Login

Privacy Policy

Last updated: March 2026

Version 1.0

Mendje SHPK ("Mendje," "we," "us," or "our") operates the Mendje mobile application (the "App") and the website at https://mendje.com (the "Website"). This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you use our services.

Mendje is a mental health platform connecting Albanian-speaking individuals with licensed therapists for video-based therapy sessions. Given the sensitive nature of mental health data, we are committed to the highest standards of data protection and transparency.

By creating an account or using the App, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as a legal basis for processing, you may withdraw that consent at any time (see Section 11).

1. Data Controller

The data controller responsible for your personal data is:

Mendje SHPK
REXHEP KRASNIQI, 26, Prishtinë
Republic of Kosovo

Email: info@mendje.com
Phone: +38349882294

We process personal data in accordance with the Republic of Kosovo Law No. 06/L-082 on Personal Data Protection, which is aligned with the European Union General Data Protection Regulation (EU) 2016/679 ("GDPR"). For users in the European Economic Area (EEA), United Kingdom, and Switzerland, GDPR applies directly to our processing activities.

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

When you create an account, we collect:

  • Name (first name and last name)
  • Email address
  • Password (stored as a cryptographic hash; we never have access to your plaintext password)
  • Phone number (optional)
  • Profile photo (optional)
  • Date of birth (optional)
  • Role (client, therapist, or administrator)
  • Preferred language (Albanian, English, or German)
  • Authentication provider (email/password or Google Sign-In)

2.2 Health and Mental Health Data (Special Category Data)

In the course of using the App for its intended therapeutic purpose, we process the following data, which is classified as special category data under GDPR Article 9:

  • Journal entries — personal reflections and journal text authored by you. These are encrypted on your device before being transmitted or stored (see Section 7)
  • Emotional state data — the emotion you select (e.g., happy, anxious, sad) and its intensity (1–5 scale), stored separately from journal text
  • Therapy approach metadata — the therapeutic modality associated with a journal or emotion entry (e.g., CBT, DBT, mindfulness)
  • Mental health concerns — the concerns you identify during the onboarding questionnaire (e.g., anxiety, depression, stress)
  • Previous therapy experience — whether you have previously attended therapy
  • Personal message to therapist — a free-text message you may write for your matched therapist during onboarding

2.3 Therapy and Booking Data

  • Booking records — session date, time, duration, type, status, price, and currency
  • Session records — session status, start/end times, and duration of video sessions
  • Homework assignments — tasks assigned by your therapist, your responses, and therapist feedback
  • Session feedback — ratings and comments you provide after a session (submitted anonymously; your therapist does not see this data)
  • Therapist assignment — which therapist you are matched with and the matching score
  • Chat messages — messages exchanged with your therapist within the booking context (encrypted; see Section 7)

2.4 Therapist Professional Data

If you register as a therapist, we additionally collect:

  • Professional title, biography, and credentials
  • Specializations, languages spoken, and service types offered
  • Education history and certifications
  • Years of professional experience
  • Hourly rate and currency
  • Availability schedule (weekly time slots, blocked dates, timezone)
  • Verification status
  • Ratings and review count (aggregated from client reviews)
  • Notification preferences

2.5 Client Profile Data

If you register as a client, we additionally collect:

  • Preferred therapist gender
  • Preferred session language
  • Age range
  • Service type preference (individual, couple, family, or child)
  • Emergency contact information (name, phone number, and relationship)
  • Emotion sharing preference (whether to share emotion metadata with your assigned therapist)
  • GDPR consent status and timestamp
  • Notification preferences

2.6 Payment Data

  • Transaction records — payment amount, currency, status, and timestamps
  • Limited card information — the last four digits of your payment card and card brand (e.g., Visa, Mastercard), for display purposes only
  • Transaction identifiers — merchant and gateway transaction IDs for reconciliation

We do not store full card numbers, CVVs, or other sensitive payment credentials. All payment processing is handled by our PCI DSS-compliant third-party payment processor (see Section 9). We retain only the minimum transaction data necessary for financial record-keeping and dispute resolution.

2.7 Technical and Device Data

  • Device tokens — tokens for delivering push notifications, along with the platform (iOS or Android)
  • Authentication metadata — email verification status, onboarding completion status, and last login timestamp
  • App usage data — content progress (which self-help articles, videos, or exercises you have accessed and your completion percentage)

2.8 Data We Do Not Collect

For clarity, Mendje does not collect or process:

  • Location data or GPS coordinates
  • Contact lists or address books
  • Advertising identifiers or tracking cookies
  • Browsing history outside the App
  • Biometric data (fingerprint, face recognition)
  • Behavioral analytics data

3. How We Use Your Data

We process your personal data for the following purposes:

PurposeData UsedLegal Basis (GDPR)
Creating and managing your accountAccount dataContract performance (Art. 6(1)(b))
Matching you with a suitable therapistOnboarding questionnaire, concerns, preferencesContract performance (Art. 6(1)(b))
Facilitating therapy bookings and video sessionsBooking data, session dataContract performance (Art. 6(1)(b))
Processing payments for therapy sessionsPayment dataContract performance (Art. 6(1)(b))
Providing the journaling feature (writing, storing, and displaying your encrypted journal entries)Journal entries (encrypted), emotion dataExplicit consent (Art. 9(2)(a)) for health data; Contract performance (Art. 6(1)(b)) for the service
Sharing emotion metadata with your assigned therapist (when you enable this feature)Emotional state, intensityExplicit consent (Art. 9(2)(a))
Enabling homework assignments between you and your therapistHomework dataContract performance (Art. 6(1)(b))
Sending push notifications (session reminders, booking updates)Device tokens, notification preferencesLegitimate interest (Art. 6(1)(f))
Providing self-help content and tracking your progressContent progress dataContract performance (Art. 6(1)(b))
Maintaining financial records and complying with tax obligationsPayment data (anonymized after account deletion)Legal obligation (Art. 6(1)(c))
Verifying therapist credentials and managing platform qualityTherapist professional data, session feedbackLegitimate interest (Art. 6(1)(f))
Preventing fraud and abuse (payment rate limiting)Payment rate limit dataLegitimate interest (Art. 6(1)(f))
Responding to data subject requests and legal obligationsAll data as relevantLegal obligation (Art. 6(1)(c))

4. Special Category Data: Health Data

Under GDPR Article 9, data concerning a person's physical or mental health constitutes special category data and is subject to additional protections. In the context of Mendje, the following data qualifies as health data:

  • Journal entries (content relating to mental health and emotional well-being)
  • Emotional state and intensity data
  • Mental health concerns identified during onboarding
  • Therapy session records and homework related to mental health treatment
  • Personal messages to therapists describing mental health needs

4.1 Legal Basis for Processing Health Data

We process health data under GDPR Article 9(2)(a) — explicit consent. You provide this consent when you:

  • Accept this Privacy Policy and the GDPR consent checkbox during the booking or onboarding process
  • Voluntarily enter journal entries, select emotional states, or describe your concerns
  • Explicitly enable emotion sharing with your therapist via the in-app toggle

4.2 Withdrawal of Consent

You may withdraw consent for health data processing at any time by:

  • Disabling emotion sharing with your therapist (toggleable in your profile settings)
  • Deleting individual journal entries
  • Deleting your account entirely (see Section 10)
  • Contacting us at info@mendje.com

Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

4.3 Health Data Safeguards

We implement the following safeguards for health data:

  • Journal entries are encrypted on your device before storage (AES-256-GCM; see Section 7)
  • Emotion data is architecturally separated from journal text
  • Therapists can never access your journal text — this is enforced both by database security rules and by client-side encryption
  • Therapists may only view your emotion metadata (emotional state and intensity) when you explicitly enable sharing
  • Health data is never sold, shared with advertisers, used for marketing, or disclosed to data brokers
  • Health data is never used for automated decision-making or profiling

5. Therapist-Client Confidentiality

Mendje is designed to uphold the confidentiality of the therapeutic relationship:

5.1 What Your Therapist Can Access

  • Your name, profile photo, and contact information (from your client profile)
  • Booking and session records for your appointments with that therapist
  • Homework assignments created by and responses shared with that therapist
  • Chat messages exchanged within the booking context with that therapist
  • Your emotion metadata (emotional state and intensity) — only if you have explicitly enabled emotion sharing
  • Your onboarding personal message (the initial message you write during therapist matching)

5.2 What Your Therapist Cannot Access

  • Journal entries — your journal text is encrypted with a key only you control. Even if database security rules were bypassed, the data would remain unreadable without your encryption key
  • Emotion data when sharing is disabled — if you have not enabled emotion sharing, your therapist has no access to any emotion metadata
  • Session feedback — ratings and comments you submit after sessions are anonymous and inaccessible to therapists. Only platform administrators may view this data for quality assurance purposes
  • Data from other therapists — a therapist can only access data related to their own client relationships, not data from any other therapist you may have seen

5.3 Video Sessions

Therapy video sessions are conducted using a secure, WebRTC-based video platform with encrypted signaling. Video and audio streams are transmitted in real time between you and your therapist. Mendje does not record video sessions unless both parties are explicitly informed and consent is obtained. Session metadata (start time, end time, duration) is retained for service records.

6. Chat Message Confidentiality

Chat messages exchanged between you and your therapist within a booking are encrypted using AES-256 before being stored in our database. Messages are automatically deleted when the associated booking reaches a terminal status (completed, cancelled, or no-show), meaning they are not retained indefinitely.

7. Encryption and Security Measures

We employ multiple layers of security to protect your data:

7.1 Journal Entry Encryption

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key management: Your journal entries are encrypted and decrypted on your device using a unique encryption key. The key is protected using industry-standard key derivation with high iteration counts
  • Recovery: A secure recovery phrase is generated that you are prompted to save securely. If you lose access to your primary credentials, the recovery phrase is the only way to restore access to your encrypted journal entries
  • Zero-knowledge architecture: Mendje does not have access to your plaintext journal text or your encryption keys. We store only the encrypted ciphertext. If you lose both your credentials and your recovery phrase, your journal entries cannot be decrypted by anyone, including Mendje

7.2 Chat Message Encryption

  • Algorithm: AES-256 encryption
  • Scope: Messages are encrypted at rest in the database. Access control is enforced by security rules that restrict read/write access to the two session participants only

7.3 Data in Transit

  • All communications between the App and our servers use TLS 1.2 or higher
  • All API calls to our cloud infrastructure are encrypted in transit
  • Video session signaling uses encrypted WebRTC protocols

7.4 Data at Rest

  • All data stored in our cloud database is encrypted at rest using platform-managed encryption keys (AES-256)
  • Journal entries have an additional layer of client-side encryption (AES-256-GCM) on top of server-side encryption
  • Encryption key material is itself wrapped (encrypted) and cannot be used without the user's authentication credentials or recovery phrase

7.5 Local Storage

  • Minimal data is cached locally on your device using encrypted storage for performance purposes (e.g., journal entry cache for offline access)
  • Local data is removed when you log out or delete your account

7.6 Access Controls

  • Database security rules enforce role-based access control
  • Therapists are restricted to accessing only their own clients' permitted data
  • Administrative access is restricted to authorized personnel and is auditable
  • Payment-related operations include rate limiting to prevent abuse
  • Email verification includes attempt limits and time-based cooldowns

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

Data CategoryRetention PeriodNotes
Account dataDuration of active accountDeleted upon account deletion
Client and therapist profilesDuration of active accountDeleted upon account deletion
Journal entriesDuration of active accountEncrypted; deleted upon account deletion
Emotion entriesDuration of active accountDeleted upon account deletion
Encryption keysDuration of active accountDeleted upon account deletion
Booking and session recordsIndefinite (anonymized upon account deletion)User identity is removed; records are retained in anonymized form for the other party's records
Payment recordsAs required by applicable financial and tax regulations (typically 5–10 years), anonymized upon account deletionUser identity is anonymized; transaction data retained for legal compliance
Payment audit logsAs required by applicable regulations, anonymized upon account deletionUser identity is anonymized
Homework assignmentsIndefinite (anonymized upon account deletion)User identity and personal information (name, photo) are removed
Session feedbackDuration of active account (client); anonymized upon account deletion (therapist reference)Client's feedback is fully deleted; therapist references are anonymized
NotificationsDuration of active accountDeleted upon account deletion
Device tokensDuration of active accountDeleted upon account deletion
Chat messagesUntil the associated booking is completed, cancelled, or marked as no-showAutomatically deleted when the booking reaches a terminal status. Also deleted in bulk upon account deletion
Email verification codes10 minutes from creationTime-limited; also deleted upon account deletion
Processed webhook records7 days (TTL)Automatically expired

9. Third-Party Services

We use the following third-party services to operate the App. Each operates as a data processor under our instruction, or as an independent controller where noted:

9.1 Cloud Infrastructure Provider

  • Provider: Google LLC (Google Cloud Platform)
  • Services used: Authentication, database, server-side logic, file storage, and push notifications
  • Data location: Europe — all databases, server functions, and storage are deployed exclusively in the European Union
  • Data processed: All data listed in Section 2 is stored in and processed through this infrastructure
  • Privacy policy: https://policies.google.com/privacy
  • Data Processing Terms: Google Cloud Data Processing Terms

Note: We do not use any analytics, crash reporting, performance monitoring, or tracking services from our cloud provider.

9.2 Google Sign-In

  • Provider: Google LLC
  • Purpose: Optional alternative authentication method
  • Data shared: When you choose to sign in with Google, Google provides us with your name, email address, and profile photo (as authorized by you in the Google consent screen). We do not receive your Google password
  • Privacy policy: https://policies.google.com/privacy

9.3 Video Session Provider

  • Purpose: Real-time video and audio communication for therapy sessions
  • Data processed: Video and audio streams during active sessions, session tokens, and connection metadata. The provider processes this data in real time and does not retain session content after the session ends

9.4 Payment Processor

  • Purpose: Payment processing for therapy session bookings
  • Data processed: Full payment card details (card number, expiration date, CVV) are submitted directly to the payment processor's gateway and are never transmitted to or stored on Mendje's servers. We receive only a transaction status, a transaction ID, and the last four digits of the card
  • Data controller status: The payment processor acts as an independent data controller for the payment card data it processes
  • Compliance: Our payment processor is PCI DSS compliant

9.5 Apple and Google (App Distribution)

  • The App is distributed through the Apple App Store and Google Play Store. These platforms may collect technical data (device type, OS version, crash reports) independently under their own privacy policies. Mendje does not control or have access to this data

10. Account Deletion and Data Erasure

You have the right to delete your account and all associated data at any time.

10.1 How to Delete Your Account

You can delete your account directly within the App by navigating to Profile → Delete Account. You may also request deletion by contacting us at info@mendje.com.

10.2 What Happens When You Delete Your Account

Upon confirming account deletion, the following automated process executes immediately:

Data that is permanently deleted:

  • Your user account and login credentials
  • Your client profile or therapist profile
  • All journal entries (encrypted content and plaintext metadata)
  • All emotion entries
  • All mood entries
  • Your encryption keys (rendering any residual encrypted data permanently unrecoverable)
  • Content progress records
  • Device tokens and push notification registrations
  • All notifications
  • Session feedback you submitted as a client
  • Email verification records
  • Payment rate limit records
  • Chat messages from all your bookings
  • Therapist listing (if applicable)
  • Favorited therapists list
  • Reviews subcollection (if you were a therapist)

Data that is anonymized (not deleted):

To preserve the integrity of records for the other party in shared interactions, the following data is anonymized rather than deleted. Your identity is removed, and all personally identifiable fields (name, photo) are cleared:

  • Booking records (your therapist or client retains a record of the session, but your identity is removed)
  • Session records
  • Homework assignments
  • Payment records (anonymized for financial regulatory compliance)
  • Payment audit logs
  • Reviews you wrote as a client (your name and photo are removed)

10.3 Irreversibility

Account deletion is permanent and irreversible. Once your account is deleted:

  • Your encrypted journal entries cannot be recovered, even with your recovery phrase, because the encryption keys have been destroyed
  • Your account cannot be restored
  • You will need to create a new account if you wish to use Mendje again

10.4 Timeline

The deletion process begins immediately upon confirmation and completes within seconds for most data. In exceptional cases (e.g., large volumes of data), full processing may take up to 30 days. You will be logged out immediately upon deletion initiation.

11. Your Rights Under GDPR and Kosovo Data Protection Law

Depending on your jurisdiction, you have the following rights regarding your personal data:

RightDescriptionHow to Exercise
Right of Access (Art. 15)You may request a copy of all personal data we hold about youContact info@mendje.com
Right to Rectification (Art. 16)You may request correction of inaccurate personal dataUpdate directly in the App (Profile settings) or contact info@mendje.com
Right to Erasure (Art. 17)You may request deletion of your personal dataUse the in-app Delete Account feature (Profile → Delete Account) or contact info@mendje.com
Right to Restriction of Processing (Art. 18)You may request that we limit how we process your data in certain circumstancesContact info@mendje.com
Right to Data Portability (Art. 20)You may request your data in a structured, commonly used, and machine-readable formatContact info@mendje.com
Right to Object (Art. 21)You may object to processing based on legitimate interestsContact info@mendje.com
Right to Withdraw Consent (Art. 7(3))Where processing is based on consent, you may withdraw consent at any timeDisable emotion sharing in Profile settings; delete your account; or contact info@mendje.com
Right to Lodge a ComplaintYou may lodge a complaint with a supervisory authoritySee Section 11.1 below

11.1 Supervisory Authorities

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with a supervisory authority:

  • Kosovo: Information and Privacy Agency (Agjencia për Informim dhe Privatësi) — https://aip.rks-gov.net
  • Germany: The relevant State Data Protection Authority (Landesdatenschutzbehörde) for your federal state, or the Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Other EU/EEA countries: The data protection authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement
  • United Kingdom: Information Commissioner’s Office (ICO) — https://ico.org.uk
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — https://www.edoeb.admin.ch

11.2 Response Timeline

We will respond to all data subject requests within 30 days of receipt. If a request is particularly complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.

11.3 Identity Verification

To protect your privacy, we may need to verify your identity before processing a data subject request. We will request only the minimum information necessary for verification.

12. International Data Transfers

All Mendje data is stored and processed in Europe:

  • All databases are hosted in the European Union
  • All server-side functions execute in the European Union
  • All file storage is located in the European Union

As a result, your personal data does not leave Europe for primary storage or processing purposes.

Limited transfers: Certain third-party services may process data outside the EU as part of their standard operations:

  • Cloud infrastructure provider: While our data is stored in the EU, Google's global infrastructure may involve limited data processing (e.g., support, maintenance) by personnel located outside the EU. Google's Data Processing Terms include Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection
  • Video session provider: Video stream processing may occur on servers optimized for latency. The provider's infrastructure is configured to minimize data transfer outside the region

For users in the United Kingdom: We rely on the UK adequacy decision for EEA countries and, where applicable, the UK International Data Transfer Agreement.

For users in Switzerland: We rely on the Swiss Federal Council's adequacy decisions and, where applicable, Standard Contractual Clauses.

13. Children's Privacy

Mendje is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age.

If you are between 16 and 17 years of age, you may only use Mendje with the verifiable consent and supervision of a parent or legal guardian. The parent or guardian must create the account and accept this Privacy Policy on the minor's behalf.

If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take immediate steps to delete that data. If you believe that a child under 16 has provided us with personal data, please contact us at info@mendje.com.

14. Cookies and Tracking Technologies

The Mendje mobile application does not use cookies, tracking pixels, advertising identifiers, or any third-party analytics or advertising SDKs.

We do not:

  • Track your behavior for advertising purposes
  • Share data with advertising networks
  • Build behavioral profiles
  • Use any form of cross-app or cross-site tracking
  • Collect device advertising identifiers (IDFA or GAID)

The Mendje website (https://mendje.com) may use essential cookies necessary for basic website functionality (e.g., session management). These do not track users across websites and are not used for marketing or analytics. A separate cookie notice will be provided on the Website if applicable.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
  • Notify affected users without undue delay, as required by GDPR Article 34, providing a description of the breach, the likely consequences, and the measures taken or proposed to address it
  • Document the breach and our response in an internal breach register

Due to our use of client-side encryption for journal entries, a database breach alone would not expose your journal text, as the encrypted content cannot be decrypted without your personal encryption key.

16. Automated Decision-Making

Mendje uses a therapist matching algorithm during the onboarding process to suggest suitable therapists based on your preferences (concerns, language, therapist gender preference, and service type). This constitutes automated processing but does not produce legal effects or similarly significant effects, as:

  • The matching is a recommendation only — you are free to choose any available therapist
  • No binding decisions are made automatically
  • You can change your assigned therapist at any time

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, as described in GDPR Article 22.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of the App. When we do:

  • We will update the "Last updated" date at the top of this policy
  • We will increment the version number
  • For material changes (changes to the types of data collected, new purposes for processing, changes in data sharing, or reduction of your rights), we will notify you via:
    • An in-app notification
    • An email to the address associated with your account
    • A prominent notice within the App upon your next login
  • For material changes to health data processing, we will seek your renewed explicit consent where required
  • Previous versions of this Privacy Policy will be made available upon request

Your continued use of the App after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you should discontinue use of the App and delete your account.

18. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of Kosovo, including Law No. 06/L-082 on Personal Data Protection. For users in the European Union, the GDPR applies in addition to Kosovo law where it provides greater protection. Nothing in this Privacy Policy limits any rights you may have under the mandatory data protection laws of your country of residence.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mendje ShPK
REXHEP KRASNIQI, 26, Prishtinë
Republic of Kosovo

General inquiries:info@mendje.com
Privacy and data protection: info@mendje.com
Phone: +38349882294

We aim to respond to all inquiries within 30 days.

This Privacy Policy was last updated in March 2026 (Version 1.0).

Subscribe
Subscribe