Privacy Policy

What Data We Collect

We collect data necessary to provide and improve the MentionFox service:

• Account Information — Name, email address, and password when you create an account.
• Billing Information — Payment method details processed securely through Stripe. We do not store credit card numbers.
• Usage Data — Pages visited, features used, scan frequency, and general product interaction patterns.
• Scan Results — Mentions, leads, and enrichment data generated through your use of the Service.
• Communication Data — Emails and messages you send through our outreach features.

How We Use Your Data

• Provide the Service — Process scans, generate dossiers, deliver reports, and run outreach sequences.
• Improve the Product — Analyze aggregated, anonymized usage patterns to improve features and performance.
• Customer Support — Respond to your inquiries and troubleshoot issues with your account.
• Security — Detect and prevent fraud, abuse, and unauthorized access to the Service.

We never sell your data. Your data is not shared with third parties for advertising or marketing purposes.

Third-Party Services

MentionFox uses the following third-party services to operate:

• Supabase — Database and authentication (data stored in AWS ap-southeast-2, Sydney).
• Vercel — Frontend hosting and deployment.
• Stripe — Payment processing. Stripe handles all payment data under their own privacy policy.
• Anthropic (Claude) — AI-powered enrichment, analysis, and content generation. Data sent to AI models is not used for training.
• OpenAI — Supplementary AI processing for specific features. Data sent is not used for model training (API usage).

Cookies

MentionFox uses a minimal cookie approach:

• Essential Cookies — Required for authentication and session management. These cannot be disabled.
• Analytics (Umami) — We use Umami, a privacy-friendly analytics tool that does not use cookies and does not collect personally identifiable information.

We do not use advertising cookies, tracking pixels, or third-party marketing trackers of any kind.

Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights under GDPR:

• Access — Request a copy of all personal data we hold about you.
• Correction — Request that we correct any inaccurate personal data.
• Deletion — Request permanent deletion of your personal data.
• Export — Receive your data in a structured, machine-readable format (JSON or CSV).
• Restriction — Request that we limit how we process your data.
• Objection — Object to processing of your personal data for specific purposes.

To exercise any of these rights, email support@mentionfox.com. We will respond within 30 days.

Data Deletion Requests

You may request complete deletion of your account and all associated data at any time by emailing support@mentionfox.com. Upon receiving your request:

• We will confirm your identity and process the deletion within 30 days.
• All personal data, scan results, enrichment data, and outreach history will be permanently removed.
• Aggregated, anonymized data that cannot be linked back to you may be retained for analytics.

Data Security

• Encryption in Transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest — All stored data is encrypted using AES-256 encryption.
• Access Controls — Employee access to production data is restricted to essential personnel and logged.
• SOC 2 Practices — We follow SOC 2 security practices including regular security reviews, vulnerability scanning, and incident response procedures.
• Infrastructure — Our infrastructure providers (Supabase/AWS, Vercel) maintain their own SOC 2 and ISO 27001 certifications.

Contact