Your deal flow stays your edge
Documents, questions, and memos in your data rooms are never used to train AI models — ours or our providers’. Nothing you upload improves anyone else’s product.
Security at Mentis
A data room holds a company’s most sensitive material — financials, cap tables, contracts, board minutes. So we wrote our security posture the way you’d want it in a deal: terms first, verifiable, no adjectives doing the work.
Documents, questions, and memos in your data rooms are never used to train AI models — ours or our providers’. Nothing you upload improves anyone else’s product.
All traffic runs over TLS. Documents, embeddings, and integration tokens are encrypted at rest — tokens with an additional application-level layer.
Every question, memo, and analysis is scoped to a single data room. Content from one room cannot surface in another, or in another customer’s account.
Google Drive, Notion, and meeting-notes connections request the narrowest OAuth scopes that work, and you can revoke them at any time.
Every connection to Mentis — browser, API, and integration syncs — runs over HTTPS. Unencrypted requests are not accepted.
Documents and generated embeddings are stored encrypted at rest. Integration OAuth tokens are additionally encrypted before storage.
Retrieval and generation are scoped to the data room you are working in. Model providers process your content to answer your question and are contractually barred from training on it.
A data room is visible only to its owner and the teammates they explicitly share it with. There is no cross-account access path.
Deleting a data room removes its documents, analysis, and embeddings from active systems. Full account deletion is honored within 30 days.
Mentis is SOC 2 compliant. Our controls — access management, encryption, change management, and vendor review — are held to the SOC 2 Trust Services Criteria for security, availability, and confidentiality.
Our use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements. Drive data only powers the features you request — never model training, never resale.
Delete any data room — documents, analysis, and embeddings included — at any time from your dashboard. Full account deletion is honored within 30 days, as described in our privacy policy.
The infrastructure that processes customer data. Providers you connect yourself — Google, Notion, meeting-notes tools — only receive data when you link them.
| Provider | Purpose | Safeguard |
|---|---|---|
| Anthropic | AI analysis and memo generation (Claude) | No training |
| OpenAI | Document embeddings for search | No training |
| Pinecone | Encrypted vector search index | Per-room isolation |
| Amazon Web Services | Document storage (S3) | Encrypted at rest |
| Railway | Application hosting and database | Encrypted at rest |
Vendor reviews, security questionnaires, or something you think we should know — security reports get a same-day human response.
Contact security