Legal

Data Processing Addendum

A signed DPA is available for any customer that processes personal data through Manifesto. The summary below is a placeholder while the executable DPA is in legal review.

Last updated: pending publication.

Roles

Customer is the data controller. Manifesto is the data processor and processes personal data only on documented instructions from the customer.

Subprocessors

The current list of subprocessors is published on the Security overview page. Customers will be notified of material changes.

Security measures

Encryption in transit and at rest, tenant isolation, audit logging, role-based access control, and incident response procedures. Detail in the Security overview.

International transfers

For EU/UK customers, Manifesto offers EU-region hosting on request. When transfers outside the EEA are required, Standard Contractual Clauses apply.

Requesting an executed DPA

Email legal@manifesto.app with your organization details and signing authority and we will send the countersigned DPA within two business days.