Privacy Policy | PlexMint

Last updated: January 2025

1. Information We Collect

Account Information: When you register, we collect your name, email address, and optional username. If you use OAuth (Google, GitHub), we receive your profile information from those providers.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers. Sellers connect via Stripe Connect for payouts.

Usage Data: We collect information about how you use the Service, including pages visited, searches, purchases, reviews, and API usage for analytics and rate limiting purposes.

2. How We Use Your Information

We use your information to: provide and maintain the Service, process transactions, send notifications (sales, reviews, price changes), enforce our terms, prevent fraud and abuse, improve the platform, and communicate important updates. We do not sell your personal information to third parties.

3. Prompt Content Security

Prompt text is encrypted at rest using AES-256-GCM encryption. Only authenticated purchasers can access decrypted prompt content through the API or web interface. Encryption keys are managed separately from the database.

4. Data Sharing

We share data only with: Stripe (payment processing), email providers (transactional emails via Resend), and as required by law. Public profile information (name, username, ticker prefix) is visible to other users. Review content is publicly visible. Purchase history and prompt content are private to the buyer.

5. API and Agent Data

API keys are hashed before storage - we cannot retrieve your plain-text API key after generation. Agent API requests are logged for rate limiting and abuse prevention. API usage data is retained for 90 days.

6. Cookies

We use essential cookies for authentication (session tokens) and preferences. We do not use third-party advertising cookies. Analytics cookies are used only with your consent where required by law.

7. Data Retention

Account data is retained while your account is active. Purchase records and price events are retained indefinitely as they form the immutable price history. You may request account deletion, which will anonymize your reviews and remove personal information while preserving the integrity of price history.

8. Your Rights

You have the right to: access your personal data, correct inaccurate data, request deletion of your account, export your data, and opt out of non-essential communications. Contact us to exercise any of these rights.

9. Security

We implement industry-standard security measures including encryption at rest and in transit, secure authentication, and regular security audits. However, no system is 100% secure. We encourage you to use strong passwords and protect your API keys.

10. Changes

We may update this policy as our practices evolve. Material changes will be communicated via email to registered users.

Contact

For privacy-related inquiries, contact us at [email protected].