Your brand is your most valuable asset
Here is how we protect it. Every generation, every connection, every byte.
Data principles
You own your output
Every ad, social post, and email creative you generate is yours. Full commercial license at every tier. We never claim rights to your content. Cancel and keep everything.
No model training
Your Brand DNA, product photos, ad copy, and generation history are never used to train AI models. Your data serves one purpose: generating content for your brand.
Encryption everywhere
AES-256-GCM at rest. TLS 1.3 in transit. API keys hashed (SHA-256). Passwords hashed with bcrypt + per-user salts. Standard envelope encryption for all persistent stores.
Data deletion
Request deletion at any time. Brand DNA and account data retained 90 days post-cancellation, then permanently deleted. Immediate deletion available on request.
Compliance and certifications
SOC 2 Type II
In flight, targeting Q3 2026. Working with an accredited auditor covering security, availability, and confidentiality trust service criteria. Pre-audit security posture document available on request.
GDPR
Ready. EU customers can request data export, correction, and deletion. Data Processing Agreements (DPAs) available on request. No data transfers outside the processing agreement scope.
CCPA
Compliant. California residents can request disclosure, deletion, and opt-out per the California Consumer Privacy Act.
Enterprise procurement
Sub-processors
Anthropic (Claude)
AI text generation. No training on customer data per API terms.
FairStack
Image generation. Inputs not retained post-generation.
Stripe
Payment processing. PCI DSS Level 1 certified.
Cloudflare
CDN, DNS, DDoS protection. SOC 2 Type II certified.
Railway
Application hosting + PostgreSQL. US-based infrastructure.
Resend
Transactional email delivery.
Vulnerability disclosure
If you discover a security vulnerability, please report it responsibly to security@maniai.com. We respond to all reports within 48 hours. We do not pursue legal action against security researchers acting in good faith.
Bug bounty program details and PGP key for encrypted reports will be published when our SOC 2 audit completes.
Security FAQ
Do you have a SOC 2 report?
SOC 2 Type II is in flight, targeting Q3 2026 completion. We can share our current security posture document and controls evidence on request. Email security@maniai.com for the pre-audit packet.
Can we sign a DPA?
Yes. We provide a standard Data Processing Agreement for GDPR compliance. Email security@maniai.com and we will send our DPA template within 24 hours. Custom DPA negotiations are available for Enterprise tier customers.
Where is our data stored?
Application data is stored in PostgreSQL on Railway (US-based infrastructure). Generated images are stored in Cloudflare R2 (US region by default, EU region available for Enterprise). Backups are encrypted and retained for 30 days.
Do you use our data to train AI models?
No. Your Brand DNA, product photos, ad copy, and generation history are never used for model training. Your data serves one purpose: generating content for your brand. This applies to all AI providers we use (Anthropic, FairStack).
What happens to our data if we cancel?
You keep all generated content. Brand DNA and account data are retained for 90 days after cancellation in case you return. After 90 days, all data is permanently deleted. You can request immediate deletion at any time.
How do you handle access control?
Role-based access control (RBAC) is available on Enterprise plans. All admin actions are logged. API tokens are hashed before storage. Session tokens expire after 30 days with daily refresh.
Do you have a vendor security questionnaire?
Yes. We can complete SIG Lite, CAIQ, or custom vendor security questionnaires. Email security@maniai.com with your questionnaire and we will return it within 5 business days.
Is there an SLA?
Enterprise plans include a 99.9% uptime SLA with defined response times for P1-P4 incidents. Solo and Studio plans do not include an SLA but target the same availability. Historical uptime is published on our status page.
Questions about security?
Reach out to security@maniai.com. We respond within 48 hours.