PRIVACY POLICY
UPDATED JUNE 2026
Data controller: Manta AI AS
Organisation number: 936 004 377
Address: Tjuvholmen allé 1, 0252 Oslo
Privacy contact: privacy@manta.eu
Website: manta.eu
1. About This Privacy Policy
Your privacy is important to us. This Privacy Policy explains how Manta AI AS (“Manta”, “we”, “us”, “our”) collects, uses, and protects personal data about you when you use our platform, visit our website, or otherwise interact with us.
Manta AI AS is a Norwegian company that develops and operates an AI-native growth infrastructure that connects a business’s commercial data and autonomously runs and optimises its marketing, sales and growth activities. Our platform is used by enterprises and other businesses to automate and improve their pricing, operations, customer targeting, sales and commercial growth. Through our services, we also process personal data about the customers’ own end-users, leads, or contacts and website visitors.
This policy applies to all personal data processing for which Manta AI AS acts as the data controller. Where Manta acts as a data processor on behalf of a customer (controller), that customer’s own privacy policy will apply to the end-users of that customer’s services.
2. Who Is the Data Controller?
Company name: Manta AI AS
Organisation number: 936 004 377
Registered address: Tjuvholmen allé 1, 0252 Oslo
Privacy contact: privacy@manta.eu
For questions about how we handle your personal data, or to exercise your rights, please contact us at privacy@manta.eu.
3. Who Does This Policy Apply To?
This Privacy Policy applies to the following categories of individuals:
Customers — employees and representatives of businesses that use the Manta platform under a subscription agreement.
Customer end-users — individuals whose personal data is processed through the platform on behalf of our customers’ data stores and internal data privacy agreement (we process and store any datapoint that our customers store).
Website visitors — individuals who visit manta.eu or interact with our online content.
Other contacts — individuals who contact us by email, phone, or other means.
4. What Personal Data Do We Collect?
The personal data we collect depends on your relationship with us:
Category
Data collected
How we receive it
Customer employees
Name, business email, telephone number, job title, employer name, profile photo, system usage data, login credentials (hashed).
Directly from the customer on account setup, or from you when you register in the platform.
Customer end-users
Any datapoint our customers store. For our own usage (Attio CRM): names, contact details, IP address, geolocation.
From the customer via the Manta platform, or directly from you.
Website visitors
IP address, browser type, operating system, pages visited, time on site, referrer URL, cookie identifiers.
Automatically through your use of manta.eu.
5. For What Purposes and on What Legal Basis Do We Process Your Personal Data?
We process personal data for the following purposes:
Purpose
Personal data
Legal basis (GDPR)
Retention
Platform account management
Creating and managing accounts for customer employees; enabling access to the platform and its features; providing user support. Name, business email, telephone, job title, system usage logs.
Art. 6(1)(b) – performance of the subscription contract. Art. 6(1)(f) – legitimate interest in platform security and service quality.
Account active + 12 months after termination.
Service delivery / core platform function
Processing customer and end-user data to operate the platform’s core functionality, including profit-generating activities like advertising, customer outreach, and information extraction for business improvement. Name, email, IP, geolocation, job title, session data, public company information, system usage logs, chat history.
Art. 6(1)(b) – performance of services under the customer agreement. Art. 6(1)(f) – legitimate interest in delivering the service.
After a Manta service contract ends, the customer may keep the datastores under their own DPA.
Digital advertising / campaigns
Creating and delivering campaigns and measuring performance on advertising platforms (e.g. Meta, Google, TikTok, Snapchat) on behalf of customers. Device identifiers, cookie data, interaction data, targeting segments.
Art. 6(1)(a) – consent (ePrivacy / cookie consent for tracking). Art. 6(1)(f) – legitimate interest for contextual / non-tracking activity.
Campaign + 90 days; aggregated analytics up to 3 years.
Email / SMS communications
Sending marketing and transactional emails or SMS on behalf of customers and to our own contacts. Name, email, telephone, communication history.
Art. 6(1)(a) – consent (markedsføringsloven § 15 for electronic marketing to consumers). Art. 6(1)(b) – for transactional messages.
Until consent withdrawn / unsubscribe; max 2 years without engagement.
Platform & website analytics
Analysing usage of the platform and manta.eu to improve features, user experience, and reporting. Session data, feature usage, click-stream, device/browser information, IP (anonymised).
Art. 6(1)(f) – legitimate interest in improving the service. Art. 6(1)(a) – consent where cookies are used.
Identifiable session data up to 12–26 months; anonymised aggregates retained indefinitely.
AI-assisted processing
Using AI tools and models to provide the platform’s reasoning and automation functionality; personal data is minimised before submission. CRM, ERP, data warehouse, ads, and company financials — no unnecessary personal data submitted to AI providers.
Art. 6(1)(b) – performance of the service agreement. Art. 6(1)(f) – legitimate interest in efficient tooling.
Not retained beyond the session by Manta. Subject to AI providers’ retention under enterprise DPAs with no-training clauses.
Customer support
Responding to enquiries and support requests. Name, email, telephone, description of enquiry, communication history.
Art. 6(1)(f) – legitimate interest in providing customer service.
3 years from last interaction.
Recruitment
Receiving and processing job applications; interviews; reference checks. Name, contact details, CV, application letter, references, interview notes.
Art. 6(1)(f) – legitimate interest in identifying qualified candidates.
6 months after the process concludes, unless consent is given for longer.
Compliance with legal obligations
Responding to lawful requests from authorities; complying with accounting and tax law. As required by the specific legal obligation.
Art. 6(1)(c) – legal obligation.
As required by law; accounting records min. 5 years (bokføringsloven).
6. How Do We Secure Your Personal Data?
We implement appropriate technical and organisational security measures to protect your personal data (GDPR Art. 32). These include:
Security measure
All data in transit encrypted using TLS 1.2 or higher.
Data at rest encrypted across all production systems.
Production infrastructure hosted with Hetzner Online GmbH in the EU — all data remains within the EEA.
Multi-factor authentication (MFA) required for all employee and administrator accounts.
Role-based access control — staff can only access data necessary for their job function.
Regular security risk assessments and penetration testing.
Documented incident response procedure for personal data breaches.
All sub-processors subject to written DPAs with equivalent security requirements.
7. Who Do We Share Your Personal Data With?
We may share your personal data with the following categories of recipients.
Sub-processors (data processors acting on our behalf)
Sub-processor
Service
Transfer basis
Hetzner Online GmbH (Germany & Finland)
Cloud infrastructure, storage, database
N/A (EEA)
Cloudflare (Worldwide)
Application hosting, CDN
SCCs
PostHog Cloud EU (Germany)
Product / website analytics
N/A (EEA)
Google / Meta / LinkedIn (USA / Worldwide)
Advertising and measurement
EU-US DPF
Twilio SendGrid (Germany / Ireland / Netherlands)
Email and SMS delivery
N/A (EEA)
Attio (USA)
CRM and customer support
EU-US DPF
Anthropic (Worldwide)
AI-assisted processing (no training on data)
SCCs (Module 2) + TIA
Public authorities: we may be required to disclose personal data to Norwegian or other EEA public authorities where there is a statutory obligation.
Customers (as data controllers): when we act as a data processor on behalf of a customer, we share relevant personal data with that customer under a written data processing agreement.
8. Transfers to Third Countries
Personal data may be transferred to and processed in countries outside the EU/EEA where we use sub-processors established in those countries. When transferring personal data outside the EU/EEA, we ensure adequate safeguards are in place in accordance with GDPR Chapter V:
EU-US Data Privacy Framework (DPF): adequacy decision of 10 July 2023, for transfers to DPF-certified processors.
Standard Contractual Clauses (SCCs): European Commission Decision 2021/914, for transfers to SCC-based processors, supplemented by Transfer Impact Assessments (TIAs) and enterprise DPAs with no-training and data-deletion provisions where AI providers are used.
EEA residency: the majority of personal data remains within the EEA, where we use Hetzner’s GDPR-compliant European sovereign servers in protected data centres in Germany and Finland.
You may request a copy of the applicable transfer safeguards by contacting privacy@manta.eu.
9. How Long Do We Retain Your Personal Data?
We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law:
Customer account data: duration of the subscription + 12 months after termination.
Service / core function data: after a Manta service contract ends, the customer may keep the datastores under their own DPA.
Advertising and analytics data: campaign data 90 days; aggregated analytics up to 3 years.
Email / SMS communications: until unsubscribe / consent withdrawal; max 2 years without engagement.
Customer support records: 3 years from last interaction.
Website analytics: up to 26 months (anonymised aggregate retained indefinitely).
Recruitment data: 6 months after recruitment concludes.
Accounting records: 5 years (bokføringsloven).
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on manta.eu and in our customers’ deployments. Cookies are small text files stored on your device when you visit a website.
Types of cookies we use
Strictly necessary cookies: required for the website and platform to function. No consent required.
Analytics cookies: used to understand how visitors use our website. Require consent.
Marketing / advertising cookies: used for targeted advertising. Require consent.
You can manage your cookie preferences through our cookie banner when you first visit our website, at any time via the “Cookie Settings” link in the footer, or through your browser settings.
11. Your Rights
Under GDPR you have the following rights regarding your personal data. To exercise any right, contact privacy@manta.eu. We will respond within 30 days (extendable to 90 days for complex requests).
Right
What it means
Right of access (Art. 15)
Obtain a copy of the personal data we hold about you and information about how it is processed.
Right to rectification (Art. 16)
Request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17)
Request deletion of your personal data in certain circumstances. Does not apply where we have legal obligations to retain data.
Right to restriction (Art. 18)
Request that we restrict the processing of your personal data in certain circumstances.
Right to data portability (Art. 20)
Where processing is based on consent or contract, receive your personal data in a structured, machine-readable format.
Right to object (Art. 21)
Object to processing based on legitimate interests. For direct marketing, you have an absolute right to object at any time.
Right to withdraw consent (Art. 7)
Where processing is based on consent, withdraw at any time, without affecting the lawfulness of processing before withdrawal.
Right to opt out of direct marketing
Unsubscribe from marketing at any time using the unsubscribe link, or by contacting privacy@manta.eu.
Right to complain
Lodge a complaint with Datatilsynet (www.datatilsynet.no, PO Box 458 Sentrum, 0105 Oslo).
12. Automated Decision-Making and Profiling
We implement deterministic and auditable audience generation and targeting algorithms that process data to identify relevant users and customer segments. No decisions with legal or similarly significant effects on you are made by automated means without human involvement. You may object to such processing by contacting privacy@manta.eu or by adjusting your preferences on the relevant platform.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be published on manta.eu. If material changes are made, we will notify customers and registered users by email before the changes take effect. The date of the latest revision is shown at the top of this policy.
14. Contact Us
For any questions about this Privacy Policy, or to exercise your rights:
Email: privacy@manta.eu
Post: Manta AI AS, Tjuvholmen allé 1, 0252 Oslo
You also have the right to lodge a complaint with the Norwegian Data Protection Authority: Datatilsynet, PO Box 458 Sentrum, 0105 Oslo — www.datatilsynet.no — postkasse@datatilsynet.no.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 109 24" xmlns="http://www.w3.org/2000/svg"><path d="M 37.321 21.868 L 37.321 3.29 L 40.236 3.29 L 46.222 18.816 L 52.234 3.29 L 55.124 3.29 L 55.124 21.868 L 52.963 21.868 L 52.963 7.059 L 47.186 21.868 L 45.26 21.868 L 39.481 7.059 L 39.481 21.868 Z M 63.079 22.081 C 60.321 22.081 58.524 20.488 58.524 18.046 C 58.524 15.498 60.581 13.88 63.756 13.88 L 66.723 13.88 C 67.295 13.88 67.556 13.587 67.556 13.163 C 67.556 11.331 66.281 10.084 64.042 10.084 C 62.116 10.084 60.606 11.305 60.503 12.765 L 58.524 12.765 C 58.759 10.19 61.153 8.28 64.094 8.28 C 67.504 8.28 69.638 10.27 69.638 13.242 L 69.638 21.868 L 67.556 21.868 L 67.556 19.559 C 66.853 21.098 65.11 22.081 63.079 22.081 Z M 60.659 18.02 C 60.659 19.4 61.726 20.276 63.391 20.276 C 66.02 20.276 67.556 18.604 67.556 15.844 L 67.556 15.498 L 63.886 15.498 C 61.934 15.498 60.659 16.454 60.659 18.02 Z M 73.434 21.868 L 73.434 8.492 L 75.516 8.492 L 75.516 11.066 C 76.218 9.209 77.832 8.28 79.863 8.28 C 82.83 8.28 84.755 10.429 84.755 13.694 L 84.755 21.868 L 82.674 21.868 L 82.674 14.039 C 82.674 11.756 81.372 10.217 79.394 10.217 C 77.129 10.217 75.516 12.049 75.516 14.649 L 75.516 21.868 Z M 89.395 4.219 L 91.478 4.219 L 91.478 8.492 L 95.512 8.492 L 95.512 10.376 L 91.478 10.376 L 91.478 17.622 C 91.478 19.108 92.311 19.983 93.586 19.983 L 95.512 19.983 L 95.512 21.868 L 93.508 21.868 C 90.983 21.868 89.395 20.276 89.395 17.675 L 89.395 10.376 L 86.663 10.376 L 86.663 8.492 L 89.395 8.492 L 89.395 4.218 Z M 102.07 22.081 C 99.311 22.081 97.514 20.488 97.514 18.046 C 97.514 15.498 99.571 13.88 102.746 13.88 L 105.714 13.88 C 106.286 13.88 106.546 13.587 106.546 13.163 C 106.546 11.331 105.271 10.084 103.033 10.084 C 101.107 10.084 99.597 11.305 99.493 12.765 L 97.514 12.765 C 97.749 10.19 100.143 8.28 103.085 8.28 C 106.494 8.28 108.628 10.27 108.628 13.242 L 108.628 21.868 L 106.546 21.868 L 106.546 19.559 C 105.843 21.098 104.1 22.081 102.07 22.081 Z M 99.649 18.02 C 99.649 19.4 100.716 20.276 102.382 20.276 C 105.011 20.276 106.546 18.604 106.546 15.844 L 106.546 15.498 L 102.876 15.498 C 100.925 15.498 99.649 16.454 99.649 18.02 Z M 15.483 0 C 16.669 5.423 20.895 9.66 26.306 10.847 C 26.29 10.851 26.275 10.854 26.259 10.858 L 26.298 10.867 L 26.316 10.871 L 26.298 10.874 C 21.396 11.955 17.208 15.118 14.828 19.539 C 14.066 20.955 13.505 22.47 13.162 24.041 L 13.158 24.059 L 13.155 24.042 C 12.812 22.47 12.25 20.954 11.487 19.538 C 9.107 15.118 4.919 11.954 0.017 10.874 L 0 10.871 L 0.017 10.867 C 0.03 10.865 0.042 10.861 0.056 10.858 L 0.009 10.847 C 2.66 10.265 5.088 8.934 7.005 7.012 C 8.924 5.088 10.252 2.655 10.833 0 C 10.995 0.745 11.217 1.476 11.497 2.185 C 11.923 3.267 12.481 4.292 13.158 5.238 C 14.281 3.668 15.072 1.886 15.483 0 Z" fill="rgb(226, 228, 224)" height="24.05903448276149px" id="ClM82oBnb" width="108.62841925469729px"/></svg>)