GDPR Notice
This notice describes how Manifest Mosaic complies with the General Data Protection Regulation (GDPR) and explains the additional rights available to customers in the EU, EEA, and UK.
Last updated: 27 October 2025
1. Legal basis for processing
We process personal data on the basis of contract (to provide the service), legitimate interest (product analytics, fraud prevention), consent (marketing emails, optional cookies), and legal obligation (tax, accounting, regulatory requests).
2. Data controller
Manifest Mosaic, 2100 Market Street, Suite 501, San Francisco, CA 94114, acts as data controller for EU/EEA/UK users. Our EU representative can be reached at eu-privacy@manifestmosaic.com.
3. International transfers
Personal data may be processed in the United States and other jurisdictions where our subprocessors operate. We rely on Standard Contractual Clauses, Data Processing Agreements, and strict access controls to protect cross-border transfers.
4. Your GDPR rights
You have the right to access, rectify, erase, port, and restrict processing of your personal data. You can also object to legitimate interest processing and withdraw consent without affecting prior lawful processing. Requests can be submitted via privacy@manifestmosaic.com.
5. Automated decision-making
Manifest Mosaic does not engage in automated decision-making or profiling that produces legal or similarly significant effects. AI-generated content is delivered as a creative tool under your control.
6. Data protection impact assessments
We conduct DPIAs when onboarding new subprocessors, shipping sensitive features, or processing new categories of personal data to ensure risks are identified and mitigated.
7. Supervisory authority complaints
If you believe we have infringed your data protection rights you may lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns quickly.