Menthra Compliance and Security — HIPAA FERPA COPPA SOC 2

Compliance & Security

Built for the most regulated environments

Menthra is designed from the ground up for healthcare, education, and enterprise compliance. Here is exactly how we protect your data and meet regulatory requirements.

Standards We Meet

Compliance is not a feature. It is infrastructure.

HIPAA

HIPAA Aligned

Healthcare-grade privacy for all conversations. Business Associate Agreements with all infrastructure providers. End-to-end encryption for data in transit and at rest. Access controls with role-based permissions and full audit logging.

FERPA

FERPA Compliant

Student educational records fully protected. Data governance aligned with district and university policies. Right to inspect and review. Annual notification protocols for parents and guardians.

COPPA

COPPA Compliant

Built for users under 13. Verified parental consent workflows. Age-appropriate content and interactions. No data collection beyond what is necessary for the service.

SOC 2

SOC 2 Type II Aligned

Operational security controls aligned with SOC 2 Type II requirements. Regular security audits and penetration testing. Continuous monitoring and incident response procedures.

DPDP

India DPDP Act

Compliant with the Digital Personal Data Protection Act for our India operations. Data localization awareness. Consent-driven data processing. Right to erasure and data portability.

ADA

Section 504 / ADA

Accessible design meeting WCAG 2.1 Level AA standards. Screen reader compatible. Keyboard navigation. High contrast ratios and semantic markup throughout.

Infrastructure & Encryption

How we protect your data

256-bit SSL encryption for all data transmission
End-to-end encryption for all conversations
Data encrypted at rest using AES-256
Azure cloud infrastructure (US-based data residency)
No data sold to third parties — ever
No third-party advertising
Role-based access controls with audit logging
Automated backup with disaster recovery procedures
Multi-factor authentication for all administrative access
Regular penetration testing and vulnerability assessments

Crisis Detection & Escalation

Real-time safety. Structured response.

Menthra monitors conversations for crisis signals in real time. When detected, the system follows a structured escalation protocol.

01
Level 1

Normal Use

Situations

Anxiety, stress, social issues, general emotional support

Action

AI companion provides support. Interaction logged. No human alert.

02
Level 2

Elevated Concern

Situations

Self-harm mention, severe distress, bullying disclosure

Action

Immediate counselor/admin notification. Conversation flagged for human review within 10 minutes.

03
Level 3

Imminent Danger

Situations

Active suicidal ideation, abuse disclosure, threat of violence

Action

Immediate escalation to all relevant parties (counselor, administrator, parents, law enforcement as required). AI stays with user until human support confirms. Crisis resources provided.

Data Ownership

Your data belongs to you

Menthra does not own your data. Conversations belong to the user. For enterprise and education deployments, institutional data belongs to the institution. Users can request data export or deletion at any time. We comply with all right-to-erasure requirements across jurisdictions.

Need More Details?

We are an open book

For BAA requests, security questionnaires, SOC 2 reports, penetration test results, or custom compliance documentation:

Ready?

Ready to see it in action?

Start a conversation or schedule a walkthrough with our team.

No credit card · HIPAA compliant · Your data is yours