Privacy Policy

Last updated: March 11, 2026

1. Introduction

Mendios ("Company," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit mendios.com and use our services, including SEO services, mobile app development, AI solutions, and free tools.

2. Information We Collect

2.1 Information You Provide

  • Contact & Hire Forms — Name, email address, phone number, business name, website URL, business address, and message content.
  • SEO Service Data — Business name, address, phone (NAP), website URL, business category, description, and tagline variants for directory submissions.
  • Payment Information — Processed securely by Stripe. We receive your name, email, and transaction details but never your full credit card number.
  • Chat Messages — Messages sent through our on-site chat widget.
  • Free Tool Input — Business name, URL, and category entered into our directory checker and other free tools.

2.2 Information Collected Automatically

  • Analytics Data — Page views, click events, session duration, referral source, and conversion funnel events via Mixpanel.
  • Session Recordings — Anonymized session replays on a small percentage of visits (5% in production) via Mixpanel to improve user experience. Recordings do not capture passwords, payment details, or sensitive form fields.
  • Error Data — Application errors, stack traces, browser info, and device type via Sentry for debugging and reliability.
  • Device & Browser Info — IP address, browser type, operating system, screen resolution, and language preference.
  • Cookies — We use essential cookies for site functionality and analytics cookies for Mixpanel tracking. See Section 7 for details.

2.3 Information from Third Parties

  • Directory Websites — For SEO services, we may collect publicly available information about your existing directory listings to assess your current SEO status.
  • AI Search Engines — We check your website's visibility in AI systems (robots.txt, structured data) as part of our services.

3. How We Use Your Information

We use your information to:

  • Deliver Services — Submit your business to directories, build mobile apps, develop AI solutions, and generate reports.
  • Process Payments — Charge for services and send receipts via Stripe.
  • Communicate — Respond to inquiries, send project updates, deliver reports, and provide post-launch support.
  • Improve Our Products — Analyze usage patterns, fix bugs, and optimize the user experience.
  • Marketing — Send service-related emails. We do not send unsolicited marketing emails unless you opt in.
  • Free Tool Results — Display directory presence, NAP consistency, and AI visibility scores. Free tool data may be used in aggregate to improve our services.

4. How We Share Your Information

We do not sell your personal information. We share data only in these cases:

  • Directory Submissions — Your business information (name, address, phone, website, description) is submitted to third-party directory websites as part of our SEO services. This is the core purpose of the service you purchase.
  • Service Providers — We use trusted third-party services:
    • Stripe — Payment processing
    • Supabase — Data storage and authentication
    • Vercel — Website hosting
    • Mixpanel — Analytics and session replay
    • Sentry — Error monitoring
    • Resend — Transactional email delivery
  • Legal Requirements — If required by law, subpoena, court order, or to protect our rights, property, or safety.
  • Business Transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

5. Data Retention

  • Client Data — Retained for the duration of our business relationship plus 3 years for tax and legal purposes.
  • SEO Submission Records — Retained indefinitely as proof of service delivery (directory names, URLs, submission dates, screenshots).
  • Contact Form Submissions — Retained for 2 years.
  • Free Tool Data — Retained for 90 days, then anonymized or deleted.
  • Analytics Data — Retained per Mixpanel's data retention policies (typically 12–24 months).
  • Error Logs — Retained per Sentry's retention policies (typically 90 days).

6. Data Security

We protect your data through:

  • HTTPS encryption on all pages and API endpoints.
  • Server-side API keys and service role keys never exposed to the browser.
  • Row-level security (RLS) on database tables.
  • Security headers: X-Frame-Options, X-Content-Type-Options, Referrer-Policy.
  • Input validation and sanitization on all form submissions.
  • Rate limiting on API endpoints and free tools.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies & Tracking

7.1 Essential Cookies

Required for site functionality, authentication, and security. Cannot be disabled.

7.2 Analytics Cookies

Mixpanel uses cookies to track page views, events, and sessions. These help us understand how visitors use our site and optimize the experience.

7.3 Session Replay

A small percentage of sessions (5%) are recorded via Mixpanel for UX research. Recordings capture mouse movements, clicks, and page scrolls but exclude sensitive input fields (passwords, payment info). You can opt out by enabling Do Not Track (DNT) in your browser — we respect the DNT signal.

7.4 Managing Cookies

You can disable cookies in your browser settings. Disabling essential cookies may affect site functionality. Disabling analytics cookies will prevent us from tracking your usage but will not affect your ability to use our services.

8. AI Crawlers & Robots

Our robots.txt allows AI crawlers (GPTBot, ClaudeBot, PerplexityBot, Google-Extended) to index our public content. This is for our own SEO benefit and does not affect your personal data. Your personal information submitted through forms is never exposed to crawlers.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate data.
  • Deletion — Request deletion of your personal data, subject to legal retention requirements.
  • Portability — Request your data in a machine-readable format.
  • Opt-Out — Opt out of analytics tracking by enabling Do Not Track in your browser or contacting us.

To exercise these rights, email us at hello@mendios.com. We will respond within 30 days.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared.
  • Right to delete personal information.
  • Right to opt out of the sale of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising your CCPA rights.

11. International Users (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your data based on:

  • Contract Performance — Processing necessary to deliver services you purchased.
  • Legitimate Interest — Analytics and site improvement.
  • Consent — Where required, such as for marketing communications.

You have the right to lodge a complaint with your local data protection authority.

12. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page regularly.

14. Contact

For privacy-related questions or to exercise your rights, contact us at:

See also: Terms of Use