Privacy Policy

Mentum ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Mentum platform ("Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR), including Articles 13 and 14, and other applicable data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Mentum is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

• Email: privacy@mentum.com
• Data Protection Officer: dpo@mentum.com

We collect the following categories of personal data when you use the Service:

2.1 Data You Provide Directly

• Account information: Name, email address, password (if applicable), profile photo
• Profile data: Professional title, bio, skills, expertise areas, career goals, working style preferences, and personality information provided during onboarding
• Session data: Session notes, feedback, ratings, and communication during mentoring sessions
• Documents: Resumes, portfolios, and other files you upload to the platform
• Payment information: Billing details processed securely through Stripe (we do not store full payment card numbers)
• Support requests: Messages and information you provide when contacting our support team

2.2 Data Collected Automatically

• Usage data: Pages visited, features used, session duration, click patterns, and interaction logs
• Device information: Browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access times, referring URLs, and error logs
• Cookies and similar technologies: Session cookies, authentication tokens, and analytics cookies (see our Cookie Policy)

2.3 Data from Third Parties

• Social login providers: If you sign in via Google or LinkedIn, we receive your name, email address, and profile picture from these providers
• Payment provider: Stripe provides us with transaction status and billing address information

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service, including account management, matching, session facilitation, and payment processing
• Consent (Art. 6(1)(a)): Where you have given specific consent, such as for marketing communications, optional analytics, and AI-powered profile enrichment
• Legitimate interests (Art. 6(1)(f)): For platform security, fraud prevention, service improvement, and aggregated analytics
• Legal obligation (Art. 6(1)(c)): Where required by law, such as tax records, regulatory compliance, and responding to lawful requests from authorities

We use your personal data for the following purposes:

• Service delivery: Creating and managing your account, facilitating mentor-mentee matching, and enabling video mentoring sessions
• AI-powered matching: Analyzing your profile, skills, goals, and preferences to generate curated mentor-mentee matches
• Profile enrichment: Using AI to generate insights from your profile data, such as your Personal User Manual and compatibility assessments
• Communication: Sending transactional emails (session confirmations, match notifications), and with your consent, marketing communications
• Payment processing: Managing subscriptions, credit purchases, and billing through our payment provider
• Platform safety: Enforcing community guidelines, moderating content, managing the strike system, and preventing abuse
• Analytics and improvement: Understanding how the Service is used to improve features, fix issues, and enhance user experience

Mentum uses artificial intelligence (AI) in several aspects of the Service. In accordance with GDPR Article 22:

• Matching algorithm: We use AI to analyze your profile data and generate curated mentor-mentee matches per cycle. This is a recommendation system and does not constitute solely automated decision-making with legal effects
• Profile analysis: AI processes your skills, goals, and working style to generate compatibility scores and match explanations
• Personal User Manual: At 100% profile completion, AI generates a Personal User Manual summarizing your professional preferences and communication style

You have the right to request human review of any AI-generated decisions that significantly affect you. Contact us at privacy@mentum.com.

We share your personal data only in the following circumstances:

• Other users: Your profile information (name, title, bio, skills, expertise) is visible to matched users
• Service providers: We use third-party processors including: Supabase (database), Daily.co (video sessions), Stripe (payments), Anthropic (AI), Resend (email), Upstash (caching)
• Legal requirements: We may disclose your data if required by law or governmental request
• Business transfers: In the event of a merger or acquisition, your data may be transferred as part of the transaction

We do not sell your personal data to third parties for advertising or marketing purposes.

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data to countries outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable.

We retain your personal data only for as long as necessary:

• Account data: Retained while your account is active and for 30 days after account deletion
• Session records: Retained for 12 months after the session date
• Payment records: Retained for 7 years as required by tax regulations
• Usage logs: Retained for 90 days for security and debugging purposes

Under the General Data Protection Regulation, you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to restriction (Art. 18): Request that we restrict the processing of your personal data
• Right to data portability (Art. 20): Receive your personal data in a structured, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@mentum.com. We will respond within 30 days as required by GDPR. You can also manage many of these rights directly through your account settings.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, Row Level Security (RLS) policies, secure authentication, regular security audits, and rate limiting.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@mentum.com.

If you have any questions about this Privacy Policy, please contact us:

• Privacy inquiries: privacy@mentum.com
• Data Protection Officer: dpo@mentum.com
• General support: Visit our Help Center