The Mentoring Hub
The Mentoring Hub UK Charity
Legal

Privacy Policy

Last updated: February 2026

Introduction

The Mentoring Hub ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

We are a UK Charitable Organisation (CIO - Foundation, registration pending) providing education, training, and mentoring programmes designed to promote diversity and equality of opportunity in Digital Technology and STEM.

Information We Collect

Account Information

When you create an account using GitHub or Microsoft authentication, we receive and store:

  • Your name and email address from your authentication provider
  • Your profile picture (which we re-host on our servers)
  • Authentication tokens required to maintain your session

Mentor Application Information

If you apply to become a mentor, we collect:

  • Full name, email address, and LinkedIn profile URL
  • Professional biography and current role
  • Areas of technical expertise and years of experience
  • Availability (timezone, hours per week, maximum mentees)
  • Preferred contact method and programme interests
  • Your motivation for becoming a mentor

Mentee Interest Information

If you register interest as a potential mentee, we collect:

  • Full name and email address
  • Areas of interest within our hub and initiatives
  • How you heard about us
  • Any additional comments you provide

Booking and Session Information

When you book mentoring sessions, we collect:

  • Session date, time, and duration
  • Session type and any notes you provide
  • Booking status and history

Content Submissions

If you submit resources or programmes to our Knowledge Vault, we collect:

  • Resource details (title, description, URLs, category)
  • Images you upload (validated and compressed before storage)
  • Attribution and credit information

Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address (used for rate limiting and security)
  • Browser type and version
  • Pages visited and actions taken
  • Error logs and performance metrics
  • Request timestamps and duration

How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process mentor applications and manage mentor profiles
  • Match mentors with mentees based on expertise and programme needs
  • Schedule and manage mentoring session bookings
  • Send booking confirmations, reminders (24 hours before sessions), and cancellation notices
  • Send application status updates and notifications
  • Review and publish submitted resources and programmes
  • Monitor and prevent abuse through rate limiting
  • Diagnose technical issues and improve our services
  • Comply with legal obligations

Email Communications

We send transactional emails to support our services. These include:

  • Booking Emails: Confirmation when a session is booked, reminders 24 hours before sessions, and cancellation notices
  • Application Emails: Confirmation when you submit a mentor application or register interest, and status updates
  • Admin Notifications: Our team receives notifications about new applications and submissions to process them promptly

These are service-related communications essential to the operation of our platform. You can stop receiving these emails by deleting your account or withdrawing from our programmes.

Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose
  • Contract: When processing is necessary for a contract we have with you, such as providing mentoring services
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, unless your rights override those interests
  • Legal Obligation: When we need to comply with the law

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Mentors and Mentees: To facilitate mentoring relationships, we share relevant contact and professional information between matched participants
  • Legal Requirements: When required by law, court order, or governmental authority

Third-Party Service Providers

We use the following Microsoft Azure services to operate our platform:

  • Azure SQL Database: Secure storage of all application data including user accounts, applications, and bookings
  • Azure Blob Storage: Storage of uploaded images including profile pictures and content images
  • Azure Communication Services: Sending transactional emails (booking confirmations, reminders, notifications)
  • Azure Application Insights: Error logging, performance monitoring, and service diagnostics

Authentication Providers

We use OAuth 2.0 authentication through:

  • GitHub: If you sign in with GitHub, we receive your public profile information
  • Microsoft Entra ID: If you sign in with Microsoft, we receive your profile information

These providers do not receive any data from us beyond what is required for authentication.

Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption: All data is transmitted over HTTPS. Passwords and sensitive tokens are never stored in plain text
  • Secure Authentication: We use OAuth 2.0 with PKCE protocol through established providers (GitHub, Microsoft) rather than storing passwords
  • Session Security: Sessions are stored server-side with httpOnly cookies that cannot be accessed by JavaScript
  • Rate Limiting: We limit requests to prevent abuse (we track IP addresses temporarily for this purpose)
  • Input Validation: All user inputs are validated, and uploaded files are verified for type and content

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When your data is no longer required, we will securely delete or anonymise it.

Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data in certain circumstances
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Request transfer of your data to another organisation
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided below.

Cookies

Our website uses cookies to provide essential functionality. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences.

We use:

  • Session Cookie: Required to keep you signed in. This cookie is httpOnly (not accessible to JavaScript), secure (transmitted only over HTTPS), and expires when you sign out or after a period of inactivity
  • CSRF Token: A security cookie that protects against cross-site request forgery attacks

We do not use advertising cookies or share cookie data with third parties for marketing purposes.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent. If you believe we have collected information from a child under 16 without appropriate consent, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

The Mentoring Hub

Email: hello@thementoringhub.org

Location: United Kingdom

Supervisory Authority

If you are not satisfied with our response to any complaint or believe our processing of your data does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

Have Questions?

If you have any questions about our privacy practices or how we handle your data, we're here to help.

Contact Us Back to Home

How would you like to get involved?

I'd Like to Be Mentored

Register your interest and we'll be in touch about our mentoring programmes.

Register interest

I'd Like to Mentor

Share your expertise and help others grow in their career journey.

Apply to mentor