Last updated: March 2026

Privacy Policy

1. Introduction

mnml ("we," "us," or "our") operates the website builder service at mnml.page. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account data: When you register, we collect your email address and, if you use Google OAuth, your name and profile picture. Passwords are hashed with bcrypt and never stored in plain text.

Site content: Text, images, and configuration data you create within the editor are stored in our database and file storage to deliver your published websites.

Usage data: We collect page view analytics for your published sites (visitor count, referrer, country derived from IP). IP addresses are not stored persistently.

Payment data: Payments are processed by Polar.sh, our Merchant of Record. We do not store credit card numbers or billing details. Polar.sh handles all payment data under their own privacy policy.

3. How We Use Your Information

  • Provide, maintain, and improve the service
  • Authenticate your account and manage sessions
  • Process subscription payments via Polar.sh
  • Send transactional emails (verification, password reset)
  • Provide site analytics to site owners
  • Detect and prevent abuse, fraud, and security incidents

4. Data Sharing

We do not sell your personal data. We share information only with the following service providers, solely to operate the service:

  • Vercel — hosting and edge network
  • Neon — PostgreSQL database hosting
  • Vercel Blob — image and file storage
  • Resend — transactional email delivery
  • Polar.sh — payment processing (Merchant of Record)
  • Google — OAuth authentication (only if you choose Google sign-in)

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data and site content within 30 days. Aggregated, anonymized analytics may be retained indefinitely. Page view records older than 90 days may be pruned automatically.

6. Cookies and Tracking

We use a single session cookie (HTTP-only, Secure, SameSite=Lax) for authentication. We do not use third-party tracking cookies, advertising pixels, or fingerprinting. Published sites do not set cookies on visitors unless the site owner adds third-party embeds.

7. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, CSRF protection, rate limiting, and input validation. While no system is 100% secure, we take reasonable steps to protect your data.

8. Your Rights

You have the right to access, correct, export, or delete your personal data. You can do most of this from your account settings. For data export or deletion requests, contact us at support@mnml.page. We respond within 30 days. For EU/EEA residents, see our GDPR Policy for additional rights.

9. Children

mnml is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the service. Continued use after changes constitutes acceptance.

Contact

Questions about this policy? Email us at support@mnml.page.