Privacy Policy
Last updated: July 1, 2026
1. Overview
ViralMint ("we", "our", "us") is a desktop application that runs locally on your computer. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
2. Data That Stays on Your Machine
ViralMint is designed with a privacy-first architecture. The following data is stored exclusively on your local device and never transmitted to our servers:
- Downloaded videos and audio files
- Transcriptions generated by local Whisper AI
- Generated videos, scripts, and thumbnails
- AI conversation history
- Scout results and analysis data
- Your SQLite database
- API keys and credentials (encrypted with AES-256)
3. Data We Collect
If you create a ViralMint account (optional), we collect:
- Email address — for account authentication and important service communications
- Device identifier — a randomly generated ID for syncing settings across devices
- Usage metrics — aggregate feature usage counts (e.g., number of scout runs, videos generated) for improving the product. No content data is included.
- Top-up payment data — billing information processed by Stripe for one-time prepaid balance top-ups (we never store your card details). There are no subscriptions or recurring charges.
The desktop app can run with no account, in which case the cloud-only features (AI chat, AI image / voice / music generation, channel sync) are unavailable but local features (yt-dlp download, Whisper transcription, Pexels stock-footage Smart Video) keep working — and we collect no data about you.
4. Third-Party Services
ViralMint integrates with third-party services that have their own privacy policies. When you use these services through ViralMint, their respective policies apply:
- OpenRouter — single AI gateway through which all chat, image, voice, music and (if/when shipped) video models are routed. ViralMint never holds individual provider keys; OpenRouter does. Prompts and scripts you generate are forwarded to the provider OpenRouter selects (typically Google, OpenAI, Anthropic). Review the OpenRouter and underlying-provider data policies.
- YouTube Data API — when you connect a YouTube channel on the My Channels page, the public channel id and recent video metadata are fetched for outlier-score analysis. We do not request upload scopes — auto-upload is not a feature.
- TikTok / Douyin / Reddit / Google Trends — public scout queries are sent for trend discovery. No login or OAuth required.
- Pexels and Pixabay — stock footage searches send keywords to their APIs.
- Stripe — payment processing for one-time prepaid USD top-ups. Stripe is the system of record for top-up transactions; ViralMint stores only the resulting prepaid balance, not card data.
- Amazon SES (AWS) — delivers our account and (opt-in) marketing email. AWS acts as our email processor; see the Email Communications section below.
5. Analytics
Our website (viralmint.net) uses Google Analytics to understand visitor traffic. This collects anonymized browsing data such as page views, referral sources, and general location. No personally identifiable information is collected by our website analytics.
6. Cookies
The ViralMint website uses essential cookies for basic functionality. We also use analytics cookies — Google Analytics (aggregate traffic) and Microsoft Clarity (session replay & heatmaps) — to understand how the site is used. You can block these at any time using your browser settings or a cookie-blocking extension. We do not use advertising cookies.
7. Data Security
All sensitive data stored locally (API keys, OAuth tokens, session cookies) is encrypted
using AES-256 (Fernet) encryption. Your encryption key is stored in your local
.env file and never transmitted.
8. Data Retention
- Local data — retained until you delete it. Uninstalling ViralMint removes all local data.
- Account data — retained while your account is active. You can request deletion at any time.
- Usage metrics — automatically deleted after 90 days.
9. Email Communications
We send two distinct kinds of email, handled separately:
- Account email (always sent — no opt-out): email verification codes, password resets, and billing / top-up receipts. These are required to operate your account; our lawful basis is performance of a contract and legitimate interest. Opting out of product updates never stops these.
- Product updates (optional): new features, app updates, tips, and an occasional activity digest. When you create an account we subscribe you to these by default — our lawful basis is our legitimate interest in keeping active users informed about the product they use. You can opt out at any time: every message carries a one-click unsubscribe link, and there is an Email Preferences toggle in your account. We never sell or share your address with third parties for their own marketing.
You can withdraw consent at any time: every marketing email carries a one-click unsubscribe link that works without logging in, and you can turn each stream on or off under Email Preferences in your account at viralmint.net/app/account. If your address hard-bounces or you mark a message as spam, we automatically suppress it and stop sending. Email is delivered through Amazon SES (AWS) as our processor.
10. Your Rights
You have the right to:
- Access your personal data
- Request correction or deletion of your data
- Export your data
- Withdraw consent at any time
- Use ViralMint without an account (fully offline, zero data collection)
11. Children's Privacy
ViralMint is not intended for children under 13. We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
13. Contact
For privacy-related questions, contact us at support@viralmint.net.