🔒 Privacy First

Privacy Policy

We built Mento with privacy as a core principle, not an afterthought. Here's exactly what we do — and don't do — with your data.

Last updated: May 28, 2026

TL;DR — The Short Version

✓
Questions stored locally by default. Your AI questions are saved in your browser using Chrome's built-in storage API — no account needed.
✓
Pro cloud backup is encrypted. If you use Mento Pro, your questions are encrypted on your device with AES-256 before being sent to our secure cloud. We cannot read them.
✓
We sell nothing. Your data is never sold, shared, or monetised in any form.
✓
Two external services only. Mento contacts Dodo Payments (license validation) and Supabase (encrypted Pro backup) — nothing else.

1. What Mento Is

Mento is a browser extension for Google Chrome that automatically captures and stores the questions you ask on AI platforms (ChatGPT, Gemini, Claude, Perplexity, and Microsoft Copilot). All captured data is stored locally in your browser using the chrome.storage.local API.

Mento Pro users additionally benefit from an optional encrypted cloud backup feature. Questions are encrypted on your device using AES-256-GCM encryption before being sent to our secure cloud storage (Supabase). There is no account registration or login required — your unique device ID acts as the encryption key.

2. Data We Collect (On Your Device)

Mento stores the following data locally on your device only:

Question text — the prompt you typed into the AI platform.
Platform name — which AI service the question was asked on (e.g., "ChatGPT").
Conversation URL — the direct link to the specific conversation, used for the "Open" deep-link feature.
Timestamp — the date and time the question was saved.
Auto-tags — keyword categories (e.g., #coding, #writing) generated locally from your question text. No external API is used for tagging.
License key — your Pro license key, stored locally to validate Pro status.
Vault ID — a randomly generated unique device identifier stored in chrome.storage.sync, used as your encryption key for cloud backup. It is never linked to your identity.

      ✦ Free users: all data stays on your device only.

      ✦ Pro users: questions are encrypted on your device first, then backed up to our secure cloud. The encrypted data is unreadable to us.

3. External Network Requests

Mento makes the following and only the following external network requests:

License validation (Dodo Payments) — When you enter or re-validate a Pro license key, Mento contacts live.dodopayments.com to verify its validity. Only your license key is sent — no questions or personal data. Dodo Payments' own Privacy Policy governs this interaction.
Encrypted cloud backup (Supabase) — Pro only — If you are a Pro user, your questions are encrypted on your device using AES-256-GCM before being uploaded to Supabase (supabase.co). Your Vault ID (a random local device ID) acts as the encryption key. Supabase cannot read the content of your backup. This backup allows you to restore your questions on a new device using your license key. Supabase's Privacy Policy governs their storage service.

Mento does not make requests to any analytics services (e.g., Google Analytics, Mixpanel), advertising networks, or any other third-party services.

4. Permissions We Request and Why

Mento requests the following Chrome permissions:

storage — To save and retrieve your questions using chrome.storage.local.
activeTab / tabs — To read the current tab's URL so saved questions can be linked back to the correct conversation.
scripting — To inject content scripts into AI platform pages so Mento can detect when you submit a question.
alarms — To schedule a license re-validation check every 60 minutes so your Pro status stays current without manual action. This only contacts Dodo Payments with your license key — no other data is sent.
host_permissions (AI platforms) — Mento requires access to chatgpt.com, gemini.google.com, claude.ai, perplexity.ai, and copilot.microsoft.com to capture questions. It reads no data other than the question text you type.
host_permissions (Supabase) — Required for Pro cloud backup. Only encrypted data is sent. No plaintext questions are ever transmitted.

5. Data Retention and Deletion

Your data lives in chrome.storage.local on your device. Pro users also have an encrypted copy in Supabase. You are in full control:

Use the Clear All button inside the Mento popup to permanently delete all locally saved questions at any time.
Uninstalling the Mento extension from Chrome will delete all locally stored data immediately and permanently.
To request deletion of your cloud backup (Pro users), email us at mefree115@gmail.com with your license key. We will delete your encrypted record from Supabase within 7 days.
Mento imposes no automatic retention period — your data persists until you delete it or request removal.

6. Data Sharing and Sale

We do not sell, rent, trade, or otherwise transfer your personal data to any third party. We have no advertising partners. We have no investors receiving user data. This will never change.

7. Children's Privacy

Mento is not directed at children under the age of 13. We do not knowingly collect data from children. If you believe a child has used Mento, please contact us and we will provide guidance on clearing any locally stored data.

8. Changes to This Policy

If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page and, where appropriate, notify users via the extension update notes. Continued use of Mento after changes are posted constitutes acceptance of the updated policy.

9. Contact

If you have any questions about this Privacy Policy or how Mento handles data, please contact us:

📧 mefree115@gmail.com

🌐 getmentoapp.netlify.app