Data Processing Addendum

This Data Processing Addendum governs how ManiAI processes personal data on behalf of enterprise customers. It supplements the Terms of Service and applies to all data processing activities performed by mani in connection with your use of the service.

For transfers of personal data from the EEA to the United States, we incorporate the European Commission's Standard Contractual Clauses (Module 2: Controller to Processor). SCCs are included as an appendix to the DPA and require no additional negotiation for standard enterprise agreements.

Current sub-processors: Railway (hosting, US/EU), Stripe (payments, US), Klaviyo (email, US), Cloudflare (CDN, global), FairStack (AI generation, US), Anthropic (AI, US), PostHog (analytics, EU), Sentry (monitoring, US), Resend (email, US). Updated list maintained at /trust. 30-day advance notice for material changes.

Default: US East (Virginia). EU option: EU West (Frankfurt) available on Enterprise plans. Data does not leave the selected region for processing. Sub-processor data flows documented in the DPA appendix.

Enterprise customers have the right to audit mani's data processing practices. Audits: maximum 1 per year, 30-day advance notice, during business hours, at customer's expense. We cooperate fully and provide access to relevant documentation.

Standard DPA available for download (PDF). Custom DPA terms available for Enterprise contracts. Contact legal@maniai.com or your account manager for the current version.