Privacy Policy

Mentrast Protocol ("Company", "we", "us", or "our") operates the Mentrast Platform (the "Service"). We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at privacy@mentrast.com. When you visit our website and use our Service, you trust us with your personal information. We take your privacy very seriously. In this privacy notice, we verify our privacy standards and seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it.

For the purposes of this Privacy Policy: • **Account** means a unique account created for You to access our Service or parts of our Service. • **Company** (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Mentrast Protocol. • **Cookies** are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses. • **Device** means any device that can access the Service such as a computer, a cellphone or a digital tablet. • **Personal Data** is any information that relates to an identified or identifiable individual. • **Service Provider** means any natural or legal person who processes the data on behalf of the Company. • **Usage Data** refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

We collect several different types of information for various purposes to provide and improve our Service to you. **3.1 Personal Data** While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to: - Email address - First name and last name - Phone number - Address, State, Province, ZIP/Postal code, City **3.2 Usage Data** Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. **3.3 Learning & Behavioral Data** As an educational platform, we collect comprehensive data on your learning patterns, including: - Assessment scores and response times. - Curriculum interaction heatmaps. - Subject mastery levels and progression rates. - Chat logs with AI tutors for context retention.

**4.1 Large Language Model (LLM) Interactions** Our Service utilizes advanced LLMs to generate educational content. By using the Service, you acknowledge that your inputs (prompts) and the AI's outputs are processed to deliver the Service. **4.2 Training & Improvement** We may use anonymized, aggregated data derived from user interactions to fine-tune our AI models. We DO NOT use your personally identifiable information (PII) or private chat logs to train public foundation models without your explicit opt-in consent. **4.3 Automated Decision Making** The Service employs automated decision-making algorithms to generate adaptive curricula. This means the system automatically determines the difficulty and sequence of learning materials based on your performance. You have the right to request human review of significant automated decisions affecting your educational certification.

The Company may use Personal Data for the following purposes: - **To provide and maintain our Service**, including to monitor the usage of our Service. - **To manage Your Account:** to manage Your registration as a user of the Service. - **To perform a contract:** the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased (if applicable) or of any other contract with Us through the Service. Note: The Service is currently free, so no payment data is processed. - **To contact You:** To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication. - **To provide You** with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about. - **To manage Your requests:** To attend and manage Your requests to Us. - **For business transfers:** We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include: - **Session Cookies.** We use Session Cookies to operate our Service. - **Preference Cookies.** We use Preference Cookies to remember your preferences and various settings. - **Security Cookies.** We use Security Cookies for security purposes. - **Advertising Cookies.** Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

We do not sell your personal data. We may share your information in the following situations: - **With Service Providers:** We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You. - **For business transfers:** We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company. - **With Affiliates:** We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. - **with Business partners:** We may share Your information with Our business partners to offer You certain products, services or promotions. - **With other users:** when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. If you are located in the European Economic Area (EEA), we adhere to the Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to Data Processors established in third countries.

We employ state-of-the-art security measures designed to protect your data: - **Encryption at Rest:** AES-256 encryption for all database records. - **Encryption in Transit:** TLS 1.3 for all data moving between your device and our servers. - **Access Controls:** Strict Role-Based Access Control (RBAC) ensuring only authorized personnel have access to specific data sets. - **Regular Audits:** We conduct quarterly security audits and penetration testing. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Depending on your jurisdiction, you may have the following rights regarding your data: - **The right to access** – You have the right to request copies of your personal data. - **The right to rectification** – You have the right to request that we correct any information you believe is inaccurate. - **The right to erasure** – You have the right to request that we erase your personal data, under certain conditions ("Right to be Forgotten"). - **The right to restrict processing** – You have the right to request that we restrict the processing of your personal data, under certain conditions. - **The right to object to processing** – You have the right to object to our processing of your personal data, under certain conditions. - **The right to data portability** – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If you access our Service via our Application Programming Interface ("API"), we collect data regarding your API usage, including request rates, token consumption, and endpoint interactions. You agree that we may monitor your API usage to ensure quality, improve our products and services, and verify your compliance with our terms. This data is retained for security and billing purposes.

Our Service may integrate with third-party Foundation Models (e.g., from providers like OpenAI, Anthropic, or Google). When you interact with these models through Mentrast: - **Data Isolation:** We enforce strict data isolation protocols. Your personal identity is not passed to these third parties unless explicitly required for a specific feature you opt-in to. - **Zero Retention:** We configure our enterprise agreements with these providers to ensure they do not retain your inputs for their own model training.

From time to time, we may invite you to try new or "Early Access" features. Participation is voluntary. You understand that early access features may be less stable and that data generated within these environments may not be permanent or recoverable. We collect enhanced telemetry during testing to rapidly identify and fix bugs.

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, please contact us: - By email: privacy@mentrast.com - By visiting this page on our website: mentrast.com/contact

We do not currently collect or process biometric data (such as facial recognition, fingerprints, or voiceprints) as defined by applicable laws. In the future, if specific features require such data (e.g., for identity verification), we will obtain your explicit, written consent before collection and will provide a specific mechanism for revocation.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These include the right to know what personal information is sold or shared and to opt-out of such sale or sharing. Mentrast Protocol does not "sell" your personal data in the traditional sense, but we may "share" data for cross-context behavioral advertising, for which you have the right to opt-out.

For users in the European Union (EU) or United Kingdom (UK), we have appointed a representative to ensure compliance with GDPR. You may contact our Data Protection Officer (DPO) at dpo@mentrast.com for any concerns regarding your data rights within these jurisdictions.