DATA GOVERNANCE & PRIVACY

Privacy Policy

Protocol Version 3.0 | Compliant with LinkedIn API & OIDC Specifications | Last Revised: July 11, 2026

Privacy Overview

This policy outlines how Mentorfinders collects, uses, and safeguards personal data, specifically complying with Google & LinkedIn OAuth 2.0 / OpenID Connect policies.

Privacy Support

For privacy inquiries or data erasure: Info@mentorfinders.com

1 1. Introduction & Data Controller

Welcome to Mentorfinders (accessible via Mentorfinders). We are committed to protecting your online privacy. As the Data Controller, Mentorfinders manages the collection, storage, and processing of your personal information in strict accordance with international data protection standards, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2 2. Personal Data We Collect

To ensure high-quality verified mentorship matching, we collect the following categories of information:

  • Account Credentials: Email address, passwords (fully hashed using secure algorithms), and IP addresses.
  • Professional Profile Details: Full Name, professional headline, biographic summary, academic education, licensing, and professional experience.
  • Scheduling & Booking Metadata: Session requests, accepted job bids, meeting dates/times, and preferred timezones.
  • Technical Connection Logs: Access timestamps, browser type, device information, and transaction history for verification.
3 3. LinkedIn & Google OAuth Data Usage

Mentorfinders supports social login and registration via Third-Party Identity Providers, specifically Google OAuth 2.0 and LinkedIn OpenID Connect (OIDC).

OAuth Scope Disclosures:
  • Requested Scopes: We request the `openid`, `profile`, and `email` scopes during authentication.
  • Retrieved Data: From LinkedIn’s OpenID Connect `/v2/userinfo` endpoint, we collect only your primary email address, verified status, profile name, and profile picture.
  • Usage & Access: This data is retrieved dynamically during auth to match your login and pre-fill your professional registration fields. We do not store or request access tokens for offline background operations.

LinkedIn Privacy Compliance: We do not sell, rent, or distribute personal data fetched via the LinkedIn API to any advertising networks or third-party marketing services.

4 4. Purpose of Processing

We process your personal information only for legal and business-related purposes:

  • To verify the credentials, education, and identity of global mentors.
  • To match mentors and mentees based on professional categories and timezones.
  • To generate and store calendar bookings, meeting links, and session schedules.
  • To process secure transactions through approved gateways (e.g., SSLCommerz).
5 5. Data Retention & Erasure (Right to Deletion)

We store your personal profile information as long as your Mentorfinders account is active. Transaction history is kept as necessary to comply with tax and audit laws.

How to Request Profile Deletion:

You have the right to request full data erasure at any time. Simply send an email from your registered address to Info@mentorfinders.com with the subject line "Request for Data Erasure". All personal profile attributes, OAuth connections, and history will be permanently deleted from our primary databases within 30 days.

6 6. Your Rights under GDPR & CCPA

As a global platform user, you have the following rights:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can edit your name, timezone, profile, and details at any time from your settings panel.
  • Right to Restrict Processing: You can revoke third-party API permissions (Google/LinkedIn) at any time.
7 7. Data Protection & Encryption

Mentorfinders implements robust safety measures. We employ secure session handling (HTTPOnly and Secure flags), Cross-Site Scripting (XSS) filters, CSRF token validation, and secure password hashing algorithms to defend your credentials and personal records.