Your brand is your most valuable asset.

Data ownership

You own every output you generate. Every ad, every social post, every email creative. Full commercial license included at every tier. We never claim rights to your generated content. If you cancel, you keep everything you created.

We do not train on your data

Your Brand DNA, your product photos, your ad copy, and your generation history are never used to train AI models. Your data serves one purpose: generating content for YOUR brand. Not for ours. Not for other customers. Not for model improvement.

Encryption

All data is encrypted at rest using AES-256-GCM. All data in transit is encrypted via TLS 1.3. API keys are hashed (SHA-256) before storage. Passwords are hashed using bcrypt with per-user salts. We use standard envelope encryption for all persistent data stores.

Compliance

SOC 2 Type II: In flight, targeting Q3 2026 completion. We are working with an accredited auditor to achieve SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria.

GDPR: Ready. EU customers can request data export, correction, and deletion. Data processing agreements (DPAs) available on request. No data transfers outside the processing agreement scope.

CCPA: Aware and compliant. California residents can request disclosure, deletion, and opt-out per the California Consumer Privacy Act.

Sub-processors

The following third-party services process customer data as part of the mani product:

Vulnerability disclosure

If you discover a security vulnerability, please report it responsibly to security@maniai.com. We respond to all reports within 48 hours. We do not pursue legal action against security researchers acting in good faith.

Bug bounty program details and PGP key for encrypted reports will be published when our SOC 2 audit completes.