Data Processing Addendum
A signed DPA is available for any customer that processes personal data through Manifesto. The summary below is a placeholder while the executable DPA is in legal review.
Last updated: pending publication.
Roles
Customer is the data controller. Manifesto is the data processor and processes personal data only on documented instructions from the customer.
Subprocessors
The current list of subprocessors is published on the Security overview page. Customers will be notified of material changes.
Security measures
Encryption in transit and at rest, tenant isolation, audit logging, role-based access control, and incident response procedures. Detail in the Security overview.
International transfers
For EU/UK customers, Manifesto offers EU-region hosting on request. When transfers outside the EEA are required, Standard Contractual Clauses apply.
Requesting an executed DPA
Email legal@manifesto.app with your organization details and signing authority and we will send the countersigned DPA within two business days.