Privacy Policy
PRIVACY POLICY
MENTORAS is a platform owned and operated by Konnektable Technologies Ltd ("we," "us," "our"), which acts as the data controller for the processing of personal data collected through our services. We are deeply committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines in detail how we collect, use, disclose, and safeguard your information when you interact with our website (https://mentoras.io), use our services, or engage with us in any other manner. By accessing or using our platform, you acknowledge and agree to the terms outlined in this Privacy Policy. If you do not agree, please refrain from using our services.
Our services are not directed to individuals under the age of 18. We do not knowingly collect or process personal data from anyone under 18 years old. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it from our records. If you believe that a minor has provided us with personal information, please contact us at [email protected].
1. Information We Collect
We collect various types of information to enhance user experience and improve our services.
1.1 Information You Provide Directly
When you interact with our platform, you may voluntarily provide personal data, including but not limited to:
- Contact Information: such as your name, email address, phone number, and mailing address.
- Account Information: including your username, password, profile details, professional background, and user preferences.
- User-Generated Content: any information, opinions, comments, documents, or other materials you upload, post, or share on the Platform.
- Communication Data: including inquiries, feedback, messages, or interactions you send to us via emails, support tickets, chat, or contact forms.
- Billing Information: payment-related data if you purchase services, processed securely by third-party payment processors.
- Technical and Usage Data: such as your IP address (in anonymized form where applicable), device and browser details, login data, and information about how you use the Platform. These data may be collected through analytics and user experience tools, such as Matomo (which we operate in a cookieless mode) and Hotjar (which may use cookies or similar technologies).
- Preferences and Interaction History: including your activity on the Platform, participation in sessions, and mentoring interactions.
When you visit our website or use our platform, we may automatically collect certain technical and usage data, including:
- Device and Log Data: Information about your computer or mobile device, IP address (in anonymized form where applicable), browser type, and operating system.
- Usage Data: Details about your activity on the Platform, such as the pages you visit, the time spent, actions taken, and navigation patterns.
- Analytics and Experience Tools: We use privacy-friendly analytics (Matomo, operated in cookieless mode) to understand and improve how users interact with our Platform. This means no cookies are set for analytics purposes. We may also use tools such as Hotjar, which rely on cookies or similar technologies to provide heatmaps, session recordings, and feedback features.
- Cookies & Similar Technologies: Where cookies or similar technologies are used (e.g., for Hotjar or site functionality), we will inform you and, where required by law, obtain your consent.
- Google Analytics 4 (GA4): We also use Google Analytics 4 (GA4) to collect aggregated statistical information about how users interact with our website, such as pages visited, session duration, and interaction events. GA4 processes IP addresses in a privacy-conscious manner, with IP anonymization enabled, and does not allow us to directly identify individual users. GA4 analytics data is collected only after you have provided consent via our cookie banner.
We may receive information about you from third parties, including:
- Social Media Networks: If you connect with us through platforms such as Apple, Google or LinkedIn, we may collect information from your profile that you choose to share with us through your privacy settings on those platforms.
- Business Partners and Service Providers: We may receive information from partners and service providers where necessary for the provision and improvement of our Services, or where you have provided your consent. Such partners are contractually required to comply with applicable data protection laws.
Certain features of the Platform, such as interactive whiteboards and AI-assisted functionalities, allow users to input text, content, or instructions that are processed using artificial intelligence technologies. These features may process user-provided content in real time to generate responses, insights, or suggestions.
2. How We Use Your Information
We process your personal data to:
- Provide and Enhance Services: Ensure smooth functionality, user experience improvements, and seamless service delivery.
- Respond to Inquiries & Communicate: Notify you about updates, changes, and responses to customer support requests.
- Personalize User Experience: Offer customized content, recommendations, and targeted services based on your preferences.
- Improve Security & Prevent Fraud: Monitor suspicious activity, secure accounts, and protect against unauthorized access. For security, accountability, and service optimization purposes, we maintain limited internal records of account creation and account deletion, even if both occur within a short period of time. These logs contain only a technical identifier together with the date and time of creation and deletion. They are used solely to prevent fraud, maintain an audit trail, and improve the reliability of our services. No profile content or personal details are retained, and these logs cannot be used to personally identify you after account deletion. Log records are retained for up to 24 months and are then permanently deleted or anonymized. They are not used for profiling, marketing, or any unrelated purpose.
- Comply with Legal Obligations: Meet regulatory requirements, enforce agreements, and resolve disputes.
3.1 Legal Bases
For users located within the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR) under the following lawful bases:
- Consent: Where you have given clear and explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Contractual Necessity: Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract (e.g., creating and maintaining your account, providing the services you request).
- Legal Obligation: Where processing is required to comply with a legal or regulatory obligation to which we are subject (e.g., tax or accounting requirements, record-keeping obligations).
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms. These purposes may include improving platform security, preventing fraud, maintaining accountability logs, optimizing services, and enhancing the overall user experience.
3.2 Table for the Processing
| Processing activity | Categories of personal data | Purpose | Lawful basis (GDPR Art. 6) | Typical retention / notes |
|---|---|---|---|---|
| Account registration & account management | Name, email, username, password (hashed), profile details, preferences | Create and manage your account; provide access to the Platform | Contract (Art. 6(1)(b)) | While account is active; see Section 5 |
| Providing core Platform services | Account data, actions within the Platform (e.g., mentoring interactions, session participation) | Deliver requested services and core functionality | Contract (Art. 6(1)(b)) | While account is active; see Section 5 |
| Customer support & communications | Emails, messages, support tickets, feedback, contact form submissions | Respond to inquiries; troubleshoot; improve support quality | Contract (Art. 6(1)(b)) and/or Legitimate interests (Art. 6(1)(f)) | Up to 5 years after resolution (as stated in Section 5) |
| Payments & billing | Billing details, transaction data, invoices/receipts (processed by payment providers) | Process payments; invoicing; accounting; compliance | Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)) | Up to 10 years (as stated in Section 5) |
| Security, fraud prevention & technical integrity | IP address (where applicable), device/browser info, security events, login data, technical identifiers, timestamps | Secure the Platform; prevent fraud/abuse; maintain system integrity | Legitimate interests (Art. 6(1)(f)) and/or Legal obligation (Art. 6(1)(c)) | As stated in Section 5 (ensure consistency across the Policy) |
| Accountability logs (account creation/deletion) | Technical identifier + date/time of creation/deletion | Fraud prevention; audit trail; service reliability | Legitimate interests (Art. 6(1)(f)) | As stated in Section 5 (ensure consistency across the Policy) |
| Cookieless audience measurement (Matomo) | Pseudonymized/aggregated usage data (e.g., pages visited, time spent), IP (anonymized) | Statistical measurement; improve Platform performance and usability | Legitimate interests (Art. 6(1)(f)) | Cookieless mode; no cookies/similar identifiers; opt-out available |
| Website analytics (Google Analytics 4) | Online identifiers, anonymized IP, device/browser data, usage events | Understand website usage; improve performanc and content | Consent (Art. 6(1)(a)) | Collected only after consent via cookie banner; retained per GA4 settings (up to 26 months) |
| User experience analytics (Hotjar) | Pseudonymized interaction data (e.g., clicks/scrolls), session/heatmap data | Improve usability; diagnose UX friction; feedback insights | Consent (Art. 6(1)(a)) | Activated only after consent via cookie banner; settings-controlled |
| Marketing communications | Email, communication preferences | Newsletters, promotions, and marketing updates | Consent (Art. 6(1)(a)) | Until you unsubscribe/withdraw consent |
| AI-assisted features (e.g., whiteboards) | Content and inputs you submit to the AI feature; related context needed to generate outputs | Provide AI-assisted functionality you request (responses, suggestions, assistance) | Contract (Art. 6(1)(b)) | Processed to deliver the feature; retention as described in Section 5 |
| AI service providers (processing on our behalf) | Same as above, limited to what is necessary for the AI feature | Enable AI processing via third-party providers acting as processors | Contract (Art. 6(1)(b)) | Providers act under our instructions; safeguards and transfer mechanisms apply |
| Legal claims & dispute handling | Relevant account data, communications, transaction records | Establish, exercise, or defend legal claims; resolve disputes | Legitimate interests (Art. 6(1)(f)) and/or Legal obligation (Art. 6(1)(c)) | As necessary for disputes and legal requirements |
4. Who We Share Your Data With
We do not sell, trade, or rent your personal data. However, we may share your information in the following limited circumstances:
- Service Providers: With trusted third-party vendors who provide services on our behalf, such as hosting, analytics, payment processing, or customer support. These providers are contractually bound to process your data only in accordance with our instructions and in compliance with applicable data protection laws.
- Legal Authorities: Where required to do so by law, court order, or governmental regulation, or where disclosure is necessary to establish, exercise, or defend our legal rights.
- Business Transfers: In connection with a merger, acquisition, corporate restructuring, or sale of assets, your personal data may be transferred as part of the transaction, subject to appropriate safeguards.
- AI-assisted features: To provide AI-assisted features, we may use third-party artificial intelligence service providers, including OpenAI (GPT models), Google (Gemini models), and Anthropic (Claude models). These providers act as data processors and process data solely on our instructions and for the purpose of delivering AI functionality. Where AI-assisted features are concerned, the specific AI models or providers used by the Platform may change over time in order to improve performance or reliability, without altering the purposes of processing, the categories of personal data processed, or the applicable data protection safeguards.
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing the Platform, complying with legal obligations, resolving disputes, enforcing agreements, and maintaining security. Retention periods vary depending on the type of data and the processing activity, as described below. Where possible, we delete or anonymize data earlier, and we apply appropriate technical and organizational safeguards (e.g., access controls, deletion routines, and anonymization).
Retention by Processing Activity
Account registration & account management / Providing core Platform services
- Data: account details (name, email, username), password (hashed), profile details, preferences, and core service usage linked to the account.
- Retention: retained for as long as your account remains active.
- After deletion: we may retain limited records, backups, or related data for up to 5 years where necessary to comply with legal obligations, handle disputes, prevent fraud, and enforce our agreements.
- Data: emails, messages, support tickets, and contact form submissions.
- Retention: retained for up to 5 years after resolution for accountability, quality assurance, and service improvement.
- Data: billing information, invoices/receipts, and transaction records (with payment details processed by payment providers).
- Retention: retained for up to 10 years, as required by applicable tax, accounting, and financial compliance obligations.
- Data: security logs, authentication and access logs, technical identifiers, timestamps, device/browser information, and account creation/deletion logs (technical identifier + date/time).
- Retention: retained for up to 24 months, unless a longer period is necessary to investigate incidents, prevent abuse, or meet legal obligations, in which case retention may be extended for the minimum period required.
- Data: pseudonymized/aggregated usage data (e.g., pages visited, time spent), with IP anonymization enabled.
- Retention: retained only for the period necessary for statistical analysis and Platform improvement, and in any case no longer than 24 months.
- Data: aggregated usage events, online identifiers, device/browser data, and IP processed with anonymization.
- Retention: retained for up to up to 26 months, in accordance with our GA4 retention settings, after which GA4 data is automatically deleted or anonymized by the provider.
- Data: pseudonymized interaction data, heatmaps, and session recordings (with sensitive fields suppressed).
- Retention: retained for the period necessary to achieve usability improvement purposes and in line with our Hotjar settings, typically up to 12 months, unless a shorter retention period is configured.
- Data: email address and communication preferences.
- Retention: retained until you unsubscribe or withdraw consent, after which we maintain a minimal suppression record (e.g., email + opt-out status) to ensure you are not contacted again.
- Data: content and inputs you submit to AI-assisted features and the minimum context necessary to generate outputs.
- Retention: processed primarily in real time to deliver the requested feature. Where we store user-generated content (e.g., a saved whiteboard or documents you choose to save), retention follows the rules for User-Generated Content below. Otherwise, AI inputs/outputs are retained only as long as necessary for service delivery, troubleshooting, and security, and in any case no longer than 30 days, unless required to investigate abuse or comply with legal obligations.
- Data: limited to what is necessary for AI-assisted functionality.
- Retention: AI providers process data under our instructions and are required to apply appropriate safeguards. Where we rely on third-party AI providers, retention and deletion are governed by our contractual arrangements and configured settings, consistent with the retention periods described above.
- Data: information, documents, and materials you upload, post, or save on the Platform (including saved whiteboards, where applicable).
- Retention: retained until you delete it or your account is deleted. After account deletion, we may retain certain content for up to 5 years only where necessary for legal compliance, dispute resolution, fraud prevention, or enforcement of our terms.
- Data: relevant account, transaction, and communication records necessary to establish, exercise, or defend legal claims.
- Retention: retained for as long as necessary to handle disputes and meet legal requirements.
6. Your Rights
Depending on your jurisdiction, and in particular if you are located in the European Economic Area (EEA) or the United Kingdom, you may have the following rights with respect to your personal data, subject to applicable legal conditions and limitations:
- Right of Access and Rectification: To request confirmation of whether we process your personal data, obtain a copy of such data, and correct any inaccurate or incomplete information.
- Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.
- Right to Erasure (“Right to Be Forgotten”): To request the deletion of your personal data, subject to certain legal or contractual obligations that may require retention.
- Right to Restriction and Objection: To request the restriction of processing or to object to the processing of your personal data where our lawful basis is legitimate interest or public interest.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw such consent at any time without affecting the lawfulness of prior processing. This includes the ability to opt out of receiving marketing communications.
7. Security Measures
We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include, but are not limited to:
- Encryption Protocols: Secure data transmission (e.g., TLS/SSL) and encryption of data at rest where applicable.
- Access Controls: Limiting access to personal data to authorized employees, contractors, and service providers who are bound by confidentiality obligations.
- Regular Security Audits and Monitoring: Periodic assessments, vulnerability testing, and continuous monitoring to identify and mitigate potential security risks.
- Data Minimization and Safeguards: Collecting only the data necessary for specified purposes and ensuring secure storage and handling.
8. International Data Transfers
Our services are designed to be accessible globally. While we primarily store and process personal data within the European Economic Area (EEA), it is possible that your personal data may be transferred to, processed, or stored in countries outside the EEA or your country of residence. These jurisdictions may have data protection laws that differ from those in your home country.
If and when such international transfers occur, we will ensure that they are carried out in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This may include transfers related to our use of Google Analytics 4 and AI service providers (e.g., OpenAI, Google, Anthropic), where processing may take place outside the EEA. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional measures where required.
In particular, we rely on one or more of the following safeguards:
- Standard Contractual Clauses (SCCs): Contractual obligations approved by the European Commission that require recipients of personal data in third countries to protect it to EU standards.
- Adequacy Decisions: Transfers to countries that the European Commission has recognized as providing an adequate level of data protection.
- Binding Corporate Rules (BCRs): Where applicable, requiring multinational service providers to implement enforceable data protection obligations across their group.
9. Cookies & Tracking Technologies
9.1 General Use
We use cookies and similar technologies to optimize your user experience, analyze traffic, and improve our services. You can manage or disable cookies through your browser settings. Disabling optional cookies will not affect the essential functionality of the Platform, but may reduce the effectiveness of certain features designed to improve user experience.
9.2 Analytics (Matomo)
For web analytics, we use Matomo in cookieless mode for audience measurement and service improvement purposes. In this configuration, Matomo does not store or access information on the user’s device and does not set cookies or similar identifiers. It processes only pseudonymized, aggregated technical and usage data, with IP anonymization enabled, no use of user IDs or device fingerprinting, and no data sharing with third parties. This processing is carried out on the basis of our legitimate interests and in line with applicable ePrivacy exemptions. Users may object or opt out at any time via the available settings.
9.3 User Experience Tools (Hotjar)
We also use Hotjar (Hotjar Ltd.) to better understand how users interact with our Platform and to improve usability and performance. Hotjar provides tools such as heatmaps, session recordings, and feedback widgets that allow us to analyze aggregate user behavior.
Hotjar uses first-party cookies and similar technologies to track interactions in a pseudonymized manner. Sensitive personal data and form inputs are automatically suppressed or masked, ensuring that no personally identifiable information is collected through these tools.
Within the EU/EEA, Hotjar is only activated after you provide consent for “Analytics” cookies via our cookie banner. You may withdraw or update your consent at any time in the cookie settings.
9.4 More Information
For more information on Hotjar’s practices, please refer to:
Hotjar Privacy Policy - www.hotjar.com/legal/policies/privacy/
Hotjar Legal Overview - www.hotjar.com/legal/
Hotjar Acceptable Use Policy - www.hotjar.com/legal/policies/acceptable-use/
Hotjar Trust Center - www.hotjar.com/security/
For additional details about how we use cookies and tracking technologies, please see our dedicated Cookies Policy.
9.5 AI-Assisted Features (Whiteboards)
Some Platform features, such as interactive whiteboards and AI-assisted functionalities, process the content you submit to generate responses or suggestions. These features are not used for analytics or advertising purposes and do not rely on cookies or similar tracking technologies. Any analytics and tracking technologies used on the website are described in this Section 9 and in our Cookies Policy.
10. Third-Party Links & Services
Our website may include links to external websites or services that are not operated by us. Please note that we are not responsible for the content, privacy practices, or policies of such third parties. We strongly recommend that you review the privacy policies of any external sites before providing your personal information.
11. Marketing Communications
With your consent, we may use your personal information to send you newsletters, promotional materials, or other communications related to our services. You may withdraw your consent at any time by clicking the “unsubscribe” link included in our emails or by contacting us directly at [email protected]. We will process your request promptly, and you will no longer receive marketing communications from us. Please note that you may still receive non-promotional service-related messages, such as updates regarding your account or transactions.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Any updates will be posted on this page with a revised "Effective Date." We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Information
For any questions, concerns, or data-related inquiries, please contact:
Konnektable Technologies Ltd (Data Controller for MENTORAS)
- Email: [email protected].
- Address: Marine Point (2nd Floor), Belview Port, Waterford, X91 W0XW, Ireland — Dervenion 30, Metamorphosis, Athens, 144 51, Greece.
- Website: https://mentoras.io
- Primary Authority (Ireland - Main Establishment of the Data Controller)
Data Protection Commission of Ireland (DPC)
Website: https://www.dataprotection.ie/ - Additional Authorities (For Local Data Subjects)
- Hellenic Data Protection Authority (HDPA) - Greece
- Website: https://www.dpa.gr/
- German Federal Commissioner for Data Protection and Freedom of Information (BfDI) - Germany
- Website: https://www.bfdi.bund.de/
Effective Date: January 13, 2026