miniapperv1.0 — April 21, 2026

Privacy Policy

Last updated: April 21, 2026

This policy explains what data Miniapper collects, how we use it, and your rights. We keep it plain and specific.

1. Data we collect

Account data: Email address, Telegram user ID (if linked), username, subscription plan.

Prompts and generated code: Stored with your project for as long as your account is active.

Usage analytics: Page views, feature usage, scroll depth, CTA clicks — collected via PostHog.

Bot tokens: Encrypted at rest with AES-GCM. Never logged in plaintext.

Payment data: OxaPay transaction IDs and Telegram Stars charge IDs. We never see or store credit card numbers.

IP addresses: Server logs retained for 30 days.

2. How we use your data

Provide the service: Generate code, deploy apps, send transactional emails.

Improve templates: Anonymized aggregate patterns only. Opt-out available in Settings.

Detect abuse: Phishing detection on prompts, multi-account detection.

Contact you: Transactional emails only (billing, deploy status). Marketing requires separate opt-in.

3. Data processors

We share data with the following processors to operate the service:

  • AnthropicAI code generation (prompts sent for processing)
  • NeonPostgreSQL database hosting
  • VercelApplication hosting and deployment
  • ClerkAuthentication
  • UpstashRedis cache and rate limiting
  • E2BLive preview environments
  • OxaPayCryptocurrency payments
  • TelegramStars payments and bot operations
  • ResendTransactional email
  • SentryError tracking
  • PostHogProduct analytics

Your data is never sold. Never used for cross-site advertising.

4. Data retention

Active accounts: Data retained while your account is active.

Prompts + code: 90 days after generation, then pruned.

Deleted accounts: 30-day reversibility window, then hard-deleted.

Phishing logs: 2 years (fraud prevention).

Payment records: 7 years (tax requirement).

5. Your rights (GDPR + CCPA)

Access: Export all your data from /settings/export. ZIP delivered within 48 hours.

Rectification: Edit your profile in Settings.

Erasure: Delete your account from /settings/delete. 30-day reversibility, then permanent.

Portability: Export format is human-readable JSON and Markdown.

Objection: Opt out of model-improvement data use in Settings.

Complaints: Contact your local data protection authority.

6. Cookies

  • __clerk_*Authentication (essential)
  • mini_ref30-day referral attribution (essential for feature)
  • ph_*PostHog analytics (consent required in EU)

No Google Analytics. No Meta Pixel. No Amplitude.

7. Children's privacy

We don't knowingly collect data from anyone under 13 (Telegram's minimum age). If you believe a child has provided us data, contact us for removal.

8. Contact

Email: privacy@miniapper.app

Material changes to this policy will be communicated via email at least 30 days in advance.

Terms of ServiceAcceptable UseRefund Policy
← Back to home