Last updated: April 29, 2026. This policy explains how MiniMax collects, uses, shares, and protects your personal information when you use our platform and services.
This Privacy Policy applies to all MiniMax services, websites, APIs, and applications where this policy is referenced.
MiniMax takes your privacy seriously. This document explains exactly what data we collect, why we collect it, how we use it, who might see it, and what controls you have over it. The policy covers the MiniMax platform including the website at minimax.gr.com, the Platform Hub, the REST API, SDK library downloads, desktop and mobile applications, and any other MiniMax service that links to this policy. By using MiniMax services, you agree to the data practices described here. If you disagree, please discontinue use and delete your account.
Questions about this policy or requests to exercise your privacy rights can be directed to support@minimax.gr.com. Our Data Protection Officer reviews and responds to privacy inquiries within the timeframes required by applicable law. European Economic Area residents may also contact their local data protection authority with concerns. California residents have specific rights detailed in the California Residents section of this policy.
MiniMax collects account registration data, API usage metadata, support communications, and standard website analytics. We do not train on your prompts.
Account information is gathered during registration. This includes your name, email address, organization name if provided, and password hash. We never store plain-text passwords. Payment information including credit card details is processed by our PCI-compliant payment processor and never touches MiniMax servers directly. We store a token reference to facilitate recurring billing and display the last four digits of your payment method in the billing portal.
API usage metadata is collected to operate the service. This includes request timestamps, endpoint identifiers, response status codes, token counts, latency measurements, error codes, and client IP addresses. We do not store the content of your API prompts or model responses unless you explicitly enable data logging for debugging purposes. Inference happens in memory, the response is delivered, and prompt content is discarded. This architecture means MiniMax cannot review, disclose, or leak your conversation history because we never retain it.
Website analytics employ first-party cookies that track page views, session duration, and navigation paths. These analytics do not collect personal information beyond anonymized usage patterns. You can disable cookies in your browser settings, though some MiniMax website features may not function correctly without them. The cookies section of this policy lists each cookie we set, its purpose, and its expiration period.
Support communication records include email threads, chat transcripts, and any files you attach to support tickets. These records help us resolve your issues and improve our documentation. Support communications are retained for two years after ticket closure unless a longer retention period is required for legal or audit purposes. You can request deletion of non-required support records through your account privacy settings.
MiniMax uses collected data exclusively to provide, maintain, secure, and improve the platform. We do not sell your data to third parties.
Service provision is the primary use of your information. Account data authenticates you to the platform. API metadata enables billing calculations and usage dashboards. Payment tokens process charges for paid plans. Support records help us respond to your questions. Without this information, MiniMax could not operate the service you signed up to use.
Security and fraud prevention rely on usage metadata analysis. Unusual API request patterns may trigger automated security alerts. Multiple failed login attempts prompt account protection measures. Geographic anomalies in access patterns can signal credential compromise. These security measures use API metadata to protect your account without inspecting your actual prompts or generated content.
Service improvement uses anonymized, aggregated data only. We analyze which API endpoints receive the most traffic to guide infrastructure scaling. We measure aggregate latency trends to optimize model serving. We review aggregated error rates to prioritize bug fixes. None of this analysis examines individual prompts or responses. Feature development decisions are informed by aggregate usage patterns, not by inspecting any user's specific interactions with MiniMax.
Legal compliance may require data disclosure when compelled by valid legal process. If a court order, subpoena, or other legally binding request demands user data, we will notify you before disclosure unless prohibited by law. We challenge overly broad or procedurally deficient requests. Our transparency report, published annually, documents the number and type of legal demands we receive and how we responded.
MiniMax shares data only with service providers necessary for platform operation and when required by law. We never sell personal data.
Infrastructure providers host MiniMax servers and store account data. These providers operate under data processing agreements that restrict their use of your data to serving our platform. Current infrastructure providers include cloud hosting services in North America, Europe, and Asia-Pacific regions. Data residency options let enterprise customers specify which regions process and store their data.
Payment processors handle credit card transactions on our behalf. These companies are PCI-DSS compliant and maintain their own privacy policies governing how they process payment information. MiniMax receives transaction status, payment method metadata, and billing identifiers from these processors but never receives or stores full credit card numbers.
Analytics providers collect anonymized website usage data through first-party cookies. These providers operate under data processing agreements and do not combine MiniMax analytics data with data from other customers. We use analytics to understand how users navigate the documentation, which features generate the most interest, and where site performance improvements would have the most impact.
Business transfers in the event of a merger, acquisition, or asset sale may involve transferring your data to the successor entity. You will be notified via email and a prominent notice on the MiniMax website before any such transfer occurs, and the successor entity will be bound by the terms of this privacy policy or a policy that provides equivalent protection for your data.
MiniMax provides account-level tools for data access, deletion, and portability. GDPR and CCPA rights are honored within statutory timeframes.
General Data Protection Regulation rights apply to users in the European Economic Area and United Kingdom. You may request access to your personal data, correction of inaccurate data, deletion of data no longer necessary for the purposes collected, restriction of processing in certain circumstances, and data portability in a machine-readable format. Submit these requests through your account privacy dashboard or by emailing support@minimax.gr.com. We respond within one month as required by GDPR.
California Consumer Privacy Act rights apply to California residents. You may request to know what personal information we collect, use, share, and sell. You may request deletion of your personal information. You may opt out of the sale of your personal information — though MiniMax does not sell personal data. You may not be discriminated against for exercising these rights. Submit CCPA requests through the same privacy dashboard or email address. We verify your identity before processing requests to prevent unauthorized access to your data.
Account controls let you manage privacy settings directly. The privacy dashboard in your account settings lists all data categories we hold, provides one-click data export in JSON format, includes deletion controls for non-required data categories, and displays a log of privacy-related actions taken on your account. You can close your account entirely from this dashboard. Account closure triggers automatic data purging according to the retention schedule described in the Data Retention section.
MiniMax retains data only as long as needed for service provision and legal compliance, protected by encryption and access controls.
Data retention periods vary by data type. Account profile data is retained for the life of your account plus 90 days after account deletion, after which it is permanently erased. API usage logs are retained for 12 months for billing verification and service improvement analysis. Billing records including invoices and payment history are retained for 7 years to comply with financial regulations. Support communications are retained for 2 years after ticket closure. You may request early deletion of non-legally-required data at any time.
Security measures protect your data throughout its lifecycle. Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 with keys managed through a hardware security module. Access to production systems requires multi-factor authentication, is logged, and is reviewed quarterly. We conduct annual penetration testing by independent security firms and maintain SOC 2 Type II certification. Security incidents are disclosed to affected users within 72 hours of confirmation.
Cookies used by MiniMax are limited to essential functionality and anonymized analytics. Session cookies maintain your authenticated state and expire when you close your browser. Preference cookies remember your language selection and display settings with a 12-month expiration. Analytics cookies assign an anonymous identifier to measure site usage patterns with a 24-month expiration. No third-party advertising or tracking cookies are deployed on any MiniMax domain. You can manage cookie preferences through your browser settings at any time.
We notify users of material privacy policy changes via email and website notice at least 30 days before changes take effect.
MiniMax reviews this privacy policy quarterly and updates it when our data practices change, new services launch, or legal requirements evolve. Material changes — those that affect your rights or our data handling in meaningful ways — trigger an email notification to the address on your account and a prominent notice on the MiniMax website for 30 days before the changes take effect. Non-material changes such as clarifying language or updating contact information are applied immediately and noted in the revision history.
Continued use of MiniMax services after changes take effect constitutes acceptance of the updated policy. If you disagree with material changes, you may close your account and request data deletion before the changes take effect. The revision history at the bottom of this page lists all substantive updates with dates and brief descriptions of what changed.
MiniMax complies with GDPR, CCPA, and applicable global privacy regulations. Data collection is limited to account registration details, API usage metadata, support communications, and anonymized website analytics. Prompt content and model responses are not stored after inference unless a user explicitly enables debugging logging. Data is encrypted in transit via TLS 1.3 and at rest via AES-256 with HSM-managed keys. Infrastructure providers operate under data processing agreements. Retention periods range from 90 days post-account-deletion for profile data to 7 years for billing records. Users access data export, deletion, and portability tools through their account privacy dashboard. Material policy changes include 30-day advance notice via email and website alert. The Data Protection Officer can be reached at support@minimax.gr.com for privacy inquiries and rights requests.
| Section | Summary | Full Details Link |
|---|---|---|
| Data Collection | Account info, API metadata, support records, analytics | See above |
| Data Usage | Service provision, security, aggregated improvement | See above |
| Data Sharing | Infrastructure, payments, legal process only | See above |
| User Rights | Access, deletion, portability, GDPR, CCPA | See above |
| Data Retention | 90 days to 7 years depending on data type | See above |
| Cookies | Session, preference, and analytics only | See above |
MiniMax collects personal data when you create an account, interact with our API services, contact customer support, or browse our website. This includes account registration details, API usage metadata, support communication records, and standard web analytics data collected through first-party session and preference cookies.
No, MiniMax does not use customer API input or output data to train our foundation models unless you explicitly opt into data sharing for model improvement. Inference data is processed in memory and discarded after the response is delivered. We retain API usage metadata for billing and monitoring purposes separate from prompt content.
Under GDPR, you have rights to access, rectify, erase, restrict processing, and port your personal data. Under CCPA, you have rights to know what data is collected, request deletion, and opt out of data sales. MiniMax does not sell personal data. Submit privacy requests through your account dashboard or via email to support@minimax.gr.com.
MiniMax retains account data for the life of your account plus 90 days after deletion for legal and audit purposes. API usage logs are retained for 12 months. Billing records are kept for 7 years to comply with financial regulations. You can request early deletion of non-required data through your privacy settings or by contacting support.