Privacy Policy

Last updated: January 15, 2025

Mentra-Synap ("we," "our," "us," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our blockchain data integrity verification services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide, including:

• Contact information (name, email, phone number)
• Company name and business information
• Account credentials and authentication data
• Communication content (emails, support tickets, messages)
• Data submitted for verification through our platform
• Payment information (processed securely by third-party providers)

1.2 Information Collected Automatically

When you access our website, we automatically collect:

• IP address and browser information
• Device type and operating system
• Pages visited and time spent on pages
• Referral source and navigation paths
• Cookies and similar tracking technologies

1.3 Data You Submit for Verification

Data submitted through our verification service is encrypted at rest with AES-256 encryption. Only cryptographic hashes are recorded on the blockchain, not the original data. You maintain complete control over your data.

2. How We Use Your Information

We use collected information for the following purposes:

• Providing and maintaining our services
• Processing transactions and sending related information
• Sending promotional communications (with your consent)
• Responding to inquiries and support requests
• Analyzing usage patterns to improve our services
• Detecting and preventing fraudulent activities
• Complying with legal obligations and regulations
• Enforcing our Terms of Service and other agreements

3. Legal Basis for Processing

Under GDPR, our legal bases for processing personal data include:

• Consent: You have given explicit consent for processing
• Contract: Processing is necessary to perform our services
• Legal Obligation: Processing is required by law
• Legitimate Interests: Processing is necessary for our legitimate business purposes

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our website and conducting our business, including:

• Cloud hosting providers
• Payment processors
• Analytics platforms
• Customer support tools

4.2 Legal Requirements

We may disclose information when required by law or when we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights and property
• Protect the safety of our users or the public
• Prevent or investigate possible wrongdoing

4.3 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Control: Role-based access and multi-factor authentication
• Hardware Security Modules: Cryptographic keys stored in hardware security modules
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: Mandatory data protection and security training
• Incident Response: Procedures for responding to security breaches

While we implement strong security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but maintain industry-leading protections.

6. Your Rights and Choices

6.1 GDPR Rights

If you are located in the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive data in a portable format
• Right to Object: Object to certain processing activities

6.2 CCPA Rights

California residents have additional rights under CCPA, including the right to know, delete, and opt-out of the sale of personal information.

6.3 Cookie Preferences

You can manage cookie preferences through your browser settings. Note that disabling cookies may limit functionality of our website.

To exercise any of these rights, please contact us at privacy@mentra-synap.com.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill legal obligations:

• Account data: Retained for the duration of your account plus 12 months
• Transaction records: Retained for 7 years for compliance purposes
• Marketing data: Retained until you opt-out
• Blockchain records: Permanently retained (immutable by design)

8. International Data Transfers

Mentra-Synap is based in Vietnam. If you are located outside Vietnam, your information may be transferred to and processed in Vietnam. We rely on Standard Contractual Clauses and other legal mechanisms to ensure adequate safeguards for international transfers.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of third-party sites before providing your information.

10. Children's Privacy

Mentra-Synap is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete such information promptly.

11. Compliance Certifications

Mentra-Synap is committed to maintaining compliance with:

• General Data Protection Regulation (GDPR)
• Health Insurance Portability and Accountability Act (HIPAA)
• Payment Card Industry Data Security Standard (PCI DSS)
• SOC 2 Type II Compliance
• California Consumer Privacy Act (CCPA)

12. Contact Us

For privacy-related questions or to exercise your rights, please contact:

Data Protection Officer
Email: privacy@mentra-synap.com
Phone: +84 (28) 3824-0000
Address: 123 Blockchain District, Ho Chi Minh City, Vietnam

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes become effective 30 days after posting to our website. Your continued use of our services indicates your acceptance of the updated policy.