Mentionwell

Legal

Privacy Policy

Last updated

This policy describes how Mentionwell ("we") collects, uses, shares, and protects information when you use our website at mentionwell.com or the dashboard at app.mentionwell.com (together, the "Service").

1. Who we are

The Service is operated by ZipLyne ("Mentionwell," "we," "our," or "us"), publishing as Mentionwell. ZipLyne is the parent agency at ziplyne.agency.

For privacy-related questions, contact us at privacy@mentionwell.com.

2. What information we collect

We collect three categories of information:

2.1 Information you give us

  • Account data — username, password (hashed), and any contact information you provide when signing in to the dashboard.
  • Site configuration — domains you onboard, brand profile, content taxonomy, headlines, and articles we generate or you import.
  • Billing data — when paid plans are available, payment information processed by our payment provider; we do not store full card numbers.
  • Support communications — anything you send to us by email or contact form.

2.2 Information we collect automatically

  • Service logs — IP address, browser type, pages requested, referrer, and timestamps. Used to operate, secure, and debug the Service.
  • Usage events — which buttons you click in the dashboard, which jobs you run, errors you encounter. Used to improve the product.
  • Cookies — see the Cookie Policy.

2.3 Information we collect from third parties

  • Public website data — when you onboard a domain, we crawl its public homepage, sitemap, robots.txt, and structured data using Firecrawl and search the web with Exa to build the brand profile.
  • OAuth providers — if we add OAuth sign-in in the future, we receive only the data you authorize them to share (typically email and display name).

3. How we use information

We use information to:

  • Provide, maintain, and improve the Service.
  • Generate articles, FAQs, metadata, and images for sites you have onboarded.
  • Authenticate you and protect your account.
  • Send you transactional and product emails (release notes, security alerts, billing receipts).
  • Detect, investigate, and prevent fraudulent, abusive, or unlawful activity.
  • Comply with legal obligations and respond to lawful requests.

We do not sell your personal information.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — to secure, debug, and improve the Service; to communicate with customers; to protect against abuse.
  • Consent — for non-essential cookies and any optional marketing emails.
  • Legal obligation — to comply with applicable law.

5. Who we share information with

We share information only as needed:

  • Subprocessors who process data on our behalf under written contract — see the Subprocessors page.
  • Affiliates — ZipLyne and any future Mentionwell entities, under the same protections.
  • Legal compliance — to comply with subpoenas, court orders, or other lawful requests.
  • Business transfers — in connection with a merger, acquisition, or asset sale, with continued protection.
  • With your consent — anywhere you direct us to share.

6. Subprocessors

The current list of subprocessors is published at /subprocessors and updated whenever a vendor is added or removed. For B2B customers under a Data Processing Addendum, we provide advance notice of material changes so you can object before they take effect.

7. AI processing

Mentionwell uses third-party large language models (currently Anthropic Claude and OpenAI GPT) to generate articles, FAQs, metadata, and images. Content you upload — domain configuration, brand profile, sample writing — and content we generate is sent to these providers via their commercial APIs.

To the best of our current understanding of provider terms, content sent through the commercial APIs of Anthropic and OpenAI is not used to train their models. Provider terms govern in case of any conflict; you can review them via the Subprocessors page.

See the AI Disclosure for the full picture of how AI is used in the Service.

8. Cookies and tracking

We use a small number of cookies for authentication and to remember your preferences. We do not use cross-site tracking or behavioral advertising cookies. Full detail at Cookie Policy.

9. Data retention

We retain personal information only as long as needed to provide the Service or comply with legal obligations:

  • Account data — for the life of the account, plus up to 30 days after deletion (to support undo and back-ups), then permanently deleted.
  • Generated articles — until you delete them or close the account.
  • Service logs — typically 30–90 days, longer for security incidents.
  • Billing records — for as long as required by tax and accounting law (typically 7 years).

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccuracies.
  • Delete your data ("right to erasure").
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

To exercise any right, email privacy@mentionwell.com. We respond within 30 days.

California residents (CCPA/CPRA): you have the right to know what we collect, delete it, opt out of "sale" or "sharing" (we do neither), and not be discriminated against for exercising rights. To exercise, email the same address.

11. International transfers

Mentionwell is operated from the United States. Several of our subprocessors are also in the United States. When personal information leaves your country, we rely on the European Commission's Standard Contractual Clauses, the UK addendum, and the Swiss adequacy framework as applicable.

12. Security

We use TLS for data in transit, encryption at rest provided by our database and storage subprocessors, principle-of-least-privilege access controls, and monitoring for anomalous activity. More detail at Security. To report a vulnerability, email security@mentionwell.com.

13. Children's privacy

Mentionwell is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with information, contact privacy@mentionwell.com and we will delete it.

14. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify customers by email or in-product notice at least 30 days before they take effect.

15. Contact

For privacy questions, requests, or complaints:

Operated by ZipLyne (parent: https://ziplyne.agency).

See also

Terms of Service The contract that governs your use of Mentionwell. Cookie Policy What we set, why, and how to control it. Data Processing Addendum GDPR Article 28 contract for B2B customers. Subprocessors Every vendor that touches your data.