Mentioned
Sign InSign Up

Privacy Policy

Last updated: April 2026

1. About This Policy

This Privacy Policy describes how Mentioned (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our AI search visibility tracking platform at mentioned.com.au (“Platform”).

We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Company or business name
  • Job title or role
  • Password (stored in hashed form)

2.2 Billing Information

  • Payment details are processed securely by RevenueCat and its underlying payment providers
  • We do not store your full credit card details on our servers

2.3 Platform Usage Data

When you use the Platform, we collect:

  • Brand and competitor names you track
  • AI search queries you monitor
  • Visibility scores and tracking results
  • Content recommendations generated
  • Reports created and exported
  • Feature usage and interaction patterns

2.4 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URLs
  • Pages visited and time spent
  • Session identifiers

2.5 Communications

  • Emails and messages you send to us
  • Support requests and feedback

3. How We Use Your Information

We use your personal information to:

  • Provide, operate, and maintain the Platform
  • Process subscriptions and payments
  • Track AI search visibility on your behalf
  • Generate reports and recommendations
  • Send transactional emails (account confirmations, billing receipts, password resets)
  • Send product updates and feature announcements (you can opt out at any time)
  • Analyse Platform usage to improve features and performance
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

We will not use your personal information for purposes other than those described in this policy without your consent, unless required or authorised by law.

4. Legal Basis for Processing

We process your personal information on the following grounds:

  • Contractual necessity: To provide the services you have subscribed to
  • Legitimate interests: To improve our Platform, ensure security, and communicate with you about our services
  • Consent: Where you have opted in to marketing communications
  • Legal obligation: To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal information.

We may share your information with the following categories of third parties, solely for the purposes described in this policy:

5.1 Service Providers

  • Supabase — Database hosting and authentication (data stored in Australia)
  • RevenueCat — Subscription billing and payment processing
  • PostHog — Privacy-focused product analytics
  • Resend — Transactional and marketing email delivery
  • Vercel — Platform hosting and deployment

5.2 AI Search Engines

The Platform queries third-party AI search engines (such as ChatGPT, Claude, Perplexity, and Google AI Overviews) to track visibility. The queries submitted are based on information you provide (brand name, tracked queries). We do not share your personal account information with these providers.

5.3 Agency Accounts

If you use agency features, your end clients' brand data is processed through the Platform. You are responsible for ensuring you have appropriate consent from your clients. We do not independently contact or share data with your end clients.

5.4 Legal Requirements

We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Storage and Security

6.1 Location

Your data is stored on Supabase servers located in Australia.

6.2 Security Measures

We implement reasonable technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with hashed passwords
  • Role-based access controls
  • Regular security reviews

6.3 No Guarantee

While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Platform to you. After account closure or cancellation:

  • Account data is retained for up to 30 days to allow for reactivation
  • Billing records are retained as required by Australian tax law
  • Anonymised and aggregated data may be retained indefinitely for analytical purposes
  • You may request earlier deletion by contacting us

8. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access your personal information held by us
  • Correct inaccurate or outdated personal information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Opt out of marketing communications at any time
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

To exercise any of these rights, contact us at mentionedaus@gmail.com. We will respond within 30 days.

9. Cookies and Tracking

9.1 Essential Cookies

Required for the Platform to function:

  • Authentication and session management
  • Security tokens
  • User preferences

9.2 Analytics

We use PostHog for privacy-focused product analytics. PostHog helps us understand how users interact with the Platform so we can improve features and performance. PostHog is configured to respect user privacy and does not sell data to third parties.

9.3 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent the Platform from functioning properly.

10. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing any personal information.

11. Children

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it.

12. International Data Transfers

Your data is primarily stored in Australia. If any data is transferred outside of Australia (for example, through third-party service providers), we take reasonable steps to ensure it is protected in accordance with the Australian Privacy Act 1988.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Platform. The “Last updated” date at the top of this policy indicates when it was last revised.

Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

14. Contact and Complaints

For privacy inquiries, data requests, or complaints:

Email: mentionedaus@gmail.com

Website: mentioned.com.au

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au
Phone: 1300 363 992

Related Pages: Terms and Conditions · AI Policy