Privacy Policy
Last updated: May 2026
Operator: DoodleMint Studio (a brand of Xlumion Inc.)
Welcome to DoodleMint. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
1Data We Collect
We may collect the following data: your email address when you subscribe to our newsletter; transaction information when you make a purchase (processed by our payment provider); website usage logs (pages visited, downloads); and language and region preferences stored via cookies.
2How We Use Your Data
We use your data to provide and improve our service; process your orders and payments; send newsletters you have subscribed to; and remember your language and region preferences. We do not sell your personal data to any third party.
3Cookie Policy
We use necessary cookies to store your language preference and region setting (dm_storefront). If you click a referral link, we store a referral cookie (dm_ref) for 30 days. You can manage or delete cookies through your browser settings, though some features may be affected.
4Third-Party Services
We use the following third-party services: TapPay (payment processing, Taiwan); Neon (database hosting); Vercel (website hosting). Each has its own privacy policy, which we encourage you to review. We are not responsible for third-party practices.
5Data Security
We use HTTPS encryption and secure database access controls to protect your data. Payment information is handled by TapPay and other payment providers — we do not store credit card numbers or full payment details.
6Children's Privacy
Our content is suitable for all ages, but we do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.
7Your Rights
You have the right to access, correct, or request deletion of your personal data. To exercise these rights, please contact us by email and we will respond within a reasonable timeframe.
8Cross-Border Data Transfer
To deliver a fast, reliable service, your data is stored in Singapore (Neon Inc., ap-southeast-1) and replicated globally via CDN edge nodes (Vercel Inc.). Resend Inc. (transactional email) and Google LLC, LINE Corporation (identity providers) may also process minimal data at their global infrastructure. Each vendor publicly attests to SOC 2 / ISO 27001 / GDPR-class controls. By using the service you consent to your personal data being transferred to and processed in those locations.
9Third-Party Service Details
We rely on the following third parties; each one and what they receive is listed here for transparency. Google (OAuth sign-in: email, name, avatar, Google account ID); LINE Corporation (LINE Login: LINE userId, display name, picture, plus email if you grant it); Resend (sends sign-in links and transactional emails: email address and message body); Twilio (phone verification, only when you choose to bind a phone: phone number and one-time code); Vercel (hosting and serverless functions: basic access logs); Neon (database hosting: stores all user data); TapPay / Lemon Squeezy (payment processing — this site does not store card numbers). Each has its own privacy policy, which we encourage you to review.
10Data Retention
Sign-in data (email, OAuth bindings, name) is retained for 30 days after account deletion to allow restore-on-regret; subscription and transaction records are retained for 5 years per tax-record requirements; system access logs (IP, user agent) are retained for 90 days; cookies expire per the cookie policy. After the relevant retention period, data is removed automatically.
11Children's Privacy
This service is not directed at children under 13. After a parent registers, the parent can manage what their child sees in "Kid Mode"; we do not create independent child accounts and do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe we have inadvertently collected such data, please contact us — we will delete it within 7 days and confirm completion.
12Changes to This Policy
For material changes (a new third-party processor, a new data use), we will post a notice on the homepage at least 30 days before the change takes effect, and will surface a notice on next sign-in for logged-in users. Minor wording fixes are made in place; the "Last updated" date at the top reflects them. The latest version is always at this URL.
13Contact Us
If you have any questions about this Privacy Policy, please email us: anorak@xlumion.com
privacy@doodlemint.kids