Privacy Policy

Last Updated: November 10, 2025

Mentyx.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including:

• Contact Information: Name, email address, phone number, company name
• Account Information: Username, password, job title, company details
• Business Information: Loan volume, lending type, operational details
• Communications: Messages, feedback, support requests
• Payment Information: Billing address, payment method details (processed securely by third-party payment processors)

1.2 Information Collected Automatically

When you use our services, we automatically collect:

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, features used, time spent, click patterns
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies
• Log Data: Access times, error logs, system performance data

1.3 Information from Third Parties

We may receive information from:

• Data enrichment services for business intelligence
• Analytics providers (e.g., Google Analytics)
• Integration partners (e.g., CRM systems, data providers)

2. How We Use Your Information

We use collected information for:

• Service Delivery: Provide, maintain, and improve our loan origination platform
• Account Management: Create and manage your account, authenticate users
• Communication: Send service updates, respond to inquiries, provide support
• Analytics: Understand usage patterns, improve features, optimize performance
• Marketing: Send newsletters, product updates, promotional materials (with your consent)
• Security: Detect fraud, prevent abuse, protect system integrity
• Legal Compliance: Comply with legal obligations, resolve disputes

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

• Contract Performance: Processing necessary to provide services you've requested
• Legitimate Interests: Improving services, preventing fraud, marketing to existing customers
• Legal Obligations: Compliance with laws and regulations
• Consent: Where you've given explicit permission (e.g., marketing emails)

4. How We Share Your Information

We share information only in these circumstances:

4.1 Service Providers

Third-party vendors who perform services on our behalf:

• Cloud hosting providers (AWS, Google Cloud)
• Payment processors (Stripe)
• Email service providers (SendGrid)
• Analytics providers (Google Analytics)
• Customer support tools (Intercom, Zendesk)

All service providers are contractually required to maintain data confidentiality and security.

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes (subpoenas, court orders)
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to government requests

4.4 With Your Consent

We may share information with third parties when you explicitly consent.

5. Data Security

We implement industry-standard security measures:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access, multi-factor authentication
• Infrastructure: SOC 2 Type II certified data centers
• Monitoring: 24/7 security monitoring, intrusion detection
• Audits: Regular security audits and penetration testing
• Data Isolation: Multi-tenant architecture with strict data segregation

While we strive to protect your data, no system is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information:

• Active Accounts: For the duration of your account plus 90 days after closure
• Marketing Data: Until you unsubscribe or request deletion
• Transaction Records: 7 years for financial and tax compliance
• Backups: Up to 90 days in encrypted backups
• Legal Holds: Longer if required by law or legal proceedings

7. Your Rights and Choices

7.1 Rights Under GDPR (EU Users)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

7.2 Rights Under CCPA (California Users)

California residents have the right to:

• Know what personal information we collect, use, and share
• Request deletion of personal information
• Opt-out of the "sale" of personal information (we do not sell personal information)
• Non-discrimination for exercising privacy rights

7.3 Marketing Communications

• Opt-Out: Click "unsubscribe" in any marketing email
• Email Preferences: Manage preferences in your account settings
• Do Not Track: We respect browser "Do Not Track" signals

7.4 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@mentyx.ai
• Subject Line: "Privacy Rights Request"
• Response Time: Within 30 days (45 days for complex requests)

8. International Data Transfers

Your information may be transferred to and processed in countries outside your residence, including the United States, Ireland, and Austria. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with all processors
• Adherence to Privacy Shield principles (where applicable)

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies and similar technologies:

10.1 Types of Cookies

• Essential Cookies: Required for core functionality (session management, security)
• Analytics Cookies: Track usage patterns (Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Track ad campaign effectiveness

10.2 Managing Cookies

• Adjust browser settings to block or delete cookies
• Use our cookie consent manager (if applicable)
• Note: Blocking essential cookies may impact functionality

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Mentyx.ai Data Protection Officer
Email: privacy@mentyx.ai
Mail: Mentyx.ai, Dublin, Ireland

EU Representative

For EU-specific inquiries:
Email: eu-privacy@mentyx.ai

Supervisory Authority

EU users have the right to lodge a complaint with their local data protection authority.

---

© 2025 Mentyx.ai. All rights reserved. | Terms of Service | Home