Introduction

Last updated: March 14, 2025

Mentalese AS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and our services. We take your privacy seriously and are committed to maintaining the trust and confidence of our visitors to our website.

Who We Are

Mentalese AS is a company registered in Norway. We operate under Norwegian and EU data protection laws, including the General Data Protection Regulation (GDPR).

Company Details:

Company Name: Mentalese AS
Registration Number: 933 964 868
Registered Address: Gaustadalléen 21, 0349 Oslo, Norway
Contact: mentalese.ai/contact

Data Controller

Mentalese AS acts as a data controller for the personal information we collect. This means we determine the purposes and means of processing your personal data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date above. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at: CONTACT. You have the right to make a complaint at any time.

Information We Collect

We collect different types of information to provide and improve our services.

Here's what we collect and why:

Data Collection Registry

Data Type	Purpose	Legal Basis	Retention	Processors	Essential
IP addresses	Security and network infrastructure	Legitimate interest	7 days	Cloudflare	Yes
Browser information	Security and network infrastructure, Website analytics	Legitimate interest	7 days, 30 days	Cloudflare Plausible	Yes
Cookie identifiers	Security and network infrastructure	Legitimate interest	7 days	Cloudflare	Yes
Email addresses	Personalization and service delivery and improvement, Hosting and infrastructure, Transactional email delivery	Contract performance, Legitimate interest	Account lifetime, For as long as it takes to process the data, 30 days	Supabase DigitalOcean MailerSend Mailgun	Yes
User account data	Personalization and service delivery and improvement	Contract performance	Account lifetime	Supabase	Yes
User-supplied text samples	Personalization and service delivery and improvement	Contract performance	Account lifetime	Supabase	Yes
User-generated text samples	Personalization and service delivery and improvement	Contract performance	Account lifetime	Supabase	Yes
Feedback data	Personalization and service delivery and improvement	Contract performance	Account lifetime	Supabase	Yes
User preferences	Personalization and service delivery and improvement	Contract performance	Account lifetime	Supabase	Yes
Page views	Website analytics	Legitimate interest	30 days	Plausible	Yes
Location data	Website analytics	Legitimate interest	30 days	Plausible	Yes
Website interactions	Website analytics	Legitimate interest	30 days	Plausible	Yes
User text input	Data processing	Legitimate interest	For as long as it takes to process the data	Runpod	Yes
User image uploads	Data processing	Legitimate interest	For as long as it takes to process the data	Runpod	Yes
User data	Hosting and infrastructure, Transactional email delivery	Legitimate interest	For as long as it takes to process the data, 30 days	DigitalOcean MailerSend Mailgun	Yes
Text input	Hosting and infrastructure	Legitimate interest	For as long as it takes to process the data	DigitalOcean	Yes
Uploaded images	Hosting and infrastructure	Legitimate interest	For as long as it takes to process the data	DigitalOcean	Yes
Names	Hosting and infrastructure	Legitimate interest	For as long as it takes to process the data	DigitalOcean	Yes

How We Use Your Information

We use your information for specific, legitimate purposes that are essential to providing our services and improving your experience.

A. Primary Uses of Your Information

We use your information to:

Provide and maintain our services
Process and complete your requests
Send essential service notifications
Protect against fraudulent or illegal activity
Comply with legal obligations
Debug and fix technical issues
Analyze and improve our services
Personalize your experience
Send you updates about new features (with consent)

B. Service Communications

We may contact you for:

Security alerts
Account notifications
Technical service updates
Legal or policy changes
Responses to your requests

C. Analytics and Improvements

We analyze usage patterns to:

Improve website performance
Enhance user experience
Identify technical problems
Make our services more efficient

All analytics are conducted using anonymized data.

D. Security and Protection

Your information helps us:

Detect and prevent security incidents
Protect against malicious activity
Debug problems
Monitor for technical issues

E. Processing Duration

We process information:

Only as long as necessary
For the purposes stated above
Within the retention periods specified in this document
Until you request deletion (where applicable)

F. No Selling or Trading

We do not:

Sell your personal information
Trade your data with third parties
Use your data for marketing without consent
Process your data for unexpected purposes

G. Changes to Processing

If we need to use your information for a new purpose, we will:

Notify you of the change
Explain the new purpose
Obtain new consent if required
Update this privacy policy

Data Sharing and Third Parties

To provide our services, we work with carefully selected third-party service providers. Here's how we share your information:

A. Our Service Providers

Data Processor Registry

Infrastructure

Basic website operations and security

Processor	Purpose	Data Processed	Location	Legal Basis	Essential
CloudflarePrivacy Policy	Security and network infrastructure	IP addresses Browser information Cookie identifiers	EU	Legitimate interest	Yes
RunpodPrivacy Policy	Data processing	User text input User image uploads	Ireland, EU	Legitimate interest	Yes
DigitalOceanPrivacy Policy	Hosting and infrastructure	User data Text input Uploaded images Email addresses Names	Germany	Legitimate interest	Yes

Authentication

User account management

Processor	Purpose	Data Processed	Location	Legal Basis	Essential
SupabasePrivacy Policy	Personalization and service delivery and improvement	Email addresses User account data User-supplied text samples User-generated text samples Feedback data User preferences	Germany	Contract performance	Yes

Analytics

Website usage analysis

Processor	Purpose	Data Processed	Location	Legal Basis	Essential
PlausiblePrivacy Policy	Website analytics	Page views Browser information Location data Website interactions	Germany	Legitimate interest	Yes

Communication

User messaging

Processor	Purpose	Data Processed	Location	Legal Basis	Essential
MailerSendPrivacy Policy	Transactional email delivery	Email addresses User data	Belgium	Legitimate interest	Yes
MailgunPrivacy Policy	Transactional email delivery	Email addresses User data	Germany	Legitimate interest	Yes

B. Data Transfer Safeguards

All providers comply with GDPR requirements
Data is primarily processed in the EU
Where international transfers occur, we ensure appropriate safeguards: • EU Standard Contractual Clauses • Adequacy decisions • EU server locations where possible

C. Third-Party Access Limits

Our service providers:

Only access necessary data
Process data based on our instructions
Cannot use data for their own purposes
Have signed Data Processing Agreements

D. Links To Third-Party Sites

The Site or Service may contain links to a number of sites owned and operated by third parties that may offer useful information. The policies and procedures described in this Privacy Policy do not apply to those third-party sites. Please contact those third-party sites for information on their data collection, security, and distribution policies.

E. Future Changes

If we change service providers or add new ones:

We will update this policy
Ensure similar levels of protection
Maintain GDPR compliance

Your Privacy Rights

Under GDPR, you have rights regarding your personal data:

A. Your Rights

Access your personal data
Correct inaccurate data
Delete your data ('right to be forgotten')
Restrict how we use your data
Export your data ('data portability')
Object to processing
Withdraw consent at any time

B. Exercise Your Rights

Send requests via:

Contact form: CONTACT

We'll respond within 30 days. We may need to verify your identity. We do not charge a fee for processing privacy-related requests. However, we may charge a reasonable fee or refuse to act on requests that are excessive, repetitive, or manifestly unfounded, as permitted by applicable law.

C. Complaints

You can complain to your local data protection authority (in Norway: Datatilsynet - www.datatilsynet.no).

Cookies and Tracking

We may use cookies and similar technologies on our website:

A. Essential Cookies

Required for website function
Handle login sessions
Manage security features

No consent needed, cannot be disabled

B. Analytics

Track website usage
Improve user experience
Collect anonymous statistics

Can be disabled via cookie banner

C. Third-Party Cookies

Analytics
Authentication

Used only when necessary or when consented

D. Your Choices

Accept/reject non-essential cookies via our cookie banner
Change preferences anytime
Control via browser settings

E. Do Not Track

Our website does not currently respond to Do Not Track (DNT) signals.

Data Security

We protect your data through security measures:

A. Protection Measures

Encrypted data transmission (HTTPS)
Secure infrastructure (DigitalOcean, Cloudflare)
Regular security updates
Access controls for our team
Data backups
Regular reviews of your data protection practices
Audits or third-party assessments for GDPR compliance

B. Data Breaches

If a breach occurs, we will:

Notify affected users promptly
Inform relevant authorities within 72 hours
Take steps to minimize impact

C. Third-Party Security

Our service providers:

Meet high security standards
Use encryption
Have their own security measures
Are GDPR compliant

D. Your Role

Help keep your account secure by:

Using strong passwords
Not sharing login credentials
Logging out of shared devices

Children's Privacy

A. Age Restriction

Our service is not intended for users under 16
We do not knowingly collect data from children
Users must be 16 or older to create an account

B. If We Discover Minor's Data

If we learn we have collected data from a minor, we will:

Delete the information promptly
Take steps to prevent further collection
Notify relevant parties if required

C. Parent/Guardian Rights

Parents/guardians who believe we have collected data from their child should contact us immediately at CONTACT.

Jurisdiction-Specific Rights

A. European Economic Area (EEA)

As we operate under GDPR, you have rights covered in Section 5. Additionally:

Right to lodge complaints with your local data protection authority
Right to receive notification of data breaches
Right to contest automated decisions

B. Legal Basis for Processing

We process data based on:

Contract performance (providing our service)
Legal obligations
Legitimate interests
Your consent, where required

C. International Transfers

We primarily process data in the EU
When data leaves the EU, we ensure:
Adequate safeguards are in place
Standard Contractual Clauses are used
Data protection rights are maintained

D. Supervisory Authority

Our main supervisory authority is: Datatilsynet (Norwegian Data Protection Authority) [Click here for contact details for Datatilsynet]