Privacy Policy | MentorStack

MentorStack Inc. (“MentorStack,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, job title, organization name, and role within MentorStack (admin, mentor, or mentee).

Profile Data

Mentors and mentees may provide skills, interests, goals, availability preferences, seniority level, and optional demographic information used for DEI-aware matching. Demographic data is always voluntary and self-reported.

Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, session frequency, and timestamps. This data helps us improve the product and provide engagement analytics to organization administrators.

Communication Data

Messages sent through our in-app messaging system are stored to enable mentor-mentee communication. Meeting notes and session summaries (including AI-generated content) are stored as part of the mentorship record.

2. Lawful Bases for Processing

Under the General Data Protection Regulation (GDPR) and similar laws, we process your personal data on the following legal bases:

Contract performance: Processing necessary to provide the MentorStack platform and fulfill our obligations under your organization's subscription agreement (e.g., account creation, matching, messaging, analytics).
Legitimate interest: Processing for product improvement, security, fraud prevention, and aggregate analytics, where our interests do not override your rights.
Consent: Processing of voluntary demographic data for DEI-aware matching and optional AI-powered features. You may withdraw consent at any time without affecting prior processing.
Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings.

3. How We Use Your Information

To provide, maintain, and improve the MentorStack platform
To facilitate AI-powered mentor-mentee matching
To generate session summaries, agendas, and engagement insights
To send notifications, reminders, and system communications
To provide aggregate analytics and reporting to organization administrators (never individually identifiable DEI data)
To respond to support requests and communicate about your account
To detect and prevent fraud, abuse, and security incidents

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

Within your organization: Administrators in your organization can view aggregate program metrics. Your mentor or mentee can see your profile information, shared goals, and session history.
Service providers: We use third-party services for hosting (cloud infrastructure), email delivery, payment processing, and AI features. These providers are contractually bound to protect your data.
Legal compliance: We may disclose information when required by law, legal process, or to protect the rights and safety of MentorStack or others.

5. Cookies & Tracking

We use essential cookies to maintain your session and preferences. We use analytics cookies to understand platform usage. You can manage cookie preferences through your browser settings. We do not use advertising trackers.

Sub-Processors

MentorStack uses the following third-party services to operate this website:

Sub-processor	Purpose	Data processed	Location
Google Analytics (Google LLC)	Website analytics	Page views, device info, anonymized IP	United States
Cloudflare, Inc.	CDN, hosting, image delivery	IP addresses, request metadata	Global (edge)
Microsoft (Bing IndexNow)	Search engine indexing	Public page URLs only	United States

For the full platform sub-processor list, see our Data Processing Agreement.

Cookies We Use

Name	Type	Purpose	Duration	Set after consent?
_ga	Analytics (third-party, Google)	Distinguishes unique visitors	2 years	Yes
_ga_<container-id>	Analytics (third-party, Google)	Stores session state for GA4	2 years	Yes
cookie-consent (localStorage)	Essential (first-party)	Remembers your cookie preference	Persistent	No (essential)

For full details on managing cookies, see our Cookie Policy.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Export your data in a portable format
Object to or restrict certain processing activities
Withdraw consent where processing is consent-based

MentorStack supports GDPR data subject requests. Organization administrators can process data exports and deletion requests through the admin dashboard. Individual users can also contact us directly.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When an organization or user requests deletion, we remove personal data within 30 days, except where retention is required by law. Anonymized, aggregate data may be retained for analytics purposes.

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), row-level security in our database, regular security audits, and role-based access controls. While no system is 100% secure, we take data protection seriously and continuously improve our security posture.

9. International Transfers

MentorStack is based in the United States. If you access our platform from outside the US, your data may be transferred to and processed in the US. We rely on the European Commission's Standard Contractual Clauses (Module Two: controller-to-processor) adopted June 2021, and other appropriate safeguards, for international data transfers.

10. Data Controller & Processor

MentorStack acts as a data processor when handling personal data on behalf of your organization (the data controller). Your organization determines the purposes and means of processing employee data within the platform. MentorStack acts as a data controller for account registration data, platform usage analytics, and direct communications with us.

Enterprise customers can review our Data Processing Agreement (DPA), which details our obligations as a processor, including sub-processor disclosures, breach notification procedures, and audit rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we will provide additional notice via email or in-app notification.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@mentorstack.co

MentorStack Inc.

Toronto, Ontario, Canada

For data protection inquiries: privacy@mentorstack.co

We have not appointed a Data Protection Officer as we do not engage in large-scale processing of special category data or large-scale systematic monitoring. For all data protection inquiries, contact privacy@mentorstack.co.

Under Article 27(2) of the GDPR, MentorStack is not required to appoint an EU/UK representative as our processing of EU/EEA personal data is occasional, does not include large-scale processing of special categories of data, and is unlikely to result in a risk to the rights and freedoms of natural persons.

If you are in the EU/EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.