Manifestly Privacy Policy

Last updated April 6th, 2026.

This privacy policy refers to the software as a service application that resides at app.manifest.ly and the api at api.manifest.ly.

Manifestly, LLC (owner of Manifestly Checklists) does not share customer information of any kind with anyone. We will not sell or rent your name or personal information to any third party. We do not sell, rent or provide outside access to our mailing list or any data we store. Any data that a user stores via our facilities is wholly owned by that user or business. At anytime a user or business is free to take their data and leave, or to simply delete their data from our facilities.

Personal Information

Manifestly only collects such personal information that is necessary for you to access and use our services. This personal information includes, but is not limited to, first and last name, business name, and email address.

Manifestly may release personal information if Manifestly is required to by law, search warrant, subpoena, court order or fraud investigation. We may also use personal information in a manner that does not identify you specifically nor allow you to be contacted but does identify certain criteria about our Site's users in general (such as we may inform third parties about the number of registered users, number of unique visitors, and the pages most frequently browsed).

You may delete your personal information from our facilities at any time by signing into your account and choosing the option from your profile settings. You can also request to delete your data at: support@manifest.ly

GDPR Info

As a company, we've enacted the following procedures and policies:

  • Consent: We ask for your name and email when signing up for an authoring account, and ask for your consent before proceeding.
  • Breach notification policy: If there is a data breach on our side, we'll notify you within 72 hours of discovery via email.
  • Data Access: Our customers can access the personal data we collect from them via: Your Account Settings.
  • Right to be Forgotten: When you delete your account, your information is permanently erased from our system.
  • Privacy by Design: We ask for the minimum amount of data needed to ensure your success with our service. Optional questions in the sign-up process help us offer better support to you.
  • Data Protection Officer: Manifestly co-founder and CEO Philip Crawford is your Data Protection Officer. If you have any questions or concerns about your data, please contact us.
  • Personal Data in Chat: When you communicate to us via our chat system, you are asked for some personal information so we can properly reply. This service is provided through intercom.io. If requested, we can delete your contact info and conversations from Intercom.

Third-Party Integrations and API Access

When you authorize a third-party application to access your Manifestly account via OAuth, that application may access your account data within the scope of your authorization. This includes workflow templates, run data, step statuses, assignments, comments, user profiles, and department information.

Third-party applications authenticate using OAuth tokens issued during the authorization flow. Manifestly does not share your password with third-party applications. You can revoke access to any authorized application at any time from your account settings.

Each third-party application is governed by its own privacy policy and terms of service, which are typically presented during the OAuth authorization process. Manifestly is not responsible for how third-party applications use or store data accessed through our API.

Data Storage and Security

Manifestly stores your data on secure servers hosted in the United States. We use industry-standard encryption for data in transit (TLS) and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or destruction.

Access to production systems is restricted to authorized personnel and protected by multi-factor authentication. Manifestly is SOC 2 compliant. For more details on our security practices, visit our Trust Center.

Data Retention

Manifestly retains your account data for as long as your account is active or as needed to provide you with our services. If you delete your account, your personal information and workflow data are permanently removed from our systems in accordance with our deletion procedures.

Certain data may be retained for a limited period after account deletion to comply with legal obligations, resolve disputes, or enforce our agreements. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement purposes.

Manifestly Salesforce Hosting

Our servers and all the data are located in the USA.

List of Sub-Processors

As of the date of this document, Manifestly utilizes the following GDPR compliant organizations as data sub-processors:

  • Amazon AWS
  • Heroku/Salesforce
  • Intercom.io
  • LogicMonitor/Airbrake
  • SolarWinds/Papertrail
  • SendGrid/Twilio
  • Stripe
Sub-processor guidelines

Manifestly currently uses third party sub-processors to provide infrastructure services, help us provide customer support, payment, and email notifications. Prior to engaging any third party sub-processor, Manifestly performs diligence to evaluate their privacy, security and confidentiality practices.

As our business grows and evolves, the sub-processors we engage may also change. We will strive to provide customers with notice of any new sub-processors to the extent required under the Agreement, along with posting such updates here. Please check back frequently for updates.