Privacy Policy
Version: v1.5
Welcome to MENTALOK.IO!
The MentaLab platform is dedicated to delivering products and services related to Natural Language Processing (NLP) and Large Language Models (LLM), utilising both our own offerings and those provided by third parties with whom we collaborate.
We place great importance on the security of your personal data and are committed to creating a secure online environment for our users. This Privacy Policy outlines the purposes, methods, scope, and security measures associated with the collection, use, storage, sharing, transfer, and processing of your personal information as we provide our products and services to you.
This Privacy Policy is not applicable to services provided by third parties that utilise our products or services, such as our API, to deliver their own offerings to end users. In cases where a third party serves as a personal information processor—by presenting, linking, or repackaging our products and services—end users are required to comply with the privacy policy of that third party.
Before using MentaLab products and services, it is imperative that you read and fully comprehend this Privacy Policy. By using the relevant products or services, you acknowledge that you have understood and agreed to the terms outlined in this Privacy Policy.
1.0. Collection and Use of Your Personal Information
1.1. Personal Information Collected During Your Use of Our Products and Services
We may collect and utilise your personal information to fulfil the essential business functions of our platform. Below is a comprehensive outline of our core business functions and the types of information required to achieve these functions. We will only collect and use such personal information with your explicit consent:
1.1.1. Account Registration/Login
To register or log in to your account, you must provide your email address or phone number along with a password. Alternatively, you may opt to register via a third-party account, in which case we will gather information from your third-party account. If you register as a corporate user, you may also provide us with basic business information such as your name, work email, position and company name to complete your account registration.
1.1.2. Utilisation of Paid Services/Products
When you engage with our paid services/products, we will collect necessary payment details including your order information, billing address, billing contact and payment information to facilitate invoicing and the payment process for your orders.
1.1.3. User Input Information
While using our products/services, we will collect any personal information contained in the content you input, files you upload, or feedback you provide (collectively referred to as "Input Information") to generate content tailored to your needs. Please be aware that failure to provide such information will prevent you from accessing the corresponding services/products. We will not retain Input Information that could be used to identify a user, nor will we create user profiles based on Input Information and usage. If you choose to use voice input, you must grant microphone permissions; otherwise, you will be unable to input content via voice.
1.1.4. Communication Information
If you reach out to us through any communication channels, we may collect your name, contact details and any messages you send us during our communications (collectively referred to as "Communication Information") to verify your identity and address any issues you raise.
1.1.5. Browsing and Login Data
When you browse or log in to use our products/services, we may collect your user-side system time, time zone, and IP address. This information allows us to monitor user traffic based on system time, time zone, and IP address, enabling us to conduct data analysis to maintain the security of our system.
1.1.6. Cookie and Browser Information
We will collect cookie data to identify logged-in users. Additionally, we will gather your selected browser language while using our services, allowing us to adjust the website language accordingly for your convenience. Furthermore, we collect technical browser information to identify details about your browser type and version, ensuring compatibility with browser APIs and enhancing your experience on our platform.
1.1.7. Aggregation and De-identification of Information
We may aggregate or de-identify your personal information and Input Information based on the data collected as described above, rendering it incapable of identifying you. This aggregated information may be utilised to analyse the effectiveness of our services, thereby facilitating improvements and the addition of new features. We may periodically analyse the general behaviour and characteristics of our users based on the aforementioned information, summarise and analyse such data, and share it with third parties, publish, or publicly disclose such summary information. It is important to note that this summary information does not constitute personal information, as it cannot identify specific individuals, and we will not attempt to re-identify individuals from such summary data.
1.2. Personal Information Acquired from Third Parties
1.2.1. Acquisition of Data from Third Parties
We may obtain your personal information from a third party (partner) with your explicit consent. In this context, the third party acts as a data processor (controller) of your personal information. The type and extent of personal information shared with the third party, as well as the methods of sharing, will be determined by the third party based on its products and services. We encourage you to carefully review the privacy policy and user agreement of the third party. We will process your personal information under the authority of the third party strictly in accordance with the contract established between us and the third party. We assure you that your personal information will be handled in full compliance with the terms of the contract and applicable laws.
1.2.2. Utilisation of Publicly Available Information
We may collect and appropriately utilise publicly available information about you from websites and other public channels, or acquire business information that your company has publicly disclosed from third parties. This information aids us in gaining a better understanding of our customer base, including your industry, company size, and website URL.
Please note that if such information cannot individually or collectively identify you, it will not be classified as personal information under the law. Conversely, if your information can identify you either individually or in conjunction with other information, or if we use any data that cannot be linked to specific personal information in combination with your other personal information, such information will be treated and protected as your personal information in accordance with this Privacy Policy during the period of combined use.
2.0. Utilisation of Cookies and Similar Technologies
When you utilise our services, we will store small data files known as Cookies on your computer or mobile device to ensure the proper functioning of our website. Cookies typically contain identifiers, site names, and various numbers and characters. The primary functions of Cookies are to facilitate your use of our platform's products and services and to assist our website in counting unique visitors.
Through Cookies, we can offer you more personalised services and allow you to set specific service options. When you engage with our platform's products and/or services, we will send Cookies to your device. When you interact with services provided by us to partners, we permit Cookies (or other anonymous identifiers) to be sent to our servers.
We will not utilise Cookies for any purpose other than those outlined herein. You have the option to manage or delete Cookies according to your preferences. You can clear all Cookies stored on your computer, and most web browsers have the functionality to block Cookies.
For further information regarding the types of Cookies we use, their purposes, and how to control them, please refer to AboutCookies.org.
3.0. Authorisation and Consent of End Users
This section pertains to third parties (partners) who are our business associates. You should be aware that you may access, integrate, or apply our MentaLab services into your products or services, and your end users may provide personal information while using your products or services.
By accepting this Privacy Policy and accessing, integrating, or applying our products or services into your own offerings, you acknowledge and guarantee that:
3.1.
You have informed end users of the following and obtained their full, necessary, and explicit authorisation, consent, and permission: you will collect and use the end users' personal information necessary for providing services, and you will entrust us to process their personal information.
3.2.
Unless otherwise stipulated by applicable laws, you have informed end users of the following and obtained their full, necessary, and explicit authorisation, consent, and permission: you will allow us to process the personal information you provide to us and to use the personal information of end users for the purposes and uses outlined in Section 1 hereof.
3.3.
You have complied with and will continue to comply with applicable laws, regulations, and regulatory requirements, including but not limited to developing and publishing relevant policies regarding the protection of personal information and privacy.
3.4.
You have provided end users with an easily accessible mechanism to exercise their rights, which describes how and when users can exercise their rights to be informed and make decisions regarding the processing of their personal information.
4.0. Sharing, Transfer, and Disclosure of Your Personal Information
4.1. Sharing of Personal Information
We are committed to protecting your personal information and will not share it with any third party, except under the following circumstances:
4.1.1. With Your Explicit Consent
We will only share your personal information with other parties after obtaining your explicit consent.
4.1.2. Legal Compliance
We may share your personal information as required by applicable laws, regulations, legal procedures, or governmental requests.
4.1.3. Protection of Interests
We may disclose your personal information to a third party when necessary to protect your interests or those of the public, property, or safety, as permitted by law.
4.1.4. Public Disclosure
If you have publicly disclosed your personal information, or if we can lawfully obtain it from other public channels, we may share it accordingly.
4.1.5. Sharing with Affiliates
Your personal information may be shared with our affiliates, but only the necessary information will be shared in accordance with this Privacy Policy. Should an affiliate wish to change the purpose of processing your personal information, we will seek your consent again.
4.1.6. Service Partners
To enhance the quality of our products and services, we may engage service partners, including third-party service providers, contractors, or agents, to process certain personal information on our behalf. For instance, third-party suppliers may send emails, push notifications, or conduct statistical analyses of de-identified information for us.
4.2. Transfer of Personal Information
We will not transfer your personal information to any company, organisation, or individual unless:
4.2.1.
With Your Explicit Consent: We will only transfer your personal information after obtaining your explicit consent.
4.2.2.
Public Disclosure: If you have publicly disclosed your personal information, or if we can lawfully obtain it from other public channels, we may proceed with the transfer.
In the event of a merger, acquisition, or bankruptcy liquidation involving the transfer of personal information, we will inform you of the name or contact information of the recipient and will require the new entity holding your personal information to adhere to this Privacy Policy. If the transfer does not involve personal information, we will fully inform you and delete or anonymise all personal information under our control within fifteen business days.
We will ensure that any third party involved in the transfer is required, through agreements or otherwise, to implement appropriate confidentiality and security measures when handling personal information.
4.3. Public Disclosure of Personal Information
Subject to applicable laws and regulations, we will not publicly disclose your personal information without your explicit consent.
5.0. Storage of Your Personal Information
5.1. Storage Location
Your personal information will primarily be stored on servers situated in Singapore. However, please note that when you utilise our products and services, the information you provide may be transmitted to and stored in data centres located outside of Singapore, which may be managed by third parties.
5.2. Storage Period
We will retain your personal information and/or that of your end users only for the minimum duration necessary to comply with applicable laws and regulations, and solely for the purposes outlined in this policy. Upon the conclusion of the storage period, we will delete or anonymise the relevant personal information.
6.0. Protection of Your Personal Information
We are committed to safeguarding the information you provide by implementing safety measures that meet industry standards. These measures are designed to prevent unauthorised access, disclosure, use, alteration, damage, or loss of your data.
Our data security capabilities encompass a comprehensive security framework based on the data life cycle, which includes data collection, transmission, storage, usage, circulation, archiving, deletion, and other processing stages.
We will take all reasonably practicable measures to avoid the collection of unrelated personal information. Your personal information will be retained only for the duration necessary to fulfil the purposes outlined in this policy, and we will employ technical measures, such as encryption, to protect the stored information.
It is important to note that the internet does not guarantee absolute security. Communication methods such as email and instant messaging are not encrypted, and we strongly advise against sending personal information through these channels.
While we strive to maintain the security of any information you send to us, no online environment is entirely safe. We have made necessary and reasonable efforts to protect your data; however, there remains a risk of personal harm, property loss, reputational damage, and other losses due to data theft, unauthorised access, or misuse.
In the unfortunate event of a personal information security incident, we will promptly notify you, as required by applicable laws and regulations.
7.0. Exercising Your Rights Regarding Personal Information
We place significant importance on your management of personal information and strive to protect your rights to access, view, copy, modify, supplement, and delete your personal information, thereby ensuring your privacy and data security.
7.1. Right to Be Informed and Make Decisions
7.1.1.
This Privacy Policy outlines how we process your personal information. We are dedicated to maintaining transparency in our use of your data.
7.1.2.
In the event that our products cease operation or service, we will immediately halt the collection of your personal information.
7.2. Right of Access
7.2.1.
You may directly view or access your personal information on our website by logging into your account at any time on the relevant product page.
7.3. Rights of Correction and Supplementation
7.3.1.
If you wish to exercise your rights to correct or supplement your data, such as editing corporate or individual information in your account, changing your password, or adding information, you may do so by accessing the Personal Content of MentaLab.
7.3.2.
If you are unable to make corrections or supplements to your personal information independently or face any issues while exercising this right, please reach out to us.
7.4. Right to Delete
7.4.1.
You may request the deletion of your personal information in the following situations:
- When the purpose of collecting and using personal information has been achieved;
- When you withdraw your consent for the collection and use of personal information;
- When the agreed period for retaining personal information has expired;
- When we have violated laws or agreements in collecting or using personal information.
7.4.2.
If you wish to delete your account, you may do so through the account settings. Please note that after account deletion, you will no longer be able to use the services associated with that account.
7.5. Right to Withdraw Consent
7.5.1.
You have the right to withdraw your consent for the collection and use of your personal information at any time. However, this withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
7.5.2.
Please note that if you withdraw consent for essential services, we may no longer be able to provide you with those services.
7.6. Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance from us.
7.7. Right to Object
You have the right to object to the processing of your personal information in certain circumstances, including processing for direct marketing purposes.
7.8. Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
7.9. Response to Rights Requests
We will respond to your requests regarding your rights within fifteen business days. If we cannot fully process your request within this timeframe, we will inform you of the reason and expected timeline.
Please note that in certain circumstances, we may need to verify your identity before processing your request. This is to ensure the security of your personal information.
If you are not satisfied with our response to your request, you have the right to lodge a complaint with the relevant supervisory authority.
8.0. Processing of Children's Personal Information
We wish to clarify that we do not permit the registration of any child, as defined by the laws of your country or region, as a user of our services. Furthermore, we do not accept any personal information pertaining to children that you may provide.
We advise you to exercise caution when sharing information. If you are a partner whose application is specifically designed for children, it is imperative that you obtain the consent of the child's guardian prior to collecting, using, or providing the child's personal information to us.
Due to the limitations of current technologies and business practices, it is challenging for us to proactively identify information pertaining to children. Should a guardian become aware of any unauthorised collection of a child's personal information, they may contact us to request its deletion.
9.0. Updates and Revisions to this Privacy Policy
In our commitment to providing you with enhanced services, our platform and related services will undergo updates and modifications from time to time. Consequently, we will revise this Privacy Policy as necessary.
For any material changes, we will provide more prominent notifications, which may include emails, messages, or announcements detailing the specific alterations to this Privacy Policy.
The term "material changes" as referenced in this Privacy Policy encompasses, but is not limited to, the following:
9.1. Significant alterations in our service model, including the purpose of processing personal information, the types of personal information processed, and the manner in which personal information is utilised;
9.2. Major changes in our ownership or organisational structure, such as ownership transfers due to business adjustments, bankruptcy, mergers, or acquisitions;
9.3. Changes regarding the primary entities with whom personal information is shared, transferred, or publicly disclosed;
9.4. Significant modifications to your rights concerning personal information processing and the methods by which you may exercise those rights;
9.5. Changes to our responsible department, contact information, and channels for lodging complaints regarding personal information protection;
9.6. Any high-risk factors identified in a personal information impact assessment report.
10.0. Contacting Us
At MentaLab, we are dedicated to addressing any disputes that may arise concerning our data protection practices. We have established a specialised privacy protection team to assist you.
Should you have any questions or require assistance, please do not hesitate to reach out to our privacy protection group via email at info@mentalok.io.
For enquiries, comments, or complaints regarding your account information, personal information, or any other documentation technologies, or to exercise your rights, please contact us at info@mentalok.io or through any other specified communication method. We aim to respond to all queries within fifteen business days.
11.0. Legal Basis for Processing Your Personal Information (Applicable to EEA)
As a partner, it is crucial for you to pay special attention to the following stipulations regarding personal information processing activities. You must comply with the General Data Protection Regulation ("GDPR") if you meet any of the following criteria:
11.1. You are situated in the European Economic Area ("EEA"), regardless of whether the processing activity occurs within the EU;
11.2. You provide goods or services (either for a fee or free of charge) to any individual within the EEA, or monitor their behaviour within the EEA;
11.3. You are located outside the EEA, yet the laws of any EU member state apply to you pursuant to international public law, such as embassies or consulates of EEA member states.
If you are a resident of the EEA, the legal basis for our collection and utilisation of your personal information will depend on the specific personal information in question and the context in which we collect it.
Generally, we collect personal information under the following circumstances: when it is necessary to fulfil a contract between you and us, when the processing aligns with our legitimate interests and does not infringe upon your data protection rights or fundamental rights and freedoms, or when we have obtained your explicit consent. In certain situations, we may also have a legal obligation to collect personal information from you, or we may need the information to protect your or others' vital interests. For instance, we may disclose your personal information as required by relevant authorities for public safety purposes or in response to requests from law enforcement agencies.
If you have any questions or require further clarification regarding the legal basis for our collection and use of your personal information, please do not hesitate to contact us using the details provided in the Introduction of this Privacy Policy.
Appendix 1 - Glossary of Terms
The terms utilised within this policy are defined as follows:
- MENTALOK.IO or MentaLab: This denotes Mentalok (Hong Kong) Limited.
- Affiliates - This term encompasses any subsidiary or affiliated entity that falls under the consolidated statement of Mentalok (Hong Kong) Limited, as well as any entity that exerts control over, is controlled by, or shares common control with MentaLab.
- Control - This refers to the capacity, whether directly or indirectly, to influence the management of a company through means such as ownership, voting rights, contracts, or other legally recognised methods.
- You - This term signifies the registered user who engages with our products and/or services, as well as the individual purchasing any paid services.
- Your End User - This refers to an end user who accesses, integrates, or utilises our MentaLab service within your product or service.
- This platform - This denotes the MentaLab platform.
- Personal Information - This encompasses any information that is recorded electronically or otherwise, which can be used independently or in conjunction with other data to identify an individual or to reflect their behaviour.
- Personal Information Subject - This term refers to the individual identified by the personal information.
- De-identification - This involves the technical processing of personal information in such a way that the individual cannot be identified without additional information following this processing.
- Anonymisation - This process involves rendering personal information unrecognisable through technical means, ensuring that the processed information cannot be recovered.