Privacy

Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

Last updated: 17 June 2026

Save everything on CloudCraft for free.

Upgrade for unlimited storage, end-to-end security, web editorand dedicated enterprise features.

This Privacy Policy explains how Mintelo collects, uses, shares, stores and protects your personal information when you use our website, applications and services (the "Service"), and the rights you have over your information.

Mintelo is a personal wealth and financial-tracking platform. Because we handle information about your finances, we treat your information as highly sensitive and have written this policy to meet a high standard of protection across every country in which we operate.

Please read it together with our Terms and Conditions. By using the Service, you confirm that you have read and understood this Privacy Policy.


A note on language: Some laws use different words for the same thing. Where this policy refers to "personal information," this includes "personal data" (UK/EU), and where it refers to "we," "us" or "Mintelo," this means the group of companies described in Section 1. This policy is written in plain language on purpose.


Where we are today: The full Mintelo platform is being built. At present, our website lets you join our waitlist or register your interest, which means that for now we mainly collect the contact details you give us and basic information about how you use our site. The remainder of this policy also describes how we will handle your information once the full financial-tracking platform is available to you, so that you can see in advance how your information will be protected. Sections describing financial-data and account features apply once those features are live for you.

1. Who we are (the people responsible for your information)


The Mintelo service is operated by a group of companies. In this policy, "Mintelo," "we," "us" and "our" mean:


  • Key Mountain Trading (Pty) Ltd, a company registered in South Africa (registration number K2020872299, registered address 17 Etosha Street, Somerset West, 7130, South Africa) — the operating company that provides the Service to you and is the party you contract with. For South African data-protection purposes, this company is the Responsible Party (data controller) for your personal information.

  • Mintelo Holdings Ltd, a company registered in the United Kingdom (company number 17216929, registered address 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom) — the holding company, which owns the Mintelo intellectual property and trademark and which may process certain information on our behalf, including for billing, payments and group infrastructure. For UK data-protection purposes this company acts as a controller and/or processor as applicable.


Together these companies form the "Mintelo group." Where this policy describes something "we" do, it may be carried out by either company or by a trusted service provider acting on our instructions.


How to contact us about privacy:

  • Email: privacy@mintelo.io

  • Postal address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

  • Information Officer / Data Protection contact: our Chief Executive Officer, contactable at privacy@mintelo.io (see Section 14 for country-specific details)

2. The information we collect


We only collect information we need to provide the Service to you. The information we collect falls into the following categories.


Information you give us:


  • Account and identity information — your name, email address, and login credentials.

  • Profile and preferences — settings, language, and choices you make in the Service.

  • Financial information you enter or import — this is the core of the Service. It may include your assets, liabilities, net worth, income and expenses, budgets and forecasts, investment holdings and performance, property income and expenses, financial statements, and any other financial data you choose to record, upload or connect.

  • Billing information — where you take a paid plan, your billing details. Payment card details are handled by our payment provider and are not stored by us (see Section 5).

  • Communications — messages you send us, including support requests and feedback.


Information we collect automatically when you use the Service:


  • Usage data — pages and features you use, time and date of access, and similar activity data.

  • Device and technical data — IP address, device type, operating system, browser type and version, and unique device identifiers.

  • Cookies and similar technologies — see Section 9.


Waitlist and marketing sign-ups:


  • If you join our waitlist or sign up to hear from us, we collect the contact details you give us (such as your email address and, if provided, your name), together with a record of the consent you gave and when you gave it. We use a third-party email service provider to manage these sign-ups and send these messages (see Section 4), and that provider may be located outside South Africa (see Section 6).


Information we receive from third parties:


  • Where you choose to connect an external source (for example a bank feed, data aggregator, or property-data provider), we receive information from that source so we can display and analyse it for you. This kind of collection only applies to features we actually offer you — for example, automated bank feeds are not part of every plan, and some plans rely on information you enter or import manually. If we collect information about you indirectly in this way, we will, where required by law, take reasonable steps to make you aware of it.


We do not seek to collect "special" categories of information (such as health, biometric or similar data) and ask that you do not enter such information into the Service. Financial information is sensitive, and we treat it accordingly, but in most jurisdictions it is not in itself a "special category" requiring separate consent — except in certain US states, where we treat it as sensitive information requiring your consent (see Section 14).

3. How we use your information, and our legal basis


We use your information for the purposes below. Where the law requires us to identify a "legal basis" for using your information, the relevant basis is shown in brackets.


  • To provide the Service — to create and manage your account, store and display your financial data, run the tracking, calculation, forecasting and reporting tools, and deliver the features you ask for. (Performance of our contract with you.)

  • To operate billing and payments — to process subscriptions and payments and to keep records of them. (Performance of our contract; compliance with legal obligations.)

  • To keep the Service secure — to authenticate users, prevent fraud and unauthorised access, and protect the integrity of the Service. (Our legitimate interests in security; legal obligation.)

  • To support you — to respond to your questions, requests and complaints. (Performance of our contract; our legitimate interests.)

  • To improve the Service — to understand how the Service is used, fix problems, and develop new features. Where we do this we use aggregated or de-identified information wherever possible. (Our legitimate interests in improving our product.)

  • To communicate with you — to send you service and administrative messages (for example security alerts, changes to terms, or billing notices). (Performance of our contract; legal obligation.)

  • For marketing — to tell you about features, offers and news. We send electronic marketing only where you have given us your consent to do so (or, in the limited cases the law allows, to an existing customer about our own similar services). You can withdraw your consent or opt out at any time, using the unsubscribe link in any message or by contacting us. (Consent — or, where applicable, our legitimate interests.)

  • To comply with law and protect rights — to meet legal and regulatory obligations, respond to lawful requests, and establish, exercise or defend legal claims. (Legal obligation; our legitimate interests.)

  • In a business transfer — if the Mintelo group is involved in a merger, acquisition, restructuring or sale of assets, your information may be transferred as part of that transaction. We will require any recipient to honour this Privacy Policy, and we will notify you before your information becomes subject to a different policy. (Our legitimate interests; legal obligation.)


We will not use your financial information to make automated decisions that produce legal or similarly significant effects about you without telling you and giving you the rights the law provides.


Important: Mintelo is an information and calculation tool. We do not use your information to give you financial, investment, tax or legal advice, and our outputs are not recommendations. Please see our Terms and Conditions for more on this.

4. How we share your information


We do not sell your personal information. We share it only as described here:


  • With companies in the Mintelo group — between Key Mountain Trading (Pty) Ltd and Mintelo Holdings Ltd, for the purposes set out in this policy (such as billing, infrastructure and support), under arrangements that protect your information.

  • With service providers (operators / processors) — trusted third parties who process information on our behalf and on our instructions, such as cloud hosting, data storage, analytics, customer support tools, email delivery and payment processing. They are bound by written agreements requiring them to protect your information, use it only for the purposes we specify, keep it confidential, and notify us of any security breach.

  • With third parties you choose to connect — where you authorise a connection (for example a bank feed or data source), we exchange information with that provider as needed to deliver the feature.

  • For legal and safety reasons — where we believe in good faith it is necessary to comply with a law, regulation, legal process or enforceable governmental request; to enforce our terms; to detect, prevent or address fraud, security or technical issues; or to protect the rights, property or safety of Mintelo, our users or the public.

  • In a business transfer — as described in Section 3.

  • With your consent — for any other purpose we tell you about and you agree to.


We do not share your information with advertisers or data brokers, and we do not allow our service providers to use your information for their own purposes.

5. Payments


Payments for paid plans are processed by a third-party payment provider (for example Stripe). Depending on how we operate billing, payments may be collected by Key Mountain Trading (Pty) Ltd or, where international payment processing requires it, administered by Mintelo Holdings Ltd on its behalf. Your full payment card details are collected and processed by the payment provider under its own terms and privacy policy and are not stored on Mintelo's systems. We receive only limited information needed to confirm and manage your payment.

6. International transfers of your information


Mintelo operates from South Africa and the United Kingdom, and uses service providers that may be located in other countries — including, for example, email, analytics and hosting providers based in the United States and elsewhere. This means your information may be transferred to, stored in, or accessed from countries other than the one you live in, where data-protection laws may differ from those in your country.


Whenever we transfer your information across borders — including between our South African and UK companies, and to our service providers wherever they are located — we put appropriate safeguards in place so that your information continues to be protected to a standard comparable with the protections in your home country. These safeguards include binding written agreements that require the recipient to protect your information in line with this policy and applicable law, restrict what they may do with it, and limit any onward transfer.


In particular, transfers of South African personal information out of South Africa (whether to our UK company or to service providers in countries such as the United States) are made on the basis of a binding data transfer agreement requiring protection substantially similar to that under South African law, your consent, the need to perform our contract with you, and/or another lawful ground recognised by South African law. Transfers governed by UK law use the UK's recognised transfer mechanisms (such as the International Data Transfer Agreement or Addendum) where required.


If you would like more detail about the safeguards we use, please contact us using the details in Section 1.

7. How long we keep your information


We keep your personal information only for as long as we need it for the purposes set out in this policy:


  • While your account is active — we keep your account and financial information so the Service works for you.

  • After you close your account — we delete or de-identify your financial data within a reasonable period, except where we need to keep certain information to comply with legal or tax obligations, resolve disputes, prevent fraud, or enforce our agreements.

  • Usage and technical data — generally kept for a shorter period, except where needed for security or to meet a legal obligation.


When we no longer need your information, we securely delete or anonymise it.

8. Your rights over your information


Wherever you live, we aim to give you strong, consistent control over your information. Depending on your country, you have some or all of the following rights:


  • Access — to ask what information we hold about you and get a copy.

  • Correction — to have inaccurate or incomplete information corrected.

  • Deletion — to ask us to delete your information (subject to legal exceptions).

  • Objection and restriction — to object to, or ask us to limit, certain processing.

  • Portability — to receive certain information in a portable format, or have it sent to another provider, where technically feasible.

  • Withdraw consent — where we rely on your consent, to withdraw it at any time (this does not affect processing already carried out).

  • Opt out of marketing — to unsubscribe from marketing messages at any time, using the link in any message or by contacting us.

  • Not be subject to certain automated decisions — to ask for human involvement in decisions made solely by automated means that significantly affect you.

  • Complain — to lodge a complaint with your data-protection regulator (see Section 14).


You can exercise many of these rights directly in your account settings. Otherwise, contact us using the details in Section 1. We will respond within the time required by law. We will not discriminate against you for exercising your rights, and exercising them is free unless your request is excessive or repetitive, in which case we will tell you first.


We may need to verify your identity before acting on a request, to protect your information.

9. Cookies and similar technologies


We use cookies and similar technologies (such as pixels and local storage) to make the Service work, keep it secure, remember your preferences, and understand how it is used.


  • Strictly necessary cookies — required for the Service to function (for example, to keep you logged in and to prevent fraud). These cannot be switched off.

  • Functional cookies — remember your choices and preferences.

  • Analytics — privacy-first and cookieless. We use our website platform's built-in, privacy-first analytics to understand how the site is used (such as page views, visitor counts, and traffic sources). These analytics do not use cookies, do not set persistent identifiers, and do not collect information that identifies you as an individual, so no consent is required for them.

    If we add cookie-based analytics or advertising in future (for example Google Analytics), we will first put a consent banner in place that lets you accept or decline non-essential cookies, and we will not load those cookies until you agree. We will update this policy before doing so.

10. How we protect your information


We take the security of your financial information seriously. We use appropriate technical and organisational measures designed to protect it against loss, misuse, and unauthorised access, alteration or disclosure — including encryption in transit, access controls, and agreements that require our service providers to do the same.


No method of transmission or storage is ever completely secure, so we cannot guarantee absolute security. However, we work continually to protect your information, and if a security breach affects your personal information, we will notify you and the relevant regulators where the law requires us to.

11. Children


The Service is intended for adults. It is not directed at, and we do not knowingly collect personal information from, anyone under the age of 18. If you believe a person under 18 has provided us with personal information, please contact us and we will take steps to delete it.

12. Third-party links


The Service may contain links to websites and services we do not operate. We are not responsible for the privacy practices of those third parties, and we encourage you to read their privacy policies. This policy applies only to the Mintelo Service.

13. Changes to this policy


We may update this Privacy Policy from time to time. If we make a material change, we will take reasonable steps to let you know — for example by email or a prominent notice in the Service — before it takes effect, and we will update the "Last updated" date above. Your continued use of the Service after a change takes effect means you accept the updated policy.

14. Your country-specific rights


The core of this policy applies to everyone. This section sets out additional rights and information that apply depending on where you live. Where there is any conflict, the provisions for your country apply to you.


South Africa (POPIA)


Key Mountain Trading (Pty) Ltd is the Responsible Party for your personal information and processes it in line with the eight conditions for lawful processing under the Protection of Personal Information Act, 2013 (POPIA).


  • Information Officer: Our Information Officer is our Chief Executive Officer, contactable at privacy@mintelo.io. Our Information Officer is registering with the Information Regulator as required by POPIA.

  • Your POPIA rights: in addition to the rights in Section 8, you may object to processing on reasonable grounds and object to processing for direct marketing.

  • Direct marketing: in line with section 69 of POPIA, we send you electronic direct marketing only where you have given your prior consent (which we record), or in the limited case where you are an existing customer and the marketing relates to our own similar products or services. We identify ourselves in every marketing message and give you a way to opt out in each one, and you may withdraw your consent at any time.

  • Regulator: you may complain to the Information Regulator (South Africa) — enquiries@inforegulator.org.za / www.inforegulator.org.za.


United Kingdom (UK GDPR / Data Protection Act 2018)


  • The relevant Mintelo group company acts as controller of your personal data and processes it on the legal bases set out in Section 3.

  • Your rights are as set out in Section 8 (access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making).

  • Regulator: you may complain to the Information Commissioner's Office (ICO)www.ico.org.uk — or its successor body.


Australia (Privacy Act 1988 / Australian Privacy Principles)


  • We handle your personal information in accordance with the Australian Privacy Principles (APPs).

  • We may disclose your information to overseas recipients (including our group companies in South Africa and the United Kingdom, and our service providers). We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs.

  • Complaints: you may complain to us first, and then to the Office of the Australian Information Commissioner (OAIC)www.oaic.gov.au.


New Zealand (Privacy Act 2020)


  • We handle your personal information in accordance with the Information Privacy Principles.

  • Where we collect your information from someone other than you (for example a connected data source), we will take reasonable steps to make you aware of the collection where required.

  • We may disclose your information overseas only with comparable safeguards in place or with your authorisation.

  • Complaints: you may complain to the Office of the Privacy Commissionerwww.privacy.org.nz.


United States (California and other states)


If you are a resident of a US state with applicable privacy law, you have the rights described in Section 8, including the right to know, access, correct and delete your personal information, and to be free from discrimination for exercising those rights.


  • Sensitive information: we treat financial and account information as sensitive and, where your state requires it, we will obtain your consent before processing it for non-essential purposes. You may direct us to limit the use of your sensitive personal information.

  • We do not sell or "share" your personal information as those terms are defined under California law (including for cross-context behavioural advertising). You may still exercise a "Do Not Sell or Share My Personal Information" request, and we honour the Global Privacy Control signal.

  • Categories: the categories of personal information we collect, and the purposes for which we use them, are described in Sections 2–4.

  • How to exercise your rights: contact us using the details in Section 1. You may use an authorised agent. We will verify your request before acting on it.

  • Complaints: California residents may contact the California Privacy Protection Agency or the California Attorney General.

15. Contact us


If you have any questions, requests or complaints about this Privacy Policy or how we handle your information, please contact us:


  • Email: privacy@mintelo.io

  • Information Officer / Privacy contact: our Chief Executive Officer, at privacy@mintelo.io

  • Post: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom


We will always try to resolve your concern directly before you approach a regulator.