Skip to main content
Mentum

Privacy Policy

Last updated: February 25, 2026

Mentum ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Mentum platform ("Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR), including Articles 13 and 14, and other applicable data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Mentum is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

2. Data We Collect

We collect the following categories of personal data when you use the Service:

2.1 Data You Provide Directly

  • Account information: Name, email address, password (if applicable), profile photo
  • Profile data: Professional title, bio, skills, expertise areas, career goals, working style preferences, and personality information provided during onboarding
  • Session data: Session notes, feedback, ratings, and communication during mentoring sessions
  • Documents: Resumes, portfolios, and other files you upload to the platform
  • Payment information: Billing details processed securely through Stripe (we do not store full payment card numbers)
  • Support requests: Messages and information you provide when contacting our support team

2.2 Data Collected Automatically

  • Usage data: Pages visited, features used, session duration, click patterns, and interaction logs
  • Device information: Browser type, operating system, screen resolution, and device identifiers
  • Log data: IP address, access times, referring URLs, and error logs
  • Cookies and similar technologies: Session cookies, authentication tokens, and analytics cookies (see Section 9)

2.3 Data from Third Parties

  • Social login providers: If you sign in via Google or LinkedIn, we receive your name, email address, and profile picture from these providers
  • Payment provider: Stripe provides us with transaction status and billing address information

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service, including account management, matching, session facilitation, and payment processing
  • Consent (Art. 6(1)(a)): Where you have given specific consent, such as for marketing communications, optional analytics, and AI-powered profile enrichment
  • Legitimate interests (Art. 6(1)(f)): For platform security, fraud prevention, service improvement, and aggregated analytics. Our legitimate interests do not override your fundamental rights and freedoms
  • Legal obligation (Art. 6(1)(c)): Where required by law, such as tax records, regulatory compliance, and responding to lawful requests from authorities

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: Creating and managing your account, facilitating mentor-mentee matching, and enabling video mentoring sessions
  • AI-powered matching: Analyzing your profile, skills, goals, and preferences to generate curated mentor-mentee matches using artificial intelligence
  • Profile enrichment: Using AI to generate insights from your profile data, such as your Personal User Manual and compatibility assessments
  • Communication: Sending transactional emails (session confirmations, match notifications), and with your consent, marketing communications
  • Payment processing: Managing subscriptions, credit purchases, and billing through our payment provider
  • Platform safety: Enforcing community guidelines, moderating content, managing the strike system, and preventing abuse
  • Analytics and improvement: Understanding how the Service is used to improve features, fix issues, and enhance user experience

5. AI Processing and Automated Decision-Making

Mentum uses artificial intelligence (AI) in several aspects of the Service. In accordance with GDPR Article 22, we inform you of the following:

  • Matching algorithm: We use AI to analyze your profile data and generate 3 curated mentor-mentee matches per cycle. This is a recommendation system and does not constitute solely automated decision-making with legal effects
  • Profile analysis: AI processes your skills, goals, and working style to generate compatibility scores and match explanations
  • Personal User Manual: At 100% profile completion, AI generates a Personal User Manual summarizing your professional preferences and communication style

You have the right to request human review of any AI-generated decisions that significantly affect you. Contact us at privacy@mentum.com to exercise this right.

6. Data Sharing and Recipients

We share your personal data only in the following circumstances and with the following categories of recipients:

  • Other users: Your profile information (name, title, bio, skills, expertise) is visible to matched users. Session notes and feedback are shared with session participants
  • Service providers: We use third-party processors to operate the Service, including:
    • Supabase (database hosting and authentication)
    • Daily.co (video session infrastructure)
    • Stripe (payment processing)
    • Anthropic (AI matching and profile analysis)
    • Resend (transactional email delivery)
    • Upstash (caching and rate limiting)
  • Legal requirements: We may disclose your data if required by law, regulation, legal process, or governmental request
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to this Privacy Policy

We do not sell your personal data to third parties for advertising or marketing purposes.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data to countries outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission for the recipient country
  • The EU-U.S. Data Privacy Framework, where applicable

You may request a copy of the safeguards in place by contacting us at privacy@mentum.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law:

  • Account data: Retained while your account is active and for 30 days after account deletion to allow recovery
  • Session records: Retained for 12 months after the session date for quality assurance and dispute resolution
  • Payment records: Retained for 7 years as required by tax and financial regulations
  • Usage logs: Retained for 90 days for security and debugging purposes
  • Marketing consent records: Retained for the duration of consent plus 3 years

After the retention period expires, your data is securely deleted or anonymized so that it can no longer be associated with you.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for authentication, security, and core platform functionality. These cannot be disabled
  • Functional cookies: Remember your preferences (language, theme, display settings) to enhance your experience
  • Analytics cookies: Help us understand how the Service is used, which pages are popular, and where users encounter issues. These are only set with your consent

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling essential cookies may affect the functionality of the Service.

10. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
  • Right to restriction (Art. 18): Request that we restrict the processing of your personal data in certain circumstances
  • Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
  • Right regarding automated decisions (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects

To exercise any of these rights, contact us at privacy@mentum.com. We will respond to your request within 30 days as required by GDPR. You can also manage many of these rights directly through your account settings.

11. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. You may file a complaint with the data protection authority in your country of residence, your place of work, or the place of the alleged infringement.

We encourage you to contact us first at privacy@mentum.com so we can try to resolve your concern before you escalate to a supervisory authority.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Row Level Security (RLS) policies on the database to prevent unauthorized access
  • Secure authentication via magic links, OAuth, and session management
  • Regular security audits and vulnerability assessments
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Rate limiting and abuse prevention mechanisms

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach in accordance with GDPR requirements (within 72 hours).

13. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@mentum.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or through a prominent notice on the Service
  • Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Back to home
Terms of Service