Privacy Policy — Makermint

Who we are

We are the controller responsible for the processing of your personal data pursuant to the Regulation (EU) of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) or other applicable laws, with the following details: OÜ BeyondOS, registry code 16693531, with registered address at Kentmanni tn 6-63, 10116, Tallinn, Estonia.

For residents of U.S. states with applicable consumer-privacy statutes, Beyond acts as a “business” or “controller” where those terms apply under state law. Beyond does not act as a “third party” or “service provider” except where expressly stated in an additional agreement.

Personal Data We Collect

We collect and process different categories of data depending on how you interact with Makermint.

Data You Provide:
Account Registration Data – such as name or alias, email address, password, and profile details (e.g., avatar, bio, Makerpage content);
Makerpage & Mint Content – content you upload, configure or create on the Platform, including Mints, descriptions, images, audio, video, and other materials;
Payout & Billing Information – for Creators and Customers, we may collect bank account or payout method details, billing address, tax identification numbers, and other information required to process Payouts or Tokens or comply with tax and AML laws;
Support & Communications – information you provide when you contact us (e.g., support requests, feedback, bug reports).

Personal Data Collected Automatically

When you access or use the Services, we automatically collect:
Device and Technical Data – IP address, device identifiers, browser type, operating system, language settings, network information, crash/error logs, and other information (for U.S. residents, certain device data may be considered “personal information” or “unique identifiers” under applicable State Privacy Laws);
Usage Data – pages visited, Mints viewed or purchased, search queries, clicks, features used, time spent, and other interaction data;
Log Data – including timestamps, access logs, authentication logs, Wallet actions, and other transactional logs used for security and compliance.
We collect some of this information using cookies and similar technologies, as described in our Cookie Policy.

Wallet, Token and Transaction Data

As part of operating Wallets and marketplace features, we collect:
Token purchases and redemptions;
Mint purchases and prices;
Creator earnings, fees, refunds and chargebacks;
Payout requests and status;
Relevant metadata such as timestamps, currencies and Payment Provider identifiers.
Identity Verification Data (KYC)
Where required by law or our risk policies, we may ask certain Users (typically Makers requesting Payouts) to provide:
Government-issued ID documents;
Proof of address;
Selfies or liveness checks;
Date of birth and nationality;
Other information requested by our AML/KYC providers.
Where we collect Identity Verification Data from U.S. Users for AML, sanctions, or payout verification purposes, such data may be classified as “sensitive personal information” or “sensitive data” under certain State Privacy Laws. We do not use such data to infer characteristics about you.

How We Use Your Personal Data

We use personal data for the following purposes, relying on the corresponding legal bases (for EEA/UK Users).

To Provide and Operate the Services based on a contractual relationship (Article 6(1)(b) of the GDPR):
Creating and maintaining your Account;
Operating Makerpages and Mints;
Processing Token purchases, Wallet funding, Mint purchases and Payouts;
Providing AI tools and other platform features;
Communicating with you about your account, transactions or service updates.
To Personalise and Improve the Services based on our legitimate interests (Article 6(1)(f) of the GDPR) or your consent (Article 6(1)(a) of the GDPR):
Understanding how Users use the Platform;
Recommending Mints or Makers you may be interested in;
A/B testing, analytics and performance optimisation;
Improving content quality and user experience;
Where required, we will obtain your consent for analytics or personalisation cookies.
Where required by U.S. law, we will provide the opportunity to opt out of targeted or cross-context behavioral advertising that uses personal data for personalization beyond essential functions.
To Ensure Security and Prevent Fraud based on our Legitimate interests (Article 6(1)(f) of the GDPR) or for complying with our legal obligations under applicable law (Article 6(1)(c) of the GDPR):
Protecting Accounts and Wallets from unauthorised access;
Detecting and preventing fraud, money laundering, and other illegal activities;
Enforcing our risk policies, the Terms, Wallet Terms and Community Guidelines;
Investigating suspicious behaviour or transactions.
For U.S. user, certain automated processes used for fraud detection or KYC may be classified as “profiling” under State Privacy Laws. These processes do not produce legal or similarly significant effects without human review.
To Comply with Legal Obligations (Article 6(1)(c) of the GDPR)):
Fulfilling AML/KYC requirements;
Compliance with tax and accounting laws;
Responding to lawful requests from authorities;
Maintaining required records of transactions and identity verification.
Marketing and Communications based on our Legitimate interests (Article 6(1)(f) of the GDPR) or your consent (Article 6(1)(a) of the GDPR):
Sending important service announcements;
Informing you about new features, promotions or news about Makermint;
Running surveys or feedback campaigns;
You can opt out of marketing emails at any time using the unsubscribe link.
Legal Bases for Processing (EEA/UK)
If you are in the EEA or UK, our legal bases for processing your personal data include:
Performance of a contract (Article 6(1)(b) of the GDPR) – to provide the Services, including Wallet and marketplace features;
Compliance with legal obligations (Article 6(1)(c) of the GDPR) – particularly AML, KYC, tax and accounting obligations;
Legitimate interests (Article 6(1)(f) of the GDPR) – such as improving services, ensuring security, enforcing our risk policies and preventing fraud, balanced against your rights and freedoms;
Consent (Article 6(1)(a) of the GDPR) – for certain cookies, marketing communications or specific optional features.

How We Share Your Personal Data

We may share your personal data with third parties under the following circumstances:
Service Providers – such as hosting providers, analytics tools, KYC/AML vendors, customer support platforms, cloud storage providers, and Payment Providers who process payments and Payouts on our behalf. Service providers may process your personal data for the provision of the Service or for their own purposes (for U.S. purposes, disclosures to service providers are made under written agreements restricting their use of your personal data, consistent with requirements under California, Colorado, Connecticut, Oregon, Utah, and Virginia state privacy laws);
Other Users – for example, your Makerpage, Mints and public profile will be visible to other Users as configured by you;
Affiliates – other entities within our group, for operational, support and compliance purposes;
Authorities and Regulators – where required by law, lawful request, court order, or to protect our rights, users or the public (for U.S. Users, Beyond may disclose information to U.S. regulatory or enforcement authorities where required under U.S. federal or state law, including but not limited to OFAC, law enforcement, or financial regulatory requests);
Business Transfers – in connection with a merger, acquisition, financing, or sale of all or part of our business;
External advisors – in connection with an audit or dispute.
Makers may access personal data and other data provided to us, including data generated through the provision of the Services to Users. Makers may also access aggregated, anonymised, or statistical data generated through the provision of the Services, subject to the availability of such data. Makers' access is limited to data that does not identify specific individual Users, except for data that Users post publicly on the Platform.
We do not sell your personal data.

International Transfers

Your personal data may be transferred to and stored in countries outside your jurisdiction where data protection laws differ. We take appropriate steps to ensure your personal data is handled securely, including implementing standard data protection clauses adopted by the European Commission or other appropriate safeguards for international data transfers. If you wish to receive more personal data about data transfers and the safeguards that we apply to them, please contact us at the contact details provided below.

For U.S. Users, because Beyond is headquartered in the European Union and stores data on servers located in the EU, your personal data will be transferred internationally. Beyond applies reasonable and appropriate safeguards consistent with U.S. and EU expectations for cross-border transfers.

Data Retention

We retain personal data for as long as necessary for the purposes described in this Privacy Policy and in our Data Retention & Deletion Policy, which provides more detail by category (e.g., transaction data, KYC data, etc.). We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorised use or disclosure of the personal data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

Where U.S. law provides specific deletion rights or obligations, Beyond will comply with such requests unless an exception applies (for example, fraud prevention, financial recordkeeping, AML/KYC compliance, or contractual necessity).

Your Rights

Depending on your jurisdiction, including where State Privacy Laws apply, you may have some or all of the following rights:

Access your personal data;
Correct inaccurate or incomplete data;
Delete certain data (“right to be forgotten”);
Restrict or object to certain processing;
Data portability;
Withdraw consent where processing is based on consent;
Lodge a complaint with your local data protection authority and to seek a remedy in courts if you believe your rights under applicable data protection laws have been infringed.
Additional Rights for Residents of Certain U.S. States. Residents of California, Colorado, Connecticut, Oregon, Utah, and Virginia may also have the right to:
Request that we disclose specific pieces of personal data we have collected (“Right to Know”);
Request deletion of certain personal data, subject to exceptions;
Request correction of inaccurate personal data;
Request a portable copy of personal data;
Opt out of (i) targeted advertising, (ii) the sale of personal data (which Beyond does not undertake), and (iii) certain profiling;
Appeal a denial of a privacy rights request.

For more information about these rights and instructions for exercising them, please see the U.S. State Privacy Notice at the end of this Privacy Policy.

These rights may be limited in certain circumstances, or subject to exemptions. Where we have obtained consent to process your personal data, you may withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, contact us using the details at the end of this Policy. We may need to request additional explanations or additional information if this is necessary to identify you or to fulfill your request.

Security

We implement reasonable and appropriate physical, technical and organisational measures to protect personal data, including encryption in transit, access controls, and monitoring.

However, no system is completely secure. You are responsible for keeping your login credentials confidential and for securing your own devices.

Third-Party Links and Services

Makermint may contain links to third-party websites or integrate services such as payment providers or analytics tools. Their processing of your personal data is governed by their own privacy policies, which we encourage you to review.

Some third parties may be considered “third parties” or “service providers” under State Privacy Laws. Their processing of personal data may constitute “sharing” for targeted advertising unless you opt out where required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on the Platform and/or notified by email. The “Last Updated” at the top indicates when the latest version took effect. Where required by State Privacy Laws, Beyond will provide notice of material changes and, where applicable, provide methods for U.S. Users to exercise their rights.

Contact Us

If you have questions about this Privacy Policy, or wish to exercise your rights, please contact us at:

Email: support@makermint.com

Address: OÜ BeyondOS, Kentmanni tn 6-63, 10116 Tallinn, Estonia

U.S. State Privacy Notice (Supplement for Residents of Certain U.S. States)

This section applies solely to individual residents of U.S. states that have enacted State Privacy Laws. This U.S. State Privacy Notice supplements the information provided in the Privacy Policy and describes additional rights and disclosures applicable to residents of the states listed above (“Covered Individual Residents”). Unless otherwise indicated, all terms in this Notice have the same meanings as defined in our Privacy Policy or as otherwise defined under the State Privacy Laws.

If you are not a resident of one of these states, this section does not apply to you.

1. Categories of Personal Data We Collect (as Defined by State Privacy Laws)

As described further above, we collect the categories of personal data described in the Privacy Policy. For purposes of State Privacy Laws, these categories may include, depending on how you interact with Makermint:

Personal Data You Provide, Personal Data Collected Automatically, Wallet/Token/Transaction Data, and Identity Verification Data (KYC). Detailed lists of fields appear in the sections above.

2. Purposes for Which We Use Personal Data

We use personal data for the operational, security, transactional, analytic, marketing, and legal-compliance purposes described in the Privacy Policy, including operating the Platform and your Account; processing Token purchases, Wallet funding, Mint transactions, and Payouts; performing AML/KYC checks when required; detecting and preventing fraud; personalizing content; running analytics; and complying with legal and regulatory obligations.

We do not use personal data for automated decision-making that produces legal or similarly significant effects, except where required by AML/KYC procedures and permitted by law.

3. Categories of Personal Data Sold or Shared

We do not sell personal data as “sale” is defined under State Privacy Laws.

We may “share” personal data for targeted advertising purposes (e.g., via analytics or marketing cookies), but only with your consent where required. You may opt out of such sharing.

We do not knowingly sell or share the personal data of Users under 18.

4. Disclosure of Personal Data to Third Parties

Service providers (e.g., hosting, analytics, KYC/AML vendors, Payment Providers);
Affiliates for operational purposes;
Other Users when you choose to make content public;
Regulators or law enforcement where required by law;
Business transferees in the context of corporate transactions.

5. Your State Privacy Rights

Depending on your state of residence, you may have one or more of the following rights: Right to Know / Access, Right to Delete, Right to Correct, Right to Data Portability, Right to Opt-Out of (sale, sharing for targeted advertising, certain profiling), Right to Limit Use and Disclosure of Sensitive Personal Information (California only), Right to Non-discrimination, and Right to Appeal (CO, CT, VA, OR).

These rights are subject to certain legal exceptions.

6. How to Submit a Privacy Request

If you are a Covered Individual Resident, you may exercise your privacy rights by contacting us at: Email: support@makermint.com with subject line: “U.S. Privacy Rights Request”.

To protect your data, we must verify your identity before processing your request. Verification may include matching information you provide with existing account information.

We will respond to verifiable requests within the timelines required by State Privacy Laws.

7. Opt-Out of the Sale or Sharing of Personal Data

If you are a resident of a state granting opt-out rights, you may opt out of the “sharing” of personal data for targeted advertising and any “sale” of personal data (even though we do not sell data as defined by law). Opt-out instructions: adjust cookie preferences through our cookie banner; or contact us at support@makermint.com.

8. Authorized Agents (California Residents and other Users where required by law)

You may appoint an authorized agent to submit privacy requests on your behalf. We may require: proof of the agent's identity; written authorization from you; verification of your own identity.

9. Children's Data

We do not knowingly collect personal data from individuals under 18. If we learn that personal data has been collected from a minor under applicable law, we will delete such information.

10. Additional California Disclosures

Pursuant to the California Consumer Privacy Act (as amended by the CPRA): We do not use sensitive personal information to infer characteristics. We do not provide financial incentives related to the collection or sale of personal data. We retain personal data as described in the Data Retention & Deletion Policy and the Privacy Policy.

11. Updates to This U.S. State Privacy Notice

We may update this Notice from time to time. Material changes will be communicated as described in the Privacy Policy.