Privacy Policy

Last Updated: January 29, 2026

Effective Date: January 29, 2026

TiMint™ ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website timint.in and use our digital startup registry platform (collectively, the "Platform" or "Services").

This Privacy Policy applies to all users of our Platform, including Minor Users (ages 13-17) and their Guardians. We take special care to protect the privacy of minors in accordance with applicable laws, including the Children's Online Privacy Protection Act (COPPA), the Information Technology Act, 2000 of India, and the Digital Personal Data Protection Act, 2023.

BY ACCESSING OR USING OUR PLATFORM, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. If you do not agree with this Privacy Policy, please do not use our Platform.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Platform, including:

From Minor Users (Teen Registrants):

  • Full legal name;
  • Date of birth;
  • Email address;
  • Phone number;
  • Residential address;
  • Startup name and description;
  • Guardian/parent contact information.

From Guardians (Parents/Legal Guardians):

  • Full legal name;
  • Email address;
  • Relationship to Minor User;
  • Government-issued identification documents (for KYC verification);
  • Selfie photograph (for identity verification).

1.2 Information Collected Automatically

When you access our Platform, we automatically collect certain information, including:

  • Device Information: Browser type, operating system, device identifiers;
  • Log Data: IP address, access times, pages viewed, referring URLs;
  • Usage Data: Features used, actions taken, interaction patterns;
  • Cookies and Similar Technologies: Session identifiers and preferences.

1.3 Information from Third Parties

We may receive information from third-party services integrated with our Platform, including authentication providers (Supabase), document storage services, and IPFS gateways (Pinata). This information is used solely to provide our Services.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 Service Delivery

  • To create and manage user accounts;
  • To process startup name registrations;
  • To facilitate Guardian verification and consent;
  • To conduct KYC verification procedures;
  • To generate TMIT Tokens and digital certificates;
  • To create immutable IPFS records of registrations;
  • To provide Guardian Dashboard access.

2.2 Communication

  • To send verification emails to Guardians;
  • To notify users of registration status updates;
  • To provide Guardian secret keys via email;
  • To respond to inquiries and support requests;
  • To send important service announcements.

2.3 Security and Fraud Prevention

  • To verify user identity and prevent fraudulent registrations;
  • To implement rate limiting and abuse prevention;
  • To detect and prevent unauthorized access;
  • To protect minors from exploitation.

2.4 Platform Improvement

  • To analyze usage patterns and improve our Services;
  • To develop new features and functionalities;
  • To optimize platform performance and user experience.

3. LEGAL BASIS FOR PROCESSING

We process your personal information based on the following legal grounds:

  • Consent: You have given explicit consent for specific purposes, particularly for Minor Users through Guardian consent;
  • Contractual Necessity: Processing is necessary to fulfill our Terms of Service;
  • Legal Obligation: Processing is required to comply with applicable laws;
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention and platform security.

4. KYC DOCUMENTS AND SENSITIVE DATA

4.1 Special Handling of KYC Documents

We recognize that KYC documents (government-issued IDs and selfie photographs) constitute sensitive personal information requiring enhanced protection. We implement the following safeguards:

  • Limited Purpose: Documents are used solely for identity verification;
  • Secure Storage: Documents are stored in encrypted, access-controlled storage;
  • Automatic Deletion: Documents are automatically deleted from our systems after successful verification;
  • Restricted Access: Only authorized administrators may access documents during the verification process.

4.2 No Retention of Sensitive Documents

We do NOT retain copies of:

  • Government-issued identification documents;
  • Selfie photographs submitted for verification;
  • Any biometric data.

These documents are deleted immediately upon completion of the KYC verification process.

5. DISCLOSURE OF INFORMATION

5.1 We Do NOT Sell Your Data

We do NOT sell, rent, trade, or otherwise transfer your personal information to third parties for marketing or commercial purposes.

5.2 Limited Disclosure

We may disclose your information only in the following circumstances:

  • Service Providers: To trusted third-party vendors who assist in operating our Platform (e.g., Supabase for database, Pinata for IPFS, Resend for email), under strict data protection agreements;
  • Legal Requirements: When required by law, court order, or government request;
  • Protection of Rights: To protect our rights, property, or safety, or that of our users;
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate privacy protections.

5.3 Publicly Available Information

Certain information becomes publicly visible when displayed on verification badges and IPFS records, including startup name, founder name, and registration date. This public disclosure is necessary for the verification badge functionality.

6. DATA STORAGE AND SECURITY

6.1 Storage Location

Your data may be stored and processed on servers located in India, the United States, or other countries where our service providers maintain facilities. By using our Platform, you consent to the transfer of information to countries outside your country of residence.

6.2 Security Measures

We implement industry-standard security measures to protect your information, including:

  • SSL/TLS encryption for all data transmission;
  • Encrypted database storage;
  • Row-Level Security (RLS) policies on databases;
  • Rate limiting to prevent abuse;
  • Secure authentication mechanisms;
  • Regular security audits and vulnerability assessments;
  • Access controls limiting employee access to personal data.

6.3 IPFS and Blockchain Records

Registration data stored on IPFS is inherently decentralized and immutable. Once recorded, this data cannot be modified or deleted. Users should understand that IPFS records are permanent by design.

7. DATA RETENTION

7.1 Account Data

We retain account information for as long as your account is active or as needed to provide Services. If you request account deletion, we will delete your data from our active systems, except for:

  • Data required for legal compliance;
  • Anonymized analytics data;
  • IPFS records (which are permanent and immutable).

7.2 KYC Documents

KYC documents are deleted immediately after verification is complete. No copies are retained.

7.3 Verification Links

Guardian verification links and tokens expire after 24 hours and are automatically invalidated.

8. CHILDREN'S PRIVACY

8.1 Minor Users (Ages 13-17)

Our Platform is specifically designed for users aged 13-17. We take the following measures to protect minor users:

  • Mandatory Guardian Consent: No registration is complete without verified Guardian approval;
  • KYC Through Guardians: Identity documents are provided by Guardians, not minors;
  • Limited Data Collection: We collect only information necessary for our Services;
  • Guardian Oversight: Guardians can monitor registrations through the Guardian Dashboard.

8.2 Children Under 13

Our Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will promptly delete such information.

8.3 Parental Rights

Guardians may review, modify, or request deletion of their minor's personal information by contacting us at privacy@timint.in.

9. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to Access: You may request a copy of the personal information we hold about you;
  • Right to Rectification: You may request correction of inaccurate or incomplete information;
  • Right to Erasure: You may request deletion of your personal information, subject to legal and contractual limitations;
  • Right to Restrict Processing: You may request that we limit how we use your information;
  • Right to Data Portability: You may request your data in a structured, machine-readable format;
  • Right to Object: You may object to processing based on legitimate interests;
  • Right to Withdraw Consent: You may withdraw consent at any time for processing based on consent.

To exercise these rights, please contact us at privacy@timint.in. We will respond to requests within 30 days.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies

We use the following types of cookies:

  • Essential Cookies: Required for Platform functionality, authentication, and security;
  • Functional Cookies: Remember your preferences and settings;
  • Analytics Cookies: Help us understand how users interact with our Platform.

10.2 Managing Cookies

Most browsers allow you to control cookies through settings. However, disabling essential cookies may impair Platform functionality.

11. THIRD-PARTY SERVICES

Our Platform integrates with the following third-party services:

  • Supabase: Database and authentication services;
  • Pinata: IPFS pinning and storage;
  • Resend: Transactional email delivery;
  • Upstash: Rate limiting and caching;
  • Pollinations AI: Startup name validation.

Each third-party service maintains its own privacy policy. We encourage you to review their policies. We select partners who maintain appropriate data protection standards.

12. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard contractual clauses approved by relevant authorities;
  • Data processing agreements with service providers;
  • Encryption of data in transit and at rest.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our Platform;
  • Updating the "Last Updated" date at the top;
  • Sending email notification for significant changes.

Your continued use of the Platform after changes become effective constitutes acceptance of the revised Privacy Policy.

14. DATA PROTECTION OFFICER

For privacy-related inquiries or to exercise your data rights, you may contact our Data Protection team:

TiMint™ Data Protection

Email: privacy@timint.in

Response Time: Within 30 business days

15. CONTACT INFORMATION

For general questions or concerns about this Privacy Policy, please contact us:

TiMint™

Email: privacy@timint.in

Website: https://timint.in

Support: support@timint.in

BY USING TIMINT™, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.

If you do not agree, please discontinue use of the Platform immediately.