Privacy Policy
Last updated: May 22, 2026
1. Introduction
Mantis Corp ("we," "us," or "our") operates the Mantis platform ("Service"), a multi-tenant business management platform for service businesses. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service, visit our website, or interact with our AI-powered features.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
This policy applies to all users of the Service, including business owners, employees, and end customers who interact with businesses using our platform.
2. Information We Collect
2.1 Account & Identity Information
When you create an account or are added as a team member or customer, we collect:
- Full name, email address, phone number
- Business name, business type, and industry
- Role within the organization (owner, employee, customer)
- Authentication credentials (managed securely via our authentication provider)
- Profile photos or avatars you upload
2.2 Customer & Business Data
Business owners and employees may enter data about their customers and operations:
- Customer names, addresses, phone numbers, and email addresses
- Service history, job records, and appointment details
- Notes, tags, and communication preferences
- Proposals, contracts, and signed documents
2.3 Financial Information
- Invoice and payment records
- Expense tracking data (amounts, categories, vendors, receipts)
- Budget allocations and financial planning data
- Payment processing is handled by Stripe. We do not store full credit card numbers
2.4 Location & Geographic Data
- Business locations and service area addresses
- Customer addresses (geocoded for routing and service delivery)
- Route optimization data
2.5 Communications Data
- SMS messages sent and received through the platform
- Email communications sent on your behalf
- Voice call recordings and transcripts (see Section 5)
- In-platform messages between users
2.6 Device & Usage Data
- Browser type, operating system, and device information
- IP address and approximate location derived from IP
- Pages visited, features used, and interaction patterns
- Error logs and performance data
2.7 Files & Uploads
- Documents, images, and files uploaded to the platform
- Receipt images attached to expenses
- Brand assets (logos, colors, images)
- Data import files (CSV, spreadsheets)
3. How We Use Your Information
We use the information we collect to:
- Provide the Service. Manage your business operations, customers, scheduling, invoicing, inventory, and other core features
- AI-Powered Automation. Run AI agents that assist with sales, customer service, routing, scheduling, outreach, and other business functions (see Section 4)
- Communications. Send SMS, email, and voice communications on your behalf to your customers
- Billing & Payments. Process invoices, track payments, and manage subscriptions
- Improve the Service. Analyze usage patterns to fix bugs, improve features, and optimize performance
- Security. Detect and prevent fraud, unauthorized access, and other security threats
- Legal Compliance. Fulfill our legal obligations, respond to lawful requests, and enforce our terms
We do NOT sell your personal information to third parties. We do NOT use your data to train artificial intelligence or machine learning models. Your data is used solely to provide and improve the Service for you.
4. AI & Automated Processing
4.1 AI Agents Overview
Mantis includes AI-powered agents that automate business operations on your behalf. These agents perform tasks such as:
- Answering incoming phone calls and booking appointments (AI Receptionist)
- Generating and sending customer outreach communications
- Qualifying sales leads and generating proposals
- Optimizing service routes and schedules
- Monitoring inventory levels and suggesting reorders
- Generating social media content
- Responding to customer service inquiries
- Analyzing business performance and providing strategic recommendations
- Managing invoicing and payment reminders
- Coordinating workflows across all of the above functions
4.2 What Data AI Agents Access
AI agents access only the data necessary to perform their specific function, limited to your business's data. This may include customer information, job records, financial data, communications history, and business knowledge base items (SOPs, FAQs, policies) that you have configured for AI access.
4.3 AI Processing Providers
AI agent processing is performed using third-party AI model providers:
- Google (Gemini). Primary AI model provider for agent intelligence and voice AI
- OpenAI. Secondary AI model provider and image generation
When data is sent to these providers for processing, it is transmitted securely and used solely to generate a response for the specific task. We have agreements with these providers that prohibit them from using your data to train their models.
4.4 Human Oversight
AI agents do not make final decisions on high-impact actions without human approval. Our approval workflow requires manager review for actions that could significantly affect your business operations or customer relationships. You can configure approval thresholds and review all AI agent activity in the platform's activity logs.
4.5 No Model Training
Your data is never used to train, fine-tune, or improve any AI or machine learning model, whether ours or any third party's. AI models process your data only to generate real-time responses for your specific business tasks.
5. Voice & Telephony
5.1 AI Receptionist
Mantis offers an AI-powered receptionist that can answer incoming phone calls on behalf of your business. When active, the AI receptionist will identify itself as an AI assistant at the beginning of each call. The AI receptionist can schedule appointments, answer frequently asked questions, and capture caller information.
5.2 Call Recording & Transcription
Voice calls handled through the platform may be recorded and transcribed. Call recordings and transcripts are stored securely and are accessible only to authorized users within your business account. Callers are informed that calls may be recorded.
5.3 Telephony Provider
Voice and SMS services are provided through Twilio, a third-party communications platform. Call data, including phone numbers, call duration, and recordings, is processed and stored by Twilio in accordance with their privacy policy. AI voice processing is handled by Google's Gemini Live API.
5.4 TCPA Compliance
We comply with the Telephone Consumer Protection Act (TCPA). AI-generated voice calls constitute artificial or prerecorded voice messages under federal law. We obtain required consent before initiating automated calls or text messages. You may revoke consent at any time through any reasonable means, including replying "STOP" to text messages or requesting removal during a call.
6. SMS & Email Communications
6.1 Business Communications
The Service enables businesses to send SMS messages and emails to their customers for appointment reminders, follow-ups, marketing campaigns, and other business communications. These are sent on behalf of the business, not on behalf of Mantis.
6.2 Service Providers
- Twilio. SMS message delivery
- Resend. Transactional and marketing email delivery
6.3 CAN-SPAM Compliance
All marketing emails sent through the Service comply with the CAN-SPAM Act. Recipients can unsubscribe from marketing emails at any time using the unsubscribe link included in every marketing email. Unsubscribe requests are honored within 10 business days.
6.4 Opt-Out
End customers may opt out of receiving SMS messages by replying "STOP" at any time. Email recipients may unsubscribe via the link in any email. Opting out of marketing communications does not affect transactional messages related to active services.
6.5 Speed-to-Lead SMS Service
Mantis Corp operates a Speed-to-Lead service that sends automated SMS messages on behalf of service businesses to individuals who have initiated contact by submitting a web inquiry form or scanning a QR code. By submitting a contact form or initiating a web chat, the individual consents to receive automated text messages in response to their inquiry. Consent records are stored with a timestamp and source identifier.
All Speed-to-Lead messages identify themselves as automated at the start of the conversation. Recipients may opt out at any time by replying STOP. Reply HELP for assistance. Message and data rates may apply. Message frequency varies based on the nature of the inquiry and the responding business's configuration.
7. Third-Party Service Providers
We share personal information with third-party service providers ("subprocessors") only as necessary to operate the Service. These providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security measures.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All platform data (encrypted at rest and in transit) |
| Stripe | Payment processing | Customer billing details, invoice amounts |
| Twilio | Voice calls, SMS | Phone numbers, message content, call recordings |
| Resend | Email delivery | Email addresses, email content |
| Google (Gemini) | AI model processing, voice AI | Business context, customer data for AI tasks |
| OpenAI | AI model processing, image generation | Business context for AI tasks, brand data for images |
| Late (getlate.dev) | Social media publishing | Social account tokens, post content, media files |
| Google Maps | Geocoding, mapping | Addresses for geocoding and route display |
| Meta (Facebook) | Social media OAuth | Page credentials, posting permissions |
| Firecrawl | Web content extraction | URLs provided by you |
| Pexels | Stock photography | Search queries only |
| Freepik | Stock media | Search queries only |
We maintain data processing agreements (DPAs) with our subprocessors. We will provide at least 30 days' notice before adding new subprocessors that handle personal information.
10. Data Security
We implement industry-standard security measures to protect your information:
- Encryption. All data is encrypted in transit (TLS) and at rest (AES-256)
- Multi-Tenant Isolation. Each business's data is logically isolated using row-level security (RLS) policies enforced at the database level; one business cannot access another's data
- Authentication. Secure session management with JWT-based authentication
- Access Controls. Role-based access controls (owner, employee, customer) limit data access to authorized users
- Infrastructure. Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance
- Monitoring. Continuous security monitoring and audit logging
While we take extensive measures to protect your data, no method of transmission or storage is 100% secure. If we become aware of a security breach that affects your personal information, we will notify you and applicable authorities as required by law.
11. Data Retention & Deletion
11.1 Retention Periods
- Account data. Retained while your account is active and for 30 days after deletion request
- Business operational data (customers, jobs, invoices). Retained while the business account is active
- Voice recordings & transcripts. Retained for 90 days unless configured otherwise
- AI agent activity logs. Retained for 12 months
- Financial records. Retained for 7 years to comply with tax and accounting regulations
- Communication logs (SMS, email). Retained for 12 months
- Usage analytics. Retained in aggregated, de-identified form indefinitely
11.2 Deletion Requests
You may request deletion of your personal information at any time by contacting us at the email address listed in Section 15. Upon receiving a verified deletion request, we will:
- Delete or de-identify your personal information within 45 days
- Direct our subprocessors to delete your data
- Notify you when deletion is complete
Certain data may be retained where required by law (e.g., financial records for tax compliance) or where necessary to complete a transaction you requested.
11.3 Account Termination
When a business account is terminated, all associated data, including customer records, employee records, financial data, and AI agent logs, will be deleted within 90 days, except where retention is required by law.
12. Your Privacy Rights
12.1 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know. Request what personal information we collect, use, disclose, and sell
- Right to Delete. Request deletion of your personal information
- Right to Correct. Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing. We do not sell or share your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Information. Request that we limit our use of your sensitive personal information
- Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights
12.2 Automated Decision-Making Technology (ADMT)
Under California's ADMT regulations, you have the right to:
- Receive notice before AI agents make decisions that produce legal or similarly significant effects
- Opt out of automated decision-making for significant decisions
- Request human review of decisions made by AI agents
- Access information about the logic used in automated processing
12.3 Other State Privacy Laws
Residents of other states with comprehensive privacy laws, including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Nebraska, Maryland, Minnesota, Rhode Island, and Vermont, may have similar rights under their respective state laws. We honor all applicable state privacy rights. Contact us to exercise your rights.
12.4 How to Exercise Your Rights
To exercise any of your privacy rights, contact us at support@mantiscorp.ai. We will verify your identity before processing your request and respond within the timeframe required by applicable law (generally 45 days for CCPA requests). You may also designate an authorized agent to make requests on your behalf.
12.5 Global Privacy Control
We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out preference signal as required by applicable law.
13. Children's Privacy
The Service is designed for business use and is not directed at children under the age of 13 (or 16, where applicable). We do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a child under the applicable age threshold, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at support@mantiscorp.ai.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Provide notice through the Service (such as an in-app notification)
- For significant changes, send an email notification to account holders
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
15. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:
Company: Mantis Corp
Privacy Contact: support@mantiscorp.ai
Address: 29964 Avenida Cima Del Sol, Temecula CA 92591
© 2026 Mantis Corp. All rights reserved.
Last updated: May 22, 2026
8. Social Media Integration
The Service allows you to connect social media accounts to publish content on your behalf. When you connect a social media account:
You can disconnect social media accounts at any time from your settings, which revokes our access and deletes stored OAuth tokens.