Introduction

ManifestIT Inc. (“we”, “us”, “our”) is the company behind Manifest, a modern platform for change observability, governance, and impact analysis in dynamic cloud and application environments. Manifest empowers organizations with real-time insights, enabling faster incident resolution, improved compliance, and operational resilience.

We value your privacy and are committed to protecting personal data. This Privacy Policy outlines how we collect, use, and safeguard your information and explains your rights regarding your personal data.

Commitment to Data Privacy

ManifestIT is designed with privacy and data minimization as foundational principles. The platform operates within customer-managed infrastructure—whether self-hosted or on a private SaaS instance—and does not collect or process any sensitive personal information as defined under global data protection regulations.

Use of AI (Llama3)

ManifestIT includes features powered by Llama3, a generative AI model used for:

• Graph crawling
• Cypher query generation

All Llama3 interactions occur within the customer’s local environment:

• Llama3 endpoints are locally deployed and do not send any data outside the customer-controlled boundary.
• No data from Manifest is shared with external AI providers or third-party AI services.
• Llama3 does not process or access any sensitive data.

Data We Do Not Collect or Process

ManifestIT Inc. does not collect, store, or process any of the following categories of sensitive data:

• Personally Identifiable Information (PII):
  • Full name, email address, home/work address
  • Phone number, national ID, passport or driver's license number
  • Any unique identifiers that could identify an individual
• Financial Information:
  • Bank account numbers
  • Credit/debit card details
  • Financial records or account balances
• Health Information:
  • Medical records or insurance data
  • Biometric or genetic information
• Other Sensitive Information:
  • Racial or ethnic origin
  • Political or religious beliefs
  • Trade union membership
  • Sexual orientation or sex life
  • Criminal history or judicial records

Website and Business Contact Data

We may collect basic business contact data via:

• Website forms
• Event registrations
• Professional networks (e.g., LinkedIn)

What We May Collect:

• Name
• Job title
• Employer name
• Business email and phone
• Address for billing purpose
• IP address and browser metadata (for analytics)

We use this information to provide services, respond to inquiries, and send relevant communications. We do not sell personal data and only share it with service providers involved in delivering our services.

Cookies and Tracking

Manifest’s website uses cookies and analytics tools to:

• Improve site functionality
• Understand visitor behavior
• Enhance the user experience

Data Storage and Hosting

All operational data related to ManifestIT is stored:

• In infrastructure controlled by the customer (self-hosted or SaaS)
• In secure, access-controlled environments
• Using encryption at rest and in transit

We retain customer contact and website data as long as there is a business relationship or interest, and delete it upon request.

International Data Transfers

ManifestIT Inc. is headquartered in California, United States. If personal data is processed in the U.S., we ensure that:

• Transfers are based on consent or legitimate interest
• Appropriate contractual safeguards (e.g., Standard Contractual Clauses) are in place

Your Rights (GDPR and Global Privacy Laws)

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Request correction or deletion
• Object to or restrict processing
• Request data portability
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at: privacy@manifestit.io

Data Security

ManifestIT Inc. enforce strong technical and organizational controls:

• Role-based access control
• Audit logs and monitoring
• Encryption
• Secure authentication
• Zero data sharing with external AI services or unauthorized third parties

Also, ManifestIT has successfully attained SOC 2 Type 2 attestation, affirming the effectiveness of its security controls over time.

Children’s Data

Manifest is not intended for use by children, and we do not knowingly collect or process any personal data from individuals under the age of 16. If we discover that such data has been inadvertently collected, we will promptly delete it.

Sharing Information with Third Parties

We do not sell or disclose your personal information to third parties for their independent marketing or commercial purposes.

We may share limited business contact data only with:

• Cloud infrastructure providers solely for service delivery
• Vendors that support operations under strict data processing agreements
• Authorized partners or co-hosted event sponsors, with notice or consent
• Legal authorities when required to comply with law, protect our rights, or respond to emergencies

All such sharing is done with confidentiality protections and limited scope.

Data Retention and Deletion

We retain personal and service-related data as follows:

• Customer operational data: Stored in customer-managed systems, retention controlled by the customer
• Business contact data: Retained as long as there is ongoing communication or consent
• Website analytics and cookies: Retained per cookie policy

You may request deletion of your personal data at any time by contacting us at: privacy@manifestit.io. Upon verification, we will delete such data unless retention is legally required.

Your Consent and Changes to this Policy

By using our website or engaging with ManifestIT, you consent to the practices described in this Privacy Policy.

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or website notice. Continued use of our services after changes indicates your acceptance.

Contact Us

ManifestIT Inc.
2800 Sand Hill Rd, Suite 101
Menlo Park, California 94025
Email: privacy@manifestit.io