Privacy policy
How ShamMentor collects, uses, stores, and protects data in daily operations.
Operational draft based on current platform behavior. Pending legal counsel review before final legal adoption.
Scope and role
This policy applies to ShamMentor web and app services for mentees, mentors, sessions, events, and related support flows. ShamMentor acts as the platform operator and processes data to deliver matching, booking, messaging, and account security.
Account and profile data
When you create or use an account, we process data such as full name, email, phone, date of birth, role (mentor or mentee), language/timezone, profile fields, mentor details, and onboarding answers.
Session, event, and service data
We process booking/session/event records, participation status, scheduling data, pricing/payment state, attendance details, session notes metadata, and communication details needed to run mentoring services.
Messages, notifications, and support
We process inbox messages, notification records, and support context needed to deliver platform communications, safety actions, and account assistance.
Technical and security data
For security and reliability, we process session/device records, token/session metadata, IP and user-agent signals, anti-abuse/rate-limit metadata, activity/audit entries, and request diagnostics.
Web storage and cookies
On web, ShamMentor uses secure/auth cookies for session flows, localStorage for consent state and some client-side secure token wrappers, sessionStorage for attribution context, and IndexedDB for app/offline storage where applicable. We currently reset stale service workers/caches in Flutter web builds to reduce broken cached assets risk.
How we use data
Primary purposes are account creation, authentication, service delivery, mentor-mentee matching, bookings/events execution, notifications, fraud/abuse prevention, troubleshooting, and product quality improvement.
Who processes data
Data is processed by ShamMentor systems and trusted service providers used for infrastructure hosting, database/cache operations, email delivery/webhooks, push notifications, and optional file/object storage integrations.
Retention
Retention depends on data type. Some operational records have explicit expiry windows (for example sessions/tokens, upload expiry, temporary slot holds, and abuse-control buckets). Other business records are retained until account deletion workflows, legal/safety needs, or operational requirements are met.
User controls and rights
You can update profile/privacy settings, manage active sessions/devices, export account data, and request deletion from account settings and supported flows. Some records may be retained or anonymized where required for safety, fraud prevention, accounting, or legal obligations.
Contact and complaints
For privacy, export, deletion, or security questions, use the in-app settings/support paths or the contact page on shammentor.com/contact so the team can verify and process your request.
Policy updates
If this policy changes materially, we may update policy versions and require renewed acceptance for continued use of protected platform actions.