Privacy Policy

MentalBro ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

By using MentalBro, you agree to the practices described in this policy.

1. Data Controller

MentalBro is operated and controlled from the Netherlands.

For GDPR purposes, MentalBro is the Data Controller of all personal information processed through the platform.

2. Information We Collect

We collect the following categories of personal data:

2.1 Information You Provide Directly

  • Name, username, email address
  • Passwords or authentication data
  • Psychological assessments (mindset scores, self-reflection answers, emotional states)
  • Journal entries and notes
  • Pre-trade and post-trade assessment responses
  • Custom rules, habits, and behavioral settings
  • Messages or support requests

2.2 Automatically Collected Data

We may collect limited technical data such as:

  • IP address (anonymized where possible)
  • Browser type
  • Device information
  • Basic analytics (country, page visits, usage patterns)

Collected via:

  • Vercel Analytics
  • Firebase Analytics (if enabled)
  • Google Tag (Google Ads) – only if you accept cookies in our cookie banner (used for ad performance and trial-start conversion measurement)

We do not use advertising or measurement cookies until you have accepted them via the cookie consent banner. You can reject optional cookies at any time when the banner is shown.

2.3 Mentor Access Data

If you invite a mentor using the mentor-access link:

  • Your psych scores
  • Journal entries
  • Assessments
  • Behavioral analytics
  • Rule violations

are made available to that mentor.

This access is voluntary, revocable, and entirely controlled by you.

3. Lawful Basis for Processing

We process your data under GDPR based on:

  • Art. 6(1)(b) – Contract: To provide the MentalBro service
  • Art. 6(1)(a) – Consent: For optional features, analytics, mentor sharing
  • Art. 6(1)(f) – Legitimate Interest: Security, fraud prevention, platform improvements

Special data note: Psychological assessment data is treated as self-reported educational data, not health data, and is processed only with your explicit consent (Art. 9(2)(a))

4. How We Use Your Information

We use your data to:

  • Provide, operate, and maintain the MentalBro platform
  • Generate psychology-based insights and recommendations
  • Track your mindset, habits, and behavioral patterns
  • Display analytics and assessment results
  • Deliver customer support
  • Improve platform functionality and performance
  • Communicate important service updates
  • Ensure platform security and prevent misuse

MentalBro does not use your data to make financial or trading recommendations.

6. How Mentors Access Your Data

If you share your mentor access link, you consent to the mentor viewing:

  • Assessment results
  • Psych scores
  • Journals and notes
  • Behavioral analytics
  • Rule violation logs

Mentors cannot access your login details or modify your account.

You may revoke mentor access at any time.

5. Cookies and Consent

We use a cookie consent banner so you can choose whether to allow optional cookies. We use:

  • Strictly necessary cookies – required for the site and authentication to work (e.g. session, security).
  • Optional cookies (only if you accept) – Google Tag (Google Ads) for ad performance and trial-start conversion measurement. First paid subscription conversions after trial are not tracked in the browser. These tags are only loaded after you click "Accept" in the banner.

Your choice (Accept or Reject) is stored for one year so we do not ask on every visit. You can change your mind by clearing this site's cookies and data in your browser; the banner will appear again and you can make a new choice.

For more on how Google uses data, see Google's Privacy Policy.

7. Data Sharing With Third Parties

We do not sell or rent your data.

We share data only with trusted third-party processors when necessary to provide the Service:

  • Firebase (Google Cloud) – authentication, database, file storage
  • Stripe – payment processing
  • Vercel – hosting and analytics
  • Google (Google Tag / Google Ads) – ad and trial-start conversion measurement only when you have accepted cookies
  • Email providers – transactional messaging

All processors comply with GDPR, provide adequate safeguards, and operate under data-processing agreements.

We may also disclose data when required by law, regulation, or valid legal request.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (Firebase-managed encryption)
  • Access control and authentication restrictions
  • Regular security monitoring

No system is perfectly secure; you acknowledge that absolute security cannot be guaranteed.

9. Data Retention

We retain your data only as long as:

  • your account remains active, or
  • necessary to provide the Service, or
  • legally required (e.g., tax/payment records)

Upon account deletion:

  • psychological assessments, journals, and personal information are permanently deleted
  • anonymized aggregate data (non-identifiable) may be retained for research or analytics purposes

10. Your Rights Under GDPR

You have the following rights:

  • Access – Request a copy of your data
  • Correction – Fix inaccurate or incomplete information
  • Deletion – Request deletion ("right to be forgotten")
  • Restriction – Limit processing in certain circumstances
  • Portability – Export your data in machine-readable format
  • Objection – Object to processing based on legitimate interests
  • Withdraw consent – For consent-based features (e.g., mentor sharing)

Submit requests through the website contact form.

We may verify your identity before processing requests.

11. Children's Privacy

MentalBro is strictly for individuals 18 years and older.

We do not knowingly process personal data of minors.

If we discover a minor has used the Service, their account and data will be deleted.

12. International Data Transfers

Your data may be stored or processed in the EU, EEA, or countries deemed adequate under GDPR.

If transfers occur outside these regions, we use:

  • Standard Contractual Clauses (SCCs), or
  • other approved GDPR safeguards

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations.

Material changes will be communicated via email or through the platform.

Continued use after updates constitutes acceptance of the revised policy.

14. Contact Us

For privacy questions, GDPR requests, or data concerns, contact us via the official contact form on our main website.

Last updated: February 2026