4. Information We Collect
We collect personal information from coaches, and users in order to provide our services effectively. The types of personal information we may collect include:
Information You Provide
- Account Information: When you register on the platform, we collect your name, email address, phone number, country of residence, and payment details.
- Profile Information: Coaches may provide additional information, such as professional qualifications, areas of expertise, bio, and any certifications including video presentations.
- Communication Data: Any communications you have with other users (coaches, mentors, clients) via our platform may also be stored for dispute resolution or service improvement purposes.
- Payment Information: For coaches, we may collect billing information, credit card or banking institution details or other information pertinent to financial transactions between the coaches and Mentaa. For users, payment details will be processed securely via third-party payment processors.
Information We Collect Automatically
- Device Information: We may collect data about the devices used to access the platform, including IP addresses, browser types, operating systems, and device identifiers.
- Usage Data: We track user interactions with the platform, such as session lengths, pages visited, and actions taken (e.g., booking services, leaving reviews).
Cookies and Tracking Technologies
What Are Cookies?
- Cookies are small files placed on your device to improve your experience on our Platform. They allow us to remember your actions and preferences over time, enhancing your user experience.
What Mentaa Uses Cookies For?
Mentaa uses cookies to enhance your experience and ensure the platform operates smoothly. Here’s how cookies help us:
- Essential Functionality - Ensure the platform’s features work correctly, such as account login, session management, and secure transactions.
- Personalization - Remember your preferences, such as language settings, saved filters, or preferred coaches, to tailor your experience.
- Performance Optimization- Analyze usage patterns to improve platform speed, reliability, and user satisfaction.
- Analytics and Insights - Collect data to understand how users interact with the platform, enabling us to refine services and introduce features you’ll love.
- Marketing and Communication - Deliver personalized content and promotions based on your activity and interests, ensuring relevance in our communications.
We value your privacy and ensure that cookies comply with data protection regulations. You can manage your cookie preferences at any time through your browser settings or our cookie policy page.
How Can You Manage Cookies?
At Mentaa, we believe in giving you control over your online experience. Here’s how you can manage cookies:
Browser Settings
Most web browsers allow you to view, delete, or block cookies. You can adjust your browser settings to accept or reject cookies based on your preferences.
For guidance on managing cookies in popular browsers, refer to their help documentation:
- Google Chrome
- Mozilla Firefox
- Safari
- Microsoft Edge
Cookie Preferences on Mentaa
You can manage your cookie preferences directly on our platform. Visit the Cookie Settings page to customize which types of cookies you allow or disable non-essential cookies.
Third-Party Cookies
Some cookies used on Mentaa come from third-party services, such as analytics or advertising platforms. You can manage these cookies through their respective settings or opt-out tools, such as the Network Advertising Initiative or Your Online Choices.
Clearing Cookies
If you wish to reset your cookie preferences, clearing cookies from your browser will remove any previously stored cookies, allowing you to start fresh.
Please note that disabling certain cookies may impact your experience on Mentaa, as some features rely on cookies to function properly.
Data Retention
Cookies will remain on your device for varying lengths depending on the type. Some cookies are session-based and are deleted when you close your browser, while others are persistent and remain for a defined period. Cookies are not stored indefinitely.
5. How We Use Your Information
We use personal information for the following purposes:
- Service Provision: To enable the interaction between clients, coaches, and mentors and facilitate the personal development services offered through the platform.
- User Account Management: To manage user accounts, including profile creation, login authentication, and customer support.
- Payment Processing: To process payments for services between users and coaches through Stripe.
- Communication: To send you administrative or transactional emails, updates on services, or respond to inquiries.
- Service Improvement: To analyze platform usage and improve our services, customize user experience, and address bugs or issues.
- Compliance: To comply with applicable legal obligations, such as financial reporting.
Legal Basis for Processing (EU Users)
For EU users, we process personal information in accordance with the GDPR:
- Performance of a Service: Processing is necessary for the provision of services and the performance of a contract.
- Consent: Where required by law, we may rely on your consent for certain processing activities (e.g., direct marketing).
- Legitimate Interests: We may process personal information based on legitimate business interests, such as improving the platform and preventing fraud.
- Legal Obligations: We may process personal data to comply with legal obligations, such as tax or financial regulations.
- No indefinite period data: We will not retain the data for an indefinite period of time. You can decide to unsubscribe from the newsletters and marketing information.
6. Sharing Your Information
At Mentaa, we prioritize your privacy and only share your information in ways that are essential to providing and improving our services. Here’s how your information may be shared:
- With Coaches: When you book a session or interact with a coach, we share only the necessary details, such as your name, contact information, and preferences, to facilitate the coaching process.
- Service Providers and Partners: We work with trusted third-party service providers to support platform operations, including payment processing, hosting, analytics, and marketing. These partners are required to handle your data securely and solely for the agreed purposes.
- Legal Compliance: We may disclose your information if required by law, regulation, or legal process, such as responding to a court order or enforcing our terms of service.
- Business Transfers: If Mentaa undergoes a merger, acquisition, or sale of assets, your information may be transferred as part of the business transition. You will be notified of any such changes and your rights in relation to your data.
- Aggregated and De-Identified Data: To improve our platform and services, we may share aggregated, anonymized data that cannot be used to identify you personally with partners, advisors, or for research purposes.
- With Your Consent: We will only share your information with other parties when you have explicitly granted permission to do so.
We are committed to transparency and ensure that any sharing of your information complies with applicable data protection laws. If you have concerns about how your information is shared, please contact us at contact@mentaa.com.
7. Data Transfers
- Transfers Under UAE Data Protection Law: We may transfer your personal data outside of the UAE, but we ensure that your data is protected. If your data is transferred to a country with lower data protection standards, we will implement appropriate safeguards to protect your information.
- Transfers Under GDPR (EU): If you are located in the EU, your personal data may be transferred outside the European Economic Area (EEA). We only transfer data to countries that have been approved by the EU for adequate data protection, or we use legal safeguards like Standard Contractual Clauses to ensure your data remains protected.
- Transfers Under CCPA (California, USA): If you are a California resident, your personal data may be shared with third parties for business purposes. We make sure that any third parties comply with privacy and security requirements, and you have the right to request that we stop the transfer of your data to third parties.
- Your Rights: You have the right to be informed about how your personal data is transferred, and to request more information about the safeguards we use to protect your data during international transfers.
8. Data Retention
Our company is committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws, including GDPR, CCPA, and UAE Data Protection Law.
Retention Periods
GDPR (EU): Personal data will be retained only as long as necessary for the purpose for which it was collected. Key retention periods include:
- Business Data: Retain for the duration of the contract plus 7 years.
- Employee Data: Retain for 5-7 years post-employment.
- Financial Data: Retain for 7 years for compliance with tax and accounting laws.
- Marketing Data: Retain for no more than 12 months after the last interaction.
CCPA (California, USA): Personal data will be retained only for as long as necessary to fulfill the business purpose or comply with legal requirements:
- Business Data: Retain for at least 5 years.
- Marketing Data: Retain for no longer than 12 months.
- Employee Data: Retain for 3-5 years after employment ends.
UAE Data Protection Law: Personal data will be retained as necessary for processing purposes and legal compliance:
- Business Data: Retain for the duration of the contract plus 5-7 years.
- Employee Data: Retain for 5-7 years post-employment.
- Financial Data: Retain for 5-7 years for regulatory compliance.
- Marketing Data: Retain for no longer than 12 months after the last engagement.
Data Deletion
Once data is no longer required for its intended purpose, it will be securely deleted or anonymized. You have the right to request deletion of your personal data in accordance with applicable laws.
Regular Review
We regularly review our data retention practices to ensure that personal data is not retained longer than necessary and that it is handled in accordance with relevant data protection laws.
9. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
EU Residents (GDPR Rights)
- Right to Be Informed (Transparency): Users have the right to be informed about how we collect and use your personal data, including the purposes, legal basis, and any third parties involved.
- Right of Access: Users have the right to request a copy of the personal data we hold about you, as well as the details of how we are processing it.
- Right to Rectification: Users have the right to request corrections or updates to your personal data if it is inaccurate or incomplete.
- Right to Erasure (Right to Be Forgotten): Users have the right to request that we delete your personal data, provided there are no overriding legitimate grounds for retaining it.
- Right to Restriction of Processing: Users have the right to request that we limit how we process your data, such as if you feel it is inaccurate or processing is unlawful.
- Right to Data Portability: Users have the right to receive your personal data in a format that allows you to transfer it to another service provider, where technically feasible.
- Right to Object: Users have the right to object to the processing of your data, including for direct marketing or profiling, and we will stop unless we have legitimate grounds to process it.
- Right to Not Be Subject to Automated Decision-Making: Users have the right to avoid decisions made solely based on automated processing, including profiling, that significantly affect you, and request human intervention if necessary.
- Right to Withdraw Consent: Users have the right to withdraw your consent to the processing of your personal data at any time, and we will stop processing it unless there are other legal grounds.
- Right to Lodge a Complaint: Users have the right to lodge a complaint with the relevant supervisory authority if you believe we have violated your rights under GDPR.
To exercise these rights, please contact us at contact@mentaa.com.
California Residents (CCPA Rights)
- Right to Know (Access): Users have the right to request information about the personal data that a business has collected about them, including: the categories of personal information collected, the specific pieces of personal information collected about the user, the categories of sources from which the personal information is collected, the business or commercial purposes for collecting or selling personal information, the categories of third parties with whom the personal information is shared.
- Right to Delete: Users have the right to request the deletion of their personal information held by a business, subject to certain exceptions. Businesses must delete personal data upon request, unless that data is necessary for specific legal or operational purposes.
- Right to Non-Discrimination: Users have the right to be free from discrimination for exercising their rights under the CCPA. This means a business cannot deny services, charge different prices, or provide different levels of quality to a user who exercises their rights (such as opting out or requesting deletion of their data).
- Right to Correct Inaccurate Information: While not explicitly stated in the original CCPA, amendments under the California Privacy Rights Act (CPRA) introduced in 2020, have clarified that users can request businesses to correct inaccurate personal information that they hold about them.
- Right to Access Information about Automated Decision-Making: While not part of the original CCPA, the CPRA (effective in 2023) introduces the right to know whether personal information is used in automated decision-making, including profiling, and the logic behind such processes, particularly in cases that could affect the user's rights.
- Right to Data Portability: Users have the right to request that their personal information be provided in a readable, accessible, and portable format, which allows them to transfer it to another service provider.
- Right to Appeal: If a business refuses a user's request (e.g., for deletion of personal data or correction of inaccurate information), the user has the right to appeal the decision. The business is required to provide a mechanism for users to request a review of the decision.
- Right to Know About Sharing of Personal Information: Under the CPRA, users have the right to know if their personal data is being "shared" with third parties. Businesses must disclose information about data sharing practices, including what data is shared for
- Right to Access & Deletion Requests: Businesses are required to respond to these requests within 45 days, although this period can be extended by another 45 days with notice to the user.
- Verification: To protect against fraud, businesses are allowed to require users to verify their identity before fulfilling certain requests, such as deletion or access requests.
Key Exceptions to User Rights:
There are several exceptions under the CCPA where businesses do not have to honor these rights, including:
- Contractual necessity: Businesses may retain certain personal information if it is necessary for fulfilling a contract with the user (e.g., to process a transaction).
- Legal obligations: Data must be retained if required by law (e.g., for tax or regulatory reasons).
- Public record: Personal data in the public domain (e.g., public government records) may not be subject to the same deletion rights.
To make a CCPA request, please contact us at contact@mentaa.com.
UAE Residents
Under UAE privacy laws, you have the right to:
- Access: Request access to your personal data.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your data when no longer needed or if processed unlawfully or if consent is withdrawn.
- Objection: Object to processing for marketing, conducting statistical surveys and if the processing is violative of the applicable law.
- Restrict Processing: Request restriction of processing data when accuracy of the Personal Data is objected. The processing shall be halted until the data is verified.
To exercise these rights, please contact us at contact@mentaa.com.
10. Data Security
At Mentaa, protecting your personal information is a top priority. We have implemented robust measures, including SSL/TLS encryption to protect data transmitted between your device and our servers, as well as safeguards against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encryption: We use industry-standard encryption protocols to protect sensitive data, including personal information and payment details, during transmission and storage.
- Access Control: Access to your information is restricted to authorized personnel and service providers who require it to deliver services. Strict authentication processes are in place to prevent unauthorized access.
- Regular Monitoring: We continuously monitor our systems for potential vulnerabilities and threats, addressing any issues promptly to maintain the integrity of our platform.
- Secure Payments: All payment transactions on Mentaa are processed through trusted third-party gateways that comply with PCI-DSS (Payment Card Industry Data Security Standard).
- Data Retention Policies: We retain your information only for as long as necessary to fulfill the purposes outlined in our policies or comply with legal obligations. When data is no longer required, we securely delete or anonymize it.
- User Responsibilities: While we take extensive measures to protect your data, you also play a role in safeguarding your information. Please use a strong, unique password for your account and avoid sharing it with others.
- Incident Response: In the unlikely event of a data breach, we have a comprehensive response plan in place to notify affected users and take immediate action to mitigate risks.
Your trust is important to us, and we are committed to maintaining the highest standards of data security. If you have any questions or concerns about our practices, please contact us at contact@mentaa.com,
11. Children’s Privacy
Mentaa is not intended for use by individuals under the age of 18. We do not knowingly collect or store personal information from children. If we become aware that a child’s information has been provided to us, we will take immediate steps to delete it.
If you believe a child’s information has been shared with us, please contact us at contact@mentaa.com, and we will address the issue promptly.
12. Changes to this Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by email or via our platform where applicable. Please also review this policy periodically to stay informed of our practices.
13. Prevalence of the Applicable Law
MENTAA shall duly comply with the applicable privacy laws and requirements in the UAE and additionally under the GDPR and CCPA.
Where applicable privacy law requires a higher standard of protection for Personal Data than presented in this policy, the requirements of the applicable privacy Law shall prevail. Where applicable privacy law establishes a lower standard of protection for Personal Data than presented in this Privacy Policy, the requirements of the Privacy Policy shall prevail.
14. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or your personal information, please contact us at contact@mentaa.com