Privacy Policy
Last Updated: March 25, 2026
Mineral Wild ("we," "us," or "our") operates the Mineral Wild mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, we collect your email address, username, and password (stored in hashed form).
- Profile Information: You may optionally provide a display name, bio, avatar photo, cover photo, contact email, Instagram handle, other contact information, WeChat ID, and location.
- Specimen Data: Information about your mineral specimens, including photos, videos, locality, purchase details (including estimated values), notes, GPS coordinates if you choose to pin a location, structured address data, and other descriptive fields you choose to fill in.
- Wishlist Data: Minerals you mark as "wanted" and optional wishlist descriptions.
- User-Generated Content: Photos and videos you upload, collection descriptions, and any text content you create within the App.
- Voice Input Data: When you use the voice input feature, audio recordings are sent to a third-party AI service for transcription and structured data extraction. Audio data is processed in real-time and is not stored on our servers or retained by the AI provider beyond the duration of the API request. The extracted text data (mineral names, localities, prices) is treated as user-provided specimen information.
- Direct Messages: When you use the messaging feature, we collect the content of messages you send (text and media), message metadata (timestamps, conversation participants), and delivery status. Media attachments (photos, videos) are stored on our cloud infrastructure.
- Social Interactions: Follow relationships, blocked user lists, saved listings (other users' available specimens you bookmark), and reports you file.
- Tags and Collections: Custom tags you create for organizing specimens, and named collections (groups of specimens).
- Mineral Suggestions: If you suggest a new mineral for the atlas, we collect the suggestion details and any attached reference photos.
- Account Security Data: Security event logs, email verification codes (automatically expired and purged), and username change history.
- Activity Logs: Internal records of key account events (e.g., specimen additions, collection changes) used for generating your collection timeline.
1.2 Information Collected Automatically
- Device Information: Device type, operating system version, and app version for crash reporting and compatibility purposes.
- Crash and Diagnostic Data: We use a third-party error tracking service to collect crash reports and diagnostic data to improve app stability. This data may include device identifiers, stack traces, and the circumstances of the error.
- IP Addresses: Your IP address is temporarily processed for rate limiting, security (login attempt tracking), and server logging. IP addresses are not stored long-term or linked to your user profile.
1.3 Information We Do NOT Collect
- Payment or financial transaction data (purchase prices and estimated values you enter for specimens are collection metadata you provide voluntarily, not payment processing data)
- Biometric data (voice input is processed in real-time by third-party AI services and is not retained or used for biometric identification)
- Health data
- Real-time GPS tracking or continuous location monitoring (specimen coordinates are manually selected by you using a map picker, not passively collected)
- Advertising identifiers or tracking data
- Contacts, calendar, or other device data
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the App
- Create and manage your account
- Display your mineral collection, atlas progress, and achievements
- Enable social features (public profiles, follow system, wishlist matching, direct messaging)
- Deliver direct messages between users and send push notifications for new messages
- Review message content for compliance with our content policies (see Section 5)
- Generate sharing cards when you choose to share specimens
- Process account deletion requests
- Send important service notifications (e.g., policy changes)
- Monitor and analyze usage to improve the App
- Diagnose technical issues and fix bugs
We do not use your information for:
- Targeted advertising
- Selling or renting your personal data to third parties
- Automated decision-making that produces legal or similarly significant effects (we do use standard automated security measures such as rate limiting and content filtering — these do not produce legal effects and you may contact us if you believe they were applied in error)
3. How We Share Your Information
3.1 Public Features
If you enable public profile visibility, certain information may be visible to other users:
- Username, avatar, cover photo, and bio
- Collection statistics (number of specimens, mineral types discovered)
- Specimens you mark as "available" (for sale/trade)
- Wishlist (if visibility is enabled in privacy settings)
You control the visibility of these features through your privacy settings.
3.2 Third-Party Service Providers
We use the following third-party services to operate the App:
| Service | Purpose | Data Shared |
|---|---|---|
| Cloud hosting provider | Photo and video storage and content delivery | Uploaded photos and videos |
| Error tracking service | Crash reporting and diagnostics | Crash logs, device info (not linked to your identity) |
| AI service providers | Voice-to-text transcription and mineral data extraction | Voice recordings (during voice input only, not retained) |
| Google Sign-In | Account authentication | Google account ID and email (when you choose to sign in with Google) |
| Apple Sign-In | Account authentication | Apple user ID and optionally email (when you choose to sign in with Apple) |
| Email delivery service | Transactional email delivery | Email address (for verification codes and service notifications) |
| Cloudflare Web Analytics | Anonymous website usage analytics (no cookies, no personal identifiers) | Page URLs, referrer, browser type, country |
These providers process data on our behalf and are contractually obligated to protect your information.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
3.4 No Sale of Personal Data
We do not sell, rent, or trade your personal information to third parties.
4. Photo and Video Storage and Processing
4.1 Your Photos and Videos
Photos and videos you upload (specimen photos, specimen videos, avatar, cover image) are stored in private cloud storage and delivered through a content delivery network (CDN). We generate thumbnails (reduced-resolution copies of photos) and cover frames (extracted from videos) for faster loading.
4.2 Photo and Video Retention
Your photos and videos are retained as long as your account is active. When you delete a specimen or your account, associated photos and videos are permanently deleted from our servers (see Section 8 for details).
4.3 Sharing
When you use the App's sharing features (e.g., sharing a specimen card to social media), the shared content leaves our platform. Once shared externally, the content is subject to the terms of the third-party platform and is beyond our control.
5. Direct Messaging
5.1 Message Content and Moderation
The App provides a direct messaging feature that allows users to communicate one-on-one. Message content (text and media) is transmitted through our real-time messaging infrastructure and stored on our servers.
We employ automated content filtering to detect messages that violate our content policies, including but not limited to child sexual abuse material (CSAM), hate speech, and other prohibited content. Messages that trigger our content filter are blocked from delivery. We do not use message content for advertising, profiling, or training machine learning models.
5.2 Administrative Access
Our administrative team may access message content in the following limited circumstances:
- When reviewing a user report filed through the App's reporting feature
- When investigating potential violations of our Terms of Service or applicable law
- When required by law enforcement or legal process
Administrative access is logged and auditable. We do not proactively monitor private conversations beyond the automated content filtering described above.
5.3 Push Notifications
If you enable push notifications, we use Firebase Cloud Messaging (FCM) to deliver message notifications to your device. Notification content includes a preview of the message text. You may disable push notifications at any time through your device settings.
5.4 Message Retention and Deletion
Messages are retained for as long as the conversation exists. When you delete a conversation, your view of the conversation is removed, but the other participant may still retain their copy. Media attachments (photos, videos) sent in messages are stored on our cloud infrastructure and are subject to the same retention policies as other user content.
When you delete your account, your messages are retained in an anonymized form for up to 2 years to preserve the conversation context for the other participant. After 2 years, messages are permanently deleted. Media attachments you sent are deleted within 30 days of account deletion.
5.5 Data Portability
You may request a copy of your data, including your messages, through the App (Settings > Download My Data). We will provide your data in a machine-readable format (ZIP archive) within 24 hours. This right is available even during the account deletion grace period.
6. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- Password hashing (never stored in plain text)
- HTTPS encryption for all data in transit
- Rate limiting on authentication and upload endpoints
- Private cloud storage with access-controlled content delivery
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
- Account data: Retained as long as your account is active.
- Database backups: Automatically rotated and deleted on a 30-day rotation cycle.
- Crash reports: Automatically deleted within the error tracking service's standard retention period (typically 30-90 days).
- Voice recordings: Not retained. Audio is processed in real-time by the configured AI provider and is not stored on our servers or by the provider after the request completes.
- Deleted content: When you delete a specimen, photo, or video, it is permanently removed from our active systems. Cached copies on our content delivery network (CDN) may persist for up to 24 hours after deletion. Residual copies in automated backups are purged during the normal backup rotation cycle.
- Direct messages: Messages are retained for as long as the conversation exists between participants. When both participants delete the conversation, messages and associated media are permanently deleted within 30 days. After account deletion, the deleted user's messages are anonymized and retained for up to 2 years (see Section 5.4).
8. Account Deletion
You may delete your account at any time through the App (Settings > Delete Account). When you delete your account:
Permanently deleted:
- Personal information (username, email, avatar, cover photo)
- All specimen records, photos, and videos (removed from database and cloud storage)
- Wishlist entries
- Follow relationships
- Activity logs
- Custom tags and tag associations
- Collections and collection contents
- Pending, rejected, or duplicate mineral suggestions and their attached photos
Anonymized and retained:
- Approved mineral suggestions (your user ID is removed, but the suggestion content is retained as it has been incorporated into the public mineral atlas)
- Report records you filed (your identity is removed, but the report content is retained for platform safety)
- Direct messages (your identity is removed from the sender field, but message content is retained for up to 2 years to preserve conversation context for the other participant; media attachments you sent are deleted within 30 days)
Retained by third parties:
- Database backups are automatically purged on a 30-day rotation cycle
- Diagnostic data in our error tracking service is automatically purged within its standard retention period (typically 30-90 days)
- Cached copies of photos and videos on our CDN may persist for up to 24 hours after account deletion
9. Children's Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your account and personal data (see Section 8).
- Data Portability: Request your data in a structured, machine-readable format.
- Objection: Object to certain processing of your personal data.
To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.
9.1 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your rights
Categories of personal information we collect:
| Category | Examples | Source | Business Purpose |
|---|---|---|---|
| Identifiers | Email, username, IP address | You / Automatic | Account management, security |
| Internet activity | Device info, crash logs | Automatic | App improvement, bug fixes |
| User content | Photos, videos, specimen data | You | Core App functionality |
| Geolocation | Specimen GPS coordinates (manually provided) | You | Map display feature |
| Audio data | Voice recordings (not retained) | You | Voice input transcription |
We do not sell or "share" (as defined by the CCPA) your personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of consumers under 16 years of age.
To exercise your CCPA rights, contact us at mineralwild@gmail.com. We will respond within 45 days.
9.2 European Economic Area Residents (GDPR)
Data Controller: Mineral Wild LLC, a Delaware limited liability company. Contact: mineralwild@gmail.com.
The legal bases for processing your information are:
- Consent: When you create an account and agree to this policy; when you use the voice input feature.
- Contractual Necessity: To provide the App's services to you (account management, specimen storage, social features).
- Legitimate Interest: To improve the App, ensure security, and prevent abuse.
Your additional rights under GDPR:
- Right to withdraw consent: You may withdraw consent at any time (e.g., by deleting your account or ceasing to use specific features). Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to lodge a complaint: You may file a complaint with your local data protection supervisory authority.
- Right to restriction: You may request restriction of processing in certain circumstances.
International data transfers: Your data is transferred to and processed in the United States (see Section 10). Where required by GDPR, these transfers are supported by appropriate safeguards, including data processing agreements with our service providers that incorporate Standard Contractual Clauses approved by the European Commission.
To exercise your GDPR rights, contact us at mineralwild@gmail.com. We will respond within 30 days, as required by GDPR Article 12(3).
11. International Data Transfers
Our servers are located in the United States. If you access the App from outside the United States, your information will be transferred to and processed in the United States.
Appendix: Supplemental Notice for Users in the People's Republic of China
This Supplemental Notice applies to users located in the People's Republic of China ("PRC") and is provided in accordance with the Personal Information Protection Law of the PRC ("PIPL"). This appendix supplements the main Privacy Policy above. Where any provision of this appendix conflicts with the main Privacy Policy, this appendix prevails for PRC users.
A.1 Personal Information Categories
We collect and process the following categories of personal information from PRC users:
| Category | Specific Data | Sensitive Information (PIPL) |
|---|---|---|
| Account information | Email address, username, hashed password | No |
| Profile information | Display name, bio, avatar photo, cover photo, contact email, Instagram handle, other contact information, WeChat ID, location | No |
| Specimen data | Photos, videos, mineral name, locality, purchase price, purchase currency, estimated value, notes, GPS coordinates (manually selected), structured address data | GPS coordinates: Yes |
| Voice input | Audio recordings sent to third-party AI services for real-time transcription | Yes |
| Social interactions | Follow relationships, blocked user lists, saved listings, reports filed | No |
| Tags and collections | Custom tags, named collections of specimens | No |
| Mineral suggestions | Suggestion details and reference photos | No |
| Account security data | Failed login counts, lockout status, email verification codes, username change history | No |
| Activity logs | Internal records of account events (specimen additions, collection changes) | No |
| Device and diagnostic data | Device type, OS version, app version, crash reports (via error tracking service), IP addresses (temporary) | No |
A.2 Processing Purposes and Legal Bases
| Data Category | Purpose | Legal Basis (PIPL) |
|---|---|---|
| Account information | Account creation and authentication | Contractual necessity (Art. 13(2)) |
| Profile information | Display your profile to other users (when public) | Consent |
| Specimen data | Core App functionality (collection management, atlas, map display) | Contractual necessity |
| Voice input | Transcription and structured data extraction for specimen entry | Separate consent (Art. 39) |
| Social interactions | Enable follow system, wishlist matching, content moderation | Contractual necessity |
| Device and diagnostic data | App stability, bug diagnosis, security | Legitimate interest / contractual necessity |
A.3 Third-Party Processors
The following third-party service providers process PRC users' personal information on our behalf:
| Provider | Purpose | Data Processed | Processing Location |
|---|---|---|---|
| Cloud hosting provider | Photo and video storage and content delivery | Uploaded photos and videos | United States (with global CDN edge nodes) |
| Email delivery service | Transactional email | Email addresses | United States |
| Error tracking service | Crash reporting and diagnostics | Crash logs, device info | United States |
| AI service providers | Voice transcription and data extraction | Voice recordings (not retained) | United States or PRC mainland (depending on configured provider) |
| Google Sign-In | Account authentication | Google account ID and email | United States |
| Apple Sign-In | Account authentication | Apple user ID and optionally email | United States |
| Cloudflare Web Analytics | Anonymous website usage analytics (no cookies, no personal identifiers) | Page URLs, referrer, browser type, country | Global (Cloudflare edge network) |
The voice AI provider is configured by us and may change. Depending on the active provider, your voice data may be processed on cloud infrastructure within the PRC mainland or transmitted to the United States.
A.4 Cross-Border Data Transfer
Your personal information is stored on servers located in the United States. The following categories of personal information are transferred outside the PRC:
- Account information (email, username)
- Profile information
- Specimen data (including photos, videos, and GPS coordinates)
- Social interaction data
- Device and diagnostic data
Protection measures for cross-border transfers:
- All data in transit is encrypted via HTTPS/TLS
- Data at rest is stored in private cloud storage with access controls
- Third-party providers are contractually obligated to protect your information
- We implement rate limiting, password hashing, and access controls
By using the App, you acknowledge and separately consent to this cross-border data transfer. You may withdraw this consent at any time by deleting your account (see Section 8 of the main Privacy Policy), though withdrawal will result in the inability to continue using the App.
A.5 Voice Data and AI Processing
When the voice input feature is active and a PRC-based AI provider is configured:
- Your audio recordings are transmitted to PRC mainland cloud infrastructure for processing
- Audio is processed in real-time for transcription and mineral data extraction
- Audio data is not retained on our servers or by the AI provider after the API request completes
- The extracted text data (mineral names, localities, prices) is stored as specimen information on our US-based servers
When a US-based provider is configured, voice data is transmitted to and processed in the United States under the same real-time, no-retention terms.
Use of the voice input feature requires your separate consent before first use.
A.6 Your Rights Under PIPL
As a PRC user, you have the following rights regarding your personal information:
- Right to know — You have the right to know how we collect, use, and process your personal information (Art. 44)
- Right to access and copy — You may request access to and a copy of your personal information (Art. 45)
- Right to correct — You may request correction of inaccurate or incomplete personal information (Art. 46)
- Right to delete — You may request deletion of your personal information. We will proactively delete your information when the processing purpose has been achieved, the retention period has expired, or you withdraw consent (Art. 47)
- Right to withdraw consent — You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal (Art. 15)
- Right to request explanation — You have the right to request an explanation of our personal information processing rules (Art. 48)
- Right to complain — You may file a complaint with the Cyberspace Administration of China (CAC) or your local personal information protection authority (Art. 65)
To exercise these rights, contact us at mineralwild@gmail.com. We will respond within 15 business days.
A.7 Retention Periods
| Data Category | Retention Period |
|---|---|
| Account data | Retained while your account is active; deleted upon account deletion |
| Specimen data (including photos and videos) | Retained while your account is active; permanently deleted upon specimen or account deletion |
| Database backups | Automatically rotated and deleted on a 30-day rotation cycle |
| Crash reports | Automatically deleted within the error tracking service's standard retention period (typically 30-90 days) |
| Voice recordings | Not retained. Processed in real-time; not stored on our servers or by the AI provider |
| CDN cached content | Up to 24 hours after deletion from origin |
| Email verification codes | Automatically expired and purged shortly after issuance |
| Activity logs | Retained while your account is active; deleted upon account deletion |
A.8 Children's Privacy
Under PIPL Article 28, personal information of minors under the age of 14 is classified as sensitive personal information requiring additional protections. The App is not intended for users under the age of 14 in the PRC. We do not knowingly collect personal information from PRC users under 14. If we learn that we have collected personal information from a PRC user under 14, we will promptly delete such information.
A.9 Separate Consent
In accordance with PIPL Article 39 and applicable judicial interpretations, the following processing activities require your separate consent (not bundled with general terms acceptance):
- Cross-border data transfer — Before using the App, you will be asked to separately consent to the transfer of your personal information to the United States
- Voice input feature — Before first use of the voice feature, you will be asked to separately consent to the processing of your voice data by third-party AI services
- Public profile display — Enabling public profile visibility requires your separate affirmative action through the App's privacy settings
A.10 Contact and PRC Representative
For questions about this Supplemental Notice or to exercise your PIPL rights:
Email: mineralwild@gmail.com
In accordance with PIPL Article 53, a PRC-based representative will be designated before formal launch in the PRC market. This section will be updated with the representative's name and contact information at that time.
A.11 Dispute Resolution
For PRC users, any dispute arising from this Privacy Policy or the processing of your personal information shall be governed by the laws of the People's Republic of China. You may file a complaint with the Cyberspace Administration of China (CAC) or your local personal information protection authority at any time.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice within the App. Your continued use of the App after any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
Email: mineralwild@gmail.com
Mineral Wild is currently in beta. Features, availability, and this Privacy Policy may change. We will notify you of material changes as described in Section 12.