Privacy Policy
Last updated: April 18, 2026
Beta notice
Mini Money Control Center is currently in closed beta. Features, data formats, and sub-processors may change as we harden the platform. We may contact you about service updates, outages, or breaking changes during the beta. If any change would materially affect how your data is handled, we will notify you before it takes effect and update the "Last updated" date above.
1. Who We Are
Mini Money Control Center is operated by Kyle Klosowski ("we", "us"). Contact: support@minimoneyapp.ai.
2. What We Collect
(a) From you directly
Account profile: email, display name, handle, role.
(b) From platforms you connect via OAuth
- OAuth access and refresh tokens (encrypted at rest).
- Platform account ID, handle, and basic profile metadata.
- Content you publish through the Service (text, images, videos, scheduling times, destinations).
- Read-scope data you authorize: e.g., on TikTok, a list of your public videos; on Meta, page and business metadata.
(c) From inbound webhooks
Direct messages, comments, and mentions sent to accounts you have connected (sender handle, message text, platform, timestamp, attachments).
(d) Automatically
Standard server logs: IP address, user-agent, timestamps, paths requested. Used for security and debugging.
3. How We Use It
We use collected data to: (i) publish content to the platforms you authorize, on your behalf; (ii) show you your inbox, CRM, and analytics; (iii) classify inbound messages and draft reply suggestions for your review; (iv) maintain security and prevent abuse; (v) comply with law. We do not sell your data.
4. AI Processing
A core function of the Service is AI-assisted triage of your inbound DMs, comments, and mentions, and AI-assisted drafting of outbound replies. To provide these features we send the following to Anthropic, PBC's API (our AI sub-processor):
- The text of inbound messages (DMs, comments, mentions) received on accounts you have connected.
- Context you provide — your profile, your business description, prior conversation history, and any style prompts you configure.
- No OAuth tokens, passwords, billing data, or raw media files are ever sent to the AI API.
Anthropic processes this data under a zero-retention commercial agreement: data is not used to train models and is not retained beyond the time needed to return a response. AI outputs (message classification, draft replies) are surfaced to you for review — nothing is sent to a third-party platform without your explicit action.
AI classifications and draft replies can be wrong. You remain responsible for anything you publish or send through the Service. During the beta we may review a sample of AI outputs internally to measure quality; such review is limited to employees of Mini Money under confidentiality obligations and never exposes data to third parties.
5. Sub-processors
We share the minimum data necessary with the following:
- Supabase, Inc. — database and authentication storage.
- Vercel, Inc. — application hosting.
- Anthropic, PBC — AI classification of inbound message content and generation of draft replies, under the AI terms in section 4.
- The social platform you connect — receives any content you publish through the Service.
No other third-party sharing. No data brokers. No advertising networks.
6. Platform-Specific Disclosures
(a) TikTok
Data received through the TikTok Login Kit and Content Posting API is used solely to operate the Service for the authorizing user, is never sold or shared except as stated above, and is deleted when the user disconnects TikTok or requests deletion.
(b) Meta (Facebook, Instagram, Threads)
We honor Meta's Deauthorize Callback and Data Deletion Request endpoints at /api/oauth/meta/uninstall and /api/oauth/meta/delete respectively, and /api/oauth/threads/uninstall and /api/oauth/threads/delete for Threads. Tokens and related rows are removed on receipt.
(c) Google (YouTube)
Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
(d) X (Twitter), LinkedIn, Reddit, Pinterest, Tumblr, Mastodon, Bluesky, Telegram, Vimeo, Snapchat, Dev.to
Data received through each platform's OAuth flow is used only to perform the actions you authorize, and is deleted on disconnect or request.
7. Retention
- OAuth tokens: retained until you disconnect the platform or request deletion; revoked immediately on disconnect.
- Inbound messages and CRM metadata: retained for as long as your account is active, for business-relationship continuity. You may request deletion at any time.
- Server logs: 30 days.
8. Security
Transport is HTTPS. OAuth tokens are stored in a hardened Supabase schema and never exposed in client code. We restrict database access via row-level security and scoped service-role keys.
9. Your Rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise any right, email support@minimoneyapp.ai. We respond within 30 days.
California residents have specific rights under the CCPA, including the right to know and the right to delete; we do not sell personal information.
EU/UK residents have rights under the GDPR/UK GDPR. Our legal basis for processing is your consent (OAuth connection) and our legitimate interest in operating the Service you requested.
10. Children
The Service is not directed to anyone under 18. We do not knowingly collect data from children.
11. International Transfers
We operate in the United States. By using the Service from outside the U.S., you consent to the transfer of your data to the U.S.
12. Changes
We may update this Policy. Material changes will be posted here with a new "Last updated" date. Where required by law, we will notify you of material changes.