Your data stays in Europe

All data — database, files, video, audio — is stored exclusively on European servers. We use Neon PostgreSQL in the EU region as our primary database and Vercel Blob Storage in the EU for media. Data never leaves the European Union.

No data transits through US-based intermediaries. No CLOUD Act exposure, no Patriot Act access. Hosting satisfies EU Data Residency (EDPB 2026) and the Schrems II ruling.

• In transit: TLS 1.3 for all connections (no legacy ciphers). HSTS with 2-year preloaded policy.
• At rest: AES-256 encryption for the database (Neon) and Vercel Blob.
• Passwords: bcrypt (cost factor 12) — never plaintext, never hashed with weak algorithms.
• Session tokens: JWT with HS256, 24-hour validity, role refresh every 5 minutes.
• Connections: OAuth tokens (Google, Microsoft) stored in a dedicated table with access controls.

• Cloudflare Turnstile CAPTCHA on the signup form (no bots, no scraping).
• Email verification is required for every new account — prevents identity takeover.
• Single Sign-On: Google Workspace + Microsoft Entra ID (Azure AD).
• Tenant-level SSO enforcement: the administrator can disable password login for their workspace.
• Rate limiting: 5 logins per 15 minutes per email, 3 signups/hour per email.
• Audit log: every significant action (login, data change, export) is recorded.

Mentor is a multi-tenant platform — every company has fully isolated data. Every database query is scoped to tenantId, without exception. Cross-company data leakage is architecturally impossible.

• Every database row has a tenantId column with unique constraints.
• All server-side calls route through getTenantContext() with authentication + membership check.
• Edge middleware verifies JWT and tenant access before any request is processed.
• Role-based access control (RBAC) with 6 roles + 14 granular permissions.

We respect all rights granted by the GDPR:

• Right of access — admins can export all data as CSV/JSON at any time.
• Right to rectification — users can edit their profiles; admins can edit others.
• Right to erasure — "right to be forgotten" action in the admin UI. Anonymization is immediate; hard delete within 30 days.
• Right to data portability — structured export in machine-readable format.
• Data Processing Agreement (DPA) — available to all paying customers; contact legal@getmentor.eu.
• Email opt-out — every notification email carries a "List-Unsubscribe" header (RFC 8058) + one-click unsubscribe link.

• Automatic backups every 24 hours with 7-day history (Neon point-in-time recovery).
• Recovery Time Objective (RTO): 4 hours for core functionality.
• Recovery Point Objective (RPO): under 1 hour — worst-case data loss bounded at 60 minutes.
• Neon and Vercel provide geographic redundancy within EU regions.
• Sentry captures real-time error anomalies with on-call alerts.

• Content Security Policy (CSP) for XSS protection — strict directives, explicit domain allowlist.
• HTTP Security Headers: X-Frame-Options DENY, X-Content-Type-Options nosniff, Strict-Transport-Security, Permissions-Policy.
• SCORM sandbox — imported SCORM packages run in an <iframe> with the sandbox attribute.
• Path traversal protection on all file-serving endpoints.
• CSRF protection via NextAuth.js CSRF tokens + same-origin checks in server actions.
• Regular code security reviews — internal and planned external audits in 2026.
• ISO 27001 certification is on the 2027 roadmap.

If you discover a security vulnerability, please email us at security@getmentor.eu. We respond within 24 hours. We do not penalize researchers who disclose issues responsibly.

In the event of a data incident affecting personal data, we notify the Data Protection Officer and the supervisory authority within 72 hours, as required by the GDPR.