Privacy Policy | MANULINK

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Account Information

Username and password
Email address
Company name and organization details
Subscription and billing information

Usage Data

Manufacturing data and work orders
System usage patterns and analytics
Log files and technical data
Device and browser information

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services
Process transactions and manage subscriptions
Send administrative and service-related communications
Analyze usage patterns to enhance user experience
Ensure security and prevent fraud
Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

With your explicit consent
To service providers who assist in our operations
When required by law or to protect our rights
In connection with a business transfer or acquisition

4. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication
Secure hosting and infrastructure

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Active Data

When your account is closed or a formal data deletion request is fulfilled, all active records are removed immediately from our live systems. This includes your account details, company data, manufacturing records, uploaded files, and all associated operational data.

Database Backup Retention

MANULINK operates on Neon PostgreSQL, which automatically maintains point-in-time recovery (PITR) backups for disaster recovery and service continuity. These backups are managed at the infrastructure level and cannot be selectively edited.

When your data is deleted from our active systems, copies may persist in these automated backups for up to 30 days from the date of deletion. After this retention window closes, the backup snapshots that contain your data are permanently purged and are not recoverable. These backup systems are used exclusively for disaster recovery — no MANULINK personnel or automated processes access them for any other purpose.

For the purposes of data removal requests under GDPR Article 17, CCPA, PIPEDA, and similar regulations, we consider deletion complete at the time active records are removed. The backup purge period of up to 30 days is disclosed here as part of our transparency obligations.

File Storage

Uploaded files (drawings, documents, images, and other attachments) are stored in Cloudflare R2 object storage. Upon account deletion, all files stored under your organization's storage namespace are permanently deleted as part of the deletion process and are not subject to the backup retention window described above.

6. Tenant Data Isolation

MANULINK operates on a multi-tenant architecture where each organization's data is logically separated and isolated. We ensure:

Complete data segregation between tenants
Access controls based on tenant membership
Secure backup and recovery procedures
Regular auditing of data access patterns

7. Your Rights

You have certain rights regarding your personal information, including:

Access to your personal data
Correction of inaccurate information
Deletion of your personal data
Data portability
Objection to processing

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. You can control cookie settings through your browser preferences.

9. Automatic Error Reporting

To improve service stability and quickly resolve technical issues, MANULINK automatically collects error reports when problems occur. By agreeing to our Terms of Service and Privacy Policy during account creation, you consent to this automatic error reporting.

Data Collected

Error type and stack trace (code location)
Page URL and browser information
Console log entries (technical diagnostics only)
Anonymized session identifier

Data NOT Collected

Personal messages or user content
Form data, passwords, or credentials
Screenshots (unless you manually provide them)
Financial or payment information

How We Use This Data

Error reports are used exclusively for debugging, diagnosing technical issues, and improving service reliability. Reports are retained for 90 days and then automatically deleted.

Your Control

You may opt-out of automatic error reporting at any time by visiting your User Settings and navigating to "Privacy & Data". Opting out will not affect your ability to use MANULINK.

9A. AI Model Training Data

MANULINK uses artificial intelligence to power features including drawing classification, component detection, takeoff element recognition, document processing, email management, and ERP workflow automation. To continuously improve these features, we passively collect anonymized, PII-scrubbed signals from your interactions with the platform to train and refine our AI models.

Passive Workflow Signals Collected

When you perform normal ERP actions, MANULINK records anonymized structural signals about your choices. These signals are used to improve AI predictions and recommendations across the platform. Specifically, we collect:

Drawing classification decisions — document type assignments, corrections, and takeoff detection approvals or rejections
Component detection feedback — approved, corrected, or rejected element detections with geometry data
Quote creation patterns — document type chosen, whether linked to a job or customer (no pricing data)
Work order completion signals — department transitions, task completion ratios, actual vs. estimated time (no worker identity)
Email record linking choices — which record type a user linked an email to, and the action tag applied
Document classification confirmations — when a user confirms or corrects an AI-suggested document type in the Paper Shredder
Purchase order structure — line item categories, linkage to jobs/work orders, payment term selections (no prices or vendor names)
BOM re-explosion outcomes — component counts and price source resolution results

Data NOT Used for Training

Personal names, email addresses, phone numbers, or user credentials
Company names, customer names, or vendor names
Dollar amounts, prices, costs, or any financial figures
Project addresses, locations, or identifying descriptions
The content of emails, notes, or uploaded documents
Any field that can identify a specific person, company, or project

How Training Data Is Processed

Before any signal is stored, it passes through our PII scrubbing pipeline which replaces all identifying field values with neutral placeholders (e.g., [SCRUBBED], [DOLLAR_AMOUNT_SCRUBBED]). Storage references are cryptographically hashed so original file paths cannot be reconstructed. Data is aggregated across tenants so no individual contribution can be traced back to its source. Trained models are deployed exclusively within the MANULINK platform.

Image Data for Vision Model Training

To train vision AI models, anonymized cropped regions of architectural drawings may be included in training datasets. These regions contain only technical drawing content (lines, dimensions, symbols) and are stripped of all identifying information including title blocks, company names, and project names. Full uploaded files are never used directly.

Legal Basis (GDPR)

For users in the European Economic Area and United Kingdom, our legal basis for processing anonymized workflow signals for AI training is Legitimate Interest under GDPR Article 6(1)(f). We have assessed that this interest is not overridden by your rights because: (a) all data is anonymized before storage, (b) the processing directly improves the service you receive, and (c) you have a meaningful opt-out mechanism described below. A full Legitimate Interest Assessment is available on request at privacy@manulink.ai.

Your Control — Opt Out of Cross-Tenant Sharing

You can opt your organization out of contributing anonymized workflow patterns to the shared AI knowledge base at any time. Navigate to Company Settings → AI Usage & Billing and toggle off "Contributing anonymized patterns to global AI knowledge." This setting takes effect immediately for new signals. Note that local agent learning (used only within your organization's tenant) cannot be disabled, as it is required for the service to function correctly.

Your Consent

By accepting the Terms of Service and Privacy Policy during account creation, you consent to the use of anonymized AI interaction and workflow signal data for model training as described above. This practice is consistent with standard industry approaches used by AI-powered SaaS platforms including OpenAI, Anthropic, and similar services.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@manulink.ai
Address: MANULINK Privacy Department