Legal

Privacy Policy

Last updated: April 9, 2026

1. Overview

Mentiv ("we," "us," or "our") helps students find relevant academic researchers and draft personalized outreach emails. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using Mentiv, you agree to the practices described here.

2. Information We Collect

Account information. When you create an account we collect your name, email address, and authentication credentials via Clerk, our third-party authentication provider.

Profile information. To generate personalized emails, we collect information you voluntarily provide: your grade level, school, research interests, prior research experience, outreach goals, and academic skills.

Gmail OAuth tokens. If you choose to connect Gmail for direct email sending, we store your OAuth refresh and access tokens in encrypted form (AES-256 via Fernet). We never read your inbox — tokens are used solely to send emails you explicitly draft and approve.

Usage data. We store your search queries, professor matches, and generated email drafts so you can access your history and avoid re-contacting the same professors.

Payment information. Billing is handled by Stripe. We do not store your credit card number or payment details — only your Stripe customer ID and subscription status.

3. How We Use Your Information

  • To operate and improve the service — matching you with professors, generating email drafts, and maintaining your search history.
  • To personalize email generation — your profile and research background are sent to Anthropic's Claude API to produce relevant, specific outreach.
  • To process payments — your subscription and credit balance are managed via Stripe.
  • To send emails on your behalf — only when you explicitly click send, using the Gmail account you connected.
  • To prevent abuse — we track credit usage and deduplicate outreach so the same professor isn't emailed twice.

4. Third-Party Services

We share limited information with the following services to operate the product:

ClerkAuthentication and user managementPrivacy ↗
SupabaseDatabase storage for your profile, searches, and email draftsPrivacy ↗
Anthropic (Claude)AI generation of email drafts and profile structuringPrivacy ↗
Semantic ScholarAcademic paper and professor search (read-only)Privacy ↗
Google (Gmail API)Sending emails from your account when you choose to connect GmailPrivacy ↗
StripePayment processing and subscription managementPrivacy ↗

We do not sell your personal information to any third party.

6. Google API Data

This section specifically addresses how Mentiv handles data obtained through Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

Data Accessed

Mentiv requests only the https://www.googleapis.com/auth/gmail.send scope. This allows the app to send emails on your behalf. We do not request access to read, modify, delete, or search your inbox, contacts, calendar, or any other Google data. No Gmail message content, metadata, labels, or contact information is ever accessed or stored.

Data Usage

Your Gmail OAuth tokens are used for one purpose only: sending outreach emails that you explicitly draft, review, and approve inside Mentiv. The tokens are never used for any background activity, automated sending, analytics, advertising, or any purpose beyond this single send action initiated by you. Mentiv's use of Google user data is not used to develop, improve, or train generalized AI or ML models.

Data Sharing

Your Gmail OAuth tokens and any Google user data are never sold, transferred, or disclosed to third parties. They are not shared with Anthropic, Stripe, Semantic Scholar, or any other service. The tokens exist solely on our encrypted backend and are used only to authenticate the send request directly to Google's API.

Data Storage & Protection

OAuth access and refresh tokens are encrypted at rest using AES-256 (Fernet symmetric encryption) before being written to our database. The encryption key is stored separately from the data. All data is hosted on Supabase with row-level security policies that restrict access to your own tokens exclusively. All communication between Mentiv's backend and Google's API occurs over HTTPS/TLS.

Data Retention & Deletion

Your Gmail OAuth tokens are deleted immediately when you disconnect Gmail in your account settings. If you delete your Mentiv account, all OAuth tokens are deleted within 30 days. You can also revoke Mentiv's access at any time directly from your Google Account permissions page. Revoking access there immediately invalidates your tokens on Google's side.

5. Cookies

We use essential cookies only — solely to manage your authenticated session. We do not use advertising, analytics, or behavioral tracking cookies. For a full breakdown of every cookie set by this service, see our Cookie Policy.

7. Data Retention

We retain your account data and search history for as long as your account is active. If you delete your account, we will delete your profile, search history, email drafts, and Gmail tokens within 30 days, except where retention is required by law. Stripe may retain billing records independently per their own retention policies.

8. Security

Gmail OAuth tokens are encrypted at rest using AES-256 (Fernet). All data is stored in Supabase with row-level security policies — each user can only access their own data. API access requires authenticated JWT tokens issued by Clerk. We use HTTPS for all data transmission. No security measure is perfect, but we take reasonable precautions to protect your information.

9. Your Rights

You may, at any time:

  • Access or export your profile and email history from your dashboard.
  • Edit or delete your profile information at any time.
  • Disconnect Gmail — removing your stored OAuth tokens — in account settings.
  • Delete your account entirely by contacting us at the address below.
  • Opt out of AI-generated email drafts by not using the generate feature.

If you are a resident of the European Economic Area or California, you may have additional rights under GDPR or CCPA. Contact us to exercise them.

10. Children

Mentiv is designed for high school and college students. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the service. If we learn we have collected information from a child under 13 without parental consent, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by updating the "Last updated" date at the top and, for material changes, by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Contact

Questions or requests regarding this Privacy Policy can be directed to support@mentiv.io.