Privacy Policy

Effective Date: July 7th, 2025

1. Introduction

Minerva ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and safeguard your information when you interact with our OSINT platform. By using our service, you consent to the data practices described in this policy.

2. Information We Collect

Personal Information

• Username and authentication credentials
• Payment information (processed securely through third-party payment processors)
• API keys and usage statistics for API subscribers

Technical Information

• IP addresses and geographic location data
• Session data and authentication tokens
• Usage analytics and performance metrics

Search Data

• Search queries and parameters (temporarily stored for processing)
• Search results metadata (not the actual results content)

3. How We Use Your Information

• To provide, maintain, and improve our OSINT services
• To authenticate users and ensure platform security
• To process payments and manage subscription services
• To communicate important updates, security notifications, or service announcements
• To analyze usage patterns and optimize platform performance
• To comply with legal obligations and prevent fraud or abuse
• To provide customer support and respond to inquiries

4. Legal Basis for Processing (GDPR)

• Contractual necessity: To provide services you've requested
• Legitimate interests: Platform security, fraud prevention, and service improvement
• Legal compliance: To meet regulatory and legal requirements
• Consent: For marketing communications (where applicable)

5. Data Sharing and Third Parties

We May Share Data With:

• Payment processors (PayPal, SellAuth) for transaction processing
• Security services for fraud detection and prevention
• Analytics providers for anonymized usage statistics
• Legal authorities when required by law or to protect our rights

We Do NOT:

• Sell personal information to third parties
• Share search queries or results with external parties
• Use your data for advertising or marketing to third parties

6. Data Security and Protection

• All passwords are securely hashed using industry-standard encryption
• Access to personal data is restricted to authorized personnel only
• Search results are processed in memory and not permanently stored
• We implement appropriate technical and organizational measures to protect your data
• For any security vulnerabilities or incidents, please contact us immediately through our contact page

7. Data Retention

• Account information: Retained until account deletion is requested
• Search queries: Temporarily stored for processing (maximum 30 minutes)
• Usage logs: Retained for up to 12 months for security and analytics
• Payment records: Retained as required by law (typically 7 years)
• Deleted data is permanently removed from our systems within 30 days

8. Your Rights and Choices

Under GDPR and CCPA, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Correct inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data ('right to be forgotten')
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your personal data
• Objection: Object to processing based on legitimate interests

To Exercise Your Rights:

• Contact us through our contact page with your request
• We will respond within 30 days of receiving your request
• Identity verification may be required for security purposes

9. Cookies and Tracking

• Essential cookies: Required for basic platform functionality and security
• Session cookies: Temporary cookies for user authentication
• Preference cookies: Store language and user interface preferences
• Analytics cookies: Anonymized data for usage statistics

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions where applicable.

11. Children's Privacy

Minerva is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law.

13. California Privacy Rights (CCPA)

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through Telegram or prominent notice on our platform. Continued use after changes indicates acceptance of the updated policy.

15. Contact Information

For privacy-related inquiries, data subject requests, or concerns about this policy, please contact us through our contact page or reach out to our Data Protection Officer if you are in the European Union.