Legal

Privacy Policy

We collect the minimum data required to operate Manifesto and to follow up on access requests. This policy is a placeholder while our final policy is in legal review.

Last updated: pending publication.

What we collect

  • Access requests: name, work email, job title, company, country, role, contract volume, carriers, and the free-form description of your current process. Submitted via /request-access.
  • Account data: name, email, organization membership, and role — managed by Supabase Auth on your behalf.
  • Customer data: the PDFs, templates, and structured data you upload to extract.
  • Operational logs: request IDs, IP addresses, and timestamps to operate and secure the service.

How we use it

Access-request data is used solely to qualify and respond to inbound interest. Account and customer data are used to provide the service. We do not sell or rent data to third parties.

Subprocessors

See our Security overview for the current list.

Data retention

Access-request records are retained for 24 months unless you ask us to delete them sooner. Customer data is retained for the duration of your agreement and deleted on request after termination.

Your rights

To request access, correction, or deletion of your data, email privacy@manifesto.app. We respond within 30 days.