Operating in India?
See our India Compliance & DPDP Posture page for DPDP, CERT-In, MHCA, and POCSO specifics.
Important Compliance Disclosures
HIPAA Status
Menthra is HIPAA-aligned. We implement HIPAA administrative, physical, and technical safeguards for health-related data. Menthra Inc. is a technology company, not a licensed healthcare provider or HIPAA covered entity. We are not HIPAA certified and do not hold any formal HIPAA certification from any certifying body (no such official certification exists). Our HIPAA alignment is documented through our security program, BAAs with applicable vendors, and internal policies.
AI Wellness Tools
The Platform's AI companion features are wellness support tools. They are not FDA-regulated medical devices under current guidance. Menthra monitors FDA digital health guidance and will adapt Platform features to maintain compliance with any applicable FDA requirements. The AI companions do not diagnose, treat, cure, or prevent any disease or medical condition.
Clinical Services
Licensed therapy services on the Platform are provided by independent licensed professionals, not by Menthra Inc. Menthra facilitates access to these professionals but does not employ them or supervise their clinical practice.
Standards We Meet
Compliance is not a feature. It is infrastructure.
HIPAA Aligned
Healthcare-grade privacy for all conversations. Business Associate Agreements with all infrastructure providers. End-to-end encryption for data in transit and at rest. Access controls with role-based permissions and full audit logging.
FERPA Compliant
Student educational records fully protected. Data governance aligned with district and university policies. Right to inspect and review. Annual notification protocols for parents and guardians.
COPPA Compliant
Built for users under 13. Verified parental consent workflows. Age-appropriate content and interactions. No data collection beyond what is necessary for the service.
SOC 2 Type II Aligned
Operational security controls aligned with SOC 2 Type II requirements. Regular security audits and penetration testing. Continuous monitoring and incident response procedures.
India DPDP Act
Compliant with the Digital Personal Data Protection Act for our India operations. Data localization awareness. Consent-driven data processing. Right to erasure and data portability.
Section 504 / ADA
Accessible design meeting WCAG 2.1 Level AA standards. Screen reader compatible. Keyboard navigation. High contrast ratios and semantic markup throughout.
Infrastructure & Encryption
How we protect your data
Crisis Detection & Escalation
Real-time safety. Structured response.
Menthra monitors conversations for crisis signals in real time. When detected, the system follows a structured escalation protocol.
Normal Use
Situations
Anxiety, stress, social issues, general emotional support
Action
AI companion provides support. Interaction logged. No human alert.
Elevated Concern
Situations
Self-harm mention, severe distress, bullying disclosure
Action
Immediate counselor/admin notification. Conversation flagged for human review within 10 minutes.
Imminent Danger
Situations
Active suicidal ideation, abuse disclosure, threat of violence
Action
Immediate escalation to all relevant parties (counselor, administrator, parents, law enforcement as required). AI stays with user until human support confirms. Crisis resources provided.
Data Ownership
Your data belongs to you
Menthra does not own your data. Conversations belong to the user. For enterprise and education deployments, institutional data belongs to the institution. Users can request data export or deletion at any time. We comply with all right-to-erasure requirements across jurisdictions.
Need More Details?
We are an open book
For BAA requests, security questionnaires, SOC 2 reports, penetration test results, or custom compliance documentation:
