Privacy Policy

Effective Date: March 14, 2026 · Last Updated: March 14, 2026

MentroAI ("we," "us," or "our") operates the MentroAI mobile application (iOS and Android) and the MentroAI web dashboard (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, password, role (mentor, mentee, admin, program manager).
  • Profile Information: Profile photo, biography, department, company/organization, job title, phone number, graduation year, timezone, interests, and social media links (LinkedIn, Twitter).
  • Content You Create: Meeting notes, action items, messages, support tickets, check-in responses, and shared goals.
  • Communications: Messages exchanged with mentors, mentees, and support staff through the in-app messaging system.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system and version, unique device identifiers, and mobile network information.
  • Usage Data: Features accessed, screens viewed, actions taken, timestamps of activity, and session duration.
  • Push Notification Tokens: Expo push notification tokens for delivering real-time alerts.
  • Crash and Performance Data: Error logs, crash reports, and performance metrics collected via Sentry to improve app stability.
  • Log Data: IP address, browser type, access times, and pages viewed when accessing the web dashboard.

1.3 Information from Third Parties

  • Institutional Data: Your educational institution or organization may provide us with your name and email address to generate an invitation to the platform.
  • Authentication Providers: If you use single-sign-on (SSO), we receive basic profile information from the identity provider (name, email).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain the Service: Create and manage your account, facilitate mentorship pairings, schedule meetings, enable messaging, and manage action items.
  • Personalization: Tailor your experience based on your role, program, and preferences.
  • Communications: Send push notifications, email reminders for upcoming meetings, action item deadlines, and program announcements.
  • Analytics and Reporting: Provide program administrators with aggregated engagement metrics (meeting frequency, completion rates) to measure program effectiveness.
  • Support: Respond to your support tickets, troubleshoot issues, and provide customer assistance.
  • Safety and Security: Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.
  • Service Improvement: Analyze crash reports, usage patterns, and feedback to improve features and fix bugs.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data in the following limited circumstances:

  • Within Mentorship Pairs: Your profile information (name, bio, department, interests) is visible to your assigned mentor or mentee. Messages are only visible to conversation participants.
  • Program Administrators: Institutional admins can view participant profiles, meeting schedules, and aggregated engagement data for their programs. They cannot read private messages between mentoring pairs.
  • Service Providers: We share data with third-party vendors who process data on our behalf (see Section 5). These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose your information if required by law, subpoena, court order, or government request, or to protect the rights, safety, or property of MentroAI, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.

4. Data Storage and Security

  • Your data is stored on servers operated by Supabase (SOC 2 Type II compliant) in secure cloud infrastructure.
  • All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • Authentication tokens are stored securely on your device using platform-specific secure storage (iOS Keychain / Android Keystore) via Expo SecureStore.
  • We implement Row-Level Security (RLS) policies to ensure users can only access data they are authorized to view.
  • Access to production databases is restricted to authorized personnel with multi-factor authentication.
  • While we strive to use commercially acceptable means to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate the platform:

ProviderPurposeData Shared
SupabaseDatabase, authentication, file storage, real-time messagingAll user data, files, messages
Expo (EAS)Push notifications, app updatesDevice push tokens, device type
SentryCrash reporting, error trackingDevice info, error logs, stack traces
VercelWeb dashboard hostingIP address, access logs
ResendTransactional email deliveryEmail address, notification content

Each provider maintains its own privacy policy. We encourage you to review their policies for information about their data practices.

6. Data Retention

  • Account data is retained for as long as your account is active or as needed to provide the Service.
  • If you request account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.
  • Aggregated, anonymized analytics data may be retained indefinitely as it cannot be linked back to individual users.
  • Crash and performance logs are retained for 90 days.
  • Backup copies may persist for up to 30 days after deletion before being purged.

7. Your Rights and Choices

7.1 All Users

  • Access: View and download your personal data through the app's profile and settings screens.
  • Correction: Update your profile information at any time via the Edit Profile screen.
  • Deletion: Request complete account deletion by contacting support@mentroai.com.
  • Notification Preferences: Manage push notification and email preferences from the app settings.
  • Withdraw Consent: You can stop using the Service at any time.

7.2 European Economic Area (EEA) Residents — GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

  • Right to access, rectify, erase, or restrict processing of your data.
  • Right to data portability in a machine-readable format.
  • Right to object to processing based on legitimate interests.
  • Right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), and consent (sending marketing communications).

7.3 California Residents — CCPA / CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose.
  • Right to request deletion of your personal information.
  • Right to opt out of the sale of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising your privacy rights.

8. Children's Privacy

The Service is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@mentroai.com.

9. International Data Transfers

Your data may be processed and stored in countries other than your own, including the United States, where our service providers operate. By using the Service, you consent to the transfer of your data to these countries. We ensure that appropriate safeguards are in place, including standard contractual clauses where applicable, to protect your data in accordance with this Privacy Policy.

10. Cookies and Tracking Technologies

The MentroAI web dashboard uses essential cookies for authentication and session management. We do not use advertising cookies or cross-site tracking pixels. The mobile application does not use cookies. Analytics data collected via Sentry uses anonymous identifiers and does not track users across other applications or websites.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and sending a notification through the application. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

© 2026 MentroAI. All rights reserved.