Introduction
Mentr (mentr.ai) is a service developed by Nora Software AS. This privacy policy will explain how we (Nora Software AS, Gaustadalléen 21, 0349 OSLO, Norway) will use the personal data we collect from you when you use our services (the “service” or “Mentr service”) and how artificial intelligence (“AI”) will support the service.
We protect your data in accordance with the Norwegian Data Protection Act, including the EU General Data Protection Regulation (GDPR).
If you have any questions about this privacy and AI policy or any other questions regarding our privacy and AI practices, please contact us at info@mentr.ai.
Which AI systems do we use and how?
We use the following AI sub suppliers :
Name
How we use it
Link to terms
The terms of the sub suppliers, our partners, apply to the part of the service made up by their systems.
What data do we collect and why?
We process your personal data in order to provide the Mentr service when using our service, as described below.
When you and others use the service
Your use. When you use the Mentr service, we collect the following data:
Personal identification information (name and email address)
Voice data
Meeting notes, which may include personal data
Public information from LinkedIn and Google search, such as career data
Website access data (see below)
If you connect your Google or Microsoft account, we collect Google and Microsoft user data (see below)
If you decide to use the voice transcriber service feature, we may
temporarily record your voice and share it with our partner in order to transcribe it to text. This recording is deleted as soon as possible, and always within 24 hours.
apply machine learning algorithms to both your utterances and your meeting notes, in order to summarize them and provide other information like advice and input related to them.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b). You can delete your account, and all data we have collected about you in settings under account.
In order to provide key functionality and benefits of the service, the above described data must be retained. The retention is in the interest of all users of the service, creating a win-win for all parties. These interests are legitimate. The retention of data will to a very limited extent violate your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.
Google and Microsoft User Data Policy Compliance
mentr.ai ensures that any information we receive from Google or Microsoft APIs is handled according to their rules. This means we follow Google’s API Services User Data Policy and Microsoft’s API Terms of Use, including their specific guidelines for limited data use.
If you grant permissions for us to access your Google or Microsoft account, we will process:
Profile data, including e-mail address and name
Events from your Google or Microsoft calendars
Contacts from your Google or Microsoft account
We will not share your Google or Microsoft user data with any third parties for other purposes than data storage.
We store all your user data in encrypted form, and always transmit it over encrypted connections.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).
Our copy of your Google or Microsoft account data (name, email and profile picture) will be deleted if you delete your account (see above).
When you visit our website
When you visit our website mentr.ai, we collect the following information from your device:
IP address
date and time of the access
name and URL of the accessed file
browser type and version
further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.)
form information (if submitted)
We only process these data to ensure the proper operation of our website, sales and marketing purposes, for evaluating system security and stability, for analysis and administrative purposes.
Data will be deleted after 30 days.
The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).
The legal basis for the marketing, sales and analysis is the legitimate interest of Nora Software (GDPR art. 6 (1) f). In order to improve the service and thus stay in business, we must analyze how you and other users operate the service, and conduct marketing and sales. These interests are legitimate. The retention of data will to a very limited extent infringe on your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.
When you contact us via email
If we provide email support, you may contact us via e-mail. In order to respond you your request or inquiry we process:
Your name
Your email address
Other personal data you choose to share with us
The processing is necessary for the performance of a contract with you or to fulfill your request (GDPR art. 6 (1) b).
Marketing via email
We send newsletters by email so that you can receive information and offers. It is voluntary to sign up to receive newsletters, and you will only receive emails if you have given your consent (GDPR. art. 6 (1) a) or we have legitimate interest (GDPR. art. 6 (1) f). It is easy to unsubscribe from the newsletter, either by contacting us or by clicking on the unsubscribe link at the bottom of all newsletters from us.
For our newsletters to be relevant to you, we may, if you have consented to this, use information about you to adapt our newsletters to you.
When sending newsletters, we can measure the opening rate of the newsletter and create aggregated statistics and analyzes to improve our newsletters.
The legal basis for this and our processing for marketing purposes is our legitimate interest in marketing through relevant newsletters (GDPR art. 6 (1) f)). The marketing related processing is required for us to stay in business. The processing constitutes a very limited infringement of your privacy.
We use MailChimp as our newsletter provider., which is certified under the EU US Data Privacy Framework. Read MailChimp's privacy policy.
When you delete your account or request us to, we will delete your information from our marketing database.
Error data reporting
We use error reporting tools which may include personal data for the purpose of error reporting. The data will be processed solely for the purpose of testing and resolving compatibility issues, fixing and resolving bugs or other quality issues related to the service. The legal basis for the processing is the performance of our contract with you or enabling us to reply to your request for the service (GDPR art. 6 (1) b).
Any personal data that is included in our error reporting will be deleted after 30 days.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology (e.g. local storage).
How do we use cookies?
Nora Software uses persistent first-party cookies to keep you signed into the application. They expire after one year.
How to manage cookies
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
The 3rd party cookies we use:
Service
Purpose
Google Analytics
Analyze website traffic, user behavior, and interactions
Google Tag Manager
Google Ads
Advertising, retargeting and conversion tracking
Hotjar
Understand and visualize user interactions on the website, such as clicks, scrolls and mouse movements
Delighted by Qualtrics
Collect and analyze customer feedback
Meta / Facebook
Advertising, retargeting and conversion tracking
Hubspot
Analyze website traffic, user behavior, and interactions
MailChimp
Newsletter
Encharge
Marketing automation
Where we process your data
Service providers (third-party services)
We do not process your data using third parties unless there is a legitimate and legal basis for doing so. We use third party services for a number of purposes, as listed below.
We will only process your personal data with third parties as described in this privacy policy and do not sell any personal data. The third parties will be responsible for any processing of personal data for their own purposes.
Our service providers are:
Service
Purpose
Legal basis
Privacy policy
Grafana
Data log visualization
GDPR art. 6 (1) f
Link
We have an account on LinkedIn to present our products, services and Nora Software.
LinkedIn allows us to see posts, likes, follows, comments, messages, as well as aggregated statistics to help us understand the visitor’s actions on our pages. LinkedIn processes personal data in the USA and other countries listed in their privacy policy. The European Union Standard Contractual Clauses (SCC) are the legal basis for the transfer from the European Economic Area (EEA) to the USA.
As the vast majority of the processing taking place will be by Linkedin as data controller, please read more in LinkedIn’s privacy policy.
Business transactions
Relevant personal data may also be provided to third parties such as lawyers, advisers, buyers and prospects in connection with a business transaction, including a prospective or completed merger, acquisition or stock sale (including transfers made as part of insolvency or bankruptcy proceedings). Non-disclosure agreements or professional obligations of secrecy will protect your personal data.
Safety measures
We are constantly working to protect your personal information and other confidential information. Our security measures include physical, technical and administrative measures.
Everyone at Nora Software who handles personal data has received training and guidance on how to handle personal data safely. We have routines and access control to prevent the loss or disclosure of your personal information. We adopt industry standard software and guidelines to protect your personal data and other confidential information.
Any violation of our security practices will be documented. We have procedures and capacity to detect and address security and privacy breaches. If such breaches are detected, this will be reported to management, the risk of security breaches will be assessed, and the Data Inspectorate will be notified if necessary. You will also be notified as a user if the security breach poses a high privacy risk to you.
For how long we store your data
We will retain and use personal information only for as long as we have a legal basis for doing so. That could mean minutes, hours, days, months or years, depending on the type of personal data. See the various purposes under the section "What data do we collect and why?".
Your rights as a data subject
Subject to applicable law, you may have certain rights with respect to our processing of your personal data, including:
the right to information about how we collect and process your data.
the right to access to a copy of, rectify, correct and update the personal data that we have about you.
the right to restrict processing or have your data deleted, in certain cases.
the right to withdraw any consents you have given at any time, in certain cases.
Please contact us at info@mentr.ai for any of the above or if you consider that our processing of your personal data infringes applicable law.
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”) or your local data protection authority. Please contact us at info@mentr.ai before sending a complaint to the relevant authority, so that we can try to resolve or clarify the issue.