📊 Dashboard

Privacy Policy

Last updated: January 2025

Overview

At MENDR, we believe that trust and transparency are fundamental to effective facility management. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered facility management platform.

We are committed to maintaining the highest standards of data protection and privacy, especially given the sensitive nature of facility and property management data.

1. Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, phone number, company details
  • Facility Data: Property information, tenant details, contractor contacts
  • Maintenance Reports: Issue descriptions, photos, location data, priority levels
  • Communication Data: Messages, voice notes, and interactions with our AI system
  • Subscription Information: Plan details (Starter $49, Professional $99, Enterprise $249), billing information, add-on services, Alpha program benefits (processed securely through Stripe)
  • Alpha Testing Feedback: Bug reports, feature requests, and usage feedback

Information Automatically Collected

  • Usage Analytics: How you interact with MENDR (features used, session duration, click patterns)
  • Usage Monitoring: Plan limit tracking for properties, maintenance requests, and user accounts to manage overages
  • Fair Use Monitoring: AI token consumption, API request patterns, resource usage intensity, and automated abuse detection
  • Technical Information: Device type, browser version, operating system, IP address
  • Performance Data: System response times, error logs, service availability metrics
  • Location Data: GPS coordinates for on-site verification and routing (with explicit consent)
  • Integration Data: Information from connected systems (CAFM, IWMS, calendar systems)

Third-Party Integrations

When you connect MENDR with other systems, we may collect:

  • Calendar integration data (appointments, schedules, availability)
  • Email system data (communication logs, contact information)
  • Existing CAFM/IWMS data (property details, work orders, asset information)
  • Telegram data (usernames, message history for our bot interactions)

2. How We Use Your Information

Service Provision

  • Coordinate maintenance requests between tenants, supervisors, and contractors
  • Provide AI-powered assistance for facility management tasks
  • Generate reports and analytics for property performance
  • Manage contractor assignments and scheduling
  • Send automated notifications and status updates
  • Monitor usage limits and send overage notifications (80% threshold and limit exceeded alerts)
  • Facilitate plan upgrades when usage limits are exceeded
  • Enforce fair use policies and detect abuse patterns (token usage, API calls, resource consumption)
  • Implement throttling and rate limiting to maintain service quality for all users

AI Training and Improvement

  • Train our AI models to better understand facility management needs
  • Improve response accuracy and relevance
  • Enhance predictive maintenance capabilities
  • Optimize workflow automation

Business Operations

  • Process payments and manage subscriptions
  • Provide customer support and technical assistance
  • Ensure service security and prevent abuse
  • Comply with legal and regulatory requirements
  • Communicate important service updates and changes

3. Data Storage and Security

Where Your Data is Stored

Your data is securely stored on encrypted servers located in Singapore and AWS regions with appropriate data protection laws. We ensure compliance with international data transfer regulations.

Security Measures

  • End-to-end encryption for all communications and data transmission
  • AES-256 encryption for data at rest
  • Regular penetration testing and security audits
  • Multi-factor authentication for administrative access
  • Role-based access controls limiting data exposure
  • SOC 2 compliance and security certifications
  • 24/7 security monitoring and threat detection
  • Regular security training for all team members

Data Retention

We retain different types of data for varying periods based on business necessity and legal requirements:

  • Active maintenance data: Retained while service is active
  • Historical maintenance records: 7 years for audit and compliance purposes
  • Communication logs: 2 years for service improvement
  • Analytics data: 26 months (aggregated and anonymized)
  • Account information: Until account deletion request
  • Payment records: As required by financial regulations (typically 7 years)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in these specific circumstances:

Service Providers and Partners

  • Cloud hosting providers (AWS, with appropriate data processing agreements)
  • Payment processors (Stripe) for subscription management
  • Communication services (Telegram API) for messaging functionality
  • Analytics providers (with anonymized data only)
  • Security service providers for threat monitoring

Legal Requirements

  • When required by law, regulation, or court order
  • To protect our rights, property, or safety
  • To protect the rights, property, or safety of our users
  • In connection with fraud prevention and investigation

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the business assets. We will notify you of any such change in ownership or control.

5. Your Privacy Rights

You have comprehensive rights regarding your personal data:

Access and Portability

  • Request a copy of all personal data we hold about you
  • Export your facility and maintenance data in standard formats
  • Receive data in machine-readable format for transfer to other services

Correction and Updates

  • Update or correct inaccurate personal information
  • Modify facility data and contact information
  • Update integration settings and preferences

Deletion and Restriction

  • Request deletion of your personal data (right to be forgotten)
  • Restrict processing of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Withdraw consent for optional data processing

Communication Preferences

  • Opt out of marketing communications
  • Control notification frequency and types
  • Manage integration-specific data sharing

6. Cookies and Tracking Technologies

Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Basic website functionality
  • User preference storage

Analytics Cookies

We use Google Analytics to understand website usage patterns:

  • Page views and user journeys
  • Feature usage and adoption rates
  • Performance metrics and error tracking
  • Demographics and interests (anonymized)

You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

7. International Users and GDPR Compliance

Data Transfers

If you are located outside Singapore, your data may be transferred to and processed in Singapore. We ensure appropriate safeguards through:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by data protection authorities
  • Binding corporate rules for internal data transfers

GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to lodge complaints with your local data protection authority
  • Right to object to automated decision-making and profiling
  • Right to data portability in structured, machine-readable format
  • Right to withdraw consent without affecting lawfulness of prior processing

Legal Basis for Processing

  • Contract performance: To provide facility management services
  • Legitimate interests: Service improvement and security
  • Consent: Marketing communications and optional features
  • Legal obligation: Compliance with applicable laws

8. Children's Privacy

MENDR is designed for business use and is not intended for individuals under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it immediately.

For users between 13-18, we require parental or guardian consent before using our services.

9. Third-Party Services

MENDR integrates with various third-party services, each with their own privacy policies:

We regularly review our third-party integrations to ensure they meet our privacy and security standards.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes through:

  • Email notifications to your registered address
  • In-app notifications within MENDR
  • Prominent notices on our website
  • Direct communication for significant changes

Continued use of MENDR after policy updates constitutes acceptance of the new terms.

Contact Us

For privacy-related questions, requests, or concerns, please contact us:

  • Email: [email protected]
  • Response Time: We aim to respond within 48 hours
  • Data Protection Officer: Available for complex privacy matters
  • Emergency Contact: For urgent security or privacy breaches

Subject Access Requests: Please include "Privacy Request" in the subject line and provide sufficient information to verify your identity.