Privacy Policy
Last updated: July 6, 2026 · Effective: July 6, 2026
MentaImage Inc. ("MentaImage", "we", "us") provides a mobile application that helps users reflect on stress and wellbeing patterns through voice, text, and creative-expression check-ins. This Privacy Policy describes what personal information we collect, how we use it, who we share it with, and your rights.
mentAImage is a wellbeing and stress-awareness platform. It is not a medical device and does not diagnose, treat, cure, or prevent any disease or medical condition.
1. Who we are
MentaImage Inc., based in Quebec, Canada. For privacy questions, contact our Privacy Officer at privacy@mentaimage.com.
2. What we collect
Account information
- Email address, name, date of birth, language preference
- Authentication credentials (passwords hashed with bcrypt; never stored in plaintext)
Check-in and wellbeing data (sensitive personal information)
- Voice recordings and voice-derived stress and wellbeing features
- Text reflections and responses to check-in questions
- Drawing, handwriting, and creative-expression inputs
- Self-reported stress, burnout, and emotional context
- Session timestamps, exercise completion, and participation data
- Optional: cognitive or neurodivergent profile (only if you choose to provide it)
- Optional: organization or pilot participation information
Technical data
- Device type, operating system version, app version
- IP address (encrypted, retained for audit and security only)
- Crash reports and aggregated, de-identified analytics
3. How we use your information
- Provide the check-in and reflection experience
- Generate personal stress and wellbeing trend insights for you
- Analyze your check-in data via AI models to support those insights
- Provide coping-skills suggestions and psychoeducational content through Monai
- Produce aggregated, de-identified organizational insights for employers or pilot sponsors (never individual-level content)
- Improve user experience, evaluate product performance, and develop stress-pattern models, using de-identified or aggregated data only
- Secure the service, prevent abuse, and meet legal obligations
- Communicate service messages (account changes, security alerts)
We do not sell your personal information. We do not use your check-in data for advertising. We do not provide employers with individual check-in content, voice recordings, text reflections, drawings, or individual mental health profiles. We do not use identifiable personal data to train AI models without appropriate consent and legal basis.
4. Third-party AI services and data sharing
What data is sent to AI services, who receives it, and your consent
To deliver the core features of mentAImage, we send certain check-in data to third-party AI services. We ask for your explicit permission before any of this processing begins, during app onboarding. You may withdraw consent at any time from Settings.
Your check-in data is processed by the following third-party AI services, each under a data-processing agreement:
Voice analysis
- What is sent: Voice audio from your PulseKey check-in recordings
- Who receives it: Hume AI (United States)
- Why: To analyze vocal patterns used to generate your wellbeing score
- Safeguards: Your recordings are not used to train Hume AI's models
- Your permission: You consent to voice analysis during onboarding. You may opt out of voice check-ins at any time without losing access to other features.
AI reflection and wellbeing analysis (Monai)
- What is sent: Your drawings, text reflections, and numerical wellbeing scores from check-ins
- Who receives it: Google Cloud (United States), which powers our AI companion Monai
- Why: To power Monai, our AI reflection and coping-skills companion, and to generate your wellbeing insights
- Safeguards: Processed under a data-processing agreement. Your data is not used to train AI models.
- Your permission: You consent to AI analysis of your check-ins during onboarding. You may choose not to use Monai or submit check-ins without losing your account.
No other third-party AI services receive your personal check-in data.
5. Legal basis and consent (Quebec Law 25 / PIPEDA)
We process your data based on your express, informed, opt-in consent, captured in-app during onboarding. For sensitive personal information (voice recordings, text reflections, drawings, wellbeing scores), we use separate express consent checkboxes. You may withdraw consent at any time from Settings.
6. Organization-sponsored use
When mentAImage is provided through an employer, institution, or partner organization, the organization may receive aggregated and de-identified group-level insights only. Individual check-in content, voice recordings, text reflections, drawings, and individual mental health profiles are not shared with employers. mentAImage is not an employee surveillance tool. Individual data is not used for employment decisions.
7. Research and model improvement
We may use de-identified, aggregated, or pseudonymized data to improve the service or support research, where permitted by applicable law, consent, ethics review, and internal governance. Where identifiable data is used for research or model development, this requires separate explicit consent.
8. How we protect your data
- Sensitive check-in data is encrypted at rest using AES-256-GCM with keys in Google Cloud KMS (90-day automatic rotation)
- All data in transit is encrypted with TLS 1.2+
- Access to production systems is restricted, logged, and audited
- Voice recordings are stored in access-controlled object storage in Canada
- Primary server infrastructure is hosted in Google Cloud's northamerica-northeast1 (Montreal) region
9. Data retention
- Active account data: retained while your account is active
- Check-in and wellbeing data: retained for up to 6 years from creation, consistent with health records standards
- Account deletion: sensitive data is purged within 30 days of your deletion request
- De-identified or aggregated data may be retained for research and product improvement where permitted by law
10. Cross-border processing
Your personal information is stored at rest in Canada (Google Cloud Montreal region). When your check-in data is processed by our third-party AI service providers for voice analysis or AI reflection and wellbeing analysis, it is transferred to the United States under data-processing agreements. Before transferring personal information outside Quebec, we assess the sensitivity of the information, the purpose, the safeguards, and the legal framework of the destination jurisdiction.
11. Your rights
Under Quebec Law 25 and PIPEDA, you have the right to:
To exercise these rights, email privacy@mentaimage.com. We respond within 30 days.
12. Confidentiality incidents
If we become aware of a confidentiality incident, we will take reasonable measures to reduce the risk of harm. Where required by law, we will notify the Commission d'acces a l'information du Quebec, the Office of the Privacy Commissioner of Canada, and affected individuals.
13. Children
The service is not intended for children under 14. Users aged 14 to 17 require verifiable parental or guardian consent, collected via email confirmation.
14. Changes to this policy
Material changes are notified in-app at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.
15. Contact
Privacy Officer
MentaImage Inc.
Quebec, Canada
privacy@mentaimage.com