Frequently Asked Questions

You can be up and running in under 30 minutes. The entire process takes just three steps:

• Create an account (2 minutes) — Email, company name, password. No credit card required for the trial.
• Connect Google Drive (1 minute) — OAuth flow, one click. MintFolder automatically creates the folder structure.
• Archive your first document (30 seconds) — Upload a file or send it via the API. The AI takes care of the rest.

MintFolder AI offers two access methods — both powered by the same AI engine:

• Company Dashboard — A web interface for teams that want to get started without any technical expertise. Drag & drop, archive overview, team management, PDF tools, and analytics — all in the browser.
• REST API — For developers who want to integrate MintFolder into existing systems (ERP, CRM, e-commerce). A single HTTP request is all it takes: send a file, get back a JSON response with a smart filename and category.

You can use both simultaneously. Files archived via the API appear quickly in the Dashboard and vice versa.

For AI-powered archiving:

• PDF — including scanned PDFs (processed with OCR)
• DOCX — Word documents
• XLSX — Excel spreadsheets
• JPG, PNG, TIFF — images and scans

Additionally, 20 PDF tools are available:

• Compress, merge, split, rotate
• PDF ↔ Word, Excel, Text, HTML, JPG
• OCR, watermarks, page numbers
• Password protection, PDF/A conversion
• Remove and reorder pages

Maximum file size: 50 MB per file.

When you upload a document, here is what happens:

• Step 1 — Text extraction: The hybrid OCR pipeline extracts text locally using Tesseract + pdfplumber. For sensitive documents, the entire process stays on the server.
• Step 2 — AI analysis: The Multi-tier AI fallback chain (function-dependent routing; for core document analysis: Gemini → Claude → OpenAI) identifies: document type, sender, recipient, date, amount, IBAN, invoice number.
• Step 3 — Categorization: The document is assigned to one of 9 GoBD-oriented categories (RE = Invoice, VT = Contract, PA = HR, etc.).
• Step 4 — Smart naming: A standardized filename is generated: 2026-03-15_RE_Amazon-Mueller_Invoice.pdf
• Step 5 — Google Drive: The file is placed in the correct folder: SmartArchiv/01_Finance/2026/01_Incoming_Invoices/

No — not for the Dashboard. The interface is designed so that any team member can start using it immediately: drag and drop a file, done.

For API integration, you will need a developer. The Integration Guide includes complete code examples for Python, Node.js, PHP, C#, and cURL. A typical integration takes 1–2 hours.

MintFolder AI uses a redundant AI system with three providers. Routing is function-dependent; for core document analysis (upload/classification) the order is Gemini → Claude → OpenAI:

• Tier 0 — Google Gemini 2.5 Flash (primary for document vision/OCR): High accuracy for scanned business documents. DPA/SCCs per Art. 46 GDPR.
• Tier 1 — Anthropic Claude (vision fallback): Activated when Gemini is unavailable.
• Tier 2 — OpenAI GPT-4o (final fallback): Last-resort provider with circuit-breaker logic.

The system switches between providers automatically and seamlessly. You will not notice any difference. Each provider has its own rate limits and error handling.

All plans include 20 professional PDF tools (plus image tools):

• Convert: PDF → Word, Excel, Text, HTML, JPG | Word → PDF | Image → PDF | HTML → PDF
• Edit: Compress (3 levels), merge, split, rotate, remove pages, reorder pages, add page numbers, watermarks
• Security: Password protection, remove password, PDF/A conversion (long-term archiving)
• Recognition: OCR (optical character recognition) for scanned documents
• Images: Compress, rotate, scale, enlarge (AI upscaling)

All PDF & image editing tools listed above run entirely on our server — no external services, no data transfer to third parties. AI-powered features (classification, naming, summary, Ask AI) process documents via our Multi-tier AI fallback chain (function-dependent; for document analysis: Gemini → Claude → OpenAI) under DPA/SCCs per Art. 46 GDPR.

MintFolder automatically creates a professional folder structure in your Google Drive:

• SmartArchiv/01_Finance_and_Accounting/2026/01_Incoming_Invoices/
• SmartArchiv/02_HR_and_Health/2026/Employees/
• SmartArchiv/03_Tax_and_Government/2026/
• SmartArchiv/04_Projects_and_Contracts/2026/
• SmartArchiv/05_Correspondence/2026/

The connection uses OAuth 2.0 (secure Google login). MintFolder only has access to its own SmartArchiv folder — not to your other files.

Synchronization is bidirectional: files you delete in Google Drive are also removed from the Dashboard and vice versa.

The 9 default categories (RE, AR, VT, AG, KA, LI, QU, PA, SO) cover common business documents and support GoBD-oriented filing.

On the Business plan and above, you can define additional custom categories tailored to your industry.

The folder structure follows the pattern: Category/Year/Subcategory/ — ensuring that everything remains quickly searchable, even with thousands of documents.

MintFolder features a unique GDPR Art. 9 pipeline:

• Detection: The gatekeeper scans every document for sensitive categories (health data, biometric data, religious beliefs) — Detection relies on 187 keywords across 7 Art. 9 categories. Technical limitations apply.
• Blocking: When the gatekeeper flags a match, external AI calls are generally intended to be skipped; reliable detection of every case cannot be guaranteed.
• Local processing: Where feasible, text is extracted locally via OCR, personally identifiable data is removed (names → [PERSON], dates → [DATE]), and only the redacted text is sent to the AI for classification.
• Result: The AI should identify the document type (e.g., "Medical Certificate") without seeing concrete patient data — to the extent redaction and the gatekeeper succeed.

All data is processed and stored on a server in Berlin, Germany (provider: IONOS, Germany).

• Database server: Berlin, Germany (IONOS)
• File storage: Google Drive (EU data center, your own Google account)
• AI processing: Google Gemini (DPA/SCCs per Art. 46 GDPR) — sensitive documents are processed locally
• Payments: Stripe (PCI DSS Level 1 certified)

Our servers are hosted in the EU (Berlin). AI-powered features transmit document content to US-based providers (Google, Anthropic, OpenAI) under DPA/SCCs per Art. 46 GDPR. Sensitive documents (Art. 9 GDPR) are routed through a keyword-based gatekeeper: when a match is flagged, we aim to process locally and avoid sending content to external AI services. Detection relies on 187 keywords across 7 Art. 9 categories. Technical limitations apply.

• Transport: TLS 1.3 for all connections (HTTPS everywhere)
• API keys: PBKDF2-SHA256 hashing (260,000 iterations) — even in the event of a database breach, your keys cannot be reconstructed
• Passwords: Argon2id (OWASP 2024) with automatic migration from legacy hashes
• Webhooks: HMAC-SHA256 signatures for verification
• Audit trail: SHA-256 hash chaining — each entry is cryptographically linked to the previous one
• Sessions: HttpOnly + Secure + SameSite=Strict cookies

No.

According to the current API terms of service of our AI providers (Google, OpenAI, Anthropic), data submitted via their APIs is not used for AI model training. For OpenAI, we additionally enforce the technical parameter store=False (Zero Data Retention). For Google Gemini and Anthropic Claude, we rely on their published API policies, which exclude the use of API data for training purposes (as of April 2026; provider policies may change).

Furthermore, sensitive documents (GDPR Art. 9), when flagged by the gatekeeper, are primarily processed locally; we aim to avoid external transmission. Detection relies on 187 keywords across 7 Art. 9 categories. Technical limitations apply.

After archiving, the file is stored in your Google Drive. On our server, we only keep metadata (filename, category, date, folder path) — not the file itself.

Temporary files (created during processing) are automatically deleted after approximately 30 minutes.

Yes, technically. MintFolder is designed to support GoBD-oriented processes. Final GoBD assessment depends on configuration, usage, and tax-advisor review:

• Traceability: Every action is logged in the audit trail — who changed what, and when.
• Tamper-evident records: SHA-256 hash chaining and database triggers make manipulation detectable and restrict deletion.
• Proper organization: Standardized filenames and folder structures enable instant retrieval.
• Completeness: One-click integrity verification shows whether the hash chain is unbroken.
• Retention: The 6-year retention period per §147 AO (German Tax Code) is automatically enforced — protected documents cannot be deleted.

The audit trail is a detailed, tamper-evident log of actions:

• Each entry contains: timestamp, user, action, old value, new value
• Each entry is sealed with a SHA-256 hash that includes the hash of the previous entry
• This chaining means: if someone deletes or modifies an entry in the middle, the chain breaks — the integrity check fails
• SQL triggers prevent the deletion or modification of audit trail entries at the database level

You can verify integrity at any time in the Dashboard under GoBD Compliance Hub → Integrity Check.

The Z3 export is a standardized format for tax audits (GDPdU/GoBD). When the tax authorities order an audit, you must provide your accounting data in a machine-readable format.

MintFolder generates this export with a single click in the Dashboard under GoBD Compliance Hub → Z3 Export. It includes all archived documents with metadata, categories, and the audit trail.

Under §147 AO (German Tax Code), the retention periods for business documents are:

• Retention by document type per §147 AO: 6, 8, or 10 years for commercial and business correspondence
• 10 years for accounting records, annual financial statements, and balance sheets

MintFolder enforces the 6-year retention period automatically. Protected documents display a "GoBD-protected" badge and cannot be deleted or modified until the retention period has expired.

MintFolder provides everything the auditor typically requires:

• Process documentation — describes how the system processes and archives documents
• Internal control system (ICS) — documents the technical and organizational measures in place
• Integrity check — proves the completeness of the audit trail through hash chain verification
• Z3 export — machine-readable export of all data for IDEA/AIS

All documents are available in the Dashboard under GoBD Compliance Hub.

Using a Bearer Token. In the Dashboard under API Keys, create a key:

Authorization: Bearer sk_live_...

The key is displayed only once — store it securely. You can create as many keys as you need and revoke them at any time.

Environments: Production and Sandbox (for testing without consuming your quota).

The API is a standard REST API — any language that can send HTTP requests will work. Official code examples are available for:

• Python (requests)
• Node.js (fetch/axios)
• PHP (cURL/Guzzle)
• C# (HttpClient)
• cURL (command line)

Full documentation: Integration Guide

• Trial: 10 requests/minute
• Starter: 60 requests/minute
• Business: 120 requests/minute
• Enterprise: 300 requests/minute
• Enterprise: Custom configuration

If you exceed the limit, you will receive a 429 Too Many Requests response with a Retry-After header.

Yes. You can configure webhook endpoints that are triggered when:

• A document has been successfully archived (archive.success)
• An archiving operation fails (archive.failed)
• A document has been processed (document.processed)

Every webhook request is signed with an HMAC-SHA256 signature (X-MintFolder-Signature) so you can verify its authenticity. Failed deliveries are automatically retried.

• Trial — €0, 20 files, all features, 14 days. No credit card.
• Starter — €69/month excl. VAT, 500 files, REST API + webhooks, email support (48h)
• Business — €149/month excl. VAT, 2,000 files, priority processing, custom categories, support (8h)
• Enterprise — €349/month excl. VAT, 10,000 files, DATEV export + Z3 archive, support (4h)
• Enterprise — Custom pricing. Contact us.

All prices are net prices plus applicable VAT (19%). Invoices will include VAT as required by German law. Cancel monthly.

Quota limit: When you reach the limit, archiving is paused — upgrade anytime.

Yes. All plans are month-to-month — no minimum contract, no fine print.

After cancellation:

• Your Dashboard remains accessible in read-only mode (you can view documents but not archive new ones)
• Your files remain in your Google Drive — they belong to you
• The audit trail remains available for the GoBD retention period

Through Stripe, all major payment methods are supported:

• Credit card (Visa, Mastercard, Amex)
• SEPA direct debit
• Invoice payment (Business plan and above)

Stripe is PCI DSS Level 1 certified — the highest security standard for payment processing. Your payment details are never stored on our servers.

Yes — with annual prepayment, you get 2 months free (approximately 17% savings). Contact us for a custom quote.

You are not automatically locked out. Instead:

• The Dashboard shows a warning at 75% and 90% usage
• After 100%, additional files are billed at the overage rate
• You can upgrade to a higher plan at any time — the change takes effect immediately

On the Trial plan: after 20 files, access becomes read-only — no charges, no data loss.

In the Dashboard under Team → Invite Team Member:

• Enter an email address and select a role
• The team member receives a professional invitation email with a link
• By clicking the link, they set a password and gain immediate access
• The invitation is valid for 7 days and can be revoked at any time

MintFolder has 5 roles with tiered permissions:

• Owner — Full access including billing, settings, and account deletion
• Administrator — Everything except billing: team, API keys, webhooks, integrations, security
• Editor — Dashboard, archiving, documents, PDF tools, analytics
• Viewer — Dashboard, archive, and documents in read-only mode (no archiving)

Permissions are enforced server-side — not just in the UI. A Viewer cannot perform protected actions even through direct API calls.

No — GoBD-protected documents cannot be deleted by anyone, not even the Owner. The 6-year retention period is enforced at the database level via SQL triggers.

Documents without GoBD protection can only be deleted by the Owner or an Administrator.

There is no limit on team members across all plans. You pay per file, not per user.

Whether you have 2 team members or 50 — the price stays the same. Only the file quota matters.

In the Dashboard under Security → DATEV Export Settings, you configure:

• Consultant number — Your tax advisor's number (e.g., 29098)
• Client number — Your client number with the tax advisor (e.g., 55003)
• Chart of accounts — SKR03 or SKR04

Your tax advisor imports the exported EXTF file (posting batch v7.0) into DATEV Rechnungswesen; the document ZIP is handed over as a package. A direct myDATEV API connection is in preparation.

Yes. Invite your tax advisor as a Viewer. They can then:

• View all archived documents
• Download the Z3 export
• Review the audit trail

They cannot modify or delete documents, or create API keys. Exactly as it should be.

The AI automatically extracts all relevant fields:

• Sender — Company name of the invoice issuer
• Recipient — Your company name
• Invoice number
• Invoice date
• Gross/net amount
• Currency
• VAT ID of the sender
• IBAN
• Due date
• Tax rate & breakdown

All extracted data is stored in DATEV export format and is immediately available for your tax advisor.

MintFolder implements GDPR-oriented controls. Final GDPR compliance also depends on configuration, customer use, and data-processing documentation:

• Art. 5 (Data minimization): We only store metadata necessary for archiving
• Art. 9 (Sensitive data): Health and biometric data are primarily processed locally when the gatekeeper flags a match; external AI calls are intended to be skipped. Detection relies on 187 keywords across 7 Art. 9 categories; technical limitations apply.
• Art. 25 (Privacy by design): Privacy is not an add-on — it is built into the architecture
• Art. 28 (Data processing): DPAs in place with all sub-processors (Google, OpenAI, Anthropic)
• Art. 32 (TOMs): Technical and organizational measures are documented and auditable
• Art. 46 (Third-country transfers): Standard Contractual Clauses (SCCs) with all AI providers

Yes. A DPA per GDPR Art. 28 is available for all Business and Enterprise customers. It covers:

• Subject matter and duration of processing
• Nature and purpose of processing
• Types of personal data
• Categories of data subjects
• Sub-processors and their locations
• Technical and organizational measures

Contact us for a ready-to-sign copy.

Yes. In accordance with GDPR Art. 15, 17, and 20:

• Data export (Art. 20): All your files are in your own Google Drive. Metadata can be exported as CSV.
• Account deletion (Art. 17): The Owner can request account deletion. All data on our servers will be deleted within 30 days.

Only you and your team.

• MintFolder employees have no routine access to customer documents
• Your files are stored in your own Google Drive account — we only have access to the SmartArchiv folder
• AI providers only see the content necessary for classification — for sensitive documents, only anonymized text
• All access is logged in the audit trail