In compliance with the General Data Protection Regulation (GDPR), all personal data, user credentials, and cryptographic promise records created on Minted are hosted and stored securely in an **AWS Aurora PostgreSQL cluster located in Dublin, Ireland, EU (eu-west-1 region)**. We do not transfer personal details outside the European Economic Area (EEA) unless explicitly authorized by you.

To operate the platform and maintain secure accounts, we collect and process the following information:

• Account Information: Name, email address, password hash, and optional profile image URLs.
• Commitment Vows: Recipient names, vow statements, and optional completion target dates.
• Payment Logs: Stripe checkout metadata (processed through Stripe's secure infrastructure).

Under the GDPR, you have rights to access, rectify, or restrict processing of your personal information. However, please note:

Because commitments are mathematically signed with SHA-256 hashes and recorded as verified historical receipts, the vow statements and recipient tags cannot be modified or deleted. By sealing a promise, you consent to the permanent cryptographic storage of that specific commitment in the secure database.

We use secure session-only state tokens to keep you logged in. No third-party tracking or advertising cookies are deployed.