Global Privacy Policy

Comprehensive data protection guidelines complying with GDPR, CCPA, PIPEDA and global privacy laws for our educational technology platform.

Effective Date: July 12, 2025 | Last updated: Aug 15, 2025

Introduction

Welcome to Mentofy. This Privacy Policy outlines how Mentofy ("Mentofy," "we," "our," or "us") collects, uses, discloses, and protects personal information when you access or use our platform, services, websites, mobile applications, and related offerings (collectively, the "Services").

This Policy is designed to comply with global data protection laws, including but not limited to the GDPR (EU), UK GDPR, CCPA/CPRA (USA), PIPEDA (Canada), Privacy Act (Australia), PDPA (Singapore), POPIA (South Africa), PDPO (Hong Kong), DPDP (India), and Vietnam's Law on Cybersecurity and Decree 13/2023/ND-CP.

Global Compliance: We are committed to meeting the highest standards of data protection across all jurisdictions where we operate.

Who We Are

Mentofy is a global EdTech company that provides intelligent exam systems, learning platforms, and data-driven education solutions to individuals, educators, and institutions worldwide.

Our headquarters is located in:
Mentofy, Ha Noi, Vietnam
Email: [email protected]

Scope

This Policy applies to:

  • Visitors to our websites
  • Registered users of Mentofy services
  • Institutional clients and their users
  • Contractors, educators, and examiners

Data We Collect

Information You Provide

  • Name, email, phone number, address
  • Institution name and role
  • Student and teacher data (enrollments, scores, etc.)
  • Uploaded content (quizzes, exams, documents)
  • Payment and billing details
  • Communications with support or other users

Information We Collect Automatically

  • IP address, location (country based not approx)
  • Device type, browser, operating system
  • Session logs, activity logs
  • Cookies and usage tracking (e.g., pages viewed, clicks)

Information From Third Parties

  • Social media accounts (if linked)
  • Integrated platforms (e.g., LMS, payment systems)
  • Marketing affiliates and referrers

How We Use Your Information

We use personal data for the following purposes:

  • To provide and maintain our Services
  • To personalize user experience and recommendations
  • To process payments and manage subscriptions
  • To provide customer support and service updates
  • To conduct analytics, research, and development
  • To fulfill legal, contractual, and compliance obligations
  • To detect and prevent fraud or security threats
  • To communicate service announcements and promotions

Legal Basis for Processing (Where Applicable)

We rely on the following legal bases:

  • Consent
  • Performance of a Contract
  • Legal Obligation
  • Legitimate Interest
  • Vital Interest (in emergency scenarios)

Data Sharing and Disclosure

Mentofy does not sell your personal information.

We may share data with:

  • Cloud hosting providers (e.g., Cloudflare, Google Cloud)
  • Payment processors (e.g., DODO Payments, PayPal, Xendit)
  • Email and notification services
  • Educational institutions and administrators (when applicable)
  • Authorized resellers or affiliates (under strict contracts)
  • Legal authorities or regulators (if required by law)

All data-sharing is governed by Data Processing Agreements (DPAs) or equivalent safeguards.

Cross-Border Data Transfers

We operate globally. Your data may be transferred to and processed in countries outside your jurisdiction. Where required, we use:

  • Standard Contractual Clauses (SCCs)
  • International Data Transfer Agreements (IDTAs)
  • Binding Corporate Rules (where applicable)
  • Adequacy decisions under GDPR

Data Security

Mentofy implements strong technical and organizational measures:

  • End-to-end encryption (TLS 1.3, AES-256)
  • Regular vulnerability assessments and penetration testing
  • Role-based access controls and audit logs
  • 24/7 infrastructure monitoring
  • Secure software development practices (DevSecOps)

Security First: We continuously monitor and improve our security measures to protect your data against emerging threats.

Data Retention

We retain data only as long as necessary for the purposes outlined or to comply with legal, regulatory, or contractual obligations:

  • Account data: Until deletion request or inactivity period (24 months)
  • Exam records: As agreed by institutional contract
  • Financial data: Minimum 7 years (compliance)

Children's Privacy

Mentofy does not knowingly collect personal information from users under the age of 13, or the equivalent minimum age in relevant jurisdictions, without parental or institutional consent.

Important: If we discover that we have inadvertently collected information from a child under the applicable age, we will delete it immediately.

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data ("Right to be Forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Requests should be sent to [email protected].

Cookies & Tracking Technologies

Mentofy uses cookies and similar technologies to:

  • Maintain sessions
  • Analyze user behavior
  • Improve performance
  • Provide personalized content

Cookie preferences can be adjusted via browser or our Cookie Settings panel.

Third-Party Services

Third-party services linked through Mentofy (e.g., Google Docs, YouTube, LMS tools) are governed by their own privacy policies. We are not responsible for their practices.

Note: Please review the privacy policies of any third-party services you choose to use through our platform.

Automated Decision-Making and Profiling

We may use machine learning models to provide insights and recommendations. These do not produce legal effects or similarly significant impacts unless explicitly required and contractually agreed upon.

Changes to This Policy

We reserve the right to update this Privacy Policy. Material changes will be communicated via email or platform notifications. Continued use of Mentofy Services indicates acceptance of the updated terms.

Transparency: We will always notify you of significant changes with adequate notice.

Contact Us

Mentofy

Discord Support Join our Discord server
WhatsApp Community Join our WhatsApp community
Email Support [email protected]

Region-Specific Disclosures

Vietnam

We comply with the Law on Cybersecurity (2018) and Decree 13/2023/ND-CP. Data localization and prior approval requirements may apply.

EU/EEA

Data subjects have rights under the General Data Protection Regulation (GDPR). You may lodge complaints with your local Data Protection Authority.

United Kingdom

We comply with the UK GDPR and Data Protection Act 2018. The UK Information Commissioner's Office (ICO) is your supervisory authority.

United States

We comply with CCPA, CPRA, and state-specific privacy laws. California residents may request access or deletion of personal data. Contact: [email protected]

Canada

We comply with PIPEDA and applicable provincial laws. Canadian users may access and correct personal data through written request.

Australia

We comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs). Complaints may be lodged with the OAIC.

Singapore

We follow the Personal Data Protection Act (PDPA). Users may request access and correction through our Data Protection Officer.

South Africa

We comply with the Protection of Personal Information Act (POPIA). Users can access or request correction of their data.

Hong Kong

We follow the Personal Data (Privacy) Ordinance (PDPO). Requests must be submitted in writing.

India

We comply with the Digital Personal Data Protection Act (DPDP 2023). Cross-border transfers and consent obligations are managed through standard contractual mechanisms.

For questions, concerns, or requests, please email [email protected].