Last Updated: July 12, 2026 (Version 5)
Mendly ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Mendly is operated by Mendly LLC, a Pennsylvania limited liability company.
By using Mendly, you agree to the collection and use of information in accordance with this Privacy Policy.
Mendly serves mental health professionals, and much of the information on the platform is protected health information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). Your therapist or practice is the HIPAA covered entity responsible for your health information; Mendly LLC acts as their business associate.
We handle PHI in accordance with HIPAA and the Business Associate Agreement ("BAA") we enter into with each therapist customer, available at mendly.me/legal/baa. To the extent this Privacy Policy conflicts with the BAA with respect to PHI, the BAA controls.
If you are a patient and wish to access, amend, or request an accounting of disclosures of your health records, direct your request to your therapist — we support them in fulfilling those requests as required by HIPAA.
When you create an account, we collect:
We automatically collect:
Depending on how you use the service, we may collect:
For therapist subscriptions, we collect:
Payments are processed by Stripe. Your full payment card details are provided directly to Stripe and are not stored on our servers. Stripe's handling of your information is described in its own privacy policy.
SMS notifications are not currently offered. If we enable SMS in the future, opting in would involve collecting:
For complete details, see our SMS Consent & Terms page.
We use:
We do not use third-party advertising or analytics trackers.
We use your information to:
We do not sell, rent, or trade your personal information to third parties.
We share data with service providers who help us operate:
These providers have access to your data only to perform services on our behalf and are obligated to protect it. Providers that handle PHI on our behalf are bound by business associate agreements as required by HIPAA.
We may disclose your information if required by law or to:
If Mendly is acquired or merged, your information may be transferred to the new owner, subject to the protections of this Privacy Policy and, for PHI, the BAA and HIPAA.
Your data is stored on:
We implement security measures including:
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
We retain data for as long as your account is active or as needed to provide the Service. You may request deletion at any time, as described in Section 7. PHI is returned or destroyed in accordance with the BAA when a therapist's account ends.
You can access and update your account information by logging in and visiting your profile/settings. Patients may also request access to their health records through their therapist, as described in Section 2.
To delete your data:
We will process deletion requests within 30 days.
We do not currently offer automated data export. To request a copy of your data, email support@mendly.me.
We do not send marketing emails. All emails are transactional (password resets, account notifications, reminders you enable).
Patient accounts may be created for minors (under 18) with parent/guardian consent. The parent or legal guardian is responsible for:
If you are a California resident, you have the right to:
Note that PHI governed by HIPAA is generally exempt from the CCPA; rights in your health records are provided under HIPAA through your therapist, as described in Section 2.
To exercise these rights, email support@mendly.me.
Mendly is operated from Pennsylvania, USA. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States where data protection laws may differ from your country.
We may update this Privacy Policy. We will notify you of material changes by:
Continued use after changes constitutes acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Email: support@mendly.me
Company: Mendly LLC
Location: Pennsylvania, USA
In the event of a data breach that affects your information, we will provide notification consistent with the HIPAA Breach Notification Rule and applicable state law, including notifying affected therapist customers so they can fulfill their own notification obligations, and notifying affected users via email without undue delay.
By using Mendly, you acknowledge that you have read and understood this Privacy Policy.