Menta — Privacy Policy
We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.
1. Who is responsible for your data?
Until Menta is incorporated, the data‑controller is Menta (project in formation).
Contact e‑mail: hi@getmenta.com
When a Hong Kong entity is registered we will update this section and notify you.
2. What we collect & why
| Data you provide | Purpose | Legal basis* |
|---|---|---|
| E‑mail address (wait‑list form) | • Send early‑access invitations, product updates and occasional marketing | Consent (GDPR Art 6 (1)(a); PDPO DPP 3) |
| Data collected automatically | Purpose | Legal basis |
|---|---|---|
| IP address, browser & device details recorded in short‑lived Google Cloud server logs | • Security, anti‑abuse, aggregated performance metrics | Legitimate interests (GDPR Art 6 (1)(f)) |
* If you are in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) applies; in the EEA/UK the GDPR/UK GDPR applies; California residents also have rights under the CCPA/CPRA.
No sensitive health data yet. The current wait‑list does not ask for medical or mental‑health information. A separate notice will be provided if we collect such data in future.
3. Cookies & tracking
We do not set any cookies, analytics scripts, advertising trackers or social‑media pixels. The only automated data we receive is contained in the server logs described above.
4. How we share information
| Recipient | Reason | Safeguards |
|---|---|---|
| Hosting provider – Google Cloud Platform | Serve the landing page and store server logs | ISO 27001 & SOC 2; Standard Contractual Clauses (SCCs) or adequacy where required |
| Email delivery service – Postmark | Send wait‑list confirmations and product updates | Data‑processing agreement; automatic one‑click unsubscribe |
| Legal advisers & regulators | Compliance, audits, dispute resolution | Confidentiality obligations |
| Successor entity | If we form, merge or sell the business | Prior notice & updated policy |
We never sell or rent your personal data.
5. International transfers
Your information may be processed on servers located outside your home jurisdiction (e.g., the United States). Where legally required, we rely on Standard Contractual Clauses, adequacy decisions, or your explicit consent (GDPR Art 49 (1)(a)).
6. Retention
Wait‑list emails – retained until you unsubscribe or 18 months after your last interaction, whichever is earlier.
Server logs – automatically deleted by Google Cloud within 30 days.
7. Your rights
Depending on your location, you can request to access, correct, erase, restrict or port your data, or object to our processing. Send any request to hi@getmenta.com. We aim to respond within 30 days (45 days for CCPA).
8. Security
We enforce HTTPS/TLS 1.3, firewall rules and the principle of least privilege. While no system is 100 % secure, we review controls regularly.
9. Children
The Service is not directed to anyone under 16. If you believe a child has provided personal data, contact us and we will delete it promptly.
10. Changes
We may revise this notice as the project evolves. We will post the new version and notify wait‑list subscribers if changes are significant.
Contact
Questions about this Privacy Policy? Email hi@getmenta.com.