We have updated our governing terms to remove references to Privacy Shield Certification in this GDPR Privacy Policy and related data use terms. Mentibus relies on the Standard Contractual Clauses, where applicable, in accordance with applicable laws.
These changes go into effect on April 30, 2026.
European Residents
If you are a resident of the European Union ("EU"), United Kingdom, Liechtenstein, Norway, Iceland, or Switzerland, you may have additional rights under the EU General Data Protection Regulation (the "GDPR"), the United Kingdom Data Protection Regulation (the "UK-GDPR"), or equivalent European privacy laws with respect to your Personal Data, as outlined below.
For this GDPR Privacy Notice, we use the terms "Personal Data" and "processing" as they are defined in the European Privacy Laws, but "Personal Data" generally means information that can be used to individually identify a person, and "processing" generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Mentibus will be the controller of your Personal Data processed in connection with the Service. For purposes of this notice, "Personal Data" includes Profile Data, as described in our Privacy Policy.
Where applicable, this GDPR Privacy Notice supplements and does not replace Mentibus's Privacy Policy. If there is a conflict between this GDPR Privacy Notice and the Privacy Policy, the policy or portion that is more protective of Personal Data will control to the extent of that conflict. If you have questions about this notice or whether it applies to you, please contact us at privacy@mentibus.com.
Data Processing Activities
The following table outlines our data processing activities, the legal grounds for processing, and our legitimate interests where applicable:
| Category of Data | Source | Purpose | Legal Grounds | Legitimate Interest |
|---|
| Customer Account Data (first and last name, email, IP address) | Data Subject | Analytics | Legitimate Interest | Monitoring analytics on website and app use, traffic demographics, navigation patterns, potential security or spam breaches, and performance issues |
| Customer Account Data (first and last name, email, company) | Data Subject | Customer Success Communication | Legitimate Interest | Personalized service and communications related to the customer's use of the product |
| Customer Account Data | Data Subject | Marketing Campaign (email, list creation, ads) | Legitimate Interest | Personalization, market research, targeted advertisement, or direct marketing |
| Customer Account Data (first and last name, device type, browser) | Data Subject | Product Development | Legitimate Interest | Improving performance, troubleshooting bugs, and other internal development needs |
| Customer Account Data (first and last name, email, company) | Data Subject | Sales Communication | Legitimate Interest | Targeted advertisement or direct marketing |
| Customer Account Data (first and last name, email) | Data Subject | Using Mentibus Products | Contractual Necessity | Contractual Necessity |
| Customer Account Data (image, gender) | Data Subject | Using Mentibus Products | Legitimate Interest | Creation of public profiles using publicly known data, personalized service, and customer communications |
| Billing Data (first and last name, card type, card country) | Data Subject | Analytics | Legitimate Interest | Monitoring analytics on website and app use, traffic demographics, navigation patterns, potential security or spam breaches, and performance issues |
| Billing Data (first and last name, card type, card country) | Data Subject | Customer Success Communication | Legitimate Interest | Personalized service and communications related to the customer's use of the product |
| Billing Data (first and last name, card type, card country) | Data Subject | Product Development | Legitimate Interest | Improving performance, troubleshooting bugs, and other internal development needs |
| Customer Support Data (first and last name, email, address) | Data Subject | Analytics | Legitimate Interest | Monitoring analytics on website and app use, traffic demographics, navigation patterns, potential security or spam breaches, and performance issues |
| Customer Support Data (first and last name, email, address, last 4 digits of credit card) | Data Subject | Customer Success Communication | Legitimate Interest | Personalized service and communications related to the customer's use of the product |
| Customer Support Data (first and last name, email) | Data Subject | Marketing Campaign (email, list creation, ads) | Legitimate Interest | Personalization, market research, targeted advertisement, or direct marketing |
| Customer Support Data (first and last name, email) | Data Subject | Product Development | Legitimate Interest | Improving performance, troubleshooting bugs, and other internal development needs |
| Customer Support Data (first and last name, email) | Data Subject | Sales Communication | Legitimate Interest | Targeted advertisement or direct marketing |
| Customer Support Data (first and last name, email) | Data Subject | Using Mentibus Products | Contractual Necessity | Contractual Necessity |
| Person Profile Data (first and last name, news articles, company, investments) | Data Subject, Publicly available web sources, Third Parties | Analytics | Legitimate Interest | Monitoring analytics on website and app use, traffic demographics, navigation patterns, potential security or spam breaches, and performance issues |
| Person Profile Data (first and last name, news articles, company, investments) | Data Subject, Publicly available web sources, Third Parties | Product Development | Legitimate Interest | Creation of public profiles, improving performance, troubleshooting bugs, and other internal development needs |
| User Session Data (page URL, UTMs) | Data Subject | Advertising | Legitimate Interest | Personalization, market research, targeted advertisement, or direct marketing |
| User Session Data (page URL) | Data Subject | Mobile App Marketing | Legitimate Interest | Personalization, market research, targeted advertisement, or direct marketing |
| User Session Data (UTMs, logged in, XSRF token) | Data Subject | Using Mentibus Products | Legitimate Interest | Maintain logged-in state, enable users to log back in, prevent cross-site request forgery attacks, support feature rollout, conduct analysis, track ad performance, and personalize web content |
| Tax and Payout Data (bank or Stripe Connect account details, tax ID, W-9/W-8BEN forms, VAT number where applicable) | Data Subject | Processing fiat payouts of earned points; tax reporting and withholding | Legal Obligation; Contractual Necessity | Compliance with tax and financial-reporting obligations and processing fiat payouts via Stripe Connect |
How and With Whom Do We Share Your Data?
We share Personal Data with vendors, third party service providers and agents who work on our behalf and provide us or you with services related to the purposes described in this Privacy Policy or our Terms of Service. These parties include:
- Payment processors
- Fraud prevention service providers
- Ad networks
- Analytics service providers
- Staff augmentation and contract personnel
- Hosting service providers
- Co-location service providers
- Marketing service providers
- Product development service providers
- Customer success providers
We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested, including with:
- Other users (where you post information publicly, direct us to share information, or where sharing is necessary to complete a transaction initiated or authorized by you)
- Social media services (if you interact with them through the Service)
- Third party business partners you access through the Service
- Your vendors and service providers, such as customer relationship management system providers
We also share Personal Data when we believe it is necessary to:
- Comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies
- Protect us, our business, or our users, including enforcing our Terms of Service, preventing unwanted communications, and investigating or protecting against fraud
- Maintain the security of our products and services
We also share information with third parties when you give us consent to do so. In addition, we share Personal Data that is Profile Data with other users, customers, partners, resellers, and reseller customers where applicable. We may also share Personal Data with affiliates or other members of our corporate family, and user information may be transferred as part of a merger, acquisition, sale of assets, bankruptcy, or similar corporate transaction.
What Security Measures Do We Use?
We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity:
- The Mentibus website uses SSL (https)
- Account passwords are hashed when stored in our database
- The authenticity of request methods is verified to prevent CSRF attacks
- Mentibus employees use Single Sign-On (SSO), passwords, and screen locking
- Access to AWS and payment processors is limited and requires Two-Factor Authentication (2FA)
- Access to production data requires VPN access
- Mentibus performs third-party penetration testing
How Long Do We Retain Your Personal Data?
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service. In some cases we retain Personal Data for longer if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
Personal Data of Children
As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Service or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at privacy@mentibus.com.
What Rights Do You Have Regarding Your Personal Data?
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email privacy@mentibus.com. In some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or impractical, if it jeopardizes the rights of others, or if compliance is not required by law. In those circumstances, we will still respond to notify you of our decision. We may also ask you to provide additional information, including Personal Data, where necessary to verify your identity and request.
Access
You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification
If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure
You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent
If we are processing your Personal Data based on your consent, you have the right to withdraw your consent at any time. Some Service features may require consent on a case-by-case basis after withdrawal.
Portability
You can ask for a copy of your Personal Data in a machine-readable format or request that we transmit the data to another controller where technically feasible.
Objection
You can contact us to object to the further use or disclosure of your Personal Data for certain purposes, such as direct marketing.
Restriction of Processing
You can ask us to restrict further processing of your Personal Data.
Right to File Complaint
You have the right to lodge a complaint about Mentibus's practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Transfers of Personal Data
The Service is hosted and operated in the United States ("U.S.") through Mentibus and its service providers. If you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Service, you acknowledge that Personal Data about you may be provided to Mentibus in the U.S., hosted on U.S. servers, and transferred, stored, and processed in the U.S. and possibly other countries.
For transfers of Personal Data originating in the European Economic Area, the United Kingdom, or Switzerland to countries that have not been deemed to offer an adequate level of data protection, Mentibus relies on appropriate safeguards, including the EU Standard Contractual Clauses, the UK International Data Transfer Addendum where applicable, and supplementary technical and organizational measures such as encryption in transit and at rest, access controls, and pseudonymization. Where Mentibus participates in the EU-U.S. Data Privacy Framework and/or its UK and Swiss extensions, the corresponding certification details will be published on the Mentibus website. Upon request to privacy@mentibus.com, data subjects may obtain a copy of the applicable transfer mechanism with confidential commercial terms redacted.
Automated Decision-Making and Profiling
We use automated systems, including AI agents and algorithmic scoring, for proposing data enrichments and validations to users, matching users for Social Poking or Matchmaking based on tags and opt-in location, ranking contributors on Leaderboards, calculating points balances, referral weights, and rewards conversion eligibility, and identifying suspicious activity for AML and anti-abuse purposes.
Where these decisions produce legal effects or similarly significant effects within the meaning of Article 22 GDPR, such as refusal of Dealroom access following sanctions screening or rejection of a fiat payout request following an identity or sanctions check, we implement safeguards including the right to obtain human review, express your point of view, and contest the decision. To exercise these rights, contact privacy@mentibus.com.
Special Categories of Personal Data
As part of the KYC process for Dealroom access, Mentibus or its KYC providers may process biometric data, such as facial-recognition matching against identity documents. This data is treated as a special category of personal data under Article 9 GDPR and is processed only with your explicit consent or where processing is necessary for reasons of substantial public interest, including AML compliance. Biometric data is retained only as long as necessary to complete verification and is then deleted unless a longer retention period is required by law.
On-Chain Records and the Right to Erasure
The Dealroom feature may permit users to voluntarily attach an on-chain transaction hash, or an equivalent public record such as an EDGAR filing link, as Proof of Transaction. Where you use this functionality, the underlying public blockchain record is pseudonymous and immutable by nature, and cannot be deleted or modified by Mentibus.
Where you exercise your right to erasure, Mentibus will erase or anonymize corresponding records in its off-chain systems, dissociate your off-chain identity from the public on-chain reference where feasible, and cease further processing of that reference for its own purposes. Information already recorded on a public blockchain by you or third parties will remain visible independently of Mentibus. Mentibus does not itself issue or custody any cryptocurrency token, and platform rewards are operated as an off-chain points system convertible to subscription credit or fiat cash payouts.
Data Breach Notification
In the event of a personal data breach, Mentibus will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay in accordance with Article 34 GDPR.
Data Protection Officer and EU Representative
Mentibus has appointed a Data Protection Officer or equivalent privacy contact responsible for overseeing compliance with European data protection laws. The DPO can be contacted at privacy@mentibus.com.
Because Mentibus is established outside the European Economic Area and the United Kingdom, and where its processing activities fall within the territorial scope of Article 3(2) GDPR or the UK GDPR, Mentibus has appointed, or will appoint where legally required, an EU / UK representative under Article 27 GDPR. Contact details for the representative will be published on the Mentibus privacy page once finalized.
Legitimate Interest Balancing - Email Leads Engine and Address Book
Where Mentibus processes business-contact data of individuals who have not registered for the Service, such as to populate pre-created profile pages, invite individuals to claim them through the Email Leads Engine, or support user-imported address books, Mentibus relies on the legitimate interest balancing test under Article 6(1)(f) GDPR.
Mentibus has assessed that professional networking, discovery, and profile-claim invitations are recognized interests under applicable law; that processing is limited to business-context data made public or provided in a professional capacity; and that safeguards are in place, including respect for opt-out and unsubscribe requests, a global Do-Not-Contact register, limited outreach frequency, and transparent disclosure through this notice. Individuals may object to such processing at any time by contacting privacy@mentibus.com, and such objection will be respected unless Mentibus can demonstrate compelling legitimate grounds for continued processing.
Cookies and Tracking Technologies
The Service uses cookies and similar tracking technologies to operate the platform, analyze usage, authenticate sessions, personalize content, and measure advertising performance. Detailed information about cookies, their purposes, and their duration is set out in the Mentibus Cookie Policy, which is incorporated by reference into this notice.
Where required by applicable law, including the ePrivacy Directive as implemented in EU Member States, you will be presented with a cookie banner allowing you to manage your preferences. You can also adjust cookie preferences through your browser settings, though disabling certain cookies may affect Service functionality.
What If You Have Questions Regarding Your Personal Data?
If you have any questions about this GDPR Privacy Notice or our data practices generally, please contact Mentibus using the following information:
Physical address:1319 Leavenworth, San Francisco, CA 94109