Privacy Policy

Privacy policy and data governance for Manto

Version: 2.1

Effective date: February 24, 2026

At Manto, we provide a high-performance AI platform engineered for the professional workforce. Our "privacy-by-design" architecture ensures that while our AI facilitates your workflow, your data remains exclusively yours.

1. The Manto "zero-retention" and "zero-training" pledge

Manto is built as a processing layer rather than a data harvester. We operate under a strict "non-exploitation" policy regarding user inputs.

  • No model training: Manto strictly prohibits the use of user inputs (including prompts, documents, or structured data) to train, retrain, or fine-tune our base models or any third-party large language model (LLM) providers.

  • Data isolation: Your data is processed in isolated, encrypted environments. There is no transfer of data between separate user accounts or organizational tenants.

  • Anonymity by design: Our proprietary pre-processing layer is designed to identify and mask personal identifiable information (PII) before it reaches the AI inference engine, ensuring that personal identities are never "memorized" or stored by the system.

2. EU AI Act and GDPR compliance

For our users within the European Union and the European Economic Area, Manto operates in strict accordance with the EU AI Act (2024/1689) and the General Data Protection Regulation (GDPR).

  • System classification: Manto is classified as a general purpose AI (GPAI) system. We maintain full transparency regarding our data sources and provide comprehensive technical documentation as required by EU law.

  • Data sovereignty: European user data is processed on servers located within the EU. Where cross-border transfers are necessary, they are governed by standard contractual clauses (SCCs) to ensure equivalent protection levels.

  • Human oversight: In compliance with Article 14 of the AI Act, Manto includes features that allow users to flag, revert, or manually override AI-generated outputs to ensure human agency.

  • Data roles: Manto acts as a data processor for your professional content and a data controller only for essential account administration (such as login credentials and billing).

3. United States privacy standards

  • No sale of information: Manto does not "sell" or "share" user data for cross-contextual behavioral advertising as defined by the CCPA/CPRA.

  • Right to deletion: US-based users may request the immediate deletion of their account and all associated "work data" metadata at any time.

4. The Manto marketplace: External partners and thought leaders

Manto hosts a curated marketplace for "playbooks" and professional templates created by verified external partners, including recognized LinkedIn thought leaders.

Partner verification and content approval

  • Verification: All partners undergo a rigorous identity verification process, including LinkedIn OAuth authentication and professional credentialing.

  • Explicit approval: Manto will only monetize or charge for a partner’s content once that partner has provided an explicit digital signature and approval for the specific version of the playbook being offered.

  • Intellectual property: Revenue shares are collected by Manto as a distribution agent; the external partner retains all underlying intellectual property rights.

Limitation of liability

  • Expert disclaimer: Marketplace playbooks represent the subjective professional opinions of the external partners. Manto does not warrant the accuracy, legal validity, or specific financial outcomes resulting from the use of partner content.

  • Professional relationship: The use of a marketplace playbook does not establish a legal, financial, or medical advisory relationship between the user and the partner, nor between the user and Manto.

  • Indemnification: To the maximum extent permitted by law, users agree to hold Manto and its partners harmless from any claims or damages arising from the practical application of marketplace strategies.

5. Security and technical safeguards

Manto employs industry-standard security protocols to protect professional data:

  • Encryption: We use AES-256 for data at rest and TLS 1.3 for data in transit.

  • Audit transparency: Users may request activity logs to verify how and when their data was processed.

  • Compliance roadmap: Manto is currently in the formal process of obtaining SOC2 Type II and ISO 27001 certifications to validate our commitment to the highest security standards.

6. Retention and deletion

  • Work data: This information is stored only for the duration of your active subscription to provide history functionality. Upon account termination, all work data is permanently purged from production servers within 14 days.

  • Administrative data: Essential billing and tax records are retained only as required by law (typically 7 years).

7. Contact information

For inquiries regarding this policy or to reach our Data Protection Officer (DPO), please contact us via the contact form.