Privacy Policy
Last updated: June 27, 2026
1. Introduction
Mintly ("we," "our," or "us") is an iOS invoice app for creative freelancers. This Privacy Policy explains what data we collect, what we don't, and how the data you create inside the app flows between your device, our backend (Firebase), the subscription service (RevenueCat), and our anonymous product analytics (PostHog).
Mintly is built by one developer. We don't sell ads, we don't track you across other apps, and we don't share your invoices or client information with anyone outside the service providers listed below.
2. How Your Data Flows
Understanding the data flow is the clearest way to understand our privacy model:
- Device ↔ Firebase (your private vault): Your account, your business profile, your clients, your invoices, your estimates, and the PDFs Mintly generates are stored in Google Firebase under your user ID. Each record lives in a per-user Firestore subcollection that only your signed-in account can read or write (enforced by Firebase security rules). PDFs are stored in Firebase Storage under a path keyed to your user ID.
- Device ↔ Apple (sign-in and purchases):If you sign in with Apple, Apple handles authentication and returns a token to Firebase Auth. We never see your Apple password. Subscription purchases run through Apple's In-App Purchase system and are reported to RevenueCat (see below).
- Device ↔ RevenueCat (subscriptions): RevenueCat handles subscription state on our behalf. Your anonymous Firebase user ID is sent to RevenueCat so we know whether your account has an active Pro entitlement. No billing details, no email addresses, and no invoice contents are sent to RevenueCat.
- Device ↔ PostHog (anonymous product analytics):Mintly sends product analytics events (e.g. "invoice sent," "paywall shown") to PostHog's US-hosted cloud. Events are tied to an anonymous device-generated ID, not to Apple's IDFA. We do not ask for App Tracking Transparency permission because Mintly does not track you across other apps. Analytics events do not contain your invoice contents, client information, or business details.
3. What We Collect (and Why)
Account & business profile
Your sign-in identifier (Apple ID or email), your business name, contact email, phone, address, tax ID, and logo. This goes on the invoices you generate and is required for the app to work.
Invoice & client data
Everything you put into an invoice or client record: client name, email, address, tax ID, notes, line items, prices, dates, payments you record. This is what the app exists to manage; it stays in your private Firestore vault.
Subscription state
Whether you have an active Pro entitlement, the plan you bought (weekly, monthly, or yearly), and the renewal date. This data flows to and from RevenueCat.
Anonymous product analytics
Counts of feature usage and screen views to help us understand what works. Anonymous device ID only. Hosted on PostHog (US cloud).
4. What We Do NOT Collect
- We don't collect Apple's IDFA. The ATT prompt does not appear because Mintly does not track.
- We don't collect device identifiers tied to ads.
- We don't collect contacts, photos, location, or microphone data.
- We don't sell or share data with advertisers.
- We don't share data with any third party beyond the providers listed in Section 2.
5. Your Rights (GDPR / CCPA)
Get a copy of your data
Email support@moetalaat.com and we will send you a copy of your data (business profile, clients, invoices, and estimates) within 30 days. A self-serve export tool inside the app is coming later. In the meantime you can also save a PDF of any sent invoice directly from the app.
Delete your account
Settings → Account → Delete account. To confirm, you type your account email and tap Delete. Deletion is immediate and permanent: your account and all your data are erased right away from Firestore, Firebase Storage, RevenueCat, and Firebase Auth. There is no grace period and nothing to restore, so request a copy of your data first if you want one.
Other rights
For any other privacy request (access, correction, restriction, portability, objection), email support@moetalaat.com. We respond within 30 days.
6. Data Retention
Your data stays in our systems for as long as your account is active. When you delete your account, everything is removed immediately. PDFs cached on your device live until you sign out or delete the app.
7. Children
Mintly is not intended for children under 13. We do not knowingly collect data from anyone under 13.
8. Changes to This Policy
If we make material changes, the "Last updated" date above will change and the app will surface a prompt the next time you open it. Continued use after the change means you accept the updated policy.
9. Contact
Questions: support@moetalaat.com.