Privacy Policy

1. Introduction

This Privacy Policy describes how Mint Metrics Pty Ltd (ACN 169496075) (“Mint Metrics”, “we”, “us”, or “our”) collects, uses, stores, and protects information when you:

Mint Metrics is a Melbourne-based conversion optimisation and analytics consultancy. We help organisations improve their digital experiences through A/B testing, analytics implementation, and data-driven insights.

By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Our Services

This policy covers the following services:

2.1 Consulting & Professional Services

2.2 Mojito Control Plane

A hosted web application for managing A/B tests and feature flags across your digital properties. The platform allows you to:

3. Information We Collect

3.1 Website Visitors

When you visit our website, we collect:

3.2 Contact & Enquiries

When you contact us, we collect:

3.3 Consulting & Services Clients

When you engage our services, we may collect and process:

We access client systems including:

3.4 Mojito Control Plane Users

When you use the Control Plane, we collect:

Account Information:

Organisation & Project Data:

Usage Data:

4. How We Use Your Information

Purpose Legal Basis Applies To
Provide and maintain our Services Contract performance All clients
Authenticate users and manage access Contract performance Control Plane users
Store and manage experiment configurations Contract performance Control Plane users
Generate and deploy experiment code Contract performance Control Plane users
Deliver consulting services and reports Contract performance Services clients
Access client systems for service delivery Contract performance Services clients
Send service-related communications Legitimate interest All clients
Respond to enquiries and support requests Legitimate interest All
Monitor and improve our Services Legitimate interest All
Detect and prevent technical issues Legitimate interest All
Comply with legal obligations Legal obligation All

5. Data Storage & Security

5.1 Data Storage

Your data is stored using the following infrastructure, all located in Australia:

Provider Purpose
Supabase Database hosting for Control Plane (PostgreSQL)
Google Cloud Platform Cloud infrastructure and services
Google BigQuery Analytics data warehousing
Amazon Web Services (S3) Experiment asset storage
Amazon CloudFront Content delivery for experiment assets

5.2 Security Measures

We implement appropriate technical and organisational measures to protect your data:

5.3 Financial Services Clients

We have experience working with regulated industries including banking and financial services. We can accommodate additional security requirements and compliance measures as needed for your organisation.

6. Data Sharing & Third Parties

6.1 Third-Party Service Providers

We use the following services to operate our business and platform:

Platform & Infrastructure:

Service Purpose
Google OAuth User authentication
Supabase Database hosting
Google Cloud Platform Cloud infrastructure
Google BigQuery Data warehousing
Google Pub Sub Event streaming
Amazon S3 & CloudFront Asset storage and delivery

Internal Tools & Analytics:

Service Purpose
Google Analytics 4 Website and platform analytics
Snowplow Analytics Internal event tracking and analysis

Project Management & Communication:

Service Purpose
Slack Team communication
Email Client communication
Trello Project management
Bitbucket Code repository and version control
Figma Design collaboration

6.2 When We Share Data

We do not sell your personal information. We may share your information only in the following circumstances:

6.3 Data Processing Agreements

Data Processing Agreements (DPAs) are available upon request for clients who require formal data processing arrangements.

7. Data Retention

We retain your data as follows:

Data Type Retention Period
Account information Duration of account + 30 days after deletion
Organisation & project data Duration of organisation + 90 days after deletion
Experiment configurations Until explicitly deleted by organisation owner
Client project files and reports Up to 4 years
Analytics and experiment data Up to 4 years
Activity and access logs Up to 4 years
Error logs 90 days
Contact enquiries Up to 4 years or until you request deletion

After the retention period, data is securely deleted or anonymised.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights

8.2 GDPR Rights (European Economic Area)

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

8.3 CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

8.4 Australian Privacy Principles

As an Australian company, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have the right to:

9. Exercising Your Rights

To exercise any of your privacy rights, please contact us: Email: info (at) mintmetrics.io

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Cookies & Tracking

10.1 Cookies We Use

Cookie Type Purpose Duration
Essential Site functionality and security Session
Authentication Maintain your login session (Control Plane) Session
Preferences Remember your settings 1 year
Analytics Understand usage patterns As per provider

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

To opt out of Google Analytics, visit: tools.google.com/dlpage/gaoptout

11. Mojito Control Plane — Additional Terms

11.1 Platform Hosting

The Mojito Control Plane is hosted and operated by Mint Metrics. We own and manage the infrastructure including:

11.2 Experiment Asset Delivery

When you publish experiments through the Control Plane:

  1. Experiment configurations are stored in our database
  2. JavaScript and CSS assets are generated and stored in our S3 buckets
  3. Assets are delivered to your end users via our CloudFront CDN
  4. Analytics data flows to your configured GA4 property

11.3 Your Responsibilities

As a user of the Mojito Control Plane, you are responsible for:

12. Children’s Privacy

Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Mint Metrics Pty Ltd

15. Document History

Version Date Changes
1.0 21 January 2026 Initial comprehensive policy covering services and Control Plane