Last updated: 2026-05-09

Privacy Policy

This Privacy Policy explains how Engagee LTD ("Engagee", "we", "us", or "our") — operator of Mentionly at mentionlyhq.com — handles information when you use the Mentionly service (the "Service"). We tried to write this in plain language; the goal is to be honest about what we collect and what we do with it.

1. Who we are

Engagee LTD is the data controller for the Service. Mentionly is one of several products operated by Engagee LTD. You can reach us at legal@mentionlyhq.com for any privacy question, request, or complaint.

2. Information we collect

We collect only what is necessary to operate the Service:

2.1 Account information

• Email address. Used as your account identifier and for transactional email (sign-in links, billing receipts, important account notices).
• Password (hashed). If you set a password, we store only a one-way bcrypt hash — never the plaintext password. We cannot recover it; we can only let you reset it.
• Optional Telegram chat ID. If you choose to link a Telegram account, we store the numeric chat ID we receive from Telegram so we can send you the notifications you requested. You can unlink at any time from your account page.

2.2 Usage and technical data

• IP address. Briefly retained for rate limiting, abuse prevention, and security investigations. Not used to build advertising profiles.
• Service activity. Records of the actions you take in the Service (for example, validations performed, monitors created, items processed) so the Service can show you your own history and enforce plan limits.
• Diagnostic logs. Standard server logs (request paths, response codes, timing) used to keep the Service running and diagnose errors.

2.3 Billing information

If you purchase a paid plan, payment is processed by Stripe, Inc. Your card number, CVV, and full billing details are entered on Stripe's checkout page and sent directly to Stripe. We never see, store, or transmit raw card data. We retain only Stripe's customer and subscription identifiers, the price you are on, the most recent payment status, and a billing email so we can show your subscription state on your account page and respond to support requests.

3. How we use your information

• To operate the Service — authenticating you, showing your data back to you, enforcing plan limits, and providing the features you signed up for.
• To send transactional email — sign-in links, password resets, billing receipts, security and account notices. These are sent through Postmark on our behalf.
• To send Telegram notifications — if, and only if, you have linked your Telegram account, we deliver the alerts and updates you opted into through the Telegram Bot API.
• To process subscription payments — through Stripe, when you buy or renew a paid plan.
• To prevent abuse and keep the Service safe — rate limiting, fraud signals, and investigating reports of misuse.
• To comply with legal obligations — responding to lawful requests from authorities of competent jurisdiction.

We do not use your data to train machine-learning models for third parties, and we do not sell your personal information to anyone, ever.

4. Sub-processors and data sharing

We rely on a small number of carefully chosen sub-processors to deliver the Service. Each one is contractually bound to use your data only on our instructions. We share with you the full list so you know exactly where your data goes:

• Stripe, Inc. — payments and subscription billing. stripe.com/privacy
• Postmark (ActiveCampaign, LLC) — transactional email delivery. postmarkapp.com/eu-privacy
• Telegram FZ-LLC — only if you link a Telegram account, for delivering the bot notifications you requested. telegram.org/privacy
• Hetzner Online GmbH — hosting infrastructure (Germany / Finland). hetzner.com/legal/privacy-policy

We may also disclose information when required by law, when necessary to protect the rights, safety, or property of Engagee LTD, our users, or the public, or in connection with a corporate transaction (merger, acquisition, asset sale) — in which case we will give you prior notice through the email on file.

We do not sell, rent, or trade personal data with anyone for any purpose.

5. Cookies

The Service sets a single first-party session cookie used to keep you signed in. We do not use third-party advertising or analytics cookies. For full detail see our Cookie Policy.

6. Data retention

We keep your account data for as long as your account is active. If you ask us to delete your account, we will remove your personal information from our active systems within 30 days. Backup snapshots may retain data for up to a further 30 days before they are rotated out. Anonymized, aggregated statistics that cannot be tied back to you may be retained indefinitely.

To request deletion, email legal@mentionlyhq.com from the address on your account.

7. Your rights

Subject to applicable law, you have the right to:

• Request a copy of the personal data we hold about you.
• Correct any inaccurate personal data on your account.
• Request deletion of your account and the personal data linked to it.
• Object to or restrict certain processing.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the data protection authority of competent jurisdiction.

To exercise any of these rights, email legal@mentionlyhq.com from the address on your account. We respond within 30 days.

8. Security

We take reasonable technical and organizational measures to protect your data. Passwords are hashed using bcrypt. Traffic between your browser and the Service is served over TLS. Access to production systems is restricted to a small number of authorized personnel and authenticated through individual credentials. No system is perfect; if you become aware of a vulnerability, please write to us at legal@mentionlyhq.com and we will respond promptly.

9. International transfers

The Service is operated from the European Union (Germany / Finland). If you access it from outside the EU, you understand that your data is transferred to and processed in those countries. Our sub-processors may operate from the United States and other jurisdictions; transfers to them are governed by the Standard Contractual Clauses or equivalent safeguards.

10. Children

The Service is not directed at children under 16 and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. If the changes are material, we will email all active users at the address on file at least 30 days before the new version takes effect. Continued use of the Service after that date constitutes acceptance of the updated Policy.

12. Contact

Engagee LTD
Operator of Mentionly at mentionlyhq.com
Email: legal@mentionlyhq.com

Last updated: 2026-05-09