Privacy Policy

Additional Information

Welcome! We value your privacy. This Privacy Policy (the “Privacy Policy”) is intended to inform you about our practices regarding the collection, use, and disclosure of your Personal Data when you use our website https://messenger.website and the Mint Messenger mobile application (the “Service”), which serves as a communication tool through which you can communicate with other users including through messages, voice and video messages, stickers and sound stickers.

This Privacy Policy should be read alongside, and in addition to, our Terms & Conditions.

This Privacy Policy was last updated on February 23, 2026. We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data processing practices. If a revision materially affects your rights, we will provide appropriate notice within the Service or by other suitable means.

We process your data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).

This Privacy Policy applies only to data processing carried out by us and does not apply to third-party websites or services.

Data Controller

Your Personal Data are processed by:

FORBIS s.r.o.
Štefánikova 62
040 01 Košice
Slovak Republic
Company ID (IČO): 44 458 479

(hereinafter referred to as “we”, “us”, “our”, or the “Controller”).

If you have any questions regarding this Privacy Policy or the processing of your Personal Data, you may contact us at: support@messenger.website.

Data Protection Officer (DPO)

In accordance with Article 37 of the GDPR, we have appointed an external Data Protection Officer to oversee our privacy practices and provide independent oversight. If you have specific questions regarding the processing of your personal data or wish to exercise your legal rights under the GDPR, you may contact our DPO directly:

Name: Jan Mihal (CEO, Evil s.r.o)
Email: gdpr@evilsro.sk (External provider)
Postal Address: Poľská 10, 040 01 Košice

Data Deletion

If you wish to request deletion of your account and associated Personal Data from our systems, please contact us at: support@messenger.website.

Please note that, for security purposes, we may require verification of your identity before processing your request. We will process deletion requests without undue delay and in accordance with Article 17 of the GDPR, unless we are legally required or otherwise entitled to retain certain data.

Personal Data

We may collect the following categories of Personal Data that you provide when registering for and using our Service:

Phone Number: Used exclusively for account creation and identity verification via SMS-based authentication.
Contact Information: If you grant explicit permission, the Service may access phone numbers from your device’s address book. These numbers are transmitted to our servers solely to identify which of your contacts are already users of the Service. This data is processed in real-time and is not permanently stored.
SMS Log and Messaging: As a communication tool, Mint Messenger may access your SMS log (if set as default handler) to enable seamless messaging. A copy of phone numbers of your contacts is sent to our servers to enable connection, sending of video/voice messages and sound stickers.
File Transfer & Media: The Service allows users to exchange files and media during real-time communication. These files are transmitted via secure transit servers and media relays to ensure delivery across different network environments. We do not store, access, or monitor the content of these files. They are processed only to facilitate the transfer and are not retained by the Controller after the transfer is complete.

Usage Data

We and/or our authorised external service providers (see below) may collect technical information that your browser or device automatically transmits when you access or use our (the "Usage Data"). This Usage Data may include information such as:

IP address
browser type and version
device type and operating system
unique device identifiers
session identifiers
pages visited within the Service
date and time of access
duration of visits
diagnostic and performance data

In connection with real-time communication, Usage Data may also include technical session metadata such as connection timestamps, session duration, network quality indicators, and routing information necessary to establish and maintain multimedia messaging and voice/video message delivery. When you access the Service through a mobile device, Usage Data may additionally include mobile device identifiers, mobile network information, and operating system details.

In certain circumstances, Usage Data may qualify as Personal Data if it can reasonably be linked to an identifiable individual. We process Usage Data primarily for the purposes of ensuring the security, stability, and performance of the Service, preventing fraud and abuse, and improving user experience. We do not use Usage Data to profile users for automated decision-making.

Cookies

We may use cookies and similar tracking technologies (“Cookies”) to ensure the proper functioning of the Service, to analyse its performance, and, where applicable, to provide marketing-related features. Cookies are small text files that may contain a unique identifier. They are stored on your device when you visit our Service.

We use strictly necessary Cookies that are essential for the operation of the Service. These Cookies do not require your consent under applicable law and cannot be disabled through our cookie management tool.

Analytical Cookies are used only with your consent where required by applicable law. The data collected through these Cookies may include IP address, device information, and usage statistics. These data help us understand user behaviour and improve the functionality and performance of our Service.

Marketing Cookies are activated only after you provide your explicit consent via our cookie banner or preference management tool. These Cookies may enable third parties to build a profile of your interests and display advertisements on other websites.

When you first visit our Service, you are informed about the use of Cookies and, where required, asked to provide your consent. You may withdraw or modify your consent at any time via the cookie settings available on our website. Disabling certain Cookies may affect the functionality of some features of the Service.

Some Cookies are provided by third-party service providers. These third parties process data in accordance with their own privacy policies and are responsible for their data processing practices. We are not responsible for the privacy practices of third-party websites or services.

Purposes and Legal Basis for Processing your Personal Data

We process your Personal Data for the following purposes:

Provision of the Service: To create and manage your account, verify your identity via SMS authentication, establish secure communication sessions for the exchange of messages and multimedia, and maintain the functionality of the Service. Legal basis: performance of a contract pursuant to Article 6(1)(b) GDPR.
Security and Abuse Prevention: To ensure the security, integrity, and stability of the Service, including fraud detection, misuse prevention, and protection of our systems and users (specifically in relation to SMS and messaging features). Legal basis: legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest consists in protecting our platform and users against unlawful or harmful activities.
Service Improvement and Analytics: To analyse how the Service is used, improve performance, and enhance user experience. Legal basis: Legitimate interest (Article 6(1)(f) GDPR) for strictly necessary technical analytics, or Consent (Article 6(1)(a) GDPR) where analytical Cookies are used.

Recipients

We may share your Personal Data within the organisation of the Controller and with selected third-party service providers where necessary to provide and operate the Service. We do not share your Personal Data with other recipients unless one of the following circumstances applies:

it is necessary to comply with our obligations towards you. Where our external service providers (“sub-processors”) require access to your Personal Data in order to assist us in providing the Service, such data are processed strictly on our behalf and under our instructions. We ensure that all sub-processors are contractually bound in accordance with Article 28 GDPR and implement appropriate technical and organisational measures to safeguard your Personal Data. Below is a non-exhaustive list of our sub-processors (such as infrastructure and communication providers, or analytics providers). The list of service providers may change from time to time as we update or replace certain providers in order to support the operation of the Service.
It is necessary for legal reasons. We may disclose your Personal Data to recipients outside the Controller where such disclosure is required:
- to comply with applicable laws, regulations, or legally binding requests from public authorities or courts;
- to detect, prevent, or address fraud, security, or technical issues (including messaging abuse);
- to protect the rights, property, or safety of the Controller, our users, or the public.
Such disclosure will be limited to what is strictly necessary and carried out in accordance with applicable law. Where legally permitted, we will inform you about such disclosure.

Retention and Deletion of Data

The Controller retains your Personal Data for as long as your account remains active or as necessary to provide you with the Service. If your account is inactive for a prolonged period, we may delete or anonymize your data in accordance with our internal data cleanup policies.

We provide you with the following tools to manage your data directly within the application settings:

Deactivation: You may choose to "Deactivate" your account at any time via the app settings. Deactivation temporarily suspends your ability to send or receive messages but retains your phone number in our records to allow for easy reactivation.
Permanent Deletion: In accordance with App Store and Google Play policies, you have the right to permanently delete your account and all associated Personal Data. You may initiate this request by selecting the "Delete Account" option in the app settings or by contacting us at support@messenger.website.

Upon a valid deletion request, your phone number and any associated technical data will be purged from our active databases without undue delay (typically within 30 days), unless retention is strictly required to comply with legal obligations (such as tax laws) or for the establishment and defense of legal claims.

Transfer of Data

The Controller may transfer your Personal Data to service providers located outside the European Union (EU) and the European Economic Area (EEA), including the United States. Where Personal Data are transferred to countries outside the EU/EEA, we ensure that such transfers are carried out in accordance with Chapter V of the GDPR. Transfers to the United States are based on:

the European Commission’s Standard Contractual Clauses (SCCs), and/or
the recipient’s certification under the EU-US Data Privacy Framework, where applicable.

We implement appropriate technical and organisational safeguards to ensure that your Personal Data receive an adequate level of protection consistent with applicable data protection laws. If you would like further information about international transfers and the safeguards in place, you may contact us at: support@messenger.website.

Your Rights under the GDPR

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access: You have the right to obtain confirmation as to whether or not we process your Personal Data and, where that is the case, to request access to such Personal Data. Upon request, we will provide you with information including the purposes of processing, categories of Personal Data concerned, categories of recipients, retention periods, and information about your rights.
Right to Rectification: You have the right to request the correction of inaccurate Personal Data concerning you. You also have the right to have incomplete Personal Data completed, including by providing a supplementary statement.
Right to Erasure: You have the right to request the deletion of your Personal Data where one of the grounds set out in Article 17 GDPR applies. We will erase your Personal Data without undue delay unless processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or for other lawful grounds permitted under applicable law.
Right to Restriction of Processing: You have the right to request the restriction of processing of your Personal Data where one of the conditions set out in Article 18 GDPR applies. Where processing is restricted, we may continue to store your Personal Data but will not process it further unless required by law or for the establishment, exercise, or defence of legal claims. Please note that restricting certain processing activities may affect your ability to use some features of the Service.
Right to Data Portability: You have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. This right applies where the processing is based on your consent or on a contract and is carried out by automated means. Where technically feasible, you have the right to request that such Personal Data be transmitted directly to another controller.

You may exercise your data protection rights free of charge by contacting us at: support@messenger.website. We may require verification of your identity before processing your request. We will respond to your request without undue delay and, in any event, within one month of receipt, in accordance with Article 12 GDPR. This period may be extended where permitted by law. If you believe that our processing of your Personal Data infringes applicable data protection laws, you have the right to lodge a complaint with a competent supervisory authority in the European Economic Area (EEA), in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Security of Data

The security of your Personal Data is important to us. We implement appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, alteration, disclosure, or destruction, in accordance with Article 32 GDPR. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by applicable data protection laws. If you have any questions regarding security, you may contact us at: support@messenger.website.

Links to Other Sites

Our Service may contain links to third-party websites or services that are not operated or controlled by us. If you follow a link to a third-party website, you will be subject to that third party’s terms and privacy policy. We encourage you to review the privacy policies of any external websites you visit.

We have no control over and assume no responsibility for the content, privacy practices, or data processing activities of third-party websites or services.

Children's Privacy

Our Service is not intended for individuals under the age of 16. In accordance with Article 8 GDPR, where information society services are offered directly to a child, the processing of Personal Data is lawful only if the child is at least 16 years old (or a lower age as permitted under applicable national law). We do not knowingly collect Personal Data from individuals under the applicable minimum age. If you are a parent or legal guardian and you become aware that a child has provided us with Personal Data without your consent where required, please contact us. If we become aware that we have collected Personal Data from a child in violation of applicable data protection laws, we will take appropriate steps to delete such data without undue delay.

Service providers

We may engage third-party companies and individuals (“Service Providers”) to support the operation of our Service. These Service Providers process Personal Data only on our behalf and under our instructions and are contractually bound to comply with applicable data protection laws. Our Service Providers include:

Google LLC: Provides infrastructure, hosting, and backend services via Firebase and Google Cloud.
Communication Infrastructure Providers: We use third-party infrastructure providers to facilitate real-time multimedia messaging and communication routing. These providers do not have access to the content of your communications.

Analytics

We may use third-party analytics service providers to monitor and analyse how the Service is used in order to improve performance, functionality, and user experience. Where required by applicable law, analytics technologies are activated only with your consent. Our analytics providers may include:

Google Analytics (Google LLC)
Firebase (Google LLC)

Google LLC may process data on servers located outside the European Union. Where such transfers occur, they are carried out in accordance with the safeguards described in the “Transfer of Data” section of this Privacy Policy.

Advertising

We may use third-party advertising partners to display advertisements within the Service and to measure advertising effectiveness. Advertising technologies, including marketing Cookies and similar tracking mechanisms, are activated only after you provide your explicit consent where required by applicable law. Our advertising partners may include:

Google AdSense and DoubleClick (Google LLC)
Google AdMob (Google LLC)
AppLovin (AppLovin Corporation)

We may use remarketing services to display advertisements to users who have previously interacted with our Service. Remarketing technologies, including Cookies and similar tracking mechanisms, are activated only after you provide your explicit consent where required by applicable law. These third-party providers may collect information about your interaction with the Service in order to measure advertising performance and, where applicable, personalise advertisements. Such processing is based on your consent pursuant to Article 6(1)(a) GDPR. Some of these providers may process data outside the European Union. Where such transfers occur, they are carried out in accordance with the safeguards described in the “Transfer of Data” section of this Privacy Policy.

Payments

We may offer paid products and/or services within the Service. In such cases, payment processing is carried out by third-party payment providers. We do not collect or store your payment card details. Payment information is provided directly to the relevant payment provider, and their processing of your Personal Data is governed by their respective privacy policies. Payment providers act as independent controllers with respect to payment transaction data. These payment providers comply with the Payment Card Industry Data Security Standard (PCI-DSS), administered by the PCI Security Standards Council. PCI-DSS requirements are designed to ensure the secure handling of payment information. The payment providers we currently use include:

Apple App Store In-App Payments
Google Play In-App Payments

India Compliance – Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 of India, the following Grievance Officer has been appointed for users located in India:

Name: Matus Novacek, CEO
E-mail: support@messenger.website (Please include "Grievance Officer - India" in the subject line).

Complaints will be acknowledged within 24 hours and resolved within 15 days, in accordance with applicable law.