SoulMinter Privacy Policy

Last Updated: May 12, 2026

Privacy Policy

Last Updated: May 12, 2026

1. Who We Are

This Privacy Policy describes how ROTH MATE EV, a Hungarian sole proprietorship (egyéni
vállalkozó), tax number 91818627-1-28 ("SoulMinter," "we," "us," or "our") handles information
when you use the SoulMinter.io website (the "Platform"). The Platform is a non-custodial software
interface for creating and managing SPL / Token-2022 mints on the Solana blockchain.

For questions about this Policy or about your data, contact us at main@soulminter.io.

SoulMinter is operated by a single sole proprietor. We do not meet the thresholds in Article 37 of
Regulation (EU) 2016/679 ("GDPR") that would require us to designate a Data Protection Officer.
The contact above acts as the single point of contact for all data-protection matters.

2. Data Minimisation Philosophy

The Platform is built around the principle that the less personal data we touch, the less risk to you.
Concretely:

  • We never collect your name, postal address, phone number, government ID, or any directly
    identifying personal data.
  • We never collect or have access to your private key, seed phrase, mnemonic, or signed
    transaction material.
  • We do not require you to create an account, register, or provide an email address.
  • We do not operate a centralised user database tied to identities.

What we do unavoidably interact with is described in Section 3.

3. What We Interact With

3.1. Public wallet address

When you connect a Solana-compatible wallet (e.g. Phantom, Solflare, Backpack), your public wallet
address is read by the Platform so that the transaction can be built and submitted on your behalf. A
public wallet address is a string published on a public blockchain; on its own it is not directly
identifying, but in some jurisdictions and under some combinations of data, it may constitute
personal data within the meaning of GDPR. We treat it accordingly.

3.2. Token parameters and metadata you submit

The name, symbol, decimals, supply, extension parameters, description, image, and other metadata
you submit for a token-creation or token-management transaction are written to the Solana
blockchain and/or routed to decentralised storage (Lighthouse with Pinata/Arweave fallback).
This data is inherently public from the moment it is published on-chain. It is not personal data unless
you choose to put personal data into it (please don't).

3.3. Technical connection data

When you load the Platform, your browser transmits standard technical information (IP address,
user-agent string, referrer, requested URL). We use this information only for:

  • enforcing per-IP rate limits to prevent abuse and denial-of-service attacks;
  • diagnosing transient errors in the service.

We do not store IP-level access logs in a form that links them to a person, and we do not use IP
addresses to build profiles or to target advertising.

3.4. Analytics (consent-gated)

If, and only if, you give consent through our cookie banner, we use:

  • Vercel Web Analytics — privacy-focused, aggregated page-view statistics; does not set
    third-party tracking cookies for cross-site tracking.
  • Google Analytics 4 — measures aggregate site usage and helps us improve the Platform. GA4
    is loaded only after consent and is disabled if you decline or withdraw.

You can withdraw your consent at any time using the "Cookie Settings" link in the footer.

3.5. Third parties whose servers your browser contacts

While using the Platform, your browser also contacts:

  • Solana RPC endpoints (e.g. Helius, public Solana RPCs) — to read on-chain state and submit
    transactions;
  • Wallet provider extensions (Phantom, Solflare, etc.) — they handle signing locally in your
    browser; we do not see your private key;
  • Lighthouse / Pinata / Arweave — to receive metadata uploads;
  • Vercel — to serve the Platform itself;
  • Google Fonts — to serve typography.

Each of these third parties operates under its own privacy policy. We do not control them.

4. Legal Bases for Processing (GDPR Article 6)

Where any of the data described in Section 3 amounts to personal data under GDPR, we rely on the
following lawful bases:

  • Performance of a contract (Art. 6(1)(b)): to operate the software interface you have asked us
    to provide — i.e. to construct, route, and submit the transaction you instruct.
  • Legitimate interests (Art. 6(1)(f)): to keep the Platform secure and available — including
    short-term IP-based rate limiting and abuse prevention. We have assessed that this interest is
    not overridden by your fundamental rights, given the very limited scope of the processing.
  • Consent (Art. 6(1)(a)): for analytics, where you have given a freely given, specific, informed,
    and unambiguous indication of consent through our cookie banner. You may withdraw consent
    at any time without affecting the lawfulness of processing prior to withdrawal.
  • Legal obligation (Art. 6(1)(c)): where applicable, to comply with a legal obligation we are
    subject to (for example, responding to a valid legal request from a competent authority).

5. Retention

  • IP addresses for rate limiting: held only in volatile, in-memory rate-limiting state and not
    retained in any database.
  • Aggregate analytics: retained per the analytics provider's default settings (Vercel Analytics
    and Google Analytics 4 — see their respective policies).
  • On-chain data: permanent and outside our control; once a transaction is confirmed on Solana,
    it cannot be deleted by us or by anyone else.
  • Decentralised storage uploads: persisted by Lighthouse / Pinata / Arweave according to their
    own retention policies; we do not control them.

We keep no centralised database of users, sessions, identities, or behavioural profiles.

6. Sharing and Disclosure

We do not sell, rent, or trade personal data. We may disclose information only:

  • to the third-party processors listed in Section 3.5, strictly as necessary for the Platform to
    function;
  • where required by a valid order from a competent authority with jurisdiction over us, and only to
    the extent of that order.

7. International Transfers

Our hosting and analytics providers (e.g. Vercel, Google) may process data in jurisdictions outside
the EU/EEA, including the United States. Where this is the case, transfers are made under
appropriate safeguards (such as European Commission Standard Contractual Clauses or relevant
adequacy decisions). Solana RPC providers and decentralised storage networks operate globally and
data submitted to them — including any metadata you upload — may be replicated worldwide by
design.

8. Your Rights

If you are in the EU/EEA, GDPR gives you the rights of access, rectification, erasure, restriction,
objection, and data portability, and the right to withdraw consent at any time. Equivalent rights exist
under the California Consumer Privacy Act and various other regimes.

Given that we do not maintain a centralised, identity-linked database, in practice many of these
rights are satisfied by this Policy itself or by the actions you control directly (e.g. clearing your
browser storage, withdrawing analytics consent, ceasing to use the Platform). For anything else,
write to main@soulminter.io and we will respond without undue delay.

You also have the right to lodge a complaint with a supervisory authority. In Hungary, that is the
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH).

9. Cookies and Local Storage

We use a small number of browser-storage items, grouped as follows:

  • Strictly necessary — the wallet adapter stores items such as walletName,
    wallet-adapter-react-connection, and autoConnect in localStorage so the Platform
    remembers which wallet you connected. Standard Next.js / Vercel session items may also be
    set. These do not require consent because they are necessary to deliver the service you
    requested. If you reject them, the Platform will not function.
  • Analytics (consent-gated) — Vercel Web Analytics and Google Analytics 4, only after your
    consent.
  • Third-party functional — Google Fonts, decentralised storage gateways, and wallet
    extensions may set their own technical storage items as a result of you using their service. We
    do not control these.

You can view and change your choices at any time using the "🍪 Cookie Settings" link in the
Platform footer.

10. Children

The Platform is not intended for and is not directed at anyone under 18. We do not knowingly
process the data of anyone under 18. If you believe a child has used the Platform, contact us and we
will take appropriate action.

11. Changes to This Policy

We may update this Policy from time to time. The revised version is effective when posted, and the
"Last Updated" date will reflect the change. Material changes will be flagged in the user interface.

12. Contact

ROTH MATE EV (egyéni vállalkozó)
Hungary
Tax number: 91818627-1-28
Email: main@soulminter.io