Draft for legal review — not legal advice

Privacy Policy

Effective Date: January 1, 2025

Download DPA (PDF)

Summary

  • We process data on behalf of our customers (tenants) and retain it only as long as instructed by them or required for service delivery, security, and legal compliance.
  • We use your data to operate Mentoros, provide customer support, ensure security, and comply with legal obligations.
  • We do not sell your personal data. We share data only with subprocessors necessary for service delivery, or when required by law (e.g., valid court orders or enforceable government requests).
  • You have rights to access, correct, delete, and port your data. EU/EEA users have additional rights under GDPR.
  • Tenants (businesses using Mentoros) control how end-user chat data is collected, retained, and processed on their sites, in accordance with applicable law.

Contents

1. Who We Are

KleonoxAI ("we," "us," or "our") is a technology company that develops AI-powered assistant solutions for businesses. Our flagship product, Mentoros, provides conversational AI assistants, a merchant console for configuration and data management, and analytics for conversation intelligence.

KleonoxAI is headquartered in Athens, Greece. For the purposes of applicable data protection laws, KleonoxAI is the data controller for personal data collected through our website and services, except where we act as a data processor on behalf of our customers (see Section 14).

2. Scope

This Privacy Policy applies to:

  • The KleonoxAI website and related domains
  • The Mentoros platform, including the merchant console and API
  • Mentoros AI assistants deployed on customer websites
  • Communications and interactions with KleonoxAI

This policy does not apply to third-party websites or services that may be linked from our site. We encourage you to review the privacy policies of any third-party services you access.

3. Key Definitions

Customer / Tenant

A business or organization that has an account with KleonoxAI and uses Mentoros services. Tenants configure and deploy AI assistants on their websites or platforms.

End User

An individual who interacts with a Mentoros assistant on a tenant's website or application. End users may be site visitors, customers, or prospective customers of our tenants.

Services

The Mentoros platform, including AI assistants, the merchant console, analytics features, APIs, and related tools and services provided by KleonoxAI.

Customer Content

Data uploaded or provided by tenants, including FAQs, product catalogs, documentation, training data, and custom configurations for their AI assistants.

4. What Data We Collect

We collect different categories of data depending on how you interact with our services. The specific data collected may vary based on your configuration settings.

Account Data

  • Name and email address
  • Company name and role
  • Login credentials (hashed)
  • Account preferences and settings

Purpose: To create and manage your tenant account, authenticate users, and provide customer support.

Chat and Interaction Data (Platform Processing)

  • Messages sent to Mentoros assistants (processed in anonymized form)
  • Responses generated by the assistant
  • Conversation metadata (timestamps, session IDs — anonymized/pseudonymized)
  • Feedback or ratings provided

Purpose: To provide conversational AI services, improve response quality, and enable conversation analytics. Retention & control: We process conversation data on behalf of the tenant; retention is primarily set by the business operating the site, and any platform-side copies are minimized and retained only as necessary for service delivery, security, and troubleshooting.

Usage and Device Data

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages visited and interactions
  • Referring URLs

Purpose: To ensure security, analyze service performance, and improve user experience.

Uploaded Content

  • FAQs and knowledge base articles
  • Product catalogs and documentation
  • Custom instructions and context
  • Brand assets and configuration

Purpose: To configure Mentoros assistants according to tenant requirements and provide relevant knowledge retrieval.

Payment and Billing Data

  • Billing address
  • Payment method details (processed by third-party providers)
  • Transaction history
  • Invoice records

Purpose: To process payments, manage subscriptions, and maintain billing records.

Note: Some data collection is configuration-dependent. Tenants may adjust retention settings, analytics collection, and other data handling options through the merchant console.

If you chat with Mentoros on a customer site…

  • KleonoxAI acts as a "data processor" for the business operating this site. The business is the "data controller" and determines the purposes and means of processing your chat data.
  • Your messages and the assistant's responses may be stored by the business operating that site.
  • The business (tenant) decides how long to keep your conversations and what to do with them.
  • We process this data solely on the instructions of the business—they are responsible for informing you about data collection.
  • To exercise your data rights (access, deletion, etc.), please contact the business directly; we assist them in fulfilling these requests as their processor.

5. How We Use Data

We process personal data for the following purposes:

Provide and Improve Services

Operate Mentoros assistants, process conversations, deliver analytics, and enhance product features. We do not use your data to train foundation models.

Customer Support

Respond to inquiries, troubleshoot issues, and provide technical assistance.

Security and Fraud Prevention

Detect and prevent unauthorized access, abuse, fraud, and other harmful activities.

Analytics and Performance

Understand usage patterns, measure service performance, and inform product development.

Legal Compliance

Comply with applicable laws, regulations, and enforceable legal processes.

Communications

Send service updates, security alerts, and administrative messages.

If you are a tenant admin or team member…

  • We store your account information to provide access to the Mentoros console.
  • Content you upload (FAQs, documents) is used to power your AI assistants.
  • You control retention settings, data exports, and access permissions for your organization.
  • You can request account deletion or data export at any time through your settings or by contacting us.

7. How Mentoros Data Flows

Understanding how data moves through Mentoros helps clarify responsibilities:

1

Tenant provides content

Tenants upload FAQs, product catalogs, and configuration data through the merchant console. This content is used to train and customize their AI assistants.

2

End users interact

Site visitors send messages to the Mentoros assistant. These messages, along with conversation context, are processed to generate relevant responses.

3

Outputs generated

AI models process the conversation and tenant content to generate responses. We may use third-party tools; conversation content is shared with them for this purpose.

4

Admin visibility and analytics

Tenants can view conversation logs, analytics, and insights through the merchant console. Access controls and retention settings are configurable per tenant.

About AI and your data…

  • Mentoros uses AI models to generate responses based on conversations and your uploaded content.
  • We may use third-party AI providers to process prompts; they receive conversation content to generate responses but are contractually prohibited from using it for their own purposes.
  • We do not use your content to train foundation models.
  • Conversation data may be used in aggregate to improve service quality, without identifying individuals.

8. Cookies and Tracking

We use cookies and similar technologies to operate our services, remember preferences, and analyze usage. You can manage your cookie preferences at any time.

Strictly Necessary

Required

Essential for the website to function. These cookies enable core features like authentication, security, and accessibility.

Examples: Session cookies, Authentication tokens, Security cookies

Functional

Enable enhanced functionality and personalization, such as remembering preferences.

Examples: Language preferences, UI settings, Consent choices

Analytics

Help us understand how visitors interact with our website to improve user experience.

Examples: Page view tracking, Performance metrics, Error reporting

Marketing

Used to deliver relevant advertisements and measure campaign effectiveness.

Examples: Advertising cookies, Social media pixels, Conversion tracking

Manage Cookie Preferences

Adjust your cookie settings for this website at any time using the “Cookie Preferences” link in the footer. Your choices are stored locally in your browser for this domain.

9. Sharing and Disclosures

We do not sell your personal data. We may share data in the following circumstances:

Service Providers

We engage third-party providers to help operate our services. These providers are contractually obligated to protect your data and may only use it for the services we direct.

Categories:

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Email and communication services
  • Analytics and monitoring tools
  • Customer support platforms
  • Security and fraud prevention services

Legal Requests

We may disclose data when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent

We may share data with third parties when you have given us explicit consent to do so.

10. International Data Transfers

KleonoxAI is based in the European Union. However, we may transfer personal data to service providers located outside the EEA. When we do, we ensure appropriate safeguards are in place:

  • Transfers to countries with an adequacy decision from the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other valid transfer mechanisms under applicable law

A list of our subprocessors and their locations is available upon request. Contact us for details.

11. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

Retention Principles

  • Account data: Retained while account is active, plus a reasonable period after closure
  • Conversation data: Retention period is configurable by tenants; default periods apply
  • Usage and analytics data: Typically retained for up to 24 months
  • Legal and compliance records: Retained as required by applicable law

Note: Tenants can configure conversation retention settings through the merchant console. Actual retention periods may vary based on tenant configuration.

12. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. We will notify affected users and authorities of any data breach as required by law.

13. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data in certain circumstances.

Right to Restriction

Request that we limit processing of your personal data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint

File a complaint with a supervisory authority if you believe your rights have been violated.

How to Exercise Your Rights

To submit a data rights request, contact us using the information in Section 18. We may need to verify your identity before processing your request. We will respond within the timeframes required by applicable law (typically 30 days for GDPR requests).

End users who interact with Mentoros on a tenant's website should direct requests to that tenant, as they are the data controller for chat interactions.

14. Controller vs. Processor

The relationship between KleonoxAI and our customers involves different roles under data protection law:

KleonoxAI as Controller

We are the data controller for data collected directly from you, such as when you visit our website, create an account, or contact us for support.

KleonoxAI as Processor

When tenants use Mentoros to collect and process data from their end users, we act as a data processor. The tenant is the data controller and determines how end-user data is collected, used, and retained.

Tenant Responsibilities

Tenants are responsible for providing appropriate privacy notices to their end users, obtaining any required consent, and ensuring their use of Mentoros complies with applicable laws. We offer a Data Processing Agreement (DPA) for tenants upon request.

15. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

Tenants deploying Mentoros on websites or applications directed at children must ensure compliance with applicable children's privacy laws (such as COPPA in the United States).

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Provide notice through our website or by email for significant changes
  • Obtain consent where required by law

We encourage you to review this policy periodically to stay informed about how we protect your data.

18. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Data Processing Agreement (DPA)

Tenants requiring a DPA can request one through our contact form or their account manager.

Data Rights Requests

Submit access, deletion, or other data rights requests through our contact form. We will respond within 30 days.

Privacy at a Glance

Data We Collect

  • Account details (name, email, company)
  • Chat conversations and assistant responses
  • Usage data and device information

How We Use It

  • Operate and improve Mentoros services
  • Provide support and ensure security
  • Comply with legal obligations

Your Choices

  • Access, correct, or delete your data
  • Manage cookie preferences
  • Opt out of marketing communications

Questions?

If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to reach out.

Contact Us