Privacy Policy
This Privacy Policy explains how the MINK mobile applications (the customer app and Mink Business), the Mink Admin panel and the theminkapp.com website collect, use, store and protect personal data.
The Platform operates in accordance with the Law of the Republic of Azerbaijan “On Personal Data”. The personal data information system is maintained in line with applicable legal requirements.
Data operator: MINK Platform
Email: support@theminkapp.com
Phone: +994 70 621 58 00
Domain: theminkapp.com
By using the Platform and giving your consent during registration, you accept the processing practices described in this Policy.
1.Information we collect
1.1 Information you provide
| Data type | When collected |
|---|---|
| First and last name | During registration and profile editing |
| Email address | During registration, sign-in and contact forms |
| Phone number | During profile, reservations and partnership requests |
| Profile photo | During profile editing (if you upload one) |
| Reservation details | Guest name, phone, date, time, party size, special requests |
| Reviews and photos | When you review a venue |
| AI chat messages | When chatting with Maira (text and optional voice input) |
| Chat and voice messages | When messaging a venue (text, images, files and voice recordings) |
1.2 Information collected automatically
| Data type | Purpose |
|---|---|
| Device identifier and notification token (FCM) | Delivery of push notifications |
| Device model, app version and platform | Technical support, compatibility and security |
| Geolocation | Showing nearby venues and Maira recommendations — only with your permission |
| Venue view and usage statistics | Service improvement and business analytics |
| Technical logs and crash reports | Error detection and platform stability |
1.3 Derived information
To personalise the service we may calculate your preferences (favoured cuisine types, price range, dietary preferences, frequently chosen districts, average party size) from your activity. This is used to provide relevant venue and menu recommendations.
Payment cards: card data is processed solely through the payment provider (Epoint) and its tokenization mechanism. MINK does not store the full card number or CVV; it may store only a secure token, the masked card format (e.g. 4111 ** 1234), the cardholder name and the card type.
2.Legal bases for processing
- Consent — the consent you give at registration (e.g. notifications, location, chatting with Maira).
- Performance of a contract — processing necessary for reservations, payments and account management.
- Legal obligation — accounting, tax and other legal requirements.
- Legitimate interest — platform security, abuse prevention and service improvement.
For consent-based processing you may withdraw your consent at any time; this does not affect the lawfulness of processing carried out before withdrawal.
3.Purposes of use
- Creating, authenticating and managing your account;
- Accepting, confirming and cancelling reservations and processing payments;
- Sending push and email notifications;
- Delivering text and voice messages with venues;
- Providing venue and menu recommendations via the Maira AI assistant;
- Personalising and improving the service;
- Providing analytics to venue owners;
- Platform security and abuse prevention;
- Meeting legal obligations.
4.Sharing with third parties
Your data is shared with the following service providers only to the extent necessary to deliver the service:
| Service | Data shared | Purpose |
|---|---|---|
| Supabase | Account, profile and transaction data | Backend, authentication, database and file storage |
| Google Firebase | Notification token; crash/error data | Push notifications (FCM) and crash reporting (Crashlytics) |
| Profile and authentication data; location | Sign in with Google and maps (Google Maps) | |
| OpenAI | Chat messages and context (may include location) | Generating Maira AI responses |
| Open-Meteo | Approximate location | Weather data for Maira |
| Epoint | Payment amount, token and transaction identifier | Payment processing and secure card storage |
| Resend | Email address and message content | Sending transactional emails |
Maira’s voice input may use device/operating-system speech-to-text. Your personal data is not sold for advertising and is not shared with advertising networks.
5.International (cross-border) transfers
Some of the service providers above may be located outside Azerbaijan. Such transfers are carried out only where necessary to provide the service, in cases provided by law or based on your consent, and under conditions that ensure adequate protection of the data.
6.Retention period
- Account and profile data is kept while the account is active.
- Reservation, payment and accounting records are kept for the period required by legal obligations (financial records are stored in an immutable ledger).
- Chat and voice messages are kept while the account is active or as legally required.
- OTP (one-time codes) expire automatically within a short period.
- Security and audit logs may be retained for the relevant period.
7.Your rights
Subject to applicable law, you have the right to:
- Be informed about and access your data;
- Request correction of inaccurate data;
- Request deletion of your data;
- Object to processing — upon objection, processing stops immediately (except where retention is legally required);
- Withdraw consent at any time — the relevant processing then stops immediately.
For requests, write to support@theminkapp.com or call +994 70 621 58 00.
8.Account deletion
You can delete your account at any time directly from the app: Profile → Delete account. When a deletion request is made:
- Your active (pending or confirmed) reservations are cancelled;
- Your saved card data is deleted;
- The account is permanently deleted after a 30-day period; during this time you may change your mind and restore it.
- Some records (e.g. financial transactions) may be retained for the period required by law.
For help with deletion you may also contact support@theminkapp.com.
9.Data protection
- HTTPS/TLS encrypted connections;
- Supabase Row Level Security and authentication rules;
- JWT-based access and session management;
- Tokenized processing of payment data by the provider;
- Auditing of admin activity.
In the event of a data security incident, necessary measures are taken in accordance with the law and, where required, affected users are notified.
10.Children’s privacy
MINK is not directed at persons under 13 and does not knowingly collect data from this age group. Users under 18 should use paid services only with the consent and supervision of a parent or legal guardian.
11.Cookies and tracking
The website does not use third-party advertising cookies. The apps may use local token storage on your device for authentication and session persistence.
12.Changes
This Policy may be updated. We may inform users of significant changes within the app or by email. Continued use of the Platform after a change constitutes acceptance of the updated Policy.
13.Contact
Email: support@theminkapp.com
Phone: +994 70 621 58 00
Website: theminkapp.com
Jurisdiction: Baku, Republic of Azerbaijan