Web App Privacy Policy

Last updated

8 May 2025

1. Data Controller

Mentor360 is the data controller for your personal data.

Contact:
Mentor360
7, 8 Church St, Wimborne BH21 1JH
Email: info@mentor360.com
DPO: jane@mentor360.com

2. What Data We Collect

We may collect and process:

  • User-provided Data: Name, email, company name, message content, feedback, or files shared.
  • AI Interaction Data: Inputs and conversation history with the AI assistant.
  • Usage Data: IP address, browser, pages viewed, session duration, and device information.
  • Tracking Data: Via Hotjar and Google Analytics (see Section 10).

We do not intentionally collect sensitive data unless explicitly provided by you.

3. Legal Basis for Processing

Your data is processed under:

  • Consent (Art. 6(1)(a)) – for cookies and optional AI features.
  • Contract (Art. 6(1)(b)) – to deliver services you request.
  • Legal Obligation (Art. 6(1)(c))
  • Legitimate Interest (Art. 6(1)(f)) – to improve user experience, provided your rights are not overridden.

4. How We Use Your Data

We use your data to:

  • Provide, support, and improve the web app and conversational AI.
  • Analyse performance and user interaction through analytics tools.
  • Offer customer support and respond to your inquiries.
  • Ensure compliance and system security.

5. Automated Decision-Making & AI Explainability

AI System Description:
Mentor360’s conversational AI is powered by Google Gemini models and machine learning techniques to provide supportive behavioural change and coaching through natural language interaction. These models analyse text-based input to generate individualised, rapport building, context-aware responses.

Purpose & Function:

  • The AI provides dynamic, real-time responses and suggestions based on user input.
  • No automated decision-making occurs with legal or similarly significant effect.

Explainability Measures (EU AI Act Compliance):

  • You are informed when engaging with AI.
  • Responses are explainable and human-readable.
  • You can request an explanation of how a response was generated.
  • Conversations may be anonymously reviewed by Clinical Phycologists’ for quality and safety purposes

Google Gemini Compliance:

  • Google Gemini is used under a strict configuration where:
  • No user data is stored by Google.
  • Data is not used to train models.
  • All processing occurs in secure, isolated environments.
  • All data is hosted and processed in the UK.

6. Data Hosting and Location

All user data and AI interactions are stored and processed exclusively in the United Kingdom. No data is transferred outside of the UK or EEA unless explicitly stated and with appropriate safeguards.

7. Data Sharing

We do not sell your data. We may share it with:

  • Service providers (e.g., for cloud hosting, analytics) under GDPR-compliant agreements.
  • Legal authorities where required by law.
  • Third-party processors such as Hotjar, Google Analytics, and Google Gemini (see above) under strict privacy contracts.

8. Data Retention

  • Conversations: Your conversations are stored securely for the purposes of informing the AI to have relevant conversations. Key attributes of your conversation, such as wellbeing, relations and emotional state may be captured and stored securely and utilised to steer conversations to address individual user support needs.
  • Interaction logs: Up to 12 months, for quality assurance and improvement.
  • Account data: Until deletion or 24 months of inactivity.
  • Analytics data: Retained as per Google/Hotjar settings (see Section 10).
  • Legal data: As long as legally required.

9. Your Rights

You may:

  • Access your data.
  • Rectify or delete your data.
  • Restrict or object to processing.
  • Withdraw consent at any time.
  • Request data portability.
  • Lodge a complaint with a supervisory authority.

Email us at info@mentor360.com to exercise your rights.

10. Cookies and Tracking Tools

We use cookies and similar technologies to enhance user experience.

Google Analytics:
Used to collect aggregated, anonymized usage data such as page views, session duration, and geographic location. This is done only with your consent. Data is anonymized and not tied to individual users.

Hotjar:
We use Hotjar to analyse on-site behaviour (clicks, scrolling, form interactions) to improve usability. Hotjar does not collect personally identifiable information or track users across websites.

Disable Hotjar tracking at: Hotjar – Do Not Track

11. Security Measures

We implement appropriate technical and organizational measures such as:

  • Data encryption
  • Access controls
  • Secure UK-based data centres

12. Changes to This Policy

We may revise this policy. Significant changes will be notified via our website.

13. Contact Us

Mentor360 – Data Protection Team
Email: info@mentor360.com
Address: 7, 8 Church St, Wimborne, BH21 1JH, United Kingdom

If you or a loved one is in immediate crisis...
Get Help