Your data, our promises — written in plain English.

We collect only what we need to build your site, keep it online, and bill you for the work — nothing more. The categories of personal information we process are:

• Account information — your name, email address, and a user identifier created when you sign up. We do not store your password ourselves; our authentication provider handles sign-in on our behalf.
• Payment details — card number, billing address, and transaction history are held by Stripe, our payment processor. We never see your full card number; we receive only the last four digits, the card brand, and Stripe’s opaque customer and subscription identifiers.
• Wizard responses — the answers you give in the onboarding flow about your business, audience, tone, and goals. These are saved to a short-lived session before checkout and to your project record after.
• Uploaded files — logos, photos, documents, and any other assets you provide for the site. Files live in our Cloudflare R2 bucket and are referenced by metadata rows in our database.
• Support communications — messages you send us through the dashboard, email, or contact form. We keep these for as long as your account is active so we can give you continuous support.
• Technical data — IP address, user-agent string, request identifiers, and high-level interaction events (page views, form submissions). We use these for security, error monitoring (via Sentry), and to keep the site fast.

Each piece of data has a purpose tied to the service we promised you. We do not sell, rent, or trade personal data — and we do not run advertising surveillance on this site.

• To provide the service — build your site, host it, take edit requests, and publish the result on your domain.
• To handle payments — manage subscriptions, send invoices, and respond to billing questions through Stripe.
• To communicate with you — confirmation emails, transactional notices, and support replies. Marketing email is opt-in only.
• To comply with the law — financial reporting, tax filings, responses to lawful requests from regulators or courts.
• To improve the product — aggregated, de-identified usage patterns help us decide what to build next. We do not run individual-level behavioural profiling.

We rely on a short list of vetted subprocessors to run the service. Each one has a written data-processing agreement with EstateFlow Digital and processes your data only on our instructions. The current list:

We will update this page before adding any new subprocessor — and we will email you if the change materially affects how your data is handled.

Under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and equivalent laws in other jurisdictions, you have the following rights with respect to your personal information:

• Right of access — request a copy of everything we hold about you in a portable JSON format.
• Right to rectification — correct anything inaccurate or incomplete from your account page or by emailing us.
• Right to erasure — request that we delete your account. We honour this within 30 days, with the exception of records we are legally required to retain (financial records for seven years).
• Right to data portability — receive your data in a structured, machine-readable JSON archive you can take elsewhere.
• Right to object — opt out of any processing based on legitimate interest, including all marketing communications.
• Right to restriction — ask us to pause processing while a dispute is resolved.
• Right to opt out of sale — we do not sell personal information, full stop. There is nothing to opt out of.

The fastest route is your account page — under Privacy & Data you can download a full export or schedule deletion in two clicks. If you would rather we handled it for you, email privacy@mantelmarketing.com and we will respond within 30 days. We may need to verify your identity before acting on a request — typically by confirming a code we send to the email on file.

You also have the right to lodge a complaint with a supervisory authority — the ICO in the United Kingdom, the relevant Data Protection Authority in your EU member state, or the California Privacy Protection Agency. We would prefer to hear from you first so we can make it right.

• Active accounts — we retain your data for as long as your subscription is active, plus the time needed to provide ongoing support.
• Cancelled accounts — when you cancel, your project files stay archived for 90 days in case you reactivate. After that, the project data is deleted on the next compliance run.
• Account deletion — when you ask us to delete your account we mark it as soft-deleted immediately and hard-delete on day 30. The grace period gives you a chance to change your mind.
• Financial records — invoices, payment receipts, and the corresponding Stripe identifiers are retained for seven years to satisfy US Internal Revenue Service and EU bookkeeping rules.
• Audit logs — we keep a redacted record of privileged actions (sign-ins, deletions, exports) for the same seven-year window for security and compliance review. Customer identifiers in these rows are replaced with an opaque hash after deletion.

Our subprocessors are mostly headquartered in the United States, so personal data of customers in the European Economic Area, the United Kingdom, and Switzerland may be transferred outside those regions. We rely on the European Commission’s Standard Contractual Clauses (SCCs) and supplementary safeguards — including encryption in transit, encryption at rest, and tightly-scoped access controls — for every cross-border transfer.

MantelMarketing is built for business owners and is not directed to anyone under 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, contact privacy@mantelmarketing.com and we will delete it on confirmation.

Security is not a feature, it is a baseline. We protect your data with:

• TLS 1.3 in transit on every endpoint, with HSTS preloaded on the apex domain.
• AES-256 encryption at rest in Supabase Postgres, Cloudflare R2, and Stripe.
• Row-level security policies on every customer-facing table — users can only ever read or write their own rows.
• A signed audit log of every privileged action so we can answer “who did what, when” long after the fact.
• Production secrets stored in a managed vault, never in source control.
• Mandatory two-factor authentication for every member of our team with production access.

If you discover a vulnerability, please disclose it responsibly to security@mantelmarketing.com. We will respond within two business days and credit you publicly if you would like the credit.

We use only strictly-necessary cookies — our authentication provider’s session cookie that keeps you logged in, and a short-lived mm_onboarding cookie that remembers where you are in the wizard. Both are set first-party, both expire on a defined schedule, and neither carries marketing or analytics identifiers.

Because we do not run advertising trackers or third-party analytics on this site, we do not display a cookie consent banner. If we ever add a tracker that requires consent, we will update this policy and present a banner before the tracker loads.

Customer sites we host enable Cloudflare Web Analytics by default. Cloudflare Web Analytics is a privacy-friendly analytics tool that does not use cookies or track individual visitors — it aggregates page views, unique visitors, top pages, and top referrers without storing IP addresses or building per-visitor profiles. Customers can disable this for their site at any time from /app/analytics in their dashboard.

We will revise this page from time to time as the service evolves. When the revision materially affects your rights — for example, a new subprocessor or a new category of data — we will email you at least 30 days before the change takes effect and surface a banner in your dashboard. The effective date at the top of this page always reflects the latest revision.

For privacy questions, data subject requests, or anything else covered by this policy, write to: