Privacy Policy
Last updated: July 9, 2026
Mentionova ("Mentionova", "we", "us", or "our") provides an AI visibility monitoring and content platform available at mentionova.com and app.mentionova.com (together, the "Service"). This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the rights and choices available to you. By using the Service you agree to the practices described here.
1. Information we collect
Information you provide
- Account information: name, email address, password (stored as a secure hash), organization name, and role.
- Workspace content: brand details, competitor lists, tracked questions and prompts, articles, campaigns, and other content you create or upload in the product.
- Integration credentials: API keys and tokens you choose to connect (for example, a CMS token). These are encrypted at rest and used only to perform the actions you configure.
- Billing information: plan, billing address, and payment details. Payments are handled by our payment processor; we never store full card numbers on our systems.
- Communications: messages you send to support and survey responses.
Information collected automatically
- Usage data: pages viewed, features used, actions taken, and approximate timing, collected through first-party product analytics to understand and improve the Service.
- Device and log data: IP address, browser type, operating system, referring pages, and error logs.
- Cookies and similar technologies: we use cookies to keep you signed in, remember preferences, and measure product usage across our own domains. You can control cookies through your browser settings; disabling essential cookies may break sign-in.
Information from third parties
- Connected services: data from services you explicitly connect, such as Google Search Console and Google Analytics (described in Section 2), or a CMS you authorize for publishing.
- Public sources: publicly available web content and AI-engine responses that the Service monitors as part of its core visibility-tracking functionality. This may incidentally include public references to individuals; we use it only to provide brand-visibility reporting.
2. Google user data
If you choose to connect Google Search Console or Google Analytics to a workspace, Mentionova accesses the following Google user data using read-only OAuth scopes:
- Search Console data (webmasters.readonly): impressions, clicks, average positions, and queries for the site properties you select.
- Google Analytics data (analytics.readonly): sessions, users, and engagement metrics for the properties you select.
We use this data solely to display your own metrics inside your Mentionova dashboard and to compute insights for you, such as trends, page performance, and content recommendations. In particular:
- We do not sell Google user data and do not use it for advertising.
- We do not transfer it to third parties except as necessary to provide the Service (for example, secure database hosting), to comply with applicable law, or as part of a merger or acquisition with prior notice to you.
- Humans do not read this data except with your permission, where necessary for security or debugging, to comply with law, or when aggregated and de-identified for internal operations.
- OAuth tokens are encrypted at rest. Disconnecting an integration deletes the stored tokens, and you can revoke Mentionova's access at any time at myaccount.google.com/permissions.
Mentionova's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
3. How we use information
- Provide, operate, secure, and improve the Service.
- Authenticate you and maintain your session.
- Display your analytics, visibility metrics, and reports back to you.
- Power AI features you invoke: workspace content you provide may be sent to large-language-model providers to generate the outputs you request. Your Google credentials are never shared with model providers.
- Process payments, manage subscriptions, and prevent fraud or abuse.
- Send service communications (receipts, security notices, product updates). Marketing emails include an unsubscribe link.
- Comply with legal obligations and enforce our Terms of Service.
4. How we share information
We do not sell personal information. We share information only with:
- Service providers that help us operate the Service, such as cloud hosting, database, payment processing, email delivery, product analytics, and AI model providers. Each is bound to process data only as needed to provide their service to us.
- Your organization: workspace data is visible to other members of your organization according to the roles and permissions you configure.
- Legal and safety: when required by law, subpoena, or to protect the rights, safety, and security of Mentionova, our users, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you.
5. Data retention
We retain your information while your account is active and as needed to provide the Service. When you delete a workspace or your account, associated data is deleted or de-identified within 30 days, except where a longer period is required for legal, tax, or security purposes (for example, billing records). Backups are purged on a rolling schedule.
6. Security
We use industry-standard safeguards: encryption in transit (TLS) and at rest, application-layer encryption for tokens and API keys, role-based access controls, and least-privilege access to production systems. No method of transmission or storage is 100% secure; if we learn of a breach affecting your personal data we will notify you as required by law.
7. Your rights and choices
Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal information, and to object to certain processing. You can exercise most of these directly in the product (Settings) or by emailing us. We respond to verified requests within the timeframes required by applicable law (including GDPR and CCPA/CPRA). We do not discriminate against you for exercising your rights. If you are in the EEA or UK and believe our processing violates data-protection law, you may lodge a complaint with your supervisory authority.
8. International transfers
We are based in the United States and process data there. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email or in-app notice before they take effect. The "Last updated" date above reflects the current version.
11. Contact
Questions or requests: contact@mentionova.com