How Mentor handles data in AI features

All AI features can be disabled by the tenant admin in /admin/settings → Features → AI Builder (feature flag features.aiBuilder). Without AI, the platform works normally: manual module authoring, quiz editor, video upload, certificates, etc.

New tenants have AI Builder on by default in full product mode and off in standard mode. The admin can change this at any time.

For AI features we use external providers grouped into the following categories. Processing may take place outside the EU.

Specific AI vendor names, processing locations, and contractual transfer mechanisms are disclosed to paying customers and business contacts on request via legal@getmentor.eu.

Only the data required for the task is sent to the AI provider:

• AI Builder: the source text the user enters (pasted document, summary), and the module title.
• AI metadata: existing title, description, and section titles of the module.
• AI quizzes: section content of the module.
• AI images: the prompt the user composes (typically the module topic).
• Transcription: audio track of the video.

Before sending to an external AI provider we run the helper redactPII (src/lib/ai/redact.ts), which best-effort removes common identifiers:

• Emails (jane@firma.si → [email])
• Phone numbers (SI and international)
• Slovenian personal IDs (EMŠO, 13 digits)
• Tax numbers (SI + 8 digits)
• IBANs (SI and EU formats)
• Credit card numbers (13–19 digits)
• URL tokens (?token=…, ?session=…) and Bearer … headers
• Our internal IDs (CUID, UUID, long hex tokens)

The helper is idempotent and is used in AI Builder, AI metadata (title, description, tags), and AI quizzes. It preserves everything else (substance, language, pedagogical structure).

Important: minimization is defense-in-depth, not a substitute for a careful choice of what you paste into AI Builder. Don't upload sensitive personal data that isn't needed for training.

• Passwords (hashed or plain) — never part of an AI prompt.
• Billing data, card numbers, Stripe internal IDs.
• Audit logs, security tokens, webhook secrets.
• Internal system secrets (CRON_SECRET, AUTH_SECRET, API keys).
• Anything outside the module, quiz, or video file scope.

• Global off switch: /admin/settings → Features → AI Builder OFF.
• Built-in rate limits (50 AI generations per hour per user, 100 per tenant) protect against abuse.
• Usage tracking: /admin/ai-usage or /owner/ai-usage shows token usage and estimated cost over time.
• Telegram alert: if an AI call crashes, the owner receives a message (Phase L.1, rate-limited).

AI is an assistant, not an authority. Models can hallucinate, miss important details, or introduce subtle inaccuracies. Before publishing a module:

• Review the entire generated content — section by section.
• Verify all claims against a human source (manual, subject-matter expert).
• Recheck quiz answers; AI may mark a wrong option as correct.
• For legal, medical, financial, or safety training, require expert human review.