APAZ MEDIKAL URUN VE BILISIM YAZILIM SANAYI VE TICARET ANONIM SIRKETI (hereinafter designated as "APAZ", "we", "us", or "our") prioritizes the confidentiality, integrity, and security of our collectors' digital footprints. This comprehensive Privacy Policy delineates our exhaustive methodologies for the acquisition, safeguarding, utilization, and lawful disclosure of your personal records when you engage with the Mint Pull platform—a premium digital ecosystem dedicated exclusively to physical trading card unboxing, vault management, and fulfillment logistics. By accessing or utilizing our services, you expressly consent to the sophisticated data processing paradigms outlined in this document.

1. Comprehensive Data Acquisition Architecture

To facilitate a highly personalized, secure, and seamless card-pulling and delivery experience, we systematically capture and categorize specific data points across multiple touchpoints:

A. Information You Voluntarily Provide

• Collector Credentials & Profiles: Data required to instantiate and maintain your digital vault, including full names, valid email addresses, secure authentication tokens, cryptographic hash identifiers, and mandatory age verification markers.
• Fulfillment & Logistics Coordinates: To successfully dispatch your physical trading cards from our facilities to your hands, we strictly require accurate delivery coordinates. This encompasses recipient names, precise physical U.S. street addresses, localized postal codes, and contact telephone numbers for courier coordination.
• Financial & Transactional Inputs: When you execute a balance top-up or pay for shipping tariffs, we collect billing details. Note: We utilize PCI-DSS compliant third-party payment gateways; thus, we do not store full credit card numbers directly on our internal servers.
• Direct Communications: Any correspondence directed to our support team, including feedback, dispute resolutions, and embedded attachments, is archived to improve our service matrix.

B. Telemetry and Automated Metrics

• Device Fingerprinting & Identifiers: We log hardware specifications, operating system versions, browser types, and unique mobile device identifiers (such as IDFA, GAID, or equivalent cryptographic markers) to optimize application rendering and security.
• Network & Geolocation Data: IP addresses, mobile network information, and macro-level geolocation data are captured to ensure regional compliance (restricting shipping to valid U.S. addresses) and to thwart unauthorized cross-border access attempts.
• Pack Interaction Analytics: Granular, time-stamped logs of your unboxing history, including pack selections, probabilistic drop outcomes, dwell times on specific screens, and the specific physical assets assigned to your vault inventory.

2. Strategic Utilization of Harvested Data

The information harvested is not merely stored; it is deployed strategically and exclusively to optimize, secure, and elevate your collecting journey:

• Operational Execution: To accurately allocate, track, and secure your revealed physical cards within our physical storage facilities and mirror them flawlessly in your digital vault.
• Logistics Fulfillment: To execute precise shipping protocols, generate postal manifests, and transmit real-time tracking updates directly to your registered email ecosystem.
• Algorithmic Integrity: To audit unboxing probabilities, verify the mathematical fairness of our RNG (Random Number Generation) systems, and ensure statistical parity across all pack interactions.
• Security & Fraud Neutralization: To proactively identify, isolate, and neutralize fraudulent activities, verify payment integrity, prevent multiple account abuses, and enforce our strict operational guidelines.
• Iterative Platform Enhancement: To analyze user behavior trends, diagnose software anomalies, and deploy iterative updates that enhance the overall user interface and experience.

3. Cookies and Advanced Tracking Technologies

Mint Pull employs cookies, web beacons, pixel tags, and local storage protocols to distinguish you from other collectors and retain your preferences. These tracking mechanisms are essential for session continuity, enabling you to remain logged into your vault without repetitive authentications. Furthermore, we utilize analytical tracking to measure campaign efficacy and comprehend user traffic patterns. You retain the autonomy to modulate your cookie preferences via your device or browser settings; however, disabling core cookies may severely impair the application's functionality.

4. External Disclosures and Courier Partnerships

APAZ operates under a draconian non-sale mandate regarding your personal data. We do not monetize your information. Disclosures are strictly confined to operational necessities:

• Logistics and Courier Services: Your fulfillment data (name, address, and phone number) is transmitted securely to third-party logistics couriers (e.g., USPS, FedEx, UPS) solely for the execution of package delivery.
• Service Providers & Processors: We partner with elite cloud hosting providers, payment processors, and cybersecurity firms who act strictly as data processors under binding confidentiality agreements.
• Corporate Restructuring: In the event of a merger, acquisition, asset sale, or corporate reorganization, your data may be transferred as a core business asset, subject to the continuation of these privacy protections.
• Legal Mandates: We may disclose records if compelled by binding legal subpoenas, court orders, or to defend the intellectual property and physical safety of APAZ, our employees, and our collector community.

5. Data Security and Vault Integrity Protocols

We deploy military-grade cryptographic protocols, TLS/SSL encryption for data in transit, and advanced firewall architectures for data at rest to shield your profile and vault inventory from unauthorized breaches. Our physical storage facilities holding the actual trading cards are similarly guarded with 24/7 surveillance and strict access controls. However, as no digital transmission or storage infrastructure is completely invulnerable to zero-day exploits, we cannot issue an absolute, unconditional guarantee of digital impenetrable security.

6. Information Retention Lifecycles

Your collector profile, unboxing logs, and vault inventory records are retained for the duration that your account remains active, ensuring you always have access to your digital collection. Upon receiving a verified request for account termination, we will initiate procedures to expunge your digital footprint. Nevertheless, binding statutory requirements, anti-money laundering (AML) laws, and tax compliance mandates require that we securely archive specific transactional ledgers, payment histories, and shipping manifests for a legally prescribed duration (typically up to 7 years) even post-deletion.

7. International Data Transfers

While our physical shipping is restricted to the United States, APAZ operates globally (headquartered in Türkiye). Consequently, your data may be transferred to, processed, and stored in servers located outside your country of residence, including the United States, Türkiye, and the European Union. By utilizing Mint Pull, you consent to these cross-border data flows, which are protected by Standard Contractual Clauses (SCCs) and stringent international data protection frameworks.

8. Regional Privacy Rights (CCPA, GDPR, & Equivalents)

Depending on your geographic domicile, you are entitled to comprehensive data rights:

• Right to Access & Portability: You may request a comprehensive dossier of the personal data we currently hold on you in a machine-readable format.
• Right to Rectification: You may command the immediate correction of any inaccurate or outdated logistics or profile data.
• Right to Erasure (Right to be Forgotten): Subject to the retention exceptions noted in Section 6, you may request the deletion of your account and associated data.
• Right to Non-Discrimination: APAZ guarantees that exercising any of your statutory privacy rights will never result in degraded service quality, altered pack odds, or discriminatory pricing.

To exercise these rights, submit a formal request to our designated privacy compliance team via the email provided in Section 10.

9. Strict Age Restrictions

The Mint Pull experience, involving probabilistic outcomes and financial transactions, is strictly and exclusively engineered for adult collectors who have attained the age of 18 (or the age of legal majority in their respective jurisdiction). We categorically reject and actively block the collection of data from minors. Any identified underage accounts will be subjected to immediate freezing, asset forfeiture, and permanent deletion protocols.

10. Inquiries and Policy Amendments

Given the dynamic nature of digital jurisprudence and our evolving platform capabilities, this Privacy Policy is subject to periodic, material refinements. The most authoritative, up-to-date iteration will continually reside at: https://mintpullapp.com/privacy.html. Continued use of the platform post-amendment constitutes acceptance of the revised terms.

For all privacy-centric correspondence, data rights requests, or security disclosures, please direct your communications to our official legal and support channels: