Privacy Policy
Last updated: June 7, 2026
1. Overview
Mentio ("we", "our", "the service") helps developers and small teams turn WhatsApp group mentions into organized tasks. This policy explains what data we collect, how we use it, and the controls you have over it.
2. Data We Collect
- Account data: your name and email address when you register or sign in (via email or Google).
- WhatsApp messages: only messages in groups you connect, and only those that mention your watched number. We store the message text, sender name, and timestamp to create tasks.
- Task data: tasks you create or that are generated from mentions, including titles, descriptions, dates, and status.
- Google Calendar data: if you connect Google Calendar, we create, update, and delete calendar events that correspond to your Mentio tasks. See section 4.
3. How We Use Your Data
- To capture task requests from WhatsApp groups you monitor.
- To generate AI summaries and infer task priority from message content.
- To display your tasks on a dashboard and calendar.
- To sync tasks to your Google Calendar when you enable the integration.
4. Google User Data & Limited Use
When you connect Google Calendar, Mentio requests access to thehttps://www.googleapis.com/auth/calendarscope solely to create, update, and delete calendar events that mirror your Mentio tasks.
Mentio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google Calendar data to provide the task-sync feature you explicitly enable.
- We do not transfer or sell Google user data to third parties.
- We do not use Google user data for advertising.
- We do not allow humans to read your Google data unless you give explicit consent, it is required for security, or required by law.
- You can disconnect Google Calendar at any time in Settings → Integrations, which deletes the stored access and refresh tokens.
5. Data Storage & Security
We implement the following technical and organizational measures to protect your data:
- Encryption in transit: All communication between your browser, our servers, and third-party APIs (Google, WhatsApp) is transmitted over TLS (HTTPS). Unencrypted connections are rejected.
- Encryption at rest: The database and all backups are encrypted at rest. OAuth access tokens and refresh tokens are additionally encrypted at the application level before being written to the database, using AES-256 encryption with keys stored separately from the data.
- Sensitive data minimization: We store only the minimum WhatsApp message content necessary to create a task (the mention message, sender name, and timestamp). Full chat history is never stored.
- Access control: Each user can only access their own data. All API endpoints enforce session-based authentication. Database access is restricted to application service accounts with least-privilege permissions.
- Token security: Google OAuth tokens are stored per-user in encrypted form and are immediately purged when you disconnect the integration. Tokens are never logged or included in error reports.
- Infrastructure security: Application servers run in an isolated environment with restricted inbound network access. Database ports are not exposed to the public internet.
6. Data Retention & Deletion
You can delete tasks, disconnect integrations, or request full account deletion at any time. Disconnecting Google Calendar immediately removes the stored tokens. To delete your account and all associated data, contact us at the email below.
7. Third-Party Services
Mentio uses Google (authentication and Calendar), Anthropic/Claude (AI summaries), and WhatsApp connectivity via the Baileys library. Each processes data only as needed to provide their respective features.
8. Contact
Questions about this policy or your data? Email resansaint@gmail.com.