Skip to main content

Security and privacy built in, not bolted on

HR software holds sensitive employee data. We treat it accordingly.

At a Glance

Security by default

GDPR Compliant

Full data export & deletion

SSO / SAML

Growth+ tier

Encrypted Data

In transit and at rest

Role-Based Access

Admin, mentor, mentee isolation

SOC 2 Type II

Audit in progress

Data Security

Your data is protected at every layer

MentorStack encrypts all data in transit using TLS and at rest using AES-256. Participant data is private by default — only the matched pair and program admins can view session content.

Encryption in transit

All communication between your browser and MentorStack is encrypted using TLS 1.3.

Encryption at rest

Data stored in MentorStack databases is encrypted at rest using AES-256.

Data residency: North America

Primary database storage is in North America. Some content may be cached at global edge locations via our CDN to ensure performance. International data transfers are covered by Standard Contractual Clauses.

No AI model training

Your program data is never used to train AI models — not ours, not our vendors'.

Privacy & Compliance

GDPR-compliant by default

MentorStack is built to meet GDPR requirements without additional configuration. Participant rights are baked into the platform, not added as an afterthought.

Right to export: admins and participants can download their data at any time
Right to deletion: account and program data can be fully deleted on request
Consent management: configurable consent flows for participant enrollment
Session data visibility: only matched participants and admins can see session content

Data Processing Agreement

A DPA is available for all accounts on request, covering standard contractual clauses and data processing obligations.

mentorstack.co/dpa

Privacy Policy

Full details on what data we collect, how it's used, and your rights as a data subject.

mentorstack.co/privacy

Access Control

The right people see the right data

MentorStack enforces strict role-based access and organization-level data isolation.

SAML SSO

SAML 2.0 single sign-on available on Growth+ plans. Connect to any SAML-compliant identity provider.

Role-Based Access

Three distinct roles — admin, mentor, and mentee — each with scoped permissions. Admins can see program-wide data; participants only see their own.

Organization Isolation

Each organization's data is fully isolated. No cross-tenant data access is possible at any layer of the stack.

FAQ

Common security questions

Is MentorStack SOC 2 certified?
SOC 2 Type II audit is in progress. Contact us for our current security posture documentation.
Where is my data stored?
Primary database storage is in North America. Some content may be cached at global edge locations via our CDN provider (Cloudflare) to ensure performance. International data transfers are covered by Standard Contractual Clauses.
Do you train AI models on our data?
No. Your program data is never used to train AI models.
Can I export or delete our data?
Yes. GDPR-compliant data export and deletion is available to all accounts from your admin settings.

Security Contact

Found a vulnerability?

For security questions or to report a vulnerability, please contact our security team directly. We respond to all security disclosures within one business day.

security@mentorstack.co

Ready to get started?

Your data is protected from day one. No credit card required.

Start FreeBook a Demo