Privacy Policy

Effective date: March 8, 2026

Minion ("we", "us", "our") operates the Minion platform, including the marketing website at minion.ai and the Minion Hub dashboard application. This policy describes what data we collect, why we collect it, and how we protect it.

1. Data We Collect

1.1 Account Information

When you create a Minion account, we collect:

  • Name and email address — to identify your account
  • Password — stored as an irreversible hash (argon2), never in plain text
  • Profile image — optional, if you choose to upload one

If you sign in with Google, we receive your name, email, and profile picture from Google. We store OAuth tokens securely to maintain your session.

1.2 Session & Security Data

When you use the platform, we automatically collect:

  • IP address — for security and abuse prevention
  • Browser user agent — to identify your device type for security purposes
  • Session tokens — stored as secure HTTP-only cookies to keep you signed in

1.3 Conversation & Usage Data

When you interact with AI assistants through Minion, we store:

  • Chat messages — your conversations with AI assistants, including message content, timestamps, and session identifiers
  • Session metadata — which assistant you're talking to, session status, and duration
  • Files you upload — stored securely on encrypted cloud storage (Backblaze B2)

1.4 Organization Data

If you create or join an organization (Enterprise plan), we store:

  • Organization name, logo, and member roles
  • Invitation records (inviter name, recipient email, role, status)

1.5 Analytics

Our marketing website uses Vercel Analytics and Vercel Speed Insights to collect anonymized performance metrics (page views, load times, Core Web Vitals). These do not track individual users or use cookies for advertising.

We store your language preference in your browser's local storage to remember your chosen language between visits.

2. How We Use Your Data

  • Provide the service — deliver AI assistant conversations, maintain your session, and store your chat history
  • Account management — authenticate you, manage your organization, and process invitations
  • Security — detect and prevent unauthorized access, abuse, and fraud
  • Improve the platform — analyze aggregated usage patterns to improve performance and reliability
  • Send transactional emails — organization invitations and account-related notifications (via Resend)

We do not sell your data. We do not use your conversations to train AI models.

3. Third-Party Services

We use the following services to operate the platform:

ServicePurposeData shared
TursoDatabase hostingAll account and operational data (encrypted in transit)
Backblaze B2File storageUploaded files
Google OAuthSign-in (optional)Email, name, profile picture
ResendTransactional emailRecipient email, inviter name, organization name
VercelHosting & analyticsAnonymized page view and performance data

4. Data Security

  • Passwords hashed with argon2 (industry-standard, irreversible)
  • Server tokens encrypted at rest with AES-256-GCM
  • Session cookies are HTTP-only and secure in production
  • All data transmitted over HTTPS/TLS
  • Multi-tenant data isolation — each organization's data is logically separated at the database level

5. Data Retention & Deletion

We retain your data for as long as your account is active. When you delete your account or organization, all associated data (conversations, files, sessions, metrics) is permanently deleted through cascading database operations.

You may request deletion of your account and all associated data at any time by contacting us.

6. Cookies

We use a minimal number of cookies:

  • Session cookie — HTTP-only authentication cookie managed by our auth system. Required for the platform to function.
  • Language preference — stored in localStorage (not a cookie), remembers your chosen language.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a portable format
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us via WhatsApp at +51 902 829 738 or email.

8. Children's Privacy

Minion is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the platform or via email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Reach us on WhatsApp at +51 902 829 738.