Legal

Privacy Policy

Last updated: July 2026

1. Information We Collect

Account information: Name, email address, and phone number (used to send your app download link and sign-in email when you sign up, and to reach you by SMS as a last resort in a safety emergency).

Mentoring data: Voice call transcripts, in-app message history, your onboarding questionnaire answers, patterns identified, commitments, and progress data generated through your mentoring sessions. This includes sensitive personal material you choose to share, such as what you fear your life becomes if nothing changes.

Payment information: Processed securely through Stripe. We do not store credit card numbers on our servers.

Usage data: Session frequency, feature usage, and interaction patterns to improve the Service.

2. How We Use Your Information

• To deliver and personalize your mentoring experience in the app • To identify patterns, commitments, and progress across sessions • To send your daily mentoring messages and notifications in the app • To process payments and manage your subscription • To improve our mentoring methodology and AI models • To communicate important updates about the Service

3. Data Security and Who Can Read Your Data

Your data travels over TLS and is encrypted at rest by our database provider (Supabase). Inside the product, database row-level security means your account can only ever read its own rows.

Who can read your data, plainly: you, in the app. Our systems process it to generate your mentoring. A small number of Mentor staff can access production data to operate the service, fix problems, and act on safety, under contract and policy. We do not yet encrypt individual fields with keys only you hold, so we will not claim that. What we do enforce in the database: no one in your organization can ever read your individual mentoring data.

If you joined through your employer: your organization sees only aggregate signals, and only for groups of 8 or more active members. Smaller groups show nothing at all, not zeros. There is no org admin view, manager view, or export that returns individual mentoring data.

4. Data Sharing

We do not sell your personal data. We share data only with:

• AI providers (OpenAI, Anthropic), to generate mentoring responses. These providers process data per their data processing agreements and do not use your data to train their models. • Stripe, for payment processing only. • Twilio, to send your app download link by SMS when you sign up, and to reach you by SMS as a last resort in a safety emergency. • Resend, to send account emails such as your sign-in link.

5. The Safety Exception

If our safety system detects that you may be in crisis, we send crisis resources by SMS even during quiet hours, and the product suspends challenge-style messaging for 72 hours. Crisis events are handled between you and Mentor only. Your organization is never notified and can never see them.

6. Your Rights

• Access and export: email privacy@mentor.ist and we will compile and send you a copy of your data. A self-serve export is being built; it is not in the app yet, so today this works through support. • Correction: Update inaccurate personal information. • Deletion: Delete your account in the app. Deletion has a 30-day reversal window, then your personal data is removed. • Opt-out: Adjust your notification preferences at any time.

7. Data Retention

We retain your mentoring data for as long as your account is active. After account deletion, we remove personal data within 30 days of the deletion becoming permanent. Anonymized, aggregated data may be retained for analytics and methodology improvement.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for details.

9. Children’s Privacy

MENTOR is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@mentor.ist.

Want to see how we enforce privacy architecturally? See our Privacy Architecture page