# Privacy Policy

#### Updated at: May 16, 2026

This Privacy Policy describes how Manteo AI PC ("Manteo", "we", "us", "our") collects, uses, shares, and protects your personal information when you use our websites, applications, APIs and services (the "Services"). By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

If you are using the Services on behalf of an organization (e.g., your employer or other entity), you are agreeing to this Privacy Policy for that organization and representing to Manteo that you have the authority to bind that organization to this Privacy Policy (in which event, "you" and "your" will refer to that organization).

---

## 1. Information We Collect

### 1.1 Information You Provide to Us

We collect information that you provide directly to us, including:

- **Account Information**: Name, email address, password, and other information you provide when creating an account or updating your profile
- **Customer Content and User Data**: "Customer Content" and "User Data" mean any materials, data and information you provide to Manteo in connection with the Services, including any data onboarded via third-party services. This includes data, files, queries, and other content you upload, submit, or make available through the Services
- **Payment Information**: Billing address, payment method details, and transaction information (processed through secure third-party payment processors)
- **Communication Information**: Information you provide when contacting us for support, feedback, or inquiries
- **Third-Party Service Credentials**: Authentication tokens and credentials you provide to connect third-party services (e.g., Google BigQuery, AWS, Azure) to the Services

### 1.2 Information We Collect Automatically

When you use the Services, we automatically collect certain information, including:

- **Usage Data**: Data about how you and your users access and use the Services, including but not limited to performance data, feature usage, analytics data, pages viewed, time spent, and interactions with the Services
- **Device Information**: Device type, operating system, browser type and version, IP address, and unique device identifiers
- **Log Data**: Server logs, error reports, and diagnostic information
- **Location Information**: General location data derived from your IP address or device settings (if permitted)
- **Cookies and Tracking Technologies**: Information collected through cookies, web beacons, and similar tracking technologies

### 1.3 Information from Third-Party Services

When you connect third-party services to the Services, we may receive information from those services in accordance with your authorization and their privacy policies.

---

## 2. How We Use Your Information

We use the information we collect to:

- **Provide and Maintain the Services**: Operate, maintain, and improve the Services, including processing your requests, queries, and transactions
- **Authenticate and Manage Accounts**: Verify your identity, manage your account, and provide customer support
- **Process Payments**: Process transactions, send invoices, and manage billing
- **Communicate with You**: Send service-related communications, respond to your inquiries, and provide customer support
- **Improve Our Services**: Analyze usage patterns, conduct research, and develop new features and functionality
- **Ensure Security**: Detect, prevent, and address security issues, fraud, and abuse
- **Comply with Legal Obligations**: Meet legal, regulatory, and compliance requirements
- **Marketing and Promotions**: Send you marketing communications (with your consent where required) about our products, services, and events

---

## 3. How We Share Your Information

**We do not sell your personal information.** We may use your information to provide and improve our Services, but we do not sell, rent, or trade your personal information to third parties for their marketing purposes.

### 3.1 Service Providers and Subprocessors

We share your information with third-party service providers and subprocessors who perform services on our behalf. These parties are contractually obligated to protect your information and use it only for the purposes we specify. Our subprocessors include:

- **Google Cloud Platform**: We use Google Cloud Platform for cloud infrastructure, data storage, and computing services. Google Cloud processes your data in accordance with their privacy policy and data processing agreements.
- **PostHog**: We use PostHog for product analytics and user behavior tracking to improve our Services. PostHog processes usage data in accordance with their privacy policy.
- **Supabase**: We use Supabase for database services, authentication, and backend infrastructure. Supabase processes your data in accordance with their privacy policy and data processing agreements.
- **CRM Software**: We use CRM software to manage customer relationships, support requests, and business communications. CRM providers process customer information in accordance with their privacy policies.
- **Google Workspace**: We use Google Workspace for business communications, collaboration, and document management. Google Workspace processes data in accordance with Google's privacy policy and data processing agreements.

### 3.2 Other Sharing

We may also share your information:

- **With Your Consent**: When you explicitly authorize us to share your information, for example when using sharing/publish features of the platform.
- **For Legal Reasons**: When required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety, or that of our users or others
- **Business Transfers**: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred as part of that transaction
- **Aggregated or Anonymized Data**: We may share aggregated or anonymized data that cannot reasonably identify you for research, analytics, or business purposes

---

## 4. Data Processing and Storage

### 4.1 Data Location

Your information may be processed and stored in the United States, the European Union, and other countries where our service providers operate. By using the Services, you consent to the transfer of your information to these locations.

### 4.2 Data Retention

We retain your information for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes.

### 4.3 Data Security

Your data is encrypted in transit and at rest and we implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

### 4.4 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible. Our notification will include information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences of the breach, and the measures we are taking or have taken to address the breach and mitigate its possible adverse effects.

We will notify you of a data breach through the email address associated with your account or through other means as required by applicable law. You are responsible for ensuring that your contact information is current and accurate.

---

## 5. Your Rights and Choices

### 5.1 Access and Correction

You have the right to access, update, and correct your personal information. You can do this through your account settings or by contacting us.

### 5.2 Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.

### 5.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., where we are required to retain it for legal purposes).

### 5.4 Opt-Out

You can opt out of:
- Marketing communications by following the unsubscribe instructions in our emails or by contacting us
- Certain tracking technologies by adjusting your browser settings or using our cookie preferences (where available)

### 5.5 Account Deletion

You can delete your account at any time through your account settings or by contacting us. Deletion of your account will result in the deletion of your personal information, subject to our data retention policies.

---

## 6. GDPR Compliance

### 6.1 Legal Basis for Processing

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information based on the following legal grounds:

- **Contractual Necessity**: Processing necessary to perform our contract with you (e.g., providing the Services)
- **Legitimate Interests**: Processing necessary for our legitimate business interests (e.g., improving the Services, ensuring security), where such interests do not override your rights and freedoms
- **Consent**: Processing based on your explicit consent (e.g., marketing communications)
- **Legal Obligation**: Processing necessary to comply with legal obligations

### 6.2 Your GDPR Rights

If you are located in the EEA or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

- **Right of Access**: You have the right to obtain confirmation as to whether we process your personal information and to access that information
- **Right to Rectification**: You have the right to have inaccurate personal information corrected
- **Right to Erasure ("Right to be Forgotten")**: You have the right to request deletion of your personal information under certain circumstances
- **Right to Restrict Processing**: You have the right to request restriction of processing of your personal information under certain circumstances
- **Right to Data Portability**: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller
- **Right to Object**: You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes
- **Right to Withdraw Consent**: Where processing is based on consent, you have the right to withdraw consent at any time

### 6.3 Exercising Your GDPR Rights

To exercise any of these rights, please contact us using the information provided in Section 12 (Contact Us). We will respond to your request within one month (or as required by applicable law). We may request verification of your identity before processing your request.

### 6.4 Data Protection Officer

If you have questions or concerns about our data processing practices, you can contact our Data Protection Officer using the contact information provided in Section 12.

### 6.5 Supervisory Authority

If you are located in the EEA or the United Kingdom and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

---

## 7. Machine Learning and AI Services

The Services may generate or execute code, queries, recommendations, analysis, or other output using artificial intelligence or machine learning models. AI-generated content may be inaccurate, incomplete, misleading, or unsuitable for your specific use case.

**Machine Learning on User Data**: Usage Data and Customer Content may be used to develop, train, or enhance artificial intelligence or machine learning models that are part of Manteo's products and services, including third-party components of the Services, and you authorize Manteo to process your Usage Data and Customer Content for such purposes. However, (a) Usage Data and Customer Content must be aggregated before it can be used for these purposes, and (b) Manteo will use commercially reasonable efforts consistent with industry standard technology to de-identify Usage Data and Customer Content before such use. Nothing in this section will reduce or limit Manteo's obligations regarding Personal Data that may be contained in Usage Data or Customer Content under applicable data protection laws.

**Your Responsibility**: You are solely responsible for reviewing, validating, and approving all AI-generated output before using it in any operational, financial, analytical, or related decision-making context. You must independently verify all outputs and consult qualified professionals where required. Due to the nature of artificial intelligence and machine learning, information generated by these features may be incorrect or inaccurate. Service features that include artificial intelligence or machine learning models are not human and are not a substitute for human oversight.

**Execution in Connected Systems**: Where you permit the Services to execute AI-generated instructions within third-party environments, including but not limited to cloud services, cloud storage, or other connected systems, you acknowledge that such execution occurs solely at your direction and risk. Generated instructions may modify, delete, overwrite, or otherwise affect data, and may incur charges in third-party environments. Manteo is not responsible for loss, corruption, alteration, or destruction of data resulting from such execution.

---

## 8. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

---

## 9. Cookies and Tracking Technologies

### 9.1 What Are Cookies

Cookies are small text files that are placed on your device (computer, tablet, or mobile device) when you visit our Services. Cookies and similar tracking technologies help us provide, protect, and improve the Services, personalize content, and analyze usage patterns.

### 9.2 Types of Cookies We Use

We use the following types of cookies and tracking technologies:

#### 9.2.1 Essential Cookies

Essential cookies are necessary for the Services to function properly. These cookies enable core functionality such as security, network management, and accessibility. You cannot opt out of essential cookies, as they are required for the Services to work.

**Examples of Essential Cookies:**
- **Authentication Cookies**: Store your login session and authentication tokens to keep you logged in
- **Security Cookies**: Help detect and prevent security threats and fraudulent activity
- **Load Balancing Cookies**: Distribute traffic across servers to ensure optimal performance

#### 9.2.2 Functional Cookies

Functional cookies allow the Services to remember choices you make (such as your language preference, region, or username) and provide enhanced, personalized features. These cookies may also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customize.

**Examples of Functional Cookies:**
- **Preference Cookies**: Remember your settings and preferences (e.g., theme, language, dashboard layout)
- **Session Cookies**: Maintain your session state as you navigate through the Services

#### 9.2.3 Analytics Cookies

Analytics cookies help us understand how visitors interact with the Services by collecting and reporting information anonymously. This helps us improve the way the Services work.

**Examples of Analytics Cookies:**
- **PostHog Cookies**: We use PostHog to analyze how you use the Services, including which features you use most frequently, how long you spend on different pages, and how you navigate through the Services. This information helps us improve the Services and user experience.
- **Usage Tracking Cookies**: Track page views, feature usage, and user interactions to identify areas for improvement

#### 9.2.4 Marketing and Advertising Cookies

Marketing and advertising cookies are used to track visitors across websites to display relevant advertisements or to measure the effectiveness of marketing campaigns. These cookies may be set by us or by third-party advertising partners.

**Examples of Marketing Cookies:**
- **Conversion Tracking Cookies**: Track whether you completed certain actions (e.g., signing up, making a purchase) after clicking on an advertisement
- **Retargeting Cookies**: Enable us to show you relevant advertisements on other websites based on your interaction with our Services

### 9.3 Third-Party Cookies

In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Services, deliver advertisements, and provide other functionality. These third-party cookies include:

- **PostHog**: Analytics and product analytics cookies to understand user behavior
- **Google Analytics** (if used): Web analytics cookies to understand website traffic and usage patterns
- **Google Cloud Platform**: Infrastructure and service-related cookies
- **Supabase**: Authentication and database service cookies

These third parties may use cookies, web beacons, pixel tags, and similar technologies to collect information about your use of the Services and other websites. The use of these technologies by third parties is subject to their own privacy policies.

### 9.4 How Long Cookies Are Stored

Cookies may be either "persistent" or "session" cookies:

- **Session Cookies**: Temporary cookies that expire when you close your browser or end your session. These cookies are used to maintain your session while you navigate through the Services.
- **Persistent Cookies**: Remain on your device for a set period or until you delete them. These cookies help us remember your preferences and settings across multiple visits.

### 9.5 How to Manage Cookies

You have the right to accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, you may not be able to fully experience all features of the Services. You can control cookies through your browser settings.

Where available, you can manage your cookie preferences through our cookie consent banner or settings panel. You can choose to accept or reject different categories of cookies (except essential cookies, which cannot be disabled).

You can opt out of certain third-party cookies:

- **PostHog**: You can opt out of PostHog tracking through the cookie consent banner or by toggling "Usage Analytics" in your Account settings at any time.

### 9.6 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, there is no standard for how DNT signals should be interpreted. As a result, we do not currently respond to DNT browser signals or mechanisms.

### 9.7 Web Beacons and Similar Technologies

In addition to cookies, we may use web beacons (also known as pixel tags or clear GIFs), which are small graphic images embedded in web pages or emails. Web beacons may be used to:

- Track whether you have opened an email or clicked on a link
- Measure the effectiveness of our communications
- Analyze usage patterns on our Services

### 9.8 Mobile Device Identifiers

When you access the Services through a mobile device, we may use mobile device identifiers (such as Apple's Identifier for Advertising or Google's Advertising ID) to recognize your device and provide personalized content and advertising. You can control these identifiers through your mobile device settings.

### 9.9 Updates to Our Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated Cookie Policy on this page and updating the "Updated at" date at the top of this Privacy Policy.

If you have questions about our use of cookies or this Cookie Policy, please contact us using the information provided in Section 12 (Contact Us).

---

## 10. Third Party Data and Services

"Third Party Data and Services" means anything that the Manteo Platform contains, allows you to access, links to or integrates with that is not explicitly branded as a Manteo service. This may include branded or unbranded data from third party data providers, data from public sources, links to third party websites, apps and cloud-based services, integrations with third party services, and third party plugins.

The Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Services.

---

## 11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Updated at" date. We may also notify you by email or through the Services. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy.

---

## 12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

**Manteo AI PC**
Email: legal@manteo.ai
Address: Iakinthon 11, Athens, Greece

For GDPR-related inquiries, you can also contact our Data Protection Officer at the same address or email.

---

## 13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer your information to other countries, we take appropriate safeguards to ensure your information receives an adequate level of protection, including:

- Standard contractual clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other appropriate legal mechanisms

By using the Services, you consent to the transfer of your information to these countries.

---

## 14. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the jurisdiction in which Manteo is registered (Athens, Greece). For users located in the European Economic Area (EEA) or the United Kingdom, this Privacy Policy is also subject to the General Data Protection Regulation (GDPR) and other applicable data protection laws.

---
