Privacy Policy

Effective Date: February 17, 2026

Last Updated: February 17, 2026

This Privacy Policy describes how Maniflow ("Maniflow," "we," "us," or "our"), a product of Maniflow AI, LLC, collects, uses, and shares information when you use our website at maniflow.ai and our Maniflow Hive platform, including the web application, mobile applications, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Account Information

When you create a Maniflow account, we collect:

• Name and email address
• Profile information (such as profile picture, if provided)
• Authentication credentials (passwords are hashed and never stored in plaintext)
• Billing information (processed through our payment provider, Stripe)

1.2 Information from Third-Party Integrations

When you connect third-party services through Hive Connect (such as Google, GitHub, Slack, or other providers), we collect:

• OAuth access tokens and refresh tokens (encrypted using AES-256 with AWS KMS)
• Basic profile information from the connected service (name, email)
• Scoped access to the data you authorize (e.g., email messages, calendar events, repository data)

We use a brokered credential model — your AI assistant accesses third-party services through encrypted, scoped tokens. We never store your raw passwords for any integrated service.

1.3 Usage Data

We automatically collect certain information when you use our Services:

• Log data (IP address, browser type, operating system, referring page)
• Device information (device type, unique identifiers)
• Usage patterns (features used, pages viewed, actions taken)
• Assistant interactions (messages, threads, routines)
• Performance metrics and error reports

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns to improve our Services
• Ensure security and prevent fraud

We do not use third-party advertising cookies. You may disable cookies in your browser settings, though some features of our Services may not function properly.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Operate your AI assistant and handle requests on your behalf
• Process transactions and manage your subscription
• Send you transactional communications (account verification, security alerts, service updates)
• Respond to your requests and provide customer support
• Monitor and analyze usage trends to improve the platform
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

• Service Providers: We share information with third-party vendors who perform services on our behalf (e.g., cloud hosting via Amazon Web Services, payment processing via Stripe, email delivery). These providers are contractually required to protect your information.
• AI Model Providers: When your assistant processes messages, the content may be sent to AI model providers (such as Anthropic or OpenAI) for processing. We use API integrations with data processing agreements in place. These providers do not use your data for model training.
• Third-Party Integrations: When you authorize a third-party integration, your assistant interacts with that service on your behalf using your authorized credentials. The data shared is limited to the scope you authorized.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
• With Your Consent: We may share information for any other purpose with your explicit consent.

4. Data Storage and Security

We take the security of your data seriously:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Third-party credentials are stored using AWS Secrets Manager with KMS encryption
• AI assistant execution occurs in sandboxed, isolated containers
• We maintain full audit trails of all assistant actions
• Access to production systems is restricted and logged
• We are pursuing SOC 2 Type II certification

Your data is stored on servers operated by Amazon Web Services (AWS) in the United States. Enterprise customers may choose to deploy Maniflow Hive within their own AWS infrastructure for full data sovereignty.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide our Services. Specifically:

• Account data: Retained until you delete your account
• Thread history: Retained until you delete your account or specific threads
• Integration tokens: Retained until you disconnect the integration or delete your account
• Usage and log data: Retained for up to 12 months for analytics and security purposes
• Billing data: Retained as required by applicable tax and financial regulations

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Restriction: Request that we limit how we use your information
• Objection: Object to our processing of your personal information
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You may also:

• Disconnect any third-party integration at any time from your Hive settings
• Delete individual conversations or task histories
• Export your data from the platform
• Delete your account entirely from account settings

7. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

8. International Data Transfers

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our Services, you consent to the transfer of your information to the United States.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Company: Maniflow AI, LLC
• Product: Maniflow Hive