1. Introduction and Identity of the Controller

Mint Collective, LLC (“Mint Collective,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and what rights you have under applicable law — including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), and other applicable US state privacy laws.

This Policy applies to all users of our website located at mintcollective.net (the “Site”) and any services offered through the Site.

Data Controller: Mint Collective, LLC

Contact: jbryant@mintcollective.net

Mailing Address: Rockford, Illinois, United States

If you have any questions about this Policy, our privacy practices, or wish to exercise your rights, please contact us at jbryant@mintcollective.net.

2. Personal Data We Collect

We collect personal data in the following categories:

2.1 Data You Provide Directly

• Account registration details (name, email address, password)
• Communications you send us (support requests, feedback, testimonials)
• Payment information (processed by our third-party payment processors; we do not store raw card data)

2.2 Data Collected Automatically

When you use our Services, the following information is collected automatically:

• Internet Protocol (IP) address and approximate geographic location derived from IP
• Browser type and version, operating system
• Device type, unique device identifier, and Open Device Identification Number
• Referring/exit pages, clickstream data
• Date/time stamps for your visit
• Log file data (standard server logs retained for security and performance purposes)

2.3 Location Data

If you have enabled location services on your mobile device, we may collect precise location information to improve our Services. You may disable this at any time through your device settings. Disabling location services will not affect your ability to use the core Services.

2.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies. A full description of these technologies and your choices is provided in Section 7 (Cookie Policy) below.

2.5 Analytics Data

We use third-party analytics services, including Google Analytics, to understand how users interact with our Site. These services use cookies and similar technologies to collect information such as visit frequency, pages viewed, and session duration. Google Analytics data is governed by Google’s Privacy Policy (https://policies.google.com/privacy). We have enabled IP anonymization where available.

2.6 Data from Third Parties

We may receive personal data about you from third parties you authorize, from affiliated entities, and from publicly available sources. We combine such data with information we hold about you in accordance with this Policy.

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contractual necessity — to provide the Services you have requested (Art. 6(1)(b) GDPR)
• Legitimate interests — to improve and secure our Services, prevent fraud, and communicate service updates, where such interests are not overridden by your rights (Art. 6(1)(f) GDPR)
• Consent — for marketing communications, non-essential cookies, and analytics where consent is required (Art. 6(1)(a) GDPR). You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation — to comply with applicable law (Art. 6(1)(c) GDPR)

Where we process special category data (if applicable), we rely on the relevant conditions under Art. 9 GDPR.

4. How We Use Your Personal Data

We use personal data for the following purposes:

• To operate, maintain, and improve the Site and Services
• To respond to your comments, questions, and customer service requests
• To process transactions and send related notices
• To send promotional communications where you have opted in or where permitted by law
• To detect, investigate, and prevent fraudulent transactions and other illegal activities
• To personalize your experience and deliver content relevant to your interests
• To conduct internal analytics, research, and product development
• To comply with legal obligations
• To create anonymized or aggregated datasets (which are no longer personal data) for any lawful business purpose

We will not use your personal data for purposes materially different from those described here without first providing notice and, where required, obtaining your consent.

5. Disclosure of Your Personal Data

5.1 Service Providers

We share personal data with trusted third-party service providers who assist us in operating the Site and delivering the Services (e.g., hosting, payment processing, email delivery, analytics, customer support). These parties are contractually obligated to process data only on our instructions and to maintain appropriate security measures. Where required under GDPR, we enter into Data Processing Agreements (DPAs) with these providers.

5.2 Third Parties Designated by You

When you authorize the sharing of your personal data with specific third parties, we will share that data as you direct.

5.3 Affiliates and Corporate Transactions

We may share personal data with our subsidiaries and affiliates. In the event of a merger, acquisition, sale of assets, or similar corporate transaction, personal data may be transferred to the successor entity. We will notify you via prominent notice on our Site or by email before your data is subject to a different Privacy Policy.

5.4 Advertising Partners

We work with certain third-party advertising partners (including Google) who may use cookies and device identifiers to display targeted advertisements on our Site and elsewhere. This activity is conducted on a pseudonymous basis. You can opt out of interest-based advertising through the resources listed in Section 7.

5.5 Required Disclosures

Regardless of the choices you make, we may disclose personal data if we believe in good faith that such disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Protect the rights, property, or safety of Mint Collective, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Use or other agreements

5.6 Testimonials

We may publish user testimonials that identify you by first and last name. We will obtain your explicit consent before publishing any such content, and we will promptly remove published testimonials if you withdraw that consent.

6. International Data Transfers

We store and process personal data on servers located in the United States and, where applicable, within the European Economic Area. If you are located outside the United States, your data will be transferred to, stored in, and processed in the United States, which may not provide the same level of data protection as your home country.

For transfers from the EEA, UK, or Switzerland to the United States or other third countries, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-U.S. Data Privacy Framework, where applicable
• Other lawful transfer mechanisms recognized under applicable law

You may request a copy of the relevant transfer safeguards by contacting us at jbryant@mintcollective.net.

7. Cookie Policy

7.1 What Are Cookies?

“Cookies” are small text files stored on your device by a website. They are widely used to make websites function or work more efficiently, as well as to provide information to the owners of the site.

7.2 Types of Cookies We Use

We use the following categories of cookies:

• Strictly Necessary Cookies — Essential to the operation of the Site. These cannot be disabled.
• Functional Cookies — Enable enhanced functionality and personalization. Disabling these may reduce functionality.
• Analytics Cookies — Collect information about how visitors use our Site (e.g., Google Analytics). We anonymize IP addresses where possible.
• Marketing / Targeting Cookies — Used by us and advertising partners to build profiles and serve relevant ads. These require your consent in jurisdictions where consent is required.

7.3 Consent

Where required by law (including the EU ePrivacy Directive and GDPR), non-essential cookies are only placed on your device after you provide consent through our cookie consent banner. You may withdraw or change your cookie preferences at any time by clicking the “Cookie Preferences” link in the footer of our Site.

7.4 Managing Cookies

You may also control cookies through your browser settings. Note that blocking all cookies may affect the functionality of the Site. For more information, please consult your browser’s help documentation.

To opt out of interest-based advertising, please visit:

• aboutads.info/choices
• networkadvertising.org
• youronlinechoices.com

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:

• The duration of our ongoing relationship with you
• Whether there is a legal obligation to retain the data
• Whether retention is advisable in light of our legal position (such as applicable statutes of limitations, litigation, or regulatory investigations)

When personal data is no longer needed, we securely delete or anonymize it.

9. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), access controls, and periodic security assessments.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at jbryant@mintcollective.net.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law (e.g., within 72 hours under GDPR).

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR or UK GDPR:

• Right of Access — To request a copy of the personal data we hold about you (Art. 15)
• Right to Rectification — To request correction of inaccurate or incomplete data (Art. 16)
• Right to Erasure (“Right to be Forgotten”) — To request deletion of your personal data in certain circumstances (Art. 17)
• Right to Restriction of Processing — To request that we limit how we process your data in certain circumstances (Art. 18)
• Right to Data Portability — To receive your data in a structured, commonly used, machine-readable format (Art. 20)
• Right to Object — To object to processing based on legitimate interests or for direct marketing purposes (Art. 21)
• Right Not to Be Subject to Automated Decision-Making — Including profiling that produces legal or similarly significant effects (Art. 22)
• Right to Withdraw Consent — At any time, without affecting lawfulness of prior processing

To exercise any of these rights, contact us at jbryant@mintcollective.net. We will respond within 30 days (extendable to 90 days for complex requests, with notice). We do not charge a fee for a first access request unless requests are manifestly unfounded or excessive.

You also have the right to lodge a complaint with your local supervisory authority. In the EU, you may find your authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en. In the UK, the relevant authority is the Information Commissioner’s Office (ICO) at https://ico.org.uk.

10.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know — To know what personal information we have collected, used, shared, or sold about you in the past 12 months
• Right to Delete — To request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct — To request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing — To opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information in exchange for monetary consideration. You may opt out of sharing for advertising purposes by visiting our Cookie Preferences or by contacting us.
• Right to Limit Use of Sensitive Personal Information — To direct us to use sensitive personal information only for permitted purposes
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at jbryant@mintcollective.net or visit our website. We will verify your identity before processing your request and will respond within 45 days (extendable by an additional 45 days with notice).

California’s “Shine the Light” law also permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. Contact us at jbryant@mintcollective.net for such requests.

10.3 Rights Under Other US State Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas, Montana, Oregon, and other states with applicable privacy laws have similar rights to access, correct, delete, and opt out of targeted advertising and profiling. We honor these rights on request. Contact us at jbryant@mintcollective.net to submit a request.

11. Marketing Communications

We may send you promotional emails about our Services where you have opted in or where otherwise permitted by applicable law. You may opt out of promotional communications at any time by:

• Clicking the “unsubscribe” link in any promotional email we send
• Contacting us at jbryant@mintcollective.net

Even if you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., receipts, security notices, policy updates).

12. Children’s Privacy

Our Services are not directed to children under the age of 13 in the United States (or under 16 in the EEA and UK, where higher age thresholds apply). We do not knowingly collect personal data from children below the applicable age threshold.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at jbryant@mintcollective.net. We will take prompt steps to delete such information from our systems. We comply with the Children’s Online Privacy Protection Act (COPPA) and, where applicable, the GDPR provisions governing children’s data.

13. Third-Party Websites and Services

Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by posting a prominent notice on our Site and, where required, by sending you an email notification. The “Last Revised” date at the top of this Policy indicates when the most recent changes were made.

Your continued use of the Services after any changes constitutes your acceptance of the revised Policy, to the extent permitted by law. Where your consent is required under GDPR or other applicable law, we will seek your renewed consent for any material changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Organization: Mint Collective, LLC

Email: jbryant@mintcollective.net

Location: Rockford, Illinois, United States

EEA/UK Data Subject Requests: If you are located in the EEA or UK and wish to exercise your GDPR rights or lodge a complaint, you may also contact our representative in the EU (if applicable) or contact your national supervisory authority directly.

Appendix A: GDPR Processing Activities Summary

The table below summarizes our key processing activities for transparency under GDPR Art. 30 (Records of Processing Activities):

© 2026 Mint Collective, LLC. All rights reserved. This Privacy Policy was last revised on April 29, 2026.