Privacy Policy

1. Who We Are

menthra Inc. is a Delaware C-Corporation headquartered in the United States, with operations in India. References to "menthra," "we," or "us" mean menthra Inc. and its subsidiaries. This Privacy Policy applies to the menthra platform: menthra.ai, our web application, mobile apps, and related services.

2. What We Collect

We collect data in the following categories. Where relevant we note the HIPAA, GDPR, and DPDP frames that apply.

2.1 Identity

• Name, date of birth, age (required for age gating)
• Account credentials (password hashes, never stored in plaintext)

2.2 Contact

• Email, phone number, emergency contact (where you provide one)
• Mailing address (only where payment or regulatory compliance requires)

2.3 Health and wellness

• Emotional and wellness signals extracted from conversations (mood, sentiment, triggers, patterns)
• Assessment responses, goal inputs, self-reported wellness indicators
• Crisis-detection signals

2.4 Interaction

• Chat messages, voice recordings, and video interactions with AI companions and clinicians
• AI-derived insights, summaries, and connections identified across multiple conversations over time

2.5 Device

• Browser and app version, operating system, device identifiers (unique codes that identify your browser or device, similar to a serial number — used for security and to prevent fraud)
• IP address, log data, approximate location (from IP; precise location only when you opt in)

2.6 Payment

• Billing country, last four digits and brand of your payment card (e.g. Visa ending 4242), invoice history
• Full card numbers are handled by our payment processors — we do not store them

2.7 Family plan linkage

• Relationships between plan owner and invited members (to enforce privacy boundaries, not to share content)

2.8 Employer-provisioned metadata

• Employer name, work email domain, eligibility status — so we can confirm your access and route you to Ally
• We do not receive your employer's HR, performance, or payroll data

3. Why We Collect Each Category

We collect and use your data for specific reasons, and we rely on a legal basis for each one depending on where you live. Here is a plain summary:

To provide the service you signed up for — when you create an account and use menthra, we process your data to deliver it. This is the foundation of everything. (Legal basis: contract performance under GDPR Art. 6(1)(b) and DPDP contractual grounds.)

Because you gave us permission — for health and wellness data, marketing, research participation, session recording, and transferring your data internationally, we only act when you have explicitly said yes. You can withdraw this permission at any time. See our consents index for the full list of what we ask for and why.

To keep the platform safe and improve it — we use de-identified, aggregate data for fraud prevention, security monitoring, and product improvement. We never use individually identified data for this. (Legal basis: legitimate interests under GDPR Art. 6(1)(f).)

Because the law requires it — tax records, regulatory reporting, and mandatory safety reporting (for example, imminent risk situations) require us to retain certain data. (Legal basis: legal obligation under GDPR Art. 6(1)(c).)

Clinical services (Evoke tier only) — if you receive clinical services through Evoke, your separate HIPAA authorization covers how that data is used by your clinician.

To protect your life or someone else's — in genuine crisis situations where there is immediate risk of serious harm, we may act to protect vital interests even without a separate consent. (Legal basis: vital interests under GDPR Art. 6(1)(d).)

4. How We Use Your Data

• Deliver your AI companion conversations — including the memory of past conversations that allows your companion to recognize patterns, track your progress, and provide continuity across sessions over time
• Connect you with coaches and clinicians when you choose (Evoke and Sage tiers)
• Detect potential crisis signals and surface resources or escalate per your Crisis Intervention consent
• Bill you, prevent fraud, and maintain platform security
• Improve the platform using aggregate, de-identified data
• Send transactional messages required to operate your account
• Send marketing messages only where you have opted in, at the channel level you chose

5. AI Processing and De-Identification

Your conversations are processed by AI infrastructure providers that operate under contract with menthra. Data sent to these providers is de-identified under the HIPAA Safe Harbor standard (45 CFR §164.514(b)) — direct identifiers such as name, contact details, account identifiers, and similar fields are removed before transmission. No Protected Health Information is transmitted to our AI infrastructure providers, and no Business Associate Agreement with those providers is required or in place.

We do not use your individual conversations to train general-purpose AI models. Opt-in research consent is separate — see our Research & Product Improvement consent.

6. Subprocessor Categories

menthra uses third-party providers under contract to operate the platform. To protect operational security we do not name vendors in consumer-facing documentation, but we disclose the categories below and the nature of the data they may touch. Corporate, clinical, and partner customers receive the full vendor list under NDA.

• Cloud hosting — infrastructure, databases, backup. Encrypted at rest.
• AI infrastructure — language processing. De-identified data only.
• Voice and avatar rendering — voice synthesis, avatar video generation.
• Communications — email and SMS delivery for transactional messages.
• Payments — payment processing, tax calculation, invoicing.
• Analytics — product analytics on de-identified usage data.
• Background verification — for clinicians, coaches, and regulated roles.

See the Subprocessors page for a description of each category and what data it touches.

7. Data Retention

• Active account data: retained while your account is active.
• Conversation history: retained while your account is active — it is core to how memory and pattern recognition work. You can delete specific sessions or date ranges without closing your account.
• Closed accounts: 90-day export window, then deleted, except where legal retention applies.
• Backups: purged within 180 days of deletion from primary systems.
• De-identified analytics: retained indefinitely.
• Payment and tax records: retained per applicable law (typically 7 years).

8. International Data Transfers

menthra's primary infrastructure is in the United States, with regional hosting added in additional jurisdictions over time. For users outside the US, data transfers rely on the following mechanisms:

• EU and UK: Standard Contractual Clauses approved by the European Commission, supplemented with organizational and technical safeguards.
• India: We comply with the Digital Personal Data Protection Act, 2023. Regional hosting and data localization will be implemented as DPDP rules are finalized.
• Other regions: contractual safeguards equivalent to the source jurisdiction's requirements.

Before any cross-border transfer occurs, we disclose it — see the Cross-Border Transfer acknowledgement.

9. Your Rights

Depending on your jurisdiction, you have the following rights:

• Access — request a copy of your data
• Correction — correct inaccurate data
• Deletion / erasure — delete your data, or delete specific conversation sessions without closing your account
• Export / portability — machine-readable export
• Objection — object to certain processing
• Withdrawal of consent — for any processing based on consent
• Complaint — lodge a complaint with a supervisory authority

Exercise your rights at menthra.ai/legal/your-rights. Default response SLA is 30 days. We will verify your identity before acting on a request.

10. Crisis Protocol Data Flow

When crisis signals are detected and you have given Crisis Intervention consent, limited context may be shared with:

• Your nominated emergency contact — only a safety alert, never conversation content.
• Your assigned clinician (Evoke only) — a clinical summary, not raw transcripts, unless your clinician requires it for care.
• Emergency services — only if you authorize us to contact them or if imminent risk to life requires it under applicable law.

See the Crisis Intervention consent for what is and is not shared.

11. Employer Deployments (Ally)

See the Employer Deployment acknowledgement shown on first login for Ally users.

12. Minors

menthra's minimum age is 13. For users aged 13 to 17 we require verified parental or guardian consent under COPPA (US), DPDP (India), and GDPR Article 8 (EU/UK). Parents can review account status and engagement metrics but never conversation content. Crisis detection alerts are delivered to the designated parent contact.

See the Minor Signup consent for the full flow.

13. Cookies

We use cookies as described in our Cookie Notice. Strictly necessary cookies are on by default; everything else is opt-in.

14. How We Protect Your Data

See our Security Overview for details on encryption, access controls, monitoring, incident response, and audit posture.

15. Changes to This Policy

We may update this Privacy Policy. For material changes we will notify you by email and in-app notice at least 30 days before the changes take effect. Non-material changes take effect on posting.

16. Contact and Regulator

• Privacy requests: privacy@menthra.ai
• India DPDP / Data Protection Officer / Grievance Officer: dpo@menthra.ai
• Complaints can also be directed to your local supervisory authority (EU/UK GDPR) or to the Data Protection Board of India under the DPDP Act.
• US residents may also contact the HHS Office for Civil Rights for HIPAA-related concerns.