mentr privacy policy

Introduction

Mentr (mentr.ai) is a service developed by Nora Software AS. This privacy policy will explain how we (Nora Software AS, Ullevålsalléen 24, 0852 Oslo, Norway, "Nora Software") use the personal data we collect from you when you use our services (the “service” or “Mentr service”).

We protect your data in accordance with the Norwegian Data Protection Act, the EU General Data Protection Regulation (GDPR).

If you have any questions about the privacy policy or any other questions regarding our privacy practices, please contact us at info@mentr.ai.

What data do we collect and why?

We process your personal data in order to provide the Mentr service when using our services, as described below.

When you and others use the service

Your use. When you use the Mentr service , we collect the following data:

• Personal identification information (name and email address)

• Voice data

• Meeting notes, which may include personal data

• Website access data (see below)

• If you connect your Google account, we collect Google user data (see below)

If you decide to use the voice transcriber service feature, we may

• temporarily record your voice and share it with our partner in order to transcribe it to text. This recording is deleted as soon as possible, and always within 24 hours.

• apply machine learning algorithms to both your utterances and your meeting notes, in order to summarize them and provide other information related to them.

The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).

When you request that we delete your account, we will delete all data we have collected about you.

The legal basis for the processing is the legitimate interest of Nora Software (GDPR art. 6 (1) f). In order to provide key the functionality and benefits of the service, the above described data must be retained. The retention is in the interest of all users of the service, creating a win-win for all parties. These interests are legitimate. The retention of data will to a very limited extent violate your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.

Google User Data Policy Compliance

Mentr.ai’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
If you grant permissions for us to access your Google account, we will process:

• Profile data, including e-mail address and name

• Events from your Google calendars

• Contacts from your Google account

We will not share your Google user data with any third parties for other purposes than data storage.

We store all your Google user data in encrypted form, and always transmit it over encrypted connections.

The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).

Our copy of your Google account data will be deleted when you delete your account (see above).

AI data processing and sharing

Through our Third-party Service Providers, Mentr processes your data using AI models.

Voice Transcription and Analysis
To provide our voice transcription and AI analysis services, Mentr partners with trusted third-party service providers, including Deepgram for voice transcription and OpenAI and Anthropic for advanced AI analysis. Here’s how it works:

1. Voice Transcription with Deepgram: When you use Mentr's voice-related services, your audio data is sent to Deepgram to be converted into text. This transcription process is essential for generating accurate meeting summaries and insights.
   
   

2. AI Analysis with OpenAI & Anthropic: The transcribed text is further processed and analyzed by OpenAI's & Anthropic's algorithms to provide you with comprehensive meeting analytics.
   
   

Data Sharing and Security Measures
In our commitment to transparency and trust, we want to make clear the following:

• No Data Storage: Our third-party service providers, Deepgram, Anthropic and OpenAI, do not store any of your data once the transcription and analysis are complete. They are contractually bound to delete all received data immediately after the necessary processing is done.

• No Training on Your Data: Neither Deepgram, Anthropic nor OpenAI uses your data to train their models. The data processed is exclusively for the purpose of providing the services requested by Mentr and improving your user experience.

• Strict Data Handling Protocols: Mentr and our third-party partners adhere to strict data handling and security protocols to ensure that your data is encrypted, securely transmitted, and processed.
  
  

Consent and Control
Your use of Mentr’s services constitutes your consent to the data processing activities as described in this policy. We provide you with control over your data, including options to manage, or delete your data within Mentr’s platform.

We encourage you to review the privacy policies of our third-party service providers, Deepgram, Anthropic and OpenAI, for more detailed information on their data handling and security practices.

When you visit our website

When you visit our website mentr.ai, we collect the following information from your device:

• IP address

• date and time of the access

• name and URL of the accessed file

• browser type and version

• further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.)

We only process these data to ensure the proper operation of our website, for evaluating system security and stability, for analysis and administrative purposes.

The legal basis for the processing is the performance of our contract with you or to fulfill your request (GDPR art. 6 (1) b).

The legal basis for the analysis is the legitimate interest of Nora Software (GDPR art. 6 (1) f). In order to improve the service and thus stay in business, we must analyze how you and other users operate the service. These interests are legitimate. The retention of data will to a very limited extent infringe on your privacy, as most data will be business related and of low personal sensitivity. Thus, our legitimate interest will override your privacy related to this use of the data.  

Data will be deleted after 30 days.

When you contact us via e-mail

In cases where we provide e-mail support, you may contact us via e-mail. In order to respond you your request or inquiry we process:

• Your name

• Your email

• Other personal data you choose to share with us

The processing is necessary for the performance of a contract with you or to fulfill your request (GDPR art. 6 (1) b).

Marketing via email

We send newsletters by e-mail so that you can receive different types of information and offers. It is voluntary to sign up to receive newsletters, and you will only receive e-mails if you have given your consent (GDPR. art. 6 (1) a). It is easy to unsubscribe from the newsletter, either by contacting us or by clicking on the unsubscribe link at the bottom of all newsletters from us.

For our newsletters to be relevant to you at all times, we may, if you have consented to this, use information about you to adapt our newsletters to you.

When sending newsletters, we can measure the opening rate of the newsletter and create aggregated statistics and analyzes to improve our newsletters.

The legal basis for this and our processing for marketing purposes is our legitimate interest in marketing through relevant newsletters (GDPR art. 6 (1) f)). The marketing related processing is required for us to stay in business. The processing constitutes a very limited infringement of your privacy.    

We use Mailjet as our newsletter provider. Read Mailjet's privacy policy.

When you delete your account or request us to, we will delete your information from our marketing database.

Error data reporting

We use error reporting tools which may include personal data for the purpose of error reporting. The data will be processed solely for the purpose of testing and resolving compatibility issues, fixing and resolving bugs or other quality issues related to the service. The legal basis for the processing is the performance of our contract with you or enabling us to reply to your request for the service (GDPR art. 6 (1) b).

Any personal data that is included in our error reporting will be deleted after 30 days.

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology (e.g. local storage).

How do we use cookies?
Nora Software uses persistent first-party cookies to keep you signed into the application. They expire after one year. We do not use third-party cookies.

How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

The cookies we use:

Service Purpose 
Google AnalyticsAnalyze website traffic, user behavior, and interactionsGoogle Tag ManagerSimplify the process of managing and deploying various scripts and marketing tags on a website.Google AdsAdvertising, retargeting and conversion trackingHotjarUnderstand and visualize user interactions on the website, such as clicks, scrolls and mouse movementsDelighted by QualtricsCollect and analyze customer feedbackMeta / FacebookAdvertising, retargeting and conversion trackingHubspotAnalyze website traffic, user behavior, and interactions

Where we process your data

Service providers
We do not process your data using third parties unless there is a legitimate and legal basis for doing so. We use third party services for a number of purposes, as listed below.

We will only process your personal data with third parties as described in this privacy policy and do not sell any personal data. The third parties will be responsible for any processing of personal data for their own purposes.

Our service providers are:

Service, Purpose, Legal basis 
Cloudflare: Hosting - GDPR art. 6 (1) b Privacy policy
Google: Calendar and user data - GDPR art. 6 (1) b, f Privacy policy
Mailjet: Email service - GDPR art. 6 (1) a Privacy policy

Anthropic: AI Analysis - GDPR art. 6 (1) b Privacy policy
OpenAI: AI Analysis - GDPR art. 6 (1) b Privacy policy
Deepgram: Transcription - GDPR art. 6 (1) b Privacy policy
Fly.io: Proxy services - GDPR art. 6 (1) b Privacy policy
Hotjar: Usage analysis - GDPR art. 6 (1) f Privacy policy
Meta (Facebook): Advertisement and analytics - GDPR art. 6 (1) f Privacy policy
Hubspot: CRM system - GDPR art. 6 (1) a Privacy policy
Encharge: Marketing automation - GDPR art. 6 (1) f Privacy policy

LinkedIn
We have an account on LinkedIn to present our products, services and Nora Software.

LinkedIn allows us to see posts, likes, follows, comments, messages, as well as aggregated statistics to help us understand the visitor’s actions on our pages. LinkedIn process personal data in the USA and other countries listed in their privacy policy. The European Union Standard Contractual Clauses (SCC) are the legal basis for the transfer from the European Economic Area (EEA) to the USA.

As the vast majority of the processing taking place will be by Linkedin as data controller, please read more in LinkedIn’s privacy policy.

Business transactions

Relevant personal data may also be provided to third parties such as lawyers, advisers, buyers and prospects in connection with a business transaction, including a prospective or completed merger, acquisition or stock sale (including transfers made as part of insolvency or bankruptcy proceedings). Non-disclosure agreements or professional obligations of secrecy will protect your personal data.

Safety measures

We are constantly working to protect your personal information and other confidential information. Our security measures include physical, technical and administrative measures.

Everyone at Nora Software who handles personal data has received training and guidance on how to handle personal data safely. We have routines and access control to prevent the loss or disclosure of your personal information. We adopt industry standard software and guidelines to protect your personal data and other confidential information.

Any violation of our security practices will be  documented. We have procedures and capacity to detect and address security and privacy breaches. If such breaches are detected, this will be reported to management, the risk of security breaches will be assessed, and the Data Inspectorate will be notified if necessary. You will also be notified as a user if the security breach poses a high privacy risk to you.

How long we store your data

We will retain and use personal information only for as long as we have a legal basis for doing so. That could mean minutes, hours, days, months or years, depending on the type of personal data. See the various purposes under the section "What data do we collect and why?".

Your rights as a data subject

Subject to applicable law, you may have certain rights with respect to our processing of your personal data, including:

• the right to information about how we collect and process your data in.

• the right to access to a copy of, rectify, correct and update the personal data that we have about you.

• the right to restrict processing or have your data deleted, in certain cases.

• the right to withdraw any consents you have given at any time, in certain cases.
  
  

Please contact us at info@mentr.ai for any of the above or if you consider that our processing of your personal data infringes applicable law.

If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”) or your local data protection authority. Please contact us at info@mentr.ai before sending a complaint to the relevant authority, so that we can try to resolve or clarify the issue.