mantle is a brand and product operated by E2 Partners LLC (“mantle,” “we,” “our,” or “us”), a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal information when you visit our website, join our waitlist, connect a data source, purchase credits, or otherwise interact with us.
1. Who We Are
mantle is a brand and product operated by E2 Partners LLC (collectively, "mantle", "we", "us", or "our"), a limited liability company registered in Meydan Free Zone, Dubai, United Arab Emirates. This Privacy Policy explains how we collect, use, and protect personal information when you visit our website, join our waitlist, connect a data source, purchase credits, or otherwise interact with us. mantle is currently in pre-release; the practices described below reflect our current handling of personal data and may evolve as the product matures.
2. Information We Collect
We collect personal information that you provide to us directly, including: - Contact details such as your name, email address, job title, and organization, when you join the waitlist, send us a message, or create an account. - Billing and payment information, when you purchase credits or a subscription. Card details are submitted directly to our payment processor, Stripe, and are not stored on mantle systems. - Communications and feedback that you send to us by email, contact form, or other channel. - Account information if and when accounts become available, including credentials and any profile information you provide. We also collect limited technical information automatically when you visit the website, including IP address, device and browser information, referring URL, and pages viewed. When you submit a form, a CAPTCHA service (Cloudflare Turnstile) processes your IP address and limited browser signals to help us prevent abuse. We do not knowingly collect sensitive or special-category personal data (such as health, biometric, or government-ID information) through the website or waitlist.
3. Connected Data Sources
A core function of mantle is to serve as a context layer that connects to data sources you operate ("Connected Sources"). Connected Sources may include cloud storage, databases, data warehouses, SaaS applications, communications platforms, customer-records systems, knowledge bases, and any other business data source you authorize mantle to access. This Policy is intended to apply to all such sources, whether currently supported or added in the future. Your role as controller. When you connect a data source to mantle, you are the data controller (or equivalent role under applicable law) for the information in that source. mantle acts as a data processor (or equivalent) and processes that information on your behalf and under your instructions, as set out in our Data Processing Addendum or equivalent agreement. Zero-copy design. mantle is designed to read data from Connected Sources in place. We do not create long-term copies of the underlying records for our own use. Transient processing — including query planning, entity resolution, and context assembly — may occur in memory or short-lived caches to serve an agent's request, and is not retained beyond what is required to deliver the response and generate operational logs. Credentials and tokens. When you connect a source, mantle stores the credentials or OAuth tokens required to read from it. These are encrypted at rest, scoped to the minimum permissions you grant, and revocable by you at any time by disconnecting the source. Operators of Connected Sources. The Connected Sources themselves are operated by third parties (for example, the vendor of your database, storage, or SaaS product). Their processing of your data is subject to their own terms and privacy practices, not this Policy. Personal data of your end users. Personal data about your employees, customers, or other end users that exists in a Connected Source is processed by mantle solely as a processor on your behalf. You are responsible for providing any notices, obtaining any consents, and establishing any lawful bases required under applicable law for that data to flow through mantle. Training. We do not use data from Connected Sources, nor any derived embeddings, query results, or context artifacts, to train, fine-tune, or otherwise improve machine learning models for our benefit or for the benefit of any third party. Disconnection. You may disconnect any Connected Source at any time. On disconnection, we revoke stored credentials, purge any transient caches, and stop processing from that source. Operational logs retained in accordance with our Data Retention section may contain references to the source (such as identifiers) but not the underlying business data.
4. How We Use Personal Information
We use personal information to: - operate, maintain, and improve the website and Services; - respond to inquiries and provide customer support; - manage the waitlist and contact you about access, product updates, and related announcements; - process payments and manage account balances; - detect, investigate, and prevent fraud, abuse, or security incidents; - comply with legal obligations and enforce our Terms. We do not sell personal information, and we do not share it with third parties for their own marketing purposes. Every marketing email we send includes a link to unsubscribe, and you may also email hello@mantleai.dev to opt out at any time.
5. Legal Bases for Processing (EEA / UK)
If you are in the European Economic Area or the United Kingdom, we process personal information on the following legal bases under the GDPR / UK GDPR: - Performance of a contract (or steps prior to entering one), for example to manage your waitlist signup or your account. - Legitimate interests, for example to operate and secure the website, to communicate with prospective and existing customers about the product, to prevent fraud and abuse, and to develop the Services. We conduct a balancing test to ensure our interests are not overridden by your rights and freedoms. - Consent, where required, for example for non-essential cookies or certain marketing communications. You can withdraw consent at any time. - Compliance with legal obligations.
6. Data Sharing and Subprocessors
We rely on a limited number of trusted service providers to operate the website, waitlist, and Services. These providers process personal information on our behalf and under contractual obligations to keep it confidential and secure. Current subprocessors include: - Vercel Inc. (United States) — hosting, content delivery, and privacy-focused website analytics. Vercel Analytics is cookieless and uses pseudonymous identifiers (a daily-rotating hash) rather than direct identifiers. - Google LLC (United States) — Google Sheets, used to store waitlist submissions from the website form; Google Ads (gtag.js), used for conversion measurement (which may set cookies on your device after you consent); and Google Fonts, served from Google's content delivery network, which receives your IP address when pages load. - Stripe, Inc. (United States) — payment processing for credit and subscription purchases. Stripe receives the payment details you submit at checkout directly; mantle does not see or store full card numbers. - Cloudflare, Inc. (United States) — Cloudflare Turnstile, used as a CAPTCHA and anti-abuse service on forms. Cloudflare receives your IP address and limited browser signals when you submit a protected form. We may add, replace, or remove subprocessors as the product evolves. When we do, we will update this list in advance of the change taking effect. We do not share personal information with third parties for their own marketing purposes, and we do not sell personal information. We may disclose personal information as required by law, court order, or governmental request, to enforce our Terms, to protect rights or safety, or in connection with a corporate transaction such as a merger, acquisition, or sale of assets. In any such transaction, we will require the recipient to handle personal information consistently with this Policy.
7. AI Models and Training
We do not use your personal information, your communications with us, data from Connected Sources, or any data you submit to mantle to train, fine-tune, or otherwise improve foundation models or other machine learning models for our benefit or the benefit of any third party, except as expressly disclosed in this Policy or as agreed with you in writing. If we ever change this practice, we will update this Privacy Policy and notify affected users before any change takes effect.
8. International Transfers
We operate internationally. Personal information we collect may be transferred to, stored in, and processed in countries other than the one in which you reside, including the United States and the United Arab Emirates. Where required by law, we rely on appropriate safeguards, including Standard Contractual Clauses ("SCCs") approved by the European Commission, the UK International Data Transfer Agreement (or Addendum), adequacy decisions where available, or your explicit consent.
9. Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. Indicative retention periods: - Waitlist contact information: retained for up to 24 months after your last interaction with us, or until you request earlier deletion. - Account data: retained for the life of the account and for up to 24 months thereafter, subject to legal and accounting requirements. - Billing records: retained for the period required by applicable tax and accounting law (typically up to 7 years). - Technical and server logs: retained for up to 90 days and then automatically deleted. - OAuth tokens and credentials for Connected Sources: retained while the source is connected; revoked on disconnection. If you request deletion of your personal information, we will complete the deletion within 30 days, subject to limited exceptions required to comply with law, resolve disputes, prevent fraud or abuse, or enforce our agreements. You may request deletion at any time by emailing hello@mantleai.dev.
10. Security
We take reasonable technical and organizational measures designed to protect personal information. These include encryption in transit, encryption at rest for stored credentials, restricted access to operational systems, and routine review of our hosting providers. mantle is currently in pre-release and does not hold any third-party security certification (such as SOC 2, ISO 27001, or HIPAA). No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding any credentials we may issue to you and for the security of the Connected Sources you authorize.
11. Your Rights
Depending on where you live, you may have rights with respect to your personal information, including the right to access, correct, delete, or port it; to object to or restrict certain processing; and to withdraw consent where processing is based on consent. To exercise any of these rights, please contact us at hello@mantleai.dev. Before fulfilling a request, we may ask you for information reasonably necessary to verify your identity and the scope of your request. We will respond within the period required by applicable law (generally within 30 days, and within 45 days for requests subject to the California Consumer Privacy Act, with possible extension as permitted by law). You may also have the right to lodge a complaint with your local supervisory authority.
12. California Residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and (where applicable) sell or share; the right to delete personal information we hold about you; the right to correct inaccurate personal information; the right to limit use of sensitive personal information; and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. We honor opt-out preference signals, including the Global Privacy Control (GPC). When we detect a GPC signal from your browser, we will treat it as a valid request to opt out of any sale or sharing for the browser and device used, to the extent applicable. To exercise your rights, contact hello@mantleai.dev. We may request additional information reasonably necessary to verify your identity before responding.
13. Automated Decision-Making
We do not use automated decision-making (including profiling) that produces legal or similarly significant effects concerning you. If this changes, we will update this Policy and provide the additional information required under applicable law.
14. United Arab Emirates (PDPL)
mantle is operated by E2 Partners LLC, a company registered in Meydan Free Zone, Dubai, United Arab Emirates. Processing of personal data by E2 Partners LLC is subject to the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL") and its implementing regulations as and when issued by the UAE Data Office. Lawful basis. We rely on the following lawful bases under the PDPL: - your consent, for example when you sign up to the waitlist or send us a message; - the performance of a contract or pre-contractual steps you have requested; - our legitimate interests in operating, securing, and improving the Services, where those interests are not overridden by your rights and freedoms; - compliance with a legal obligation. Your rights under the PDPL. Subject to the exceptions permitted by law, you have the right to: (a) obtain information on how your personal data is processed; (b) request access, correction, deletion, or restriction of processing of your personal data; (c) request transfer of your personal data to another controller; (d) object to processing, including profiling and automated decisions that significantly affect you; and (e) withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal). To exercise any of these rights, please contact us at hello@mantleai.dev. You also have the right to lodge a complaint with the UAE Data Office. Cross-border transfers. We may transfer personal data outside the United Arab Emirates, including to jurisdictions where our subprocessors operate. Where required, we rely on appropriate safeguards permitted by the PDPL, including transfers to jurisdictions recognized as providing an adequate level of protection, contractual safeguards, or your explicit consent. Children. We do not knowingly process personal data of individuals under 18 without appropriate parental or guardian consent as required by the PDPL.
15. EU / UK Representative
Where required under Article 27 of the GDPR or UK GDPR, we will appoint a representative in the European Union and the United Kingdom and publish their contact details here. Until a representative is appointed, you may direct all GDPR / UK GDPR inquiries to hello@mantleai.dev, and we will respond within the periods required by applicable law.
16. Data Breach Notification
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority in accordance with applicable law. Under the GDPR, this is generally within 72 hours of becoming aware of the breach; other jurisdictions (including the UAE) require notification without undue delay on becoming aware. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay. Notification to affected individuals will describe the nature of the breach, the likely consequences, the measures we are taking to address it, and steps you can take to protect yourself.
17. Children
The Services are not directed to children. We do not knowingly collect personal information from anyone under the age of 16 (or under the relevant age of digital consent in your jurisdiction; see our UAE (PDPL) section for the UAE standard of 18). If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.
18. Cookies and Tracking
We use a small number of cookies and similar technologies on the website: - Essential cookies, required to operate the site (for example, to remember your cookie preference). - Analytics, provided by Vercel Analytics, which is cookieless and uses pseudonymous identifiers. - Advertising and conversion measurement, provided by Google Ads (gtag.js). These cookies are set only after you grant consent via our cookie banner; we use Google Consent Mode v2 with consent defaulting to denied for EEA, UK, and other applicable visitors. We do not use cross-site behavioral tracking or third-party advertising audiences. You can configure your browser to reject cookies, though some features of the website may not function properly if you do. You can revisit your choice at any time by clearing site data for this domain.
19. Marketing Communications
If you join the waitlist or opt in to receive updates from us, we may send you product announcements, access information, and related communications. Every marketing email contains a link to unsubscribe, and you may also email hello@mantleai.dev to opt out. Transactional communications relating to your account, security, or legal matters are not marketing and will continue regardless of your marketing preferences.
20. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when this Policy was last revised. We will notify you of material changes by posting the updated Policy on this page and, where appropriate, by email.
21. Contact Us
For any questions about this Privacy Policy or about how we handle personal information, please contact us at: E2 Partners LLC Meydan Free Zone Dubai, United Arab Emirates Email: hello@mantleai.dev