Mentera Inc. - Privacy Policy

Effective Date: March 12, 2025

Last Updated: April 8, 2026

Mentera Inc. ("Mentera," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy ("Policy") describes how we collect, use, disclose, and safeguard information through our websites, web application, mobile applications (iOS and Android), and any other online services that link to or reference this Policy (collectively, the "Services").

By using the Services, you acknowledge that you have read and understand this Policy. If you do not agree, please refrain from using the Services.

1. Scope of This Policy

This Policy applies to information collected by Mentera on or through the Services, including when you visit our website, use our platform, contact us, request a demo, sign up for newsletters or events, or otherwise interact with our online content.
Product data. When healthcare providers and their authorized users use the Mentera platform, Mentera processes patient data and other Protected Health Information (PHI) solely on behalf of the provider as a data processor and HIPAA Business Associate. That processing is additionally governed by the Business Associate Agreement (BAA) executed between Mentera and the provider, and the Terms of Service. To the extent of any conflict regarding PHI, the BAA and Terms of Service control.
This Policy does not apply to any third-party websites or platforms that may link to or be accessible from the Services. We encourage you to review the privacy policies of any third-party sites before providing them with your personal data.

2. Information We Collect

2.1 Personal Data

Depending on your interactions with the Services, we may collect and process Personal Data, which can include:

Contact Details: Name, business email, business phone number, job title, company name.
Account Information: If you create an account, we collect username, password, and related security details.
Practice and Business Information: Practice name, NPI number, specialty, business address, and billing details.
Communication Data: The content of messages, inquiries, or feedback you submit via forms, email, or in-app communication features.
Marketing Preferences: Information about your preferences for receiving marketing or promotional communications.

2.2 Patient Data Processed on Behalf of Providers

When healthcare providers use the Mentera platform, we may process patient data on their behalf, including but not limited to: patient names, contact information, appointment history, clinical notes, treatment records, audio recordings, transcriptions, and AI-generated documentation. Mentera processes this data solely as a data processor and Business Associate. We do not use patient data for our own purposes, except when de-identified in compliance with HIPAA (45 CFR § 164.514) for product improvement and AI model training as described in the Terms of Service.

2.3 Mobile and Web Application Usage Data

When you use the Mentera mobile applications (iOS and Android) or our web application, we may collect limited additional information necessary to provide core functionality. This includes:

Device and Technical Data: Device type, operating system, app version, crash logs, and performance metrics.
Interaction Data: Features used, time spent in the app, and navigation patterns.
Site Usage Details: Pages visited, duration on pages, timestamps, referring/exit URLs, and clickstream data.
Device/Browser Information: IP address, browser type, device identifiers, operating system.
Approximate Location: Derived from IP address for security and fraud prevention.
Media and File Uploads: Photos, videos, audio recordings, and documents you choose to upload to patient records or documentation workflows. We do not access your camera, microphone, photo library, files, or local storage unless you take an action that requires it (for example, choosing to capture a photo or record audio).

We may collect this data using cookies, web beacons, and other tracking technologies. (See Section 6 below.)

2.4 Device Permissions

The Mentera mobile apps may request access to certain device features to support clinical documentation and file uploads. You may deny or revoke these permissions at any time in your device settings.

Camera: Used only when you choose to capture photos or scan documents for patient records.
Microphone: Used only when you choose to record audio or use speech-to-text features.
Photo Library / Files: Used only when you choose to upload existing images, videos, or documents.
Storage (Android): Used to save or upload documents or media files.
Network Access: Required for secure uploading, syncing, and authentication. We do not access these features in the background or without your explicit action.

2.5 SMS Communications

If you choose to verify your account or enable notifications via text message, you may opt in to receiving SMS communications from Mentera. SMS messages are used solely for account-related purposes, including identity verification, security alerts, workflow notifications, and other service-related updates. Message frequency may vary.

By providing your mobile phone number and opting in, you consent to receive these SMS messages. You may opt out at any time by replying STOP to any message we send, or by contacting us at support@mentera.ai. After opting out, you may still receive important non-SMS communications (such as email) necessary to operate your account.

You may also turn SMS notifications on or off at any time within the settings of our mobile application.

We do not use SMS messages for marketing without your explicit consent, and we do not sell or share your mobile number with third parties for their marketing purposes.

3. How We Use Your Information

We process your information for the following legitimate business purposes:

To Provide and Operate the Services
- Ensure the Services function properly, enable you to access content, and respond to your inquiries.
- For platform users, this includes providing AI-powered documentation, transcription, communication tools, scheduling, and other practice management features.
To Communicate With You
- Respond to your comments or questions.
- Send you service-related notices, updates, or other administrative messages.
To Market and Promote Our Services
- Send marketing or promotional communications if you have opted in or if otherwise permitted by law.
- Track the performance of marketing campaigns (e.g., open rates, click-throughs).
To Improve and Develop Our Offerings
- Analyze usage trends to enhance the Services' design, user experience, and security.
- Conduct research and diagnostics to develop or improve our products and Services.
- For users of our mobile and web applications, we also use application data to enable photo/document uploads, voice transcription, secure data synchronization, crash diagnostics, and feature performance analysis.
- We may use artificial intelligence and machine learning technologies, including third-party AI services, to power features within our products, such as automated documentation, clinical workflow assistance, and communication tools. When AI processes data on our behalf, it does so under our instructions and is subject to the same confidentiality and security obligations described in this Policy. We do not use your data to train third-party AI models unless explicitly disclosed and consented to.
- No protected health information is used for advertising, sold to third parties, or shared except as described in this Policy.
To Comply With Legal Obligations and Enforce Our Rights
- Adhere to applicable laws, regulations, or legal processes.
- Enforce our Terms of Service and other agreements.
- Protect our rights, privacy, safety, or property, and/or that of you or others.

4. Our Role in Data Processing

Mentera acts in two capacities depending on the data involved:

Data Controller. For website visitor data (usage analytics, marketing form submissions, cookie data) and account registration data, Mentera is the data controller and determines the purposes and means of processing.
Data Processor / Business Associate. For patient data and other PHI processed through the Mentera platform on behalf of healthcare providers, Mentera acts as a data processor and HIPAA Business Associate. In this capacity, Mentera processes data solely on the provider's behalf and in accordance with the provider's instructions, the Terms of Service, and the Business Associate Agreement.

5. Legal Bases for Processing (EEA/UK Visitors)

If you are in the European Economic Area (EEA) or the United Kingdom (UK), we process your Personal Data under the following legal bases:

Consent: Where you have given explicit consent (e.g., when you opt in to receive marketing communications).
Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (e.g., demo requests).
Legitimate Interests: Where processing is in our legitimate interests (e.g., security, improving the Services), provided these do not override your fundamental rights and freedoms.
Legal Obligation: Where we must comply with a legal or regulatory obligation.

6. How We Share Your Information

We do not sell your Personal Data. We do not sell Protected Health Information. We do not use PHI for advertising or marketing purposes. We may share your Personal Data under the following circumstances:

Service Providers
- With third-party vendors and service providers who help us operate and maintain the Services, perform analytics, send communications, or provide other services on our behalf. These parties process data only under our instructions and are bound by contractual obligations to keep your data confidential and secure.
AI and Machine Learning Providers
- We use third-party artificial intelligence and machine learning service providers to deliver certain product features, including natural language processing, transcription, and workflow automation. These providers act as subprocessors, processing data solely on our behalf and under contractual obligations that require them to maintain confidentiality, security, and compliance with applicable privacy and data protection laws. Where PHI is involved, these providers operate under Business Associate Agreements.
Business Transfers
- If we engage in a merger, acquisition, asset sale, financing, or bankruptcy, your information may be disclosed or transferred to the acquiring entity or other relevant third parties as part of that transaction.
Legal and Compliance
- To comply with legal obligations, respond to lawful requests (e.g., subpoenas, court orders), or protect our rights, property, or safety, and that of users or the public.
With Your Consent
- If you explicitly consent or direct us to share information with third parties (e.g., for co-marketing or partnerships).

Subprocessors

A current list of subprocessors we use to deliver our products and Services is available on our Subprocessor List page. We update this list as our service providers change. If you have questions about our subprocessors, contact us at support@mentera.ai.

7. Cookies and Other Tracking Technologies

We use cookies, web beacons, and similar technologies to collect Usage Data and improve your experience on the Services. Cookies are small text files stored on your device that help us:

Recognize you when you return to the Services.
Analyze site traffic and usage patterns.
Personalize your experience, where applicable. You can control cookies through your browser settings. However, blocking or deleting certain cookies may impact your user experience. We do not currently respond to "Do Not Track" (DNT) signals.

8. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Factors influencing retention periods include:

Legal or regulatory obligations
Ongoing contractual relationships or requests
Legitimate business needs (e.g., maintaining records for financial or security purposes) For platform users:
Upon written request, Mentera will provide you with an export of your data in a standard, machine-readable format within thirty (30) business days.
Upon termination of your account, Mentera will delete or return your data within sixty (60) days, except to the extent Mentera is required to retain certain data by law or for legitimate compliance purposes.
De-identified and aggregated data is not subject to deletion requests.
Photos, audio recordings, and other clinical documentation you upload are retained only as long as associated with active patient records or as required by law.
Crash logs and diagnostics may be retained for up to 90 days.

9. Data Security

We employ reasonable technical and organizational measures designed to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no transmission or storage system is completely secure. You are responsible for keeping your account credentials confidential.

For users of our mobile and web applications, all protected health information (PHI) is stored on HIPAA-eligible infrastructure, encrypted in transit and at rest, and handled in accordance with our Business Associate Agreements and internal access controls.

10. International Transfers

Mentera is based in the United States. If you are located outside the U.S., your Personal Data may be transferred to, stored, or processed in the U.S. or other jurisdictions with data protection laws that differ from those in your country of residence. In such cases, we ensure appropriate safeguards (such as Standard Contractual Clauses) to protect your Personal Data.

11. Your Rights and Choices

11.1 Marketing Communications

You may opt out of receiving marketing emails from us by clicking "unsubscribe" in any email or contacting us at support@mentera.ai.
Even if you opt out of marketing, we may still send you non-promotional communications (e.g., transaction confirmations, updates to this Policy).

11.2 Data Subject Rights

Depending on your jurisdiction, you may have the right to:

Access: Request confirmation of whether we process your Personal Data and, if so, obtain a copy.
Rectify: Request correction of any inaccurate or incomplete Personal Data.
Delete: Request deletion of your Personal Data, subject to legal and contractual limitations.
Object: Object to certain processing (e.g., direct marketing).
Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. To exercise these rights, please contact support@mentera.ai. We will respond in accordance with applicable laws.

12. Children's Privacy

The Services are not directed to individuals under 13 (or another age as required by local law), and we do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us at support@mentera.ai so we can delete such information.

13. Third-Party Websites and Services

Our Services may contain links to third-party websites or services, which are governed by their own privacy policies. We are not responsible for the privacy practices of such third parties. We encourage you to review their policies before providing any information.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").

14.1 Categories of Personal Information We Collect

Category	Examples	Source
Identifiers	Name, email, phone number, IP address	Directly from you; automatically collected
Professional/employment information	Job title, company name, NPI	Directly from you
Internet or electronic network activity	Browsing history, clickstream data, device info	Automatically collected
Geolocation data	Approximate location from IP address	Automatically collected
Audio, electronic, or visual information	Audio recordings, photos uploaded via the platform	Directly from you
Inferences	Usage patterns, feature preferences	Derived from collected data

14.2 Business Purposes for Collection

We collect Personal Information for the business purposes described in Section 3 of this Policy: to provide and operate the Services, communicate with you, market our Services (with your consent), improve our offerings, and comply with legal obligations.

14.3 Sale and Sharing of Personal Information

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising purposes. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA.

14.4 Your California Privacy Rights

As a California resident, you have the right to:

Know: Request the categories and specific pieces of Personal Information we have collected, the sources, the purposes, and the third parties with whom we share it.
Delete: Request deletion of your Personal Information, subject to certain exceptions.
Correct: Request correction of inaccurate Personal Information.
Opt-Out of Sale/Sharing: We do not sell or share your Personal Information, so no opt-out is necessary. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. To exercise these rights, please contact us at support@mentera.ai. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

15. Other U.S. State Privacy Laws

Certain U.S. states (e.g., Virginia, Colorado, Connecticut, Texas, Oregon) have enacted privacy legislation granting additional consumer rights. If you reside in a state with applicable privacy laws, you may be entitled to similar disclosures and rights as provided under the CCPA, including the right to access, correct, delete, and opt out of certain processing. Please contact us at support@mentera.ai to inquire about specific rights in your state.

16. Changes to This Policy

We may update or modify this Policy from time to time. If we make material changes, we will notify you by posting a prominent notice on the Services, sending an email to the address associated with your account, or through an in-app notification. Your continued use of the Services after any changes become effective indicates your acceptance of the revised Policy.

17. How to Contact Us

If you have questions or concerns about this Policy or wish to exercise your privacy rights, please contact us at:

Mentera Inc. Email: support@mentera.ai