Privacy Policy
How we collect, use, and protect your personal information. Last updated November 15, 2025.
TL;DR
Privacy in a nutshell
We know privacy policies can be long and complex. Here's a quick summary of the most important points before you dive into the full details below.
We protect your data
Your data is encrypted in transit and at rest. We use industry-standard security measures.
We do not sell your data
We never sell your personal information to third parties. Your data is yours.
Minimal data collection
We only collect what's necessary to provide and improve our services.
You can delete anytime
Request deletion of your data at any time. We'll process it within 30 days.
Export your data
Download all your data in a portable format whenever you want.
GDPR & CCPA compliant
We comply with major privacy regulations including GDPR and CCPA.
Table of Contents
Most Searched
Quick answers to the most common privacy questions
For the purposes of this privacy policy:
Personal Data: Any information relating to an identified or identifiable natural person.
Controller: The entity that determines the purposes and means of processing personal data. ManyPI (Ole Nepomuk Mai) is the controller of your personal data.
Processor: An entity that processes personal data on behalf of the controller.
Services: Our website, API, and related services collectively.
GDPR: General Data Protection Regulation (EU) 2016/679.
User/You: The individual accessing or using our Services.
The data controller responsible for your personal data is:
Company: ManyPI
Owner: Ole Nepomuk Mai
Address: Goethestrasse 70, 10625 Berlin, Federal Republic of Germany
Email: legal@manypi.com
Data Protection Officer: dpo@manypi.com
For any questions regarding data protection, privacy concerns, or to exercise your rights, please contact us using the information above.
We collect and process the following categories of personal data:
Account Information: Name, email address, company name, password (encrypted), and account preferences.
Usage Data: API requests, features used, pages visited, timestamps, and interaction patterns.
Device Information: Hardware model, operating system, browser type, IP address, and unique device identifiers.
Payment Information: Billing address and payment method details (processed by our payment data processors).
Communications: Content of messages, support tickets, and feedback you provide to us.
Technical Data: Log files, error reports, and performance metrics.
We process your personal data for various purposes, each with a specific legal basis under GDPR Article 6. Below is a detailed breakdown of how we use your data and the legal justification for each purpose.
Legal Basis for Processing
Under data protection law, we must have a legal basis for processing your personal data. The table below outlines our purposes and the corresponding legal bases:
| Purpose | Legal Basis | Description |
|---|---|---|
| Provision and operation of the Service | Art. 6(1)(b) - Contract performance | To fulfill our contractual obligations to you, enabling access to and functioning of the Service. |
| Payment and billing | Art. 6(1)(b), (f) - Contract performance and legitimate interest | To process subscriptions and payments securely and prevent fraud. |
| Service notifications and updates | Art. 6(1)(b), (f) | To inform you of Service changes, new features, or security alerts. |
| Usage monitoring and security | Art. 6(1)(f) - Legitimate interest | To monitor service usage patterns, prevent unauthorized access, and enhance security. |
| Compliance with applicable laws | Art. 6(1)(c) - Legal obligation | To meet statutory requirements, tax obligations, and law enforcement requests. |
If you upload images or visual content to our Services:
Processing: Images may be processed using AI and machine learning technologies to extract data, analyze content, or provide requested services.
Storage: Images are stored securely on our servers or with our cloud storage providers for the duration necessary to provide the Services.
Third-Party Processing: Images may be processed by our AI service providers (OpenAI, Google Gemini) as listed in our subprocessors section.
Retention: Images are retained according to our data retention policy unless you request earlier deletion.
Your Control: You can delete uploaded images at any time through your account settings or by contacting us.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
Account Data: Retained for the duration of your account plus 90 days after deletion.
Usage Data: Retained for up to 2 years for analytics and service improvement.
Payment Records: Retained for 7 years to comply with tax and accounting requirements.
Communications: Retained for up to 3 years for customer service purposes.
Images and Uploaded Content: Retained until you delete them or close your account.
You can request deletion of your data at any time by contacting us. We will process your request within 30 days, subject to legal data retention requirements.
We work with trusted third-party service providers (data processors) to help us provide and improve our Services. Below is a comprehensive list of our subprocessors, including their legal information and the purposes for which we use them.
All subprocessors are carefully vetted and required to maintain appropriate security measures and comply with applicable data protection laws, including GDPR where applicable.
| Service | Legal Name | Address | Purpose | Legal Basis | Privacy Policy |
|---|---|---|---|---|---|
| LemonSqueezy | Lemon Squeezy LLC | 228 Park Ave S, PMB 22435, New York, NY 10003, USA | Payment processing and subscription management | Contractual necessity | View Policy |
| Netlify | Netlify, Inc. | 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA | Website hosting and content delivery | Legitimate interest | View Policy |
| Supabase | Supabase, Inc. | 970 Toa Payoh North, #07-04, Singapore 318992 | Database hosting and authentication services | Contractual necessity | View Policy |
| OpenAI | OpenAI, L.L.C. | 3180 18th Street, San Francisco, CA 94110, USA | AI-powered data processing and analysis | Legitimate interest | View Policy |
| Google Gemini | Google LLC | 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | AI model services and data processing | Legitimate interest | View Policy |
| Bright Data | Bright Data Ltd. | Habarzel 40, Tel Aviv, 6971054, Israel | Web data collection and proxy services | Contractual necessity | View Policy |
| Crawlbase | Crawlbase LLC | 651 N Broad St, Suite 201, Middletown, DE 19709, USA | Web scraping and data extraction services | Contractual necessity | View Policy |
| Decodo | UAB "Data troops" | Švitrigailos str. 34, Vilnius, Lithuania | Data transformation and processing services (Legal entity code: 305893779) | Contractual necessity | View Policy |
| Resend | Plus Five Five, Inc. | 2261 Market Street Suite 5039, San Francisco, CA 94114, United States | Email delivery and transactional email services | Contractual necessity | View Policy |
| Mailgun | Mailgun Technologies, Inc. | 535 Mission St, San Francisco, CA 94105, United States | Email delivery and transactional email services | Contractual necessity | View Policy |
Under GDPR, CCPA, and other data protection laws, you have the following rights regarding your personal data:
Right of Access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16 GDPR): You can request that we correct inaccurate or incomplete personal data.
Right to Erasure (Art. 17 GDPR): You can request that we delete your personal data, subject to certain exceptions.
Right to Data Portability (Art. 20 GDPR): You can request a copy of your data in a structured, machine-readable format.
Right to Object (Art. 21 GDPR): You can object to our processing of your personal data in certain circumstances.
Right to Restriction (Art. 18 GDPR): You can request that we restrict the processing of your personal data.
Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
To exercise these rights, please contact us at legal@manypi.com. We will respond to your request within 30 days (1 month under GDPR).
We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage:
Technical Measures:
- Encryption of data in transit using TLS/SSL
- Encryption of data at rest using AES-256
- Regular security assessments and penetration testing
- Intrusion detection and prevention systems
- Secure authentication mechanisms (2FA available)
Organizational Measures:
- Access controls and role-based permissions
- Employee training on data protection and security
- Incident response procedures
- Regular security audits
- Data processing agreements with all processors
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16.
If we learn that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information as soon as possible.
If you believe that we might have information from or about a child under 16, please contact us immediately at legal@manypi.com.
Parents and guardians have the right to request access to and deletion of their child's personal data.
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.
Notification of Changes:
- We will post the updated policy on this page
- We will update the "Last Updated" date at the top
- For material changes, we will send you an email notification
- For significant changes, we may require your renewed consent
Your Responsibility:
We encourage you to review this privacy policy periodically to stay informed about how we are protecting your information.
Continued Use:
Your continued use of the Services after changes become effective constitutes your acceptance of the revised policy.
Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
Data Transfer Locations:
We may transfer your data to the United States and other countries where our service providers operate.
Safeguards for EEA Transfers:
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
• Standard Contractual Clauses (SCCs): Approved by the European Commission
- Standard Contractual Clauses (SCCs): Approved by the European Commission
- Adequacy Decisions: For countries deemed to provide adequate protection
- Binding Corporate Rules: For intra-group transfers where applicable
- Additional Security Measures: Encryption, access controls, and regular audits
Your Rights:
You have the right to obtain information about the safeguards we use for international transfers and to request copies of relevant documentation.
We take steps to ensure that your data receives an adequate level of protection in all jurisdictions where we process it.