Privacy Policy
Service: Mend (mendchat.com) Operated by: Adis Limited Effective date: 3rd Jun 2026 Version: 1.0
1. Who we are
Mend is operated by Adis Limited ("Mend", "we", "us", "our"), a company registered in England and Wales.
| Company name | Adis Limited |
| Company number | 06363895 |
| Registered office | 6A Thirlmere Road, London, N10 2DN, United Kingdom |
| VAT number | GB 207613920 |
| Privacy contact | legal@mendchat.com |
Adis Limited is the data controller for the personal data described in this policy. This means we are responsible for deciding how and why your personal data is processed.
If you have any questions about this policy or how we handle your data, contact us at the privacy contact above.
2. Our core commitment
We built Mend around privacy. In plain terms:
- We do not sell your personal data. Ever. We do not, and will not, sell, rent, or trade your personal data to third parties for their own commercial purposes.
- We do not retain your conversations. The content of your conversations in a room is ephemeral. When the room is closed, the conversation is gone. We do not keep transcripts.
- Your conversations are never made public. No conversation content is ever published, shared publicly, or made available to other users beyond the participants in your room.
- We collect as little as possible. We do not require you to create an account or set a password. We collect only what we need to provide the service, take payment, and meet our legal obligations.
The rest of this policy explains the detail behind those commitments.
3. The personal data we collect
3.1 Information you give us
- Contact identifier. When you start a trial or make a purchase, we collect your email address. This is how we send magic links, manage your access, and contact you about the service.
- Payment information. When you pay, payment is processed by our third-party payment provider Stripe. We do not store your full card details on our systems. We receive limited information such as a transaction reference, the last four digits of your card, and billing country. We do not provide recurring subscriptions.
- Marketing preferences. Your choices about whether we may contact you with updates or offers.
- Room setup choices. When you open a room, you tell us limited contextual information to calibrate the service: the type of relationship, the nature of the conversation, and how you are feeling. See section 5 on special category data.
3.2 Information generated when you use the service
- Conversation content (processed transiently — not retained). The messages you type are processed in real time to provide softening and coaching. This content is not stored after the room closes. See section 6.
- Technical and usage data. IP address, device and browser type, approximate location derived from IP, time zone, and basic logs needed for security, fraud prevention, and to keep the service running.
3.3 Information from third parties
- Confirmation of payment and fraud-check signals from our payment provider.
4. Why we process your data and our lawful bases
Under UK GDPR we must have a lawful basis for each processing purpose.
| Purpose | Data used | Lawful basis |
|---|---|---|
| Provide the Mend service to you | Email, room setup choices, conversation content (transient) | Performance of a contract (Art. 6(1)(b)) |
| Process the sensitive aspects of your conversations | Special category data (see s5) | Explicit consent (Art. 9(2)(a)) |
| Take payment and prevent payment fraud | Payment data, technical data | Contract and legitimate interests (Art. 6(1)(b),(f)) |
| Keep the service secure and prevent abuse | Technical and usage data | Legitimate interests (Art. 6(1)(f)) |
| Send service emails (e.g. magic links, receipts) | Contract (Art. 6(1)(b)) | |
| Send marketing (only if you opt in) | Email, marketing preferences | Consent (Art. 6(1)(a)) |
| Comply with legal and accounting obligations | Transaction records | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you may withdraw it at any time (see section 11). Where we rely on legitimate interests, we have assessed that our interests do not override your rights, and you may object (see section 11).
5. Special category data
Conversations on Mend may reveal sensitive information — for example about your health or mental health, relationships, sex life, religious or philosophical beliefs, or similar. Under UK GDPR this is special category data and receives extra protection.
We process this type of data only:
- on the basis of your explicit consent, which we ask for before you use the service; and
- to the extent necessary to provide the softening and coaching features you have asked for.
You can withdraw this consent at any time by stopping use of the service and contacting us. Withdrawal does not affect processing that already took place, and because conversations are ephemeral there is generally nothing retained to erase once a room is closed.
6. How conversations are processed (and why they are not retained)
To soften your messages and provide coaching, the content you type is sent securely, in real time, to AI processing services acting as our processors or sub-processors:
- Amazon Web Services (AWS) Bedrock — including models provided by Amazon and by Anthropic;
- Google — Gemini models; and
- our own protected internal models.
We have data processing terms in place with these providers. Conversation content is processed only to deliver the service to you. We do not permit your conversation content to be used to train these providers' general models, and no conversation content is ever made public. (See review note L-3.)
When you close a room, the conversation content is deleted and not retained by Mend. An optional next-steps summary may be generated for you to download and keep; this is provided to you and is not retained by Mend after the room closes (confirm against your implementation — review note L-4). Once a room is closed, it cannot be recovered by you, by the other participant, or by us.
7. Children and young people
Mend may be used by people under 18 — for example in the parent–teenager use case — only with the verifiable consent and involvement of a parent or legal guardian.
- A parent or guardian must set up access and provide consent before any person under 18 uses the service.
- We apply the protections expected by the ICO's Age Appropriate Design Code (the Children's Code) to data about young people.
- We do not knowingly process the data of a child without appropriate parental consent. If you believe a child has used Mend without such consent, contact us and we will take appropriate steps.
(This area carries the highest legal risk — see review notes L-1 and L-2 on the consent mechanism and age assurance.)
8. Who we share data with
We share personal data only with:
- Service providers (processors) acting on our instructions, including our hosting provider (AWS), our AI processing providers (section 6), our payment provider, and our email-delivery provider. They may only use the data to provide services to us.
- Professional advisers (such as lawyers and accountants) where necessary.
- Authorities or third parties where we are required to by law, or to establish, exercise or defend legal claims, or to protect the safety of any person.
- A successor in the event of a business sale or reorganisation, subject to this policy.
We never sell your personal data, and we do not share it with advertisers for their own purposes.
9. International transfers
We operate using infrastructure in both the UK/EU and the United States. This means some of your personal data — including conversation content during processing — is transferred outside the UK.
Where we transfer personal data outside the UK, we ensure an appropriate safeguard is in place, such as:
- transfer to a country covered by UK adequacy regulations;
- the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and/or
- reliance on the UK Extension to the EU–US Data Privacy Framework where the receiving organisation is certified.
You may request a copy of the relevant safeguard by contacting us. (See review note L-5.)
10. How long we keep data
| Data | Retention |
|---|---|
| Conversation content | Not retained — deleted when the room closes |
| Next-steps summary | Provided to you to download; not retained by Mend after room closes (confirm — L-4) |
| Email and account/access records | For as long as you use the service, then up to 24 months after your last activity |
| Payment and transaction records | As required by UK tax and accounting law (generally 6 years) |
| Marketing preferences | Until you withdraw consent, then a suppression record to honour your choice |
| Security/abuse logs | 12 months |
11. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure ("right to be forgotten");
- restrict or object to processing;
- request data portability;
- withdraw consent at any time, where processing is based on consent; and
- not be subject to solely automated decisions producing legal or similarly significant effects.
To exercise any right, contact us at legal@mendchat.com. We will respond within one month. There is normally no charge.
You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or 0303 123 1113. We would, however, appreciate the chance to address your concerns first.
12. Automated processing
Mend uses AI to soften messages and provide coaching suggestions. This processing supports your own communication — it does not make decisions that have legal or similarly significant effects on you, and a human (you) remains in control of what is sent. The AI features are assistive and may not always be accurate; see our Terms of Service.
13. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and minimising what we collect and retain. No system can be guaranteed perfectly secure, but the ephemeral design of Mend means there is very little stored to be at risk.
14. Cookies and similar technologies
We use only the cookies and similar technologies necessary to operate the service securely (for example, to maintain your session via a magic link) and, where you consent, limited analytics to improve the service. [INSERT LINK TO COOKIE NOTICE / details, or confirm strictly necessary only — review note L-6.]
15. Changes to this policy
We may update this policy from time to time. If we make material changes we will take reasonable steps to notify you, for example by email or a notice on mendchat.com. The "Effective date" above shows when this version took effect.
16. Contact
Adis Limited 6A Thirlmere Road, London, N10 2DN, United Kingdom Privacy contact: legal@mendchat.com