Privacy Policy

Devrika SRL, trading as Mint Barcodes ("Mint Barcodes", "we", "us", or "our"), is committed to protecting your personal information. This Privacy Policy explains what data we collect when you use our website at https://mintbarcodes.com and the self-service dashboard at https://app.mintbarcodes.com (collectively, the "Service"), how we use it, and what rights you have over it.

Devrika SRL is a company registered in Romania, European Union, and processes personal data as a data controller under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Information We Collect

Information you provide directly

• Account information: email address, name, and password when you register
• Billing information: billing name, address, and payment card details — collected and stored by our payment processor, Stripe, Inc. We never see or store your raw card number
• Product data: product names, descriptions, and GTIN assignments you enter in the dashboard
• Communications: messages you send us via email or support channels

Information collected automatically

• Log data: IP address, browser type, operating system, referring URLs, and pages visited
• Usage data: features accessed, barcode downloads, timestamps, and session duration
• Cookies and similar technologies: session cookies required for authentication and preference cookies to remember your settings (see Section 7)

2. How We Use Your Information

We use the information we collect to:

• Provision and operate your account and the Service
• Process payments and send billing receipts
• Issue and manage GTINs on your behalf
• Send transactional emails (account confirmation, password reset, invoices)
• Respond to support requests and enquiries
• Monitor and improve the performance, security, and reliability of the Service
• Comply with legal obligations and enforce our Terms of Service
• Send you product updates and promotional communications (only where you have opted in; you may opt out at any time)

We process your data on the following legal bases: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, product improvement), legal obligation (tax and compliance records), and consent (marketing communications).

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Service providers: We share data with trusted vendors who process data on our behalf, including Stripe (payment processing), Cloudflare (CDN, DDoS protection, and Workers), DigitalOcean (cloud hosting), and Resend (transactional email). Each is bound by data processing agreements and may not use your data for their own purposes.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

4. Data Retention

We retain your account and product data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required by law to retain it longer (for example, financial records, which we retain for seven years).

GTIN assignment records are retained indefinitely to maintain the integrity of the barcode registry, but these records are associated with your account data only while your account is active.

5. Security

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest for sensitive values, and role-based access controls within our infrastructure.

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee that unauthorised access, hacking, or data loss will never occur. You should use a strong, unique password for your account.

6. International Data Transfers

Devrika SRL is based in Romania, European Union. Some of our third-party service providers (including Stripe, DigitalOcean, and Resend) are based in the United States. When we transfer your personal data outside the EEA to these providers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal transfer mechanism under GDPR Article 46, unless an adequacy decision applies.

You may request a copy of the relevant transfer safeguards by contacting us at privacy@mintbarcodes.com.

7. Cookies

We use the following categories of cookies:

• Strictly necessary: Session and authentication cookies required to log you in and maintain your session. These cannot be disabled without breaking core functionality.
• Functional: Preference cookies that remember your dashboard settings (e.g., preferred download format).
• Analytics: We currently do not use third-party analytics cookies. If we do in the future, we will update this policy and request your consent where required.

You can configure your browser to refuse cookies, though some features of the Service may not function correctly if you do.

8. Your Rights under GDPR

As a data controller established in the European Union, we are subject to the GDPR. You have the following rights regarding your personal data:

• Access (Art. 15): request a copy of the personal data we hold about you
• Rectification (Art. 16): correct inaccurate or incomplete data
• Erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention obligations
• Restriction (Art. 18): ask us to limit how we process your data in certain circumstances
• Portability (Art. 20): receive your data in a machine-readable format and transfer it to another controller
• Objection (Art. 21): object to processing based on legitimate interests or for direct marketing
• Withdraw consent (Art. 7): where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@mintbarcodes.com. We will respond within 30 days. If you are dissatisfied with our response, you have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal, www.dataprotection.ro) or the supervisory authority in your EU member state of residence.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly. If you believe we may have such information, please contact us at privacy@mintbarcodes.com.

10. Third-Party Links

The Service may contain links to third-party websites, including GS1 and retailer platforms. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date above. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

Devrika SRL (trading as Mint Barcodes)
Email: privacy@mintbarcodes.com
For Terms of Service enquiries: legal@mintbarcodes.com