Human Readable Security and Privacy Policy of Mintfort
Very few people read security and privacy policies, the reasons are quite obvious. Terms of service, Security and Privacy Policies are not intended to be easy to understand. Written by lawyers and for lawyers. This blog post is not a replacement for our terms of service but a hopefully easy to digest version of it.
TL;DR What happens with my data.
Which 3rd parties receive information about me?
- Google Inc. (Google Analytics)
- Sentry
Which data is sent to those 3rd parties?
Google Analytics
- Page views (e.g. Dashboard)
- Event Data (e.g. added Binance)
Sentry
- In case our application crashes 🤞sentry sends this error to the sentry server
- Data contained are the error logs which do not contain sensitive information and those error logs get deleted after the issue is resolved
Which data is sent to Mintfort?
At this moment, none. (v0.5.0).
Our general view on private data
We deeply care about privacy and security, we follow one core value “Datensparsamkeit” (German for: data thrift). A concept that is quite famous in German information privacy. The concept is very simple, don’t ask or give data that are not necessary to run a service. At this moment we do not ask you for your:
- Name
- Birthday
- or anything alike
Why? Because we don’t need that information to run our service at this moment.
Future versions of our portfolio tracker and other services may require KYC (Know your Customer) or transmit information to our backend. But you can be sure we will always ask you for the minimum of information that we need to run our services.
Local first
Our portfolio tracker has no server-side, which means there is no remote database from Mintfort providing the app with information. You communicate with the exchanges directly, there is no need for us to send your API-Keys to our (non-existing) server, so we don’t do it. Simple, right?
Welcome to “Datensparsamkeit”.
Tracking
We use google analytics to send us usage data of our application. We intend to move away from Google Analytics but for our beta, we will stick with it. But only metadata is being tracked, never content of your portfolio. Here is a detailed list of values that we track:
- Usage Time (e.g. 20min on 15.07.2018) the time you actively use the app, not background time.
- Page views (‘Dashboard’, ‘Coinlist’, ‘Settings’)
- Events: (Added Binance to Portfolio)
- App Version (v0.5.0)
- Operating System (‘Macintosh’)
We definitely do not track:
- Portfolio value
- Coins you own
- IP Adress
As Electron (the framework that we use) is basically an own browser we / google analytics cannot access your cookies from your other sessions (e.g. Chrome). So creepy tracking capabilities like ‘Age of the User’ are not possible.
Encryption and Cross-Site-Scripting
With version 0.5.0 all your information gets encrypted with your chosen password. We do not store this password. We have no way to access this information without the password so others also can’t. But if you lose your password you lose your access. So you need to setup all those API-Keys again 😨. We feel you, we work on a better way to setup API-Keys.
Cross-Site-Scripting is a real issue in Electron, as Electron has access to the file system. Luckily Electron provides some pretty straightforward ways to ensure external resources cannot gain access. On top of this, we consider twice before adding a new dependency (code that is not written by us) and constantly try to get rid of them, if possible.
Thank you for your time, if you have any questions feel free to comment or choose your favourite way to connect at the bottom:
Website: https://mintfort.com/
Twitter: https://twitter.com/mintfort
LinkedIn: https://www.linkedin.com/company/mintfort/
Slack: mintfort.slack.com
Facebook: https://www.facebook.com/mintfortbank/
Cheers!
