Content under Section 6 of our Terms of Service.
3.4 Team Members
If you are part of a Workspace, other members of that Workspace may see:
- Your name and avatar
- Content you create or schedule
- Your role and permissions within the Workspace
3.5 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Court orders, subpoenas, or legal process
- Requests from law enforcement or government authorities
- Protection of our rights, property, or safety, or that of our users
3.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
4. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + cooling-off period (minimum 30 days) |
| Content and media | Until deleted by you or account closure |
| Billing records | As required by applicable tax and financial laws (typically 7 years) |
| Usage/analytics data | Up to 26 months (Google Analytics default) |
| Error logs (Sentry) | 90 days |
| Session recordings (Clarity) | 30 days |
| Email preferences | Until account deletion or contact removal from email service |
| Legal acceptance records | Duration of account + 5 years |
When account deletion is requested, the account enters a cooling-off period (minimum 30 days). If you have an active paid subscription, the cooling-off period extends until after the subscription period ends. During the cooling-off period, account data is retained but access may be restricted.
After the cooling-off period, all personal data is permanently deleted, including: workspace data, uploaded media files (from cloud storage), integration connections, and usage records. OAuth tokens for connected platforms are revoked where supported (X, TikTok, Canva, Google Drive); tokens for other platforms expire naturally. Stripe customer records are retained for invoice and tax compliance as required by law.
After the retention period, data is securely deleted or anonymized.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. Our cookie consent system allows you to manage your preferences.
5.1 Cookie Categories
Essential Cookies (Always Active)
These cookies are necessary for the Service to function and cannot be disabled.
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
next-auth.session-token | Minopa | Maintains your authentication session | 30 days |
next-auth.csrf-token | Minopa | Protects against cross-site request forgery | Session |
cookie-preferences | Minopa | Stores your cookie consent choices | 1 year |
Functional Cookies
These cookies remember your preferences and settings.
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
theme | Minopa | Remembers dark/light mode preference | 1 year |
locale | Minopa | Remembers language preference | 1 year |
Analytics Cookies
These cookies help us understand how visitors use the Service.
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique users | 2 years |
_gid | Google Analytics | Distinguishes unique users | 24 hours |
_clck | Microsoft Clarity | Stores unique user ID for session tracking | 1 year |
_clsk | Microsoft Clarity | Connects pageviews into a single session | 1 day |
CLID | Microsoft Clarity | Identifies first-time Clarity user | 1 year |
sentry-* | Sentry | Error tracking and performance monitoring | Session |
Marketing Cookies
These cookies may be used for advertising and personalization purposes. Currently, we do not actively use marketing cookies, but this category is available for future use.
5.2 Managing Cookie Preferences
You can manage your cookie preferences at any time through:
- The cookie consent banner shown on your first visit
- The "Cookie Settings" option available in the website footer
- Your browser settings
5.3 Google Analytics Consent Mode
We implement Google Analytics with Consent Mode v2, which respects your cookie preferences. When analytics cookies are denied, Google Analytics operates in a privacy-preserving mode without storing cookies.
5.4 Microsoft Clarity
We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. We use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
6. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption: Data is encrypted in transit using TLS/HTTPS.
- Authentication: Secure email/password authentication with hashed passwords, and optional OAuth 2.0 login through Google.
- Access Control: Role-based access controls within Workspaces.
- Error Monitoring: Automated monitoring via Sentry to detect and respond to issues.
- Secure Payments: PCI-compliant payment processing through Stripe.
- CSRF Protection: Cross-site request forgery protection on all forms.
While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
7.1 General Rights
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data through your account settings. Deletion is processed after a cooling-off period (minimum 30 days) to comply with GDPR Article 17. If a paid subscription is active, deletion is scheduled for after the subscription period ends.
- Portability: Request a copy of your data in a structured, machine-readable format.
- Objection: Object to the processing of your data for certain purposes.
- Restriction: Request restriction of processing of your data.
- Withdraw Consent: Withdraw consent for data processing at any time (this does not affect the lawfulness of processing before withdrawal).
7.2 GDPR Rights (European Economic Area)
If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to lodge a complaint with a supervisory authority.
- Right to not be subject to automated decision-making.
Legal Basis for Processing: We process your data based on:
- Contract: Processing necessary to provide the Service you requested.
- Consent: Processing based on your explicit consent (e.g., analytics cookies).
- Legitimate Interest: Processing for improving our Service and ensuring security.
- Legal Obligation: Processing required by law.
7.3 CCPA Rights (California Residents)
If you are a California resident, under the California Consumer Privacy Act (CCPA):
- You have the right to know what personal information we collect and how it is used.
- You have the right to request deletion of your personal information.
- You have the right to opt-out of the sale of your personal information (we do not sell personal information).
- You have the right to non-discrimination for exercising your privacy rights.
7.4 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: [email protected]
- Contact Page: https://minopa.com/contact
We will respond to your request within 30 days.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards including:
- Standard Contractual Clauses approved by the European Commission.
- Ensuring service providers maintain adequate data protection standards.
9. Children's Privacy
The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.
10. Third-Party Links
The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR).
- Notify relevant supervisory authorities as required by law.
- Provide details about the nature of the breach and steps taken to mitigate it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top.
- For material changes, we will notify you via email or through the Platform.
- Continued use of the Service after changes constitutes acceptance of the updated policy.
- We will maintain a version history of this policy accessible through our legal pages.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Name: Mohammad Hossein Mardani
- Address: Krohstraße 2, 50968 Köln, Deutschland
- Email: [email protected]
- Website: https://minopa.com/contact
For data protection inquiries in the EU, you may also contact the relevant data protection authority in your country. In Germany, this is the state data protection authority (Landesbeauftragte für Datenschutz) of North Rhine-Westphalia.