What is omnichannel customer service?

Omnichannel customer service means handling every customer conversation — WhatsApp, Instagram, X, phone, email, and live chat — from a single shared inbox instead of juggling separate tools. Mention unifies all your channels so your team sees the full context of every customer in one place.

What customer service tools does Mention include?

Mention brings the core customer service tools into one platform: a cloud phone system, multi-channel engagement, ticketing, CRM, and a knowledge base. Because they share one system, your team moves faster and customers get answers sooner.

Can I use WhatsApp for customer care?

Yes. Mention lets you manage WhatsApp for customer care alongside your other channels in the same inbox, so replies, tickets, and customer history stay connected. As an official Meta partner, Mention supports WhatsApp and other Meta channels natively.

What is digital customer care?

Digital customer care is supporting customers across digital channels — messaging apps, social media, live chat, and email — with the speed and personalization they expect. Mention is a digital customer care platform that brings those channels, plus ticketing and CRM, together.

Is my customer data hosted in Saudi Arabia?

Yes. Your data is hosted and processed inside the Kingdom of Saudi Arabia, aligned with the PDPL and SDAIA, with role-based access, full audit logs, and end-to-end encryption — built for government and enterprise.

How is Mention different from a traditional help desk?

A traditional help desk handles tickets, but conversations still scatter across separate phone, chat, and social tools. Mention unifies phone, engagement, ticketing, CRM, and knowledge base into one platform, so nothing falls through the cracks.

Privacy Policy — Mention

Introduction

The Mention team welcomes you. In line with our commitment to protecting users, we strive to safeguard the personal data of our customers, their authorized users, and the end users who interact with them, in accordance with this Privacy Policy.

This Privacy Policy explains how Rihlat Tawasul for Communications and Information Technology Company (شركة رحلة تواصل للاتصالات وتقنية المعلومات) ("Mention", "we", "us", or "our") — the operator of the Mention platform at mention.cx — collects, uses, discloses, protects, and retains personal data, and the rights available to you.

By accessing or using the Mention platform, our websites, applications, and related services (together, the "Service"), you acknowledge that your personal data will be handled as described in this Policy. We encourage you to read it carefully. This Policy should be read together with our Terms of Service.

Scope

This Policy applies to personal data we process in connection with the Service. It does not apply to:

third-party websites, products, or services that may link to or integrate with the Service (each governed by its own privacy policy); or
the way our Customers use the Service to handle data about their own end users — for that data, our Customer is responsible as the data controller (see Section 4).

Definitions

"Personal Data" means any data, of whatever source or form, that may identify an individual specifically, as defined in the PDPL.
"Customer" means the business or individual that subscribes to or uses the Service to manage its customer communications.
"Authorized User" means an employee, agent, or contractor whom a Customer permits to use the Service.
"End User" means an individual who contacts or interacts with a Customer through the Service (for example, the Customer's own customer).
"Controller" means the entity that determines the purpose and manner of processing Personal Data.
"Processor" means the entity that processes Personal Data on behalf of, and on the instructions of, a Controller.
"PDPL" means the Saudi Personal Data Protection Law (Royal Decree No. M/19, as amended) and its Implementing Regulations.
"SDAIA" means the Saudi Data and Artificial Intelligence Authority, the competent supervisory authority.

Our Roles: Controller and Processor

Because Mention is a platform that businesses use to communicate with their own customers, our role depends on the data in question:

Mention as Controller. For data we collect to operate our business — Customer account registration, Authorized User profiles, billing, marketing, website analytics, and support interactions — we act as the Controller and this Policy governs that processing.
Mention as Processor. For the content and Personal Data that flows through the Service about End Users (for example, messages, contact details, and conversation history that a Customer collects from its own customers), the Customer is the Controller and Mention acts as a Processor, handling that data only to provide the Service and on the Customer's documented instructions. If you are an End User, please direct privacy requests to the relevant Customer (the business you were communicating with).

Information We Collect

We collect and retain the following categories of information within our electronic systems:

5.1 Account and profile data

The name, work email address, phone number, job title, and login credentials of Customers and Authorized Users; and, where applicable, the Customer's commercial registration number, VAT number, and business address.

5.2 Billing data

Subscription plan, billing contact, transaction history, and payment information (card or bank details are handled by our payment processors; we do not store full card numbers).

5.3 Usage and device data

How you interact with the Service, including log data, IP address, browser and device type, pages and features used, timestamps, and diagnostic data, collected to operate, secure, and improve the Service.

5.4 Communications and support data

Records of your communications with us, including support requests, feedback, and survey responses.

5.5 Cookies and similar technologies

We use cookies and similar technologies to enhance your experience, remember your preferences, secure the Service, and provide analytics. See Section 7.

5.6 End User data (processed on behalf of Customers)

When Customers use the Service, we process Personal Data about their End Users — such as name, email address, phone number, the content of messages and conversations across Channels (live chat, email, X (Twitter), SMS, WhatsApp, voice), and related metadata. We process this data as a Processor on behalf of the Customer, as described in Section 4.

If you do not provide information that is required to use the Service, we may be unable to provide it to you.

How We Use Personal Data and Legal Basis

We process Personal Data, relying on the legal bases permitted under the PDPL (including performance of a contract, our legitimate interests, compliance with a legal obligation, and your consent where required), in order to:

provide, operate, maintain, and secure the Service;
create and administer accounts and authenticate users;
process subscriptions, Usage-Based Charges, invoicing, and payments;
provide customer support and respond to your requests;
monitor, analyze, and improve the performance, features, and reliability of the Service;
detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
send service and administrative communications;
send marketing communications where you have consented or as otherwise permitted by law (see Section 12); and
comply with applicable laws and respond to lawful requests from competent authorities.

Cookies and Tracking

We use cookies and similar technologies that are: strictly necessary (to keep the Service running and secure), functional (to remember preferences), and analytics/performance (to understand usage and improve the Service). You can manage non-essential cookies through your browser settings or any cookie controls we provide. Disabling certain cookies may affect how the Service functions.

How We Share and Disclose Information

We do not sell your Personal Data. We share it only as follows:

Service providers / sub-processors. With trusted third parties that perform services on our behalf (for example, cloud hosting, messaging carriers, analytics, and payment processing), under contracts that require them to protect Personal Data and process it only on our instructions.
Channel and integration providers. With the third-party Channels and integrations a Customer chooses to connect (for example X (Twitter), SMS carriers, WhatsApp, email, and voice providers), to the extent necessary to deliver messages and provide the requested functionality. Their handling of data is governed by their own terms and privacy policies.
Competent authorities. Where we detect unlawful, irregular, or non-compliant activity, or where required by law, we may disclose relevant information to competent regulatory or law-enforcement authorities, in strict compliance with the laws of the Kingdom of Saudi Arabia, including without limitation the E-Commerce Law, the PDPL, and the Anti-Cyber Crime Law.
Business transfers. In connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy.
With your direction or consent. Where you instruct us to share data or otherwise consent.

Third-Party Services and Integrations

Where you choose to use a third-party service or integration through the Service, you authorize us to share with that provider the data reasonably required to deliver it (which may include your name, contact details, and relevant account or store information). Such third parties may impose their own terms and pricing over which we have no control; we encourage you to review them. We are not responsible for the privacy practices of third parties.

International Transfers and Data Localization

We store and process Personal Data in data centers located within the Kingdom of Saudi Arabia. Where any transfer or disclosure of Personal Data outside the Kingdom is necessary, we will carry it out only in accordance with the PDPL and SDAIA's requirements for transferring personal data outside the Kingdom, including applying appropriate safeguards.

Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, to provide the Service, and to comply with our legal, accounting, and regulatory obligations. Where Mention acts as a Processor, we retain End User data in accordance with the Customer's instructions and our agreement with the Customer, and we delete or return it on termination as set out in our Terms. After the applicable period, we securely delete or anonymize Personal Data.

Marketing Communications

We may send you marketing communications about the Service where you have consented or where otherwise permitted by law. You can opt out at any time using the unsubscribe link in our messages or by contacting us. Opting out of marketing does not affect service or administrative messages necessary to provide the Service.

Security

We implement and continuously update administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction, in line with recognized standards. However, no method of transmission or storage over the internet is fully secure, and we cannot guarantee absolute security. We encourage you to safeguard your credentials and avoid sharing highly sensitive information unnecessarily.

Personal Data Breach Notification

In the event of a personal data breach that results in unauthorized access to, or loss or alteration of, Personal Data, we will promptly notify SDAIA and affected individuals where required under the PDPL and its Implementing Regulations, and will take the measures necessary to address and remediate the breach.

Your Rights Under the PDPL

Subject to the conditions and exceptions in the PDPL, you have the right to:

Be informed of the legal basis and purpose for collecting your Personal Data;
Access your Personal Data held by us;
Obtain a copy of your Personal Data in a readable format;
Request correction of inaccurate, incomplete, or outdated Personal Data; and
Request destruction of your Personal Data when it is no longer necessary; and
Withdraw consent to processing at any time, where processing is based on consent.

To exercise these rights, contact us using the details in Section 16. We will respond within the timeframes required by the PDPL. If you are an End User, please contact the relevant Customer (the business you interacted with), as they are the Controller of that data; we will support our Customers in responding to such requests.

You also have the right to lodge a complaint with SDAIA if you believe your rights under the PDPL have been infringed.

Contact Us

For any questions about this Policy, or to exercise your rights or contact our Personal Data Protection function, please reach us at:

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (for example by email or an in-product notice) before they take effect. The "Last updated" date above reflects the latest version. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.