mintcal
FeaturesPricingCompareBlog
Sign inStart free →

Privacy Policy

Last updated: May 2026

In plain English

MintCal is a booking platform. We collect the minimum data needed to run the service. We don't sell your data, we don't run ads, and we don't share your information with third parties except the ones needed to make the product work (email delivery, payment processing, calendar sync). You can export or delete all your data at any time.

What we collect

Account information

Name, email address, and password (hashed, we can't read it). If you sign in with Google, we receive your name, email, and profile picture from Google.

Booking data

Event types you create, bookings you receive, attendee names and emails, meeting notes, and any custom questions/answers.

Calendar integration

If you connect Google Calendar or Outlook Calendar, we store OAuth tokens (encrypted at rest) to create and manage calendar events on your behalf. If you connect Apple Calendar, we store your app-specific password (encrypted at rest) for CalDAV access. We only access your calendar with the permissions you grant.

Payment information

If you connect a payment provider, we store API credentials (encrypted at rest) to process payments. We never see or store credit card numbers — those are handled by your payment provider (Stripe, PayFast, etc.).

Usage data

Page views on your booking page (anonymized visitor hash from IP + user agent — we don't store raw IPs), booking analytics, and feature usage.

Country detection

We use your IP address to determine your country for regional pricing. This lookup happens once per visit using an offline database (MaxMind GeoLite2) — your IP is not sent to any external service and is not stored. Only the resulting two-letter country code is cached in a browser cookie.

How we use your data

  • To provide the booking service (creating events, managing bookings, sending emails)
  • To sync with your calendar (Google Calendar events, Meet links)
  • To process payments on your behalf (via your connected payment provider)
  • To send transactional emails (booking confirmations, reminders, cancellations)
  • To show you analytics about your booking page performance
  • To improve the product (aggregate, anonymized usage patterns)

Third parties

We use these services to run MintCal:

  • Resend — email delivery
  • Google — calendar sync, Meet links, and OAuth login
  • Microsoft — Outlook calendar sync and Teams meeting links (via OAuth)
  • Apple — iCloud calendar sync (via CalDAV)
  • Zoom — meeting link creation (via OAuth)
  • Payment providers (Stripe, PayFast, DodoPayments, Yoco, etc.) — payment processing
  • Hetzner — server hosting (EU-based, GDPR compliant)
  • Google Analytics — anonymised page view analytics on public pages (not loaded on admin)
  • BunnyCDN — file storage and delivery for uploaded images (avatars, logos)
  • MaxMind — country-level IP geolocation for regional pricing (GeoLite2 database, offline lookup, no data sent to MaxMind)

This product includes GeoLite2 data created by MaxMind, available from maxmind.com.

We do not sell, rent, or share your data with advertisers or data brokers.

Data security

  • Passwords hashed with bcrypt (12 salt rounds)
  • OAuth tokens and payment credentials encrypted at rest (AES-256-GCM)
  • All traffic encrypted with HTTPS (TLS)
  • Session cookies: httpOnly, secure, SameSite=Lax
  • Rate limiting on authentication and booking endpoints
  • Security headers: HSTS, CSP, XSS protection

Your rights

  • Access — view all data we have about you (Settings)
  • Export — download all your data in JSON format (Settings → Export My Data)
  • Delete — permanently delete your account and all data (Settings → Delete Account)
  • Correct — update your information at any time
  • Withdraw consent — disconnect integrations or delete your account

Cookies

We use these cookies:

  • mintcal-session — keeps you logged in. Essential. Expires after 30 days.
  • mintcal_country_cache — stores your detected country code for regional pricing. Functional. Expires after 30 days. Not used for tracking.
  • mintcal_parity_dismissed — remembers if you dismissed the regional pricing banner. Functional. Expires after 90 days.

We use Google Analytics to understand how visitors use our public pages (page views, traffic sources, device types). Google Analytics uses its own cookies. We do not use advertising cookies or tracking pixels. Google Analytics is not loaded on admin pages.

Data retention

We keep your data while your account is active. Trial accounts that remain inactive for more than 30 days after the trial expires may be automatically deleted. When you delete your account (or it is automatically removed), all data is permanently removed within 30 days.

Where your data lives

Our servers are hosted by Hetzner in Helsinki, Finland (EU). Your data is subject to GDPR protections.

POPIA compliance (South Africa)

MintCal complies with the Protection of Personal Information Act (POPIA). In the context of POPIA:

  • Responsible Party: You (the host) are the Responsible Party for the personal information of your clients (attendees) collected through your booking pages.
  • Operator: MintCal acts as an Operator, processing personal information on your behalf to provide the booking service.
  • Data minimisation: We collect only what is necessary to provide the service — name, email, and booking details. Platform administrators cannot view your clients' full personal information.
  • Your rights: You may request access to, correction of, or deletion of your personal information at any time via Settings or by contacting us.
  • Cross-border transfers: Data is hosted in the EU (Finland). This is permitted under POPIA Section 72 as the EU provides adequate data protection.

For POPIA-related queries, contact our Information Officer: [email protected]

Data processing agreement

By using MintCal, you acknowledge that we process personal information (yours and your attendees') as described in this policy. We do not sell, share, or use attendee data for any purpose other than providing the booking service to you. We do not access your clients' personally identifiable information for marketing or any other purpose.

Contact

For privacy questions: [email protected]

Information Officer (POPIA): [email protected]

mintcal

Booking pages, beautifully.

MintCal - SaaSHub Approved
PRODUCT
  • Features
  • Pricing
  • Blog
  • Templates
  • Changelog
  • Knowledge Base
  • Help & Support
COMPARE
  • vs Calendly
  • vs Cal.com
  • vs Acuity
  • vs TidyCal
  • vs SavvyCal
  • vs YouCanBookMe
  • vs SimplyBook.me
  • vs When2meet
LEGAL
  • Privacy
  • Terms
SECURITY & TRUST
AES-256-GCM encryption
GDPR & POPIA compliant
EU-hosted (Helsinki)
2FA authentication
No tracking cookies
Rate-limited APIs
© 2026 MintCalMade with love in Cape Town, by one person who cares.