mantleBack to Home

Solutions

Security

mantle is being built around a zero-copy design — your data is intended to stay where it lives. This page describes our security philosophy and the controls on our roadmap.

Pre-release

mantle is currently in pre-release. The capabilities below describe our intended architecture and roadmap. We do not currently hold any third-party security certifications. Treat this page as a statement of intent, not a description of a generally available product.

Security by Architecture

Most data platforms require you to move sensitive data into their infrastructure. mantle is being designed differently — our zero-copy approach is intended to read data where it lives, so sensitive information does not need to leave your security perimeter. Our goal is to eliminate an entire category of data movement risk by avoiding the movement entirely.

Infrastructure Security

mantle's MCP server runs on Microsoft Azure Container Apps. The following protections are provided by the Azure platform and are active today.

Encryption in Transit

All traffic between clients and the mantle MCP server is encrypted with TLS 1.2 or higher. This includes agent-to-server queries and server-to-source connector traffic.

Encryption at Rest

All data stored on Azure infrastructure is encrypted at rest using AES-256 via Azure-managed keys.

Physical Security

Azure data centers maintain SOC 1/2/3, ISO 27001, and FedRAMP certifications for physical and operational security. These are Azure's certifications, not mantle's.

Data Residency

The MCP server is deployed in Azure East US. Data processed during queries stays within this region.

Network Isolation

The server runs in an isolated Azure Container Apps environment with no shared tenancy.

Application-Level Security (Roadmap)

The following capabilities are being built into the mantle application layer. Availability will evolve as the product matures.

Zero-Copy Architecture

Data is designed to be read in place rather than copied to mantle infrastructure. Query results stream from source to agent without intermediate storage.

Role-Based Access Control

Planned: fine-grained RBAC so agents only access data their operators are authorized to see, with policies sourced from your identity provider.

Audit Logging

Planned: structured logs for every query, data access, and context delivery, exportable to your SIEM of choice.

Data Governance

Planned: PII detection, classification labels carried through the context chain, and respect for retention policies enforced at the source.

Data Protection Commitments

We never train on your data

Your data and communications are never used to train, fine-tune, or improve any machine learning model. This commitment is in both our Terms of Service and Privacy Policy.

You own your data

You retain all rights to data you connect or submit. We claim no ownership or license beyond what is needed to operate the service.

Delete anytime

Request deletion at hello@mantleai.dev and we will remove your data within 30 days, subject to limited exceptions required by law or to resolve disputes. See our Privacy Policy for retention details.

Breach notification

If we become aware of a personal data breach likely to result in risk to your rights, we will notify the relevant authority within 72 hours and notify affected individuals without undue delay.

Compliance

mantle does not currently hold SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, or any other formal compliance certification. As we move toward general availability and as our customer base requires it, we will pursue the certifications relevant to those customers. If you have specific compliance requirements, please contact us so we can scope them into our roadmap.

Contact us about security