Book a call Get a demo
Legal

Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how Manhattan Labs ("Manhattan Labs," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our websites, applications, dashboards, AI service modules, and related services (collectively, the "Services"). By using the Services, you agree to this Policy.

1. Information We Collect

We collect information in three buckets:

Information you provide. When you contact us, book a call, sign up for a Service, or send messages to our chat assistants, we collect the information you submit — including name, email address, company, role, billing details, and the contents of your messages and uploads.

Customer Data. When you use the Services, you and your users submit data such as documents, prompts, knowledge-base content, integration data, and AI conversation transcripts. We process this data on your behalf to operate the Services.

Information collected automatically. When you visit our sites or use the Services, we automatically collect technical and usage information such as IP address, browser and device characteristics, referring URLs, pages viewed, timestamps, and basic interaction events. We use cookies and similar technologies for essential site functionality and limited analytics.

2. How We Use Information

We use information to:

  • provide, operate, secure, and improve the Services;
  • authenticate users, process payments, and prevent fraud and abuse;
  • respond to inquiries, provide support, and communicate about your account;
  • send service announcements and, where permitted, marketing communications (you can opt out at any time);
  • generate aggregated, de-identified analytics to understand usage and improve product quality; and
  • comply with legal obligations and enforce our agreements.

3. AI Processing

The Services use artificial intelligence and large language models, including third-party models such as OpenAI and Anthropic, to generate responses and outputs from your inputs. Inputs and outputs may be processed by these model providers under their own terms and privacy commitments. We configure our AI integrations to disable provider-side training on Customer Data wherever that option is available.

We do not sell Customer Data, and we do not use Customer Data to train foundation models. We may use de-identified, aggregated information to improve the Services.

4. How We Share Information

We share information only as needed to run the Services or as required by law:

  • Service providers and subprocessors — including infrastructure providers (e.g., Railway, Cloudflare, AWS), AI model providers (e.g., OpenAI, Anthropic), payment processors (e.g., Stripe), authentication providers (e.g., Clerk, Supabase), analytics, and email/calendaring tools (e.g., Slack, HubSpot, Calendly, Microsoft 365) — who process information on our behalf under appropriate contractual safeguards.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
  • Legal and safety — to comply with law, lawful requests, or to protect our rights, your safety, or the safety of others.
  • With your direction — for example, when you connect a third-party integration or instruct us to share data.

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

5. Cookies and Tracking

We use a small number of strictly necessary cookies to operate the Services and may use limited first-party analytics to understand site usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.

6. Data Retention

We retain information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained for the duration of your subscription and deleted or anonymized within a reasonable period after termination, unless we are required to retain it by law.

7. Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, or destruction — including encryption in transit, scoped access controls, and tenant isolation in our multi-tenant systems. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. To exercise these rights, email [email protected]. We will respond within the time required by applicable law. If you are a user of a customer's instance of the Services, please contact that customer first; we will assist them in responding to your request.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

10. International Users

We are based in the United States, and the Services are operated and hosted in the United States. If you access the Services from outside the U.S., you understand that your information will be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your jurisdiction.

11. Third-Party Sites

The Services may contain links to third-party sites or integrate with third-party platforms. Those services are governed by their own privacy policies, and we are not responsible for their practices.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or by posting the updated Policy on the Services). Your continued use of the Services after the effective date constitutes acceptance.

13. Contact

Questions about this Policy or our privacy practices? Email us at [email protected].