Privacy Policy

1. Who We Are

This Privacy Policy applies to Mintd Ltd ("Mintd", "we", "us", "our"), a company registered in England and Wales under company number 16677272, with our registered office at 82A James Carter Road, Mildenhall, Bury St Edmunds, IP28 7DE.

We operate Stockd (available at stockd.uk), an inventory management platform for watch and jewellery dealers, and any other products and services offered under the Mintd brand.

We are registered with the Information Commissioner's Office (ICO) as a data controller. Our ICO registration is pending confirmation — our registration number will be published here once issued.

For any privacy-related enquiries, please contact us at: hello@stockd.uk

2. Our Commitment to Your Privacy

We are committed to protecting your personal data and handling it responsibly, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection legislation. Where we process data relating to individuals outside the United Kingdom, we comply with applicable international data protection laws including the EU General Data Protection Regulation (EU GDPR) where relevant.

3. Who This Policy Applies To

This policy applies to:

• Dealers — businesses and individuals who register for and use Stockd or any other Mintd product or service.
• Dealers' clients — individuals whose personal data is entered into Stockd by dealers in connection with consignment agreements, repair services, appointments, or other business transactions. These individuals do not have a direct relationship with Mintd but their data is processed through our platform on behalf of the dealer.
• Website visitors — anyone who visits stockd.uk or any other Mintd website.

Stockd and all Mintd products are intended exclusively for business use by individuals aged 18 and over. We do not knowingly collect or process personal data of individuals under the age of 18.

4. What Personal Data We Collect

4.1 Data you provide directly

Account and business registration data:

• Full name
• Email address
• Password (stored in encrypted form — we never have access to your plain-text password)
• Business name, address, phone number, and email address
• Company registration number and VAT number (optional)

Client records entered by dealers:

• Client full name
• Client email address and phone number
• Client postal address
• Notes and transaction history relating to the client

Identity verification documents:

Passport scans, driving licence scans, or other government-issued identity documents uploaded by dealers in connection with their anti-money laundering (AML) obligations

Item and inventory records:

Descriptions, photographs, valuations, and provenance records for physical items

Payment information:

Payment card details for Stockd subscriptions are collected and processed directly by our third-party payment processor. We do not store, transmit, or have access to your full payment card details at any time.

4.2 Data we collect automatically

Technical and usage data:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and features used within the platform
• Login timestamps and session duration
• Error logs and diagnostic data

Cookies and similar technologies:

• Essential cookies required for the platform to function (including authentication session cookies)
• Marketing and analytics cookies where you have consented to their use

Please see Section 10 (Cookies) for further information.

5. How We Use Your Personal Data

We process your personal data on the following lawful bases under UK GDPR:

5.1 Performance of a contract (Article 6(1)(b))

We use your data to:

• Create and manage your Stockd account and workspace
• Provide access to the features included in your subscription plan
• Process your subscription payments
• Send you transactional communications (account confirmations, password resets, billing notifications)
• Provide customer support

5.2 Legal obligation (Article 6(1)(c))

We process certain data to comply with our legal obligations, including:

• Retaining records as required under applicable financial, tax, and anti-money laundering legislation
• Responding to lawful requests from regulatory authorities, law enforcement, or courts

5.3 Legitimate interests (Article 6(1)(f))

We process certain data where it is in our legitimate business interests to do so, provided those interests are not overridden by your rights:

• Improving and developing our products and services
• Maintaining the security and integrity of our platform
• Preventing fraud and misuse
• Analysing how our platform is used to improve user experience
• Sending you relevant communications about product updates or new features (you may opt out at any time)

5.4 Consent (Article 6(1)(a))

Where we rely on your consent:

• Marketing communications beyond transactional messages
• Non-essential cookies and tracking technologies

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5.5 Processing of identity documents

Identity documents (passports, driving licences) uploaded to Stockd are processed on the basis of legal obligation — specifically to support dealers in fulfilling their own obligations under the Money Laundering Regulations 2017. This data is classified as sensitive and is subject to additional technical and organisational safeguards. Access to identity documents is restricted to authorised director-level users within the relevant dealer workspace only.

6. Client Data Processed on Behalf of Dealers

When dealers use Stockd to store and manage personal data about their own clients (such as names, contact details, and identity documents), Mintd acts as a data processor on behalf of the dealer, who is the data controller for that data.

Dealers are responsible for:

• Ensuring they have a lawful basis to collect and enter their clients' personal data into Stockd
• Providing their clients with appropriate privacy information
• Responding to their clients' data subject rights requests
• Complying with all applicable data protection laws in relation to their clients' data

Mintd processes this data solely in accordance with the dealer's instructions and does not use it for any independent purpose.

If you are an individual whose personal data has been entered into Stockd by a dealer and you wish to exercise your data subject rights, you should contact the dealer directly in the first instance. If you are unable to do so, you may contact us at hello@stockd.uk and we will assist in directing your request appropriately.

7. Data Retention

We retain your personal data for as long as is necessary for the purposes set out in this policy, or as required by law.

Active accounts: We retain all account and workspace data for the duration of your subscription with us.

After cancellation: Following cancellation of your subscription, we retain your data for a period of 30 days to allow you to export your records or reactivate your account. After this period, your workspace data is permanently deleted from our systems.

Identity documents: Identity documents uploaded for AML compliance purposes are retained for a minimum of five years from the date of the relevant transaction, in accordance with the Money Laundering Regulations 2017. After this period they are securely deleted.

Asset and ownership records: Records relating to the ownership and provenance history of specific physical assets (including timestamped ownership chain entries and item records) may be retained for longer periods where this is necessary to maintain the integrity of the audit trail or to comply with legal obligations. The retention of such records reflects the legitimate interest of all parties in having a verifiable record of asset ownership history.

Financial and billing records: We retain financial transaction records for a minimum of six years in accordance with HMRC requirements.

Backup copies: Encrypted backup copies of data may be retained for up to 90 days after deletion from the live system before being permanently purged.

8. Sharing Your Personal Data

We do not sell your personal data to third parties. We do not share your personal data with third parties for their own marketing purposes.

We share personal data only in the following circumstances:

• Third-party service providers: We use carefully selected third-party service providers to help us deliver our platform and services. These providers act as data processors on our behalf and are contractually bound to process your data only on our instructions and in accordance with applicable data protection law. They include providers of cloud infrastructure, authentication services, email delivery, SMS messaging, and payment processing.
• Legal requirements: We may disclose personal data where required to do so by law, court order, or at the request of a regulatory authority or law enforcement agency.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of Mintd's business, personal data may be transferred to the relevant third party as part of that transaction. We will notify affected users in advance of any such transfer.
• Protection of rights: We may share data where necessary to protect the rights, property, or safety of Mintd, our users, or others.

9. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom and the European Economic Area. Where we transfer personal data to countries that do not provide an equivalent level of data protection to the UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the relevant data protection authority
• The UK International Data Transfer Agreement (IDTA) where applicable
• Adequacy decisions where the receiving country has been deemed to provide adequate protection

You may request further information about the safeguards in place for international transfers by contacting us at hello@stockd.uk.

10. Cookies

We use cookies and similar tracking technologies on our websites and platform.

Essential cookies: These are strictly necessary for the platform to function. They include authentication session cookies that keep you logged in. You cannot opt out of essential cookies without affecting platform functionality.

Marketing and analytics cookies: With your consent, we may use cookies to understand how our website and platform are used and to deliver relevant marketing. You can manage your cookie preferences at any time through our cookie consent tool.

For full details of the cookies we use, please see our Cookie Policy which is available on our website.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encryption of data in transit using TLS
• Encryption of data at rest
• Access controls and role-based permissions
• Regular security reviews
• Restriction of access to personal data to authorised personnel only

No method of transmission over the internet or method of electronic storage is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required.

12. Your Rights

Under UK GDPR you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data.
• Right to erasure: You have the right to request that we delete your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected.
• Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated processing that produce legal or similarly significant effects.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@stockd.uk. We will respond to your request within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with applicable law. The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.

13. Children

Our products and services are intended exclusively for business use by individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@stockd.uk and we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes we will notify active users by email or by displaying a prominent notice within the platform. The date at the top of this policy indicates when it was last updated.

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Mintd Ltd
82A James Carter Road
Mildenhall
Bury St Edmunds
IP28 7DE
Email: hello@stockd.uk
ICO Registration: Pending — registration number will be published here once issued.

This Privacy Policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It should not be taken as legal advice. Mintd Ltd recommends that this policy is reviewed by a qualified solicitor before being published.