Skip to main content

Privacy Policy

Effective date: March 1, 2026

MentorStack, Inc. (“MentorStack,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, job title, organization name, and role within MentorStack (admin, mentor, or mentee).

Profile Data

Mentors and mentees may provide skills, interests, goals, availability preferences, seniority level, and optional demographic information used for DEI-aware matching. Demographic data is always voluntary and self-reported.

Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, session frequency, and timestamps. This data helps us improve the product and provide engagement analytics to organization administrators.

Communication Data

Messages sent through our in-app messaging system are stored to enable mentor-mentee communication. Meeting notes and session summaries (including AI-generated content) are stored as part of the mentorship record.

2. Lawful Bases for Processing

Under the General Data Protection Regulation (GDPR) and similar laws, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the MentorStack platform and fulfill our obligations under your organization's subscription agreement (e.g., account creation, matching, messaging, analytics).
  • Legitimate interest: Processing for product improvement, security, fraud prevention, and aggregate analytics, where our interests do not override your rights.
  • Consent: Processing of voluntary demographic data for DEI-aware matching and optional AI-powered features. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings.

3. How We Use Your Information

  • To provide, maintain, and improve the MentorStack platform
  • To facilitate AI-powered mentor-mentee matching
  • To generate session summaries, agendas, and engagement insights
  • To send notifications, reminders, and system communications
  • To provide aggregate analytics and reporting to organization administrators (never individually identifiable DEI data)
  • To respond to support requests and communicate about your account
  • To detect and prevent fraud, abuse, and security incidents

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Within your organization: Administrators in your organization can view aggregate program metrics. Your mentor or mentee can see your profile information, shared goals, and session history.
  • Service providers: We use third-party services for hosting (cloud infrastructure), email delivery, payment processing, and AI features. These providers are contractually bound to protect your data.
  • Legal compliance: We may disclose information when required by law, legal process, or to protect the rights and safety of MentorStack or others.

5. Cookies & Tracking

We use essential cookies to maintain your session and preferences. We use analytics cookies to understand platform usage. You can manage cookie preferences through your browser settings. We do not use advertising trackers.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing activities
  • Withdraw consent where processing is consent-based

MentorStack supports GDPR data subject requests. Organization administrators can process data exports and deletion requests through the admin dashboard. Individual users can also contact us directly.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When an organization or user requests deletion, we remove personal data within 30 days, except where retention is required by law. Anonymized, aggregate data may be retained for analytics purposes.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), row-level security in our database, regular security audits, and role-based access controls. While no system is 100% secure, we take data protection seriously and continuously improve our security posture.

9. International Transfers

MentorStack is based in the United States. If you access our platform from outside the US, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses and other appropriate safeguards for international data transfers.

10. Data Controller & Processor

MentorStack acts as a data processor when handling personal data on behalf of your organization (the data controller). Your organization determines the purposes and means of processing employee data within the platform. MentorStack acts as a data controller for account registration data, platform usage analytics, and direct communications with us.

Enterprise customers may request a Data Processing Agreement (DPA) that details our obligations as a processor, including sub-processor disclosures, breach notification procedures, and audit rights. Contact us to request a DPA.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we will provide additional notice via email or in-app notification.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@mentorstack.co