BlackMenta Ltd is a UK private limited company registered at
Companies House under number 16988667, with registered office in London, United Kingdom.
For the purposes of UK GDPR and applicable data protection law, BlackMenta Ltd
is the data controller for all personal data processed through
blackmenta.com, auth.blackmenta.com, and
api.blackmenta.com.
Contact for privacy matters: privacy@blackmenta.com. We respond within 72 hours.
| category | what | when | why |
|---|---|---|---|
| your email address | you enter it to request a login link | send the link · identify your account | |
| profile | display name, company, country, intent | you fill the form on your profile page | improve your experience · context for our outreach |
| session | session cookie token (30-day lifetime), user-agent string | on every login | keep you logged in · detect suspicious session reuse |
| query activity | SHA-256 hash of your query · agent name · tier · blocked-or-not · latency | each time you query the AI terminal (only if telemetry is on) | improve content coverage · identify red-line blocks |
| magic links | one-time login tokens | when you request a login link | issue a single-use authenticated session |
Under UK GDPR Article 6, we rely on the following lawful bases:
We do not rely on legitimate interests as cover for behavioral profiling, advertising, or anything you might be surprised by.
| data | retention |
|---|---|
| email + profile | as long as your account exists · you can delete anytime |
| session tokens | 30 days max · shorter if you log out |
| query activity | 30 days rolling · older rows auto-deleted by nightly job |
| magic links | 15 minutes · single-use · expired links purged weekly |
| server access logs (nginx) | 14 days · compressed, then deleted · IPs are truncated |
Under UK GDPR and equivalent frameworks (EU GDPR, California CPRA), you have the following rights. All can be exercised directly from your profile page, or by emailing privacy@blackmenta.com.
/me/me/me · irreversible, no soft-delete/me/meWe share personal data with the following processors, each under a GDPR-compliant Data Processing Agreement:
| processor | role | data shared | location |
|---|---|---|---|
| Resend | transactional email (magic links) | your email · nothing else | EU / US (SCCs) |
| Hetzner Online GmbH | server hosting (database + app) | all stored data at rest | Germany (EEA) |
| Cloudflare | DNS · TLS termination (passthrough) | request metadata only · no persistent storage | global edge |
| Anthropic (Claude) | LLM for AI terminal responses (phase 3) | query text · no email · no profile | US (SCCs) |
We do not sell, rent, or trade personal data. Ever. Not even in aggregate.
We use one cookie: bm_session. It exists to keep you logged in.
It is HttpOnly, Secure, SameSite=Lax, with a 30-day lifetime. No tracking cookies.
No advertising cookies. No third-party cookies of any kind.
Because we use only a strictly-necessary functional cookie under UK GDPR and PECR, no banner consent is required — and we don't use one, because those banners are the worst of the modern web.
Some of our processors (Resend, Anthropic) are based outside the UK/EEA. Transfers to these providers are covered by:
Documentation available upon request to privacy@blackmenta.com.
We apply these technical and organizational measures:
secrets.token_urlsafe(32)) · single-use · 15-minute expiryIf you believe you've found a security issue, please email security@blackmenta.com. We respond within 24 hours for anything flagged as security.
Our service is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, email us and we'll delete immediately.
If we materially change how we process your data, we will notify you by email before the change takes effect and give you the chance to delete your account first. Minor clarifications are dated at the top of this page.
Historical versions of this policy are kept in our git history and available on request.
Privacy / data questions: privacy@blackmenta.com
Security disclosures: security@blackmenta.com
Everything else: hello@blackmenta.com
Postal: BlackMenta Ltd · London, United Kingdom · № 16988667
UK Supervisory Authority: Information Commissioner's Office · ico.org.uk