M
Minidex
Gotta paint them all

Privacy Policy

Effective date: May 1, 2026

1. Who we are

Minidex is a miniature figure collection tracker operated by Rémi Schwartz, an individual developer. When this policy says "Minidex", "we", or "us", it refers to that individual.

Contact: contact@minidexvault.com

2. Data we collect

We collect only what is necessary to provide the service:

  • Account data - email address, optional username, encrypted password (managed by Supabase Auth).
  • Collection data - figures, quantities, paint statuses, notes, custom fields, and paint recipes you enter.
  • Photos - images you upload of your miniatures, stored in object storage.
  • Usage data - painting streak, badges earned, and activity timestamps. No third-party analytics or advertising trackers are used.
  • Preferences - display language, theme, collection view preference.

We do not collect payment card data. Payments are handled entirely by Stripe, who have their own privacy policy.

3. Legal basis and purpose

We process your data on the following legal bases (GDPR Art. 6):

  • Performance of a contract - to create and maintain your account, store your collection, and provide the service you signed up for.
  • Legitimate interest - to prevent abuse, debug issues, and improve the service.
  • Legal obligation - to retain billing records as required by French tax law.

4. Where data is stored

All user data is stored in the European Union (Frankfurt, Germany). We do not transfer personal data outside the European Economic Area except where covered by an adequacy decision or standard contractual clauses.

Sub-processors we rely on:

  • Supabase - authentication and database hosting.
  • Scaleway / S3-compatible storage - photo storage.
  • Stripe - payment processing (PRO subscribers only).
  • Vercel - web application hosting.

5. Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data is deleted within 30 days, except billing records which are kept for 10 years as required by French accounting law (Article L123-22 du Code de commerce).

6. Your rights (GDPR)

As a resident of the European Economic Area you have the following rights:

  • Access - request a copy of all data we hold about you.
  • Rectification - correct inaccurate data.
  • Erasure - request deletion of your account and data.
  • Portability - export your data in a machine-readable format (JSON) via Settings → Privacy.
  • Objection - object to processing based on legitimate interest.
  • Lodge a complaint - with the French supervisory authority, CNIL.

To exercise any of these rights, email us. We will respond within 30 days. contact@minidexvault.com

7. Cookies

We use a single session cookie managed by Supabase Auth to keep you logged in. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required because we use only strictly necessary cookies.

8. Changes to this policy

We may update this policy when the service changes. We will notify you by email for material changes. The effective date at the top of this page will always reflect the latest version.

9. Contact

Questions about this policy or your data: contact@minidexvault.com

Read our Terms of Service →