Privacy Policy
At a Glance
What We Collect
Account info, usage data, AI conversation history, files, and content you create across all apps.
Why We Collect It
To power AI Mentor, deliver personalized learning, sync your workspace, and keep the platform secure.
Who We Share With
Only trusted infrastructure providers (cloud, AI APIs) under strict data processing agreements. Never sold.
Your Rights
Access, correct, export, or permanently delete all your data — across every app — anytime.
Introduction
Information We Collect
Account & Identity
Name, email address, profile photo, username, and secure credentials. Social sign-in data from Google or GitHub when used.
AI Mentor Conversations
Messages you send and receive in AI Mentor sessions, selected AI model per conversation, conversation titles, and resumable session state. Conversation content is forwarded to your chosen AI provider to generate responses.
Learning Content
Courses, quiz answers, flashcard decks, progress data (completion rates, scores, streaks), notes, and media you upload in the Learning App at app.mentorize.me.
Chat & Collaboration
Messages, channel content, direct messages, voice/video call metadata (not recordings unless you explicitly save them), and files shared via chat.mentorize.me.
Files & Documents
Files uploaded to Drive, documents created in Docs, presentations in Slides, spreadsheets in Sheets, and photos in Photos — stored in your encrypted cloud workspace.
Usage & Analytics
Features you use, pages visited, time spent per session, click patterns, error events, and performance metrics. Used in aggregate to improve the platform.
Device & Technical
Browser type and version, operating system, IP address, device identifiers, time zone, language preference, and referral source.
Billing & Payments
Subscription tier (HOBBY, PRO, or ENTERPRISE), plan history, and invoice records. Full payment card data is handled exclusively by our payment processor (Polar) — we never store raw card numbers.
How We Use Your Information
Service Delivery
Power AI Mentor responses via your chosen provider, sync your workspace across all apps, authenticate your account, and deliver course content and quizzes.
Personalization
Remember your preferred AI model, language, UI theme, notification settings, and learning pace. Surface relevant courses and content based on your activity.
AI Routing
Route your AI Mentor prompts to your chosen provider based on your in-session model selection. Prompts are transmitted securely and subject to the selected provider's privacy policy.
Platform Improvement
Analyze aggregated, anonymized usage patterns to identify bugs, optimize performance, and prioritize new features.
Security & Fraud Prevention
Detect unauthorized access, suspicious login patterns, abuse of the API, and potential data breaches. Enforce rate limits and fair-use policies.
Communication
Send transactional emails (account confirmation, password reset, billing receipts), product updates, and — only with your consent — marketing newsletters.
Legal Compliance
Fulfill obligations under GDPR, Czech data protection law, and other applicable regulations. Respond to lawful requests from Czech, EU, and international authorities.
Data Sharing & Disclosure
AI Model Providers
When you use AI Mentor, your messages are forwarded to the provider and model you select. All major providers and their models are available. Each provider's terms govern how they handle prompt data. We recommend reviewing the policy of your chosen provider.
Infrastructure Partners
Cloud hosting, object storage (S3-compatible), email delivery (transactional), and monitoring services. All operate under data processing agreements with geographic restrictions where required.
Payment Processors
Polar processes all subscription payments. We share only your email and subscription tier — not full payment card data. Polar is PCI-DSS Level 1 compliant.
Analytics & Error Tracking
Aggregated, anonymized usage metrics may be processed by analytics tools (e.g., Sentry for error tracking). No personally identifiable information is included in error reports.
Legal Requirements
We may disclose data if required by a court order, subpoena, or applicable law in the EU or other jurisdictions. Where legally permitted, we will notify you before complying.
Business Transfers
In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. You will receive notice at least 30 days before any transfer, with options to export or delete your data.
Data Retention
Active Account Data
All account data, files, courses, AI sessions, and chat history are retained while your account is active. Deleting your account triggers a 30-day grace period, after which all data is permanently purged.
Post-Cancellation
After subscription cancellation, your data is retained until the end of the billing period. You can export everything during this window. Accounts not reactivated within 30 days of expiration are queued for deletion.
Anonymized Analytics
Aggregated, anonymized usage statistics (with all PII removed) may be retained indefinitely for product improvement and performance benchmarking.
Legal Holds
Some records (billing transactions, compliance logs) may be retained for up to 7 years to comply with Czech and EU accounting regulations and other applicable laws.
Backups
Encrypted backups are retained for up to 90 days. Deletion requests are applied to backups on the next backup rotation cycle after the 30-day grace period.
Your Rights & Choices
Access
Request a full export of all personal data we hold about you, across every app — courses, AI sessions, files, messages, and billing records.
Correction
Update or correct inaccurate account information, profile data, or preferences at any time through your account settings.
Deletion (Right to be Forgotten)
Request permanent deletion of your account and all associated data. Processed within 30 days, with exceptions for legally required retention.
Data Portability
Download your data in machine-readable JSON or CSV format — including courses, quiz results, AI conversation history, and documents.
Restriction of Processing
Request that we limit how we process your data (e.g., opt out of analytics, AI training, or marketing) while a dispute is resolved.
Opt-Out of Communications
Unsubscribe from marketing emails via the link in any email or through accounts.mentorize.me → Settings → Notifications. Transactional emails (receipts, security alerts) cannot be disabled.
International Data Transfers
Data Security
Encryption in Transit
All network traffic between your browser, our apps, and third-party providers is encrypted. Your data is protected at every step.
Encryption at Rest
All stored data — files, messages, course content, backups — is encrypted with strong encryption. Your data is protected even at rest.
Strict Data Isolation
Every user's data is fully isolated and partitioned at the database level. Cross-account data access is structurally impossible — your data belongs only to you.
Access Controls
Role-based access control limits employee access to production data. All internal access requires multi-factor authentication, is time-limited, and is fully logged and audited.
Regular Security Audits
We conduct quarterly penetration testing and annual third-party security audits of our infrastructure, APIs, and application code. Critical findings are patched within 48 hours.
Incident Response
Our security team responds to suspected incidents within 4 hours. Affected users are notified within 72 hours of a confirmed breach — in compliance with LGPD and GDPR requirements.
Cookies & Tracking Technologies
Essential Cookies
Required for authentication, session management, and security. Cannot be disabled without breaking core functionality (e.g., staying signed in to accounts.mentorize.me).
Preference Cookies
Remember your settings — AI model preference, UI theme (dark/light), language, and notification preferences — so they persist across sessions and devices.
Analytics Cookies
Collect anonymized usage data (pages visited, feature interactions, session duration) to help us improve the platform. Opt out any time via cookie preferences or browser settings.