Privacy Policy

Last updated: May 2026

1. Introduction

MANOVAT ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform. MANOVAT operates from Italy and complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Data We Collect

We collect the following personal data when you use our services:

  • Email address — for account creation and communication.
  • Full name — for personalising your experience and reports.
  • Company name — to contextualise your AI assessment.
  • Professional role — to tailor recommendations to your position.
  • Business problem descriptions — the information you provide during the AI consultation process, including challenge descriptions, success criteria, timelines, and dataset details.

3. Purpose of Data Processing

Your personal data is processed for the following purposes:

  • Providing and improving our AI consultation service.
  • Generating personalised AI solution blueprints and reports.
  • Managing your user account and authentication.
  • Communicating with you about your projects and our services.
  • Analysing usage patterns to improve our platform (aggregated, non-identifying data only).

4. Legal Basis for Processing

We process your data under the following legal bases as defined by the GDPR:

  • Consent (Art. 6(1)(a) GDPR) — You provide explicit consent when creating an account and submitting information through our platform.
  • Legitimate interest (Art. 6(1)(f) GDPR) — We have a legitimate interest in processing data to deliver and improve our services, provided this does not override your fundamental rights and freedoms.
  • Contract performance (Art. 6(1)(b) GDPR) — Processing is necessary to provide the service you have requested.

5. Data Storage and Security

Your data is stored on Supabase, a cloud database platform with servers located in the European Union. We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest. Access to personal data is restricted to authorised personnel only.

6. Third-Party Data Sharing

We share your data with the following categories of third-party services exclusively for the purpose of delivering our core service:

  • AI processing services — Your business problem descriptions are processed by artificial intelligence algorithms for analysis and report generation. These services operate as data processors under enterprise data processing agreements. Your data is not used to train AI models.
  • Cloud infrastructure — Your data is hosted on secure cloud infrastructure within the European Union, with appropriate data processing agreements in place.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

7. Data Retention

We retain your personal data for as long as your account remains active. Your data, including all reports and consultation history, is kept until you submit a deletion request. Upon receiving a valid deletion request, we will erase all your personal data within 30 days, except where we are legally required to retain certain information.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15) — You can request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16) — You can request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — You can request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20) — You can request your data in a structured, machine-readable format.
  • Right to restriction of processing (Art. 18) — You can request that we limit how we process your data.
  • Right to object (Art. 21) — You can object to data processing based on legitimate interest.

9. How to Exercise Your Rights

To exercise any of your rights, or for any questions regarding this Privacy Policy, please contact us at:

info.manovat@gmail.com

We will respond to your request within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe your rights have been infringed.

10. Cookies

MANOVAT uses minimal, functional cookies only. These cookies are strictly necessary for the operation of the platform, including maintaining your authentication session and storing your language preference. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. Because these cookies are essential for the service to function, they do not require separate consent under the GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of our platform after changes constitutes acceptance of the updated policy.