Privacy Policy

Mentioned.pro

Last Updated: February 11, 2026 | Effective Date: February 11, 2026

1. Introduction

Welcome to Mentioned.pro ("we," "our," or "us"). Mentioned.pro is operated by Kyle, a sole proprietor. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you access or use our website, application, and services (collectively, the "Service").

This Privacy Policy applies to all users of the Service worldwide. We are committed to protecting your privacy in compliance with applicable data protection laws, including but not limited to the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), Brazil's Lei Geral de Proteção de Dados (LGPD), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Australia's Privacy Act 1988, South Africa's Protection of Personal Information Act (POPIA), Zimbabwe's Data Protection Act, and other applicable privacy and data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Data Controller

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

Kyle Operating as: Mentioned.pro Contact Email: kylejira@gmail.com

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, and we do not have a local establishment, you may contact us at the email address above regarding any data protection matters.

3. Information We Collect

3.1 Information You Provide Directly

Account Information: When you register for an account, we collect your name, email address, and password (hashed and encrypted).
Payment Information: When you purchase a subscription or credits, we collect billing information including your name, billing address, and payment card details. Payment card information is processed directly by our payment processor, Stripe, Inc., and we do not store your full payment card number on our servers.
Scan Inputs: When you use our AI visibility scanning feature, you provide product names, brand names, URLs, descriptions, and other business information ("Scan Data") that you wish to have analyzed.
Communications: If you contact us via email, support ticket, or other channels, we collect the content of your communications and any information you voluntarily provide.

3.2 Information Collected Automatically

Usage Data: We collect information about your interactions with the Service, including scan history, features used, pages visited, timestamps, frequency of use, and error logs.
Device and Technical Data: We collect your IP address, browser type and version, operating system, device type, screen resolution, language preference, referring URL, and unique device identifiers.
Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing activity. See Section 9 (Cookies and Tracking Technologies) for more details.
Log Data: Our servers automatically record information created by your use of the Service, including request timestamps, API calls, and system activity logs.

3.3 Information from Third Parties

Authentication Providers: If you sign in using a third-party authentication provider (e.g., Google, GitHub), we may receive your name, email address, and profile picture from that provider.
Analytics Providers: We may receive aggregated or pseudonymized analytics data from third-party analytics services.

4. How We Use Your Information

We use the information we collect for the following purposes and on the following legal bases:

4.1 Service Delivery and Performance of Contract

To create and manage your account.
To process your payments and manage subscriptions.
To perform AI-powered visibility scans by processing your Scan Data through artificial intelligence models.
To deliver scan results and reports to you.
To provide customer support and respond to your requests.

4.2 Legitimate Interests

To improve, maintain, and optimize the Service and user experience.
To analyze usage patterns and trends to enhance our features.
To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
To enforce our Terms of Service and protect our legal rights.

To send you marketing communications, newsletters, and promotional offers (you may opt out at any time).
To use non-essential cookies and tracking technologies for analytics and advertising purposes.

4.4 Legal Obligations

To comply with applicable laws, regulations, legal processes, or governmental requests.
To maintain records as required by tax, financial, or other regulatory obligations.

5. Artificial Intelligence Data Processing

Our Service uses artificial intelligence ("AI") to analyze your Scan Data and generate visibility reports. This section provides transparency about how your data is processed by AI systems.

AI Processing: Your Scan Data (including product names, brand names, URLs, and descriptions) is transmitted to third-party AI service providers, including OpenAI and/or Anthropic, for processing. These providers process your data in accordance with their respective data processing agreements and privacy policies.
Purpose: AI processing is used solely to perform the visibility scans you request and to generate the corresponding results and reports.
No Automated Decision-Making with Legal Effects: We do not use AI to make automated decisions that produce legal or similarly significant effects on you. AI-generated scan results are informational tools only.
Data Retention by AI Providers: We have entered into data processing agreements with our AI providers. Pursuant to these agreements, AI providers may temporarily process your data but are contractually restricted from using your data to train or improve their models. Please refer to the privacy policies of OpenAI and Anthropic for further details.
Human Review: AI-generated outputs may be subject to human review for quality assurance purposes.

We do not sell your personal information. We may share your information with the following categories of recipients:

6.1 Service Providers and Processors

We engage third-party service providers who process personal data on our behalf to help us operate the Service. These providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures. Our key service providers include:

Hosting: Vercel, Inc. — provides web hosting and serverless compute infrastructure. Data may be processed in the United States and other jurisdictions where Vercel operates.
Database: Supabase, Inc. — provides database hosting and backend services. Data may be processed in the United States or the region you select.
Payments: Stripe, Inc. — processes payment transactions. Stripe is a PCI DSS Level 1 certified payment processor. Your payment card data is transmitted directly to Stripe and is not stored on our servers.
AI Processing: OpenAI, LLC and/or Anthropic, PBC — process Scan Data to generate visibility reports.
Analytics: We may use services such as Google Analytics, Hotjar, or similar providers to collect and analyze usage data. These providers may use cookies and similar technologies.

6.2 Legal and Compliance Disclosures

We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to: comply with a legal obligation, court order, or governmental request; protect and defend our rights or property; prevent fraud or illegal activity; or protect the personal safety of users or the public.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Service prior to any such transfer becoming effective and your personal data becoming subject to a different privacy policy.

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.

Where we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
The UK International Data Transfer Agreement or Addendum, as applicable.
Data processing agreements with our service providers that include appropriate technical and organizational security measures.
Any other valid transfer mechanisms recognized under applicable law.

You may request a copy of the applicable transfer safeguards by contacting us at the email address provided in Section 2.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, tax, or reporting requirements.

Account Data: Retained for the duration of your active account, plus up to 30 days after account deletion to allow for recovery or dispute resolution.
Scan Data and Results: Retained for the duration of your active account. You may request deletion of specific scan data at any time.
Payment Records: Retained for up to 7 years after the transaction date to comply with applicable tax and financial record-keeping obligations.
Usage and Analytics Data: Retained in aggregate or pseudonymized form for up to 26 months for analytics purposes.
Communications: Retained for up to 3 years after the last interaction, unless a longer retention period is required by law.

When personal data is no longer required, we will securely delete or anonymize it.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. A cookie is a small text file placed on your device by a website.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the Service to function (e.g., session authentication, security tokens, CSRF protection). These cannot be disabled.
Functional Cookies: Remember your preferences and settings (e.g., language, display preferences).
Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics, Hotjar). These cookies collect aggregated, anonymized information.
Marketing/Advertising Cookies: Used to deliver relevant advertisements and track campaign effectiveness. We will only set these cookies with your prior consent where required by law.

9.2 Managing Cookies

You can manage your cookie preferences through our cookie consent banner when you first visit the Service. You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

For users in the EEA, UK, and other jurisdictions requiring opt-in consent for non-essential cookies, we will not set analytics or marketing cookies until you have provided your affirmative consent.

9.3 Do Not Track

Some browsers include a "Do Not Track" (DNT) signal. We currently honor DNT signals and Global Privacy Control (GPC) signals as opt-out requests for the sale or sharing of personal information where required by applicable law.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS/SSL (HTTPS).
Encryption of sensitive data at rest.
Secure password hashing using industry-standard algorithms.
Regular security assessments and vulnerability monitoring.
Access controls limiting data access to authorized personnel only.
Secure coding practices and regular code reviews.
Incident response procedures for prompt identification and remediation of security incidents.

While we strive to protect your personal data, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users and relevant supervisory authorities in the event of a data breach, in accordance with applicable law.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions.
Right to Restriction: You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

11.2 Rights Under CCPA/CPRA (California Residents)

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide the Service.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

11.3 Rights Under Other Jurisdictions

If you are located in Virginia, Colorado, Connecticut, or other U.S. states with comprehensive privacy laws, Brazil (LGPD), Canada (PIPEDA), Australia, South Africa (POPIA), Zimbabwe, or other jurisdictions with data protection legislation, you may have similar rights to access, correct, delete, and port your data, and to opt out of certain types of processing. We will respond to your requests in accordance with the applicable law.

11.4 How to Exercise Your Rights

To exercise any of your rights, please contact us at the email address provided in Section 2. We will respond to your request within the timeframe required by applicable law (generally 30 days under GDPR, 45 days under CCPA/CPRA). We may need to verify your identity before processing your request. If your request is complex or we receive a high volume of requests, we may extend the response period as permitted by law and will notify you of any extension.

12. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to promptly delete such information. If you believe a child has provided us with personal information, please contact us immediately at the email address in Section 2.

13. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Service.

14. Marketing Communications

With your consent or where otherwise permitted by law, we may send you marketing communications about our products, services, and promotions. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at the email address in Section 2. Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., account confirmations, security alerts, billing notifications).

15. Supplemental Notice for California Residents

This section provides additional information required by the CCPA/CPRA for California residents.

Categories of Personal Information Collected: Identifiers (name, email, IP address); commercial information (purchase history, scan credits); Internet/electronic network activity (usage data, browsing history); geolocation data (derived from IP address); professional information (business/brand names provided in scans); inferences drawn from the above.
Sources of Personal Information: Directly from you; automatically through the Service; from third-party authentication providers.
Business Purpose for Collection: Service delivery, payment processing, security, analytics, and compliance as described in Section 4.
Categories of Third Parties: Service providers/processors as described in Section 6.1.
Sale/Sharing: We do not sell or share personal information as defined by the CCPA/CPRA.
Retention: As described in Section 8.
Financial Incentives: We do not offer financial incentives related to the collection of personal information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Privacy Policy on the Service with a revised "Last Updated" date and, where required by law or where changes are significant, by sending you an email notification. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Kyle Mentioned.pro Email: kylejira@gmail.com

We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and no later than the period required by applicable law.