Privacy Policy
Mentalis AI, LLC (“we,” “us”) operates Mentalis: Draft Sense (the “Service”), a draft-assistant tool for Magic: The Gathering Arena. This policy explains what data we collect, why, who handles it on our behalf, and the controls you have. We try to write it in plain English. If anything is unclear, email support@mentalisai.com.
1. Who we are
Mentalis AI, LLC, a Tennessee limited liability company. Mailing address: 1043 Fuller Glen Circle, Chattanooga, TN 37421. Contact: support@mentalisai.com.
2. What we collect
Account information (always, via Clerk)
- The email address you sign up with
- A unique Clerk user identifier
- Optional profile fields you choose to add to Clerk
- Authentication state (sessions, login times)
Subscription information (if you subscribe, via Stripe)
- Your Stripe customer ID and subscription ID
- Subscription tier (
pro_monthlyorpro_annual), status, and period end date - Billing address (collected by Stripe Checkout when sales tax applies)
- We do not store your card details. Stripe handles those directly.
Usage information (always)
- The number of free-tier pick recommendations you’ve requested today (used to enforce the daily quota)
- Whether you are an alpha tester
- The version of the overlay client you are using (sent as a header on each request)
Gameplay data (only if you opt in via the toggle on your account page)
- The Arena draft ID, set code, format, and outcome of each draft
- For each pick: the pack contents, the card you chose, the cards the model recommended, and the pack/pick number
- Match and game results from your drafted decks
Discord account (only if you link Discord for the contest)
- Your Discord user ID and username, stored when you choose to link Discord on your account page to enter the monthly drafting contest. Your Discord username is shown publicly on the leaderboard. You can unlink at any time on your account page, which deletes it.
Consent change log (always, when you change a consent setting)
- Which setting changed, its old and new value, when, and the IP address + user-agent string of the request making the change. This is an append-only audit log — we never delete entries.
Diagnostic logs (stored locally on your device)
- The desktop overlay writes a diagnostic log file to your own computer to help troubleshoot problems (for example, a draft where recommendations didn’t appear). It records app and draft activity — card names, set codes, pick numbers, and error details — but not your sign-in token or identity.
- These logs stay on your device.We don’t collect or transmit them automatically; they reach us only if you choose to send one (for example, when reporting a bug).
What we do not collect
- Your Arena credentials or Wizards of the Coast account info (the overlay reads only the local
Player.logfile and we never see it) - Your card collection or non-draft decks
- Information about other players (opponents’ decks, plays, or identity)
- Telemetry about other applications on your computer
3. How we use what we collect
- Provide the Service: verify your identity (Clerk), authorize requests, gate free-tier requests, run the model to produce pick recommendations.
- Process payment:create and manage your Stripe subscription, calculate and collect any applicable sales tax via Stripe Tax, deliver the entitlements you’ve paid for.
- Improve the model: if you opt in to gameplay data collection, your draft picks and match results help us measure model quality and, in aggregate, improve future model versions. Individual picks and game results are never published or shared.
- Communicate with you. Three categories:
- Service emails(always): account events, billing receipts, security notices, material changes to these policies or pricing. You can’t opt out of these while you have an active account.
- Product updates (opt-in): notices when new model versions ship, when we add support for a new set, or when major features land. Every product-update email has a one-click unsubscribe link.
- Marketing emails:we don’t send any today. If we ever do, it will require a separate explicit opt-in.
4. Who else handles your data on our behalf
We use the following sub-processors. Each has its own privacy policy linked below.
| Sub-processor | Purpose | Location | Privacy |
|---|---|---|---|
| Clerk | Authentication, user identity, email delivery for account flows | United States | Clerk |
| Stripe | Payment processing, billing portal, sales tax calculation | United States, EU | Stripe |
| Supabase | Database hosting for accounts + subscriptions + opt-in draft logs | United States (East) | Supabase |
| Fly.io | Inference API hosting | United States | Fly.io |
| Vercel | Marketing + account site hosting | United States | Vercel |
| Cloudflare | Object storage for model files (no user data), installer distribution | United States | Cloudflare |
| Resend | Transactional & support email delivery (account/billing & legal notices, alpha decisions, bug-report relay) | United States | Resend |
We do not sell or rent your personal information to third parties.
5. Your controls
- Toggle data collection at any time on your account page at www.draft-sense.com/account. Turning the toggle off stops collection immediately and writes an audit record.
- Manage your subscription through the Stripe-hosted Customer Portal linked from your account page (update payment method, cancel, view invoices).
- Access, export, or delete your data: email support@mentalisai.com and we’ll respond within 30 days. If you live in California (CCPA/CPRA) or the EU/UK (GDPR), you have the rights to access, delete, correct, port, and opt out of “sale” (we don’t sell) — these requests go through the same email.
6. How long we keep it
- Account data: while your account exists, plus a short grace period after deletion to handle billing refunds and disputes.
- Subscription records: while your subscription is active, then 7 years for tax records (US requirement).
- Opt-in draft data:while you’re an active user. If you turn off draft logging, we stop collecting; existing entries remain unless you ask us to delete them.
- Consent audit log:retained for the life of the account (this is what proves you consented, or didn’t, at any given moment).
7. Security
We use TLS for everything in transit, secure password storage via Clerk, encrypted-at-rest storage at our sub-processors, and store authentication tokens encrypted on your local machine via OS-native protections (DPAPI on Windows). No system is perfectly secure; we’ll notify you promptly if we discover a breach affecting your data.
8. Children
The Service is not directed to children under 13 (or 16 in the EU). We don’t knowingly collect data from anyone in that age range. If you believe a child has signed up, email us and we will remove the account.
9. International users
The Service is operated from the United States. If you use it from outside the US, you consent to your information being transferred to and processed in the US.
10. Changes
We may update this policy. If we make a material change, we’ll notify signed-in users via email and post a notice on the site at least 30 days before the change takes effect. The “Last updated” date at the top will always reflect the current version.
11. Contact
support@mentalisai.com for any privacy question, request, or complaint. Mentalis AI, LLC, 1043 Fuller Glen Circle, Chattanooga, TN 37421.