Privacy Policy

Privacy at a glance

We collect only the data we need to provide this website, your account and basic analytics.
Cookies for security and language are always active. Analytics cookies are used only with your consent.
You can change your cookie settings at any time and you can delete your account or contact us to exercise your privacy rights.

Controller

Controller under data protection law, in particular the EU GDPR, is:
Maik Kusmat
Email: contact@mentoro-ai.com

A data protection officer has not been appointed, as there is no legal requirement to do so.

Overview of data processing

This Privacy Policy explains what personal data we process when you use this website, for which purposes we do so and on which legal bases this is carried out.

MentoroAI is an informational platform that provides guides, glossaries, tool overviews and practical examples on the use of AI tools. Personal data is processed when you visit the website, create an account or interact with these contents.

Categories of personal data

Identification data (name, username)
Contact data (email address)
Account data (login credentials, user ID)
Usage data (visited pages, interactions)
Technical data (IP address, browser, device information)

Purposes of data processing

Providing and operating the website and its core functions
Creating and managing user accounts and saved content
Responding to contact requests and communication
Ensuring security and preventing misuse or attacks
Analyzing usage and improving our content and services
Complying with legal obligations (e.g. retention duties)

Sources of personal data

Directly from users (registration, contact, content submission)
Automatically through website usage (server logs, technical data)
Third-party authentication providers (Google, GitHub)
Personal data received from third-party providers (Google, GitHub): name, email address, external user ID

Data retention

Personal data is stored only for as long as necessary for the respective purpose:

Server log data (IP address, timestamps): up to 30 days
Contact requests: up to 12 months after completion
User account data: for the duration of the account
Server log data (IP address, timestamps): up to 30 days
Contact requests: up to 12 months after completion
User account data: for the duration of the account
Analytics data (Google Analytics 4): depending on the configuration, typically up to 14 months.
Consent logs (Klaro): stored for as long as required to prove lawful consent under applicable law.

Processing activities on this website

Collection and storage of personal data

When you visit this website, information sent by your browser is automatically collected (e.g., IP address, date and time, pages viewed, browser used). These data are technically required to display the website correctly and serve the security of the system.

Contact

If you contact us by email, we store your details to process the request and for possible follow-up questions.

Registration / User accounts

If you create a user account, we process your entered data (name, email address, password) solely for providing your account and managing your content.

Google Sign-In (Social Login)

On this website you can log in or create an account using your Google account ("Google Sign-In"). The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed: We receive from Google your name, email address and a unique Google user ID. This data is used solely to create and manage your user account on MentoroAI and to authenticate you when you log in.

Purpose: Providing a convenient and secure login option and managing your user account.

Legal basis: Your consent according to Art. 6(1)(a) GDPR.

Data storage and deletion: We store the data received from Google as long as your user account exists. If you delete your account, this data will be deleted unless statutory retention periods require longer storage.

Data transfer: Data may be transferred to Google LLC (USA).

Where data is transferred to countries outside the European Union for which no adequacy decision of the European Commission exists, we implement appropriate safeguards such as standard contractual clauses in accordance with Art. 46 GDPR and, where necessary, additional technical and organisational measures to protect your data.

Further information: https://policies.google.com/privacy

GitHub Sign-In (Social Login)

You can also log in or create an account using your GitHub account ("GitHub Sign-In"). The provider of this service is GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA.

Data processed: We receive from GitHub your username, email address and a unique GitHub user ID. This data is used solely to create and manage your user account on MentoroAI and to authenticate you when you log in.

Purpose: Providing a convenient and secure login option and managing your user account.

Legal basis: Your consent according to Art. 6(1)(a) GDPR.

Data storage and deletion: We store the data received from GitHub as long as your account exists. If you delete your account, this data will be deleted unless statutory retention periods require longer storage.

Data transfer: GitHub Inc. is located in the United States. Data may therefore be transferred to servers outside the EU.

Further information: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Cookies, tracking and consent management

Cookies and tracking technologies

This website uses cookies to ensure technical functionality and, after your explicit consent, to analyze usage behaviour. The storage and evaluation of non-essential cookies only takes place with your prior consent in accordance with Art. 6(1)(a) GDPR. Technically necessary cookies are processed on the basis of our legitimate interest in the secure and stable operation of the website (Art. 6(1)(f) GDPR). Consent is managed through the consent management platform Klaro by KIProtect.

Technically necessary cookies include in particular session and security cookies (such as "sessionid" and "csrftoken") as well as cookies required for navigation, language selection and consent management (for example "django_language", "htmx-current-path-for-history" and "CookieConsent"). Preference cookies store your selected theme (for example "preferred_theme"). Details on the individual cookies, their purposes, categories and storage periods can be found in our Cookie Policy.

Cookie Policy

Consent management (Klaro)

We use the consent management platform Klaro by KIProtect to obtain and manage legally required cookie consent. Klaro stores cookies that document your consent status and block all non-essential cookies until you consent. The processing is based on our legal obligation under Art. 6(1)(c) GDPR.

Google Tag Manager

We use Google Tag Manager to manage and deploy website tags (e.g., Google Analytics). Google Tag Manager itself does not typically set cookies and does not create user profiles. When loading the Tag Manager, technical information (such as IP address and device information) may be transmitted to Google. The execution of non-essential tags is controlled by your consent via Klaro and Google Consent Mode v2.

Legal basis: Legitimate interests under Art. 6(1)(f) GDPR for the use of a tag management system. Processing for analytics purposes takes place only with your consent under Art. 6(1)(a) GDPR.

Data transfer: Data may be transferred to Google LLC in the United States. Google participates in the EU–US Data Privacy Framework.

Google Analytics 4

If you give your consent to the “Statistics” category, we use Google Analytics 4 to analyze website usage. We deploy Google Analytics 4 via Google Tag Manager. Google Analytics 4 works with pseudonymized identifiers and does not store full IP addresses. Google Consent Mode v2 ensures that no Analytics cookies are set before consent is given.

Legal basis: Your consent under Art. 6(1)(a) GDPR.

Data transfer: Data may be transferred to Google LLC in the United States. Google participates in the EU–US Data Privacy Framework.

Your rights

Access to your stored data
Rectification of inaccurate data
Erasure ('right to be forgotten')
Restriction of processing
Data portability
Objection to processing

Withdrawal of consent and objection

You may withdraw your consent at any time with effect for the future. You can do so via the Klaro consent dialog or by contacting us by email. The lawfulness of processing carried out before the withdrawal remains unaffected.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement.

Data security

We use technical and organizational measures to protect your data against manipulation, loss, or unauthorized access. These measures are continuously adapted in line with technological developments.

Our servers are hosted within the European Union and are protected by modern security measures such as encryption, firewalls and access controls.

Do Not Track signals

Our website does not currently respond to "Do Not Track" signals. Tracking technologies are controlled exclusively via explicit user consent.

Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

Children

This website is intended for a general audience. It is not specifically designed for children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If material changes are made, we will notify users by a prominent notice on the website and, where appropriate, by email to registered users. The current version is always available on this page; the "Effective date" indicates when the Policy last changed.

Effective date

This Privacy Policy is effective as of 16 December 2025.

Version 1.0