Legal
Privacy Policy
Effective February 1, 2026. We update these terms occasionally — material changes will be announced inside the app.
This Privacy Policy explains what information Mantle Suite LLC ("Mantle", "we", "us", or "our") collects when you use mantlesuite.com and the Mantle web application (together, the "Service"), how we use that information, and the choices you have. We've written it in plain English. If anything's unclear, email support@mantlesuite.com.
1. Who this Policy applies to
This Policy applies to anyone who visits mantlesuite.com, signs up for an account, is invited to a workspace as a teammate, or receives an email/document sent through Mantle (e.g. a client receiving an invoice).
2. Information we collect
Account information
- Your username, name, and password (stored as a one-way bcrypt hash — never in readable form)
- Optional email address, phone number, and profile preferences
- Your role inside a workspace (Owner, Admin, Member, or Crew)
Workspace and business information
- Business name, logo, address, contact details, license number, and tax preferences you enter under Settings → Business Info
- Documents you create: invoices, estimates, contracts, bookkeeping transactions, schedule events, and work orders
- Client records you create (name, email, phone, address, project history)
- Files and photos you upload to documents, work orders, or your library
Payment information
- If you subscribe to a paid plan, payment is processed by Stripe. Your card number is sent directly to Stripe and is never stored on Mantle's servers.
- We receive only a subscription ID, your plan, billing status, and the last four digits of your card from Stripe so we can show your billing history.
Usage and device data
- Standard server logs: IP address, browser, OS, page paths, timestamps, and error events. Used to keep the Service running and troubleshoot bugs.
- Email delivery events (delivered, opened, bounced, clicked) returned by our email provider so you can see the activity log for invoices and estimates you sent.
What we do NOT collect
- Your card number, CVV, or full bank account details (Stripe holds those)
- Microphone, camera, location data, or contacts unless you explicitly upload a file
- Sensitive personal categories (race, religion, political views, health, etc.)
3. How we use information
We use the information described above to:
- Operate the Service — render your dashboard, generate PDFs, send invoices/estimates, run bookkeeping, and keep teammates in sync.
- Authenticate and secure your account — verify your login, prevent abuse, and detect suspicious activity.
- Process subscription payments via Stripe and apply the right plan limits.
- Send transactional emails like password resets, invoice delivery confirmations, and important account notices.
- Respond to support requests when you write to us.
- Improve the product by analyzing aggregated, non-identifying usage trends (e.g., which features are used most).
We do not use your business data, client lists, or invoice contents to train any AI model or sell to third parties.
4. How information is shared
We share data only with:
- Sub-processors that power the Service:
- Stripe, Inc. — subscription billing and payments
- Resend — outbound transactional email delivery and tracking
- Emergent — cloud hosting, application runtime, and object storage
- MongoDB Atlas — managed database (where your records live, encrypted at rest)
- The recipients of documents you send — if you email an invoice or share a public link, the recipient sees the document and the business contact information you've entered. They don't see anything about your teammates or other clients.
- Law enforcement when we receive a valid legal request, court order, or subpoena. We will push back on overbroad requests and notify you when permitted by law.
We never sell, rent, or trade your personal information.
5. Data isolation between workspaces (multi-tenancy)
Every record in Mantle is tagged with a workspace_id. Database queries always scope by that ID, so the data in one customer's workspace is never returned to another customer's workspace, even by accident. This is enforced at the API layer for every endpoint.
6. Data retention
- Active accounts: we retain your data for as long as your account is active.
- Cancelled accounts: data is retained for 30 days after cancellation in case you reactivate, then permanently deleted from our primary database within 60 days. Encrypted backup snapshots may persist for up to 90 days before rotating out.
- Server logs: rotated and deleted after 30 days.
- Email delivery events: retained for 90 days to power your Email Activity Log.
7. Your rights and choices
Regardless of where you live, you can always:
- Access — view your data inside the app at any time.
- Export — download CSV backups from Settings → Data Export.
- Update — edit your profile, business info, and preferences from Settings.
- Delete — email support@mantlesuite.com from the email on file with the subject "Delete my account" and we will permanently delete your account within 30 days.
If you are located in the European Union, the United Kingdom, or California, you may have additional rights under the GDPR, UK GDPR, or CCPA — including the right to object to processing, request portability of your data, or opt out of any "sale" of personal information (Mantle does not sell personal information). Email us and we will honor verified requests.
8. Cookies and tracking
Mantle uses a small number of cookies and similar technologies:
- Session cookies — required to keep you logged in. Without these the app can't function.
- Preference cookies / local storage — remember your theme (dark / light), density preference, and last visited section.
- Third-party cookies — Stripe sets cookies on its hosted checkout page to detect fraud. Resend may set cookies on the small tracking pixel embedded in outbound emails so the Email Activity Log can record opens.
We do not use Google Analytics, Facebook Pixel, or any cross-site advertising trackers. You can clear cookies at any time through your browser settings (you'll be signed out and your preferences reset).
9. Security
- All traffic to mantlesuite.com is encrypted with TLS 1.2+.
- Passwords are hashed with bcrypt before being written to the database.
- Data is encrypted at rest by our database provider.
- Production secrets are stored in environment variables and never committed to source control.
No system is perfectly secure. If you become aware of a vulnerability, please disclose it responsibly to support@mantlesuite.com.
10. Children's privacy
Mantle is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, contact us and we will delete it.
11. International users
Mantle is operated from the United States. By using the Service from outside the U.S., you understand that your information will be transferred to, stored, and processed in the U.S.
12. Changes to this Policy
We may update this Policy occasionally. When we make material changes, we'll post a notice inside the app and update the "Effective" date above. Continued use of the Service after a change means you accept the updated Policy.
13. Contact us
Questions, requests, or complaints?
Mantle Suite LLC
Email: support@mantlesuite.com
