Privacy Policy

Your data is yours

Here's what this actually means:

  • 1.We never sell your data. Not to advertisers, not to anyone. Full stop.
  • 2.We use a small number of trusted services (like AI providers) to process your messages and make Manano work. They process data on our behalf and can't use it for anything else.
  • 3.Everything we store about you is encrypted at rest. Even if someone broke in, they couldn't read it.
  • 4.You can ask us to delete your data at any time. We'll do it, no questions asked.
  • 5.We're an Irish company, governed by Irish and EU law (including GDPR). Your rights are strong here.

Last updated: January 2025

1. Who We Are

Manano ("we", "us", "our") is a company registered in Ireland. We provide AI-powered invoicing and financial tools for tradespeople, primarily through WhatsApp messaging. For the purposes of data protection law, Manano is the data controller of your personal data.

If you have any questions about this policy, you can contact us at [email protected].

2. What Data We Collect

We collect the following categories of personal data:

  • Account information: Your name, phone number, email address (if provided), and business details.
  • Messages and content: Messages you send to us via WhatsApp, including invoice details, customer names, amounts, and any other information you provide.
  • Financial data: Invoice records, payment information, expense data, and VAT-related information you provide to us.
  • Usage data: How you interact with our service, including timestamps and feature usage.
  • Device information: Basic device and connection information required for WhatsApp communication.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Providing our service: Creating invoices, quotes, and financial documents on your behalf (contractual necessity).
  • AI processing: Using artificial intelligence to understand your messages and generate accurate documents (contractual necessity).
  • Financial record-keeping: Maintaining records of your invoices, payments, and expenses (contractual necessity and legal obligation).
  • Service improvement: Improving the accuracy and reliability of our AI and overall service (legitimate interest).
  • Communication: Responding to your queries and sending service-related notifications (contractual necessity).
  • Legal compliance: Meeting our obligations under Irish and EU law, including tax and anti-money laundering regulations (legal obligation).

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Contractual necessity (Article 6(1)(b)): Processing necessary to provide you with our invoicing and financial services.
  • Legal obligation (Article 6(1)(c)): Processing required by Irish tax law, company law, or other regulatory requirements.
  • Legitimate interest (Article 6(1)(f)): Service improvement and security, where our interests do not override your fundamental rights.
  • Consent (Article 6(1)(a)): Where applicable, such as for marketing communications. You may withdraw consent at any time.

5. Third-Party Processors

We use a limited number of carefully selected third-party service providers to operate our service. These include:

  • AI processing providers: To process and understand your messages and generate documents.
  • Cloud infrastructure providers: To host and store your data securely.
  • Messaging platform providers: To facilitate WhatsApp-based communication.
  • Payment processing providers: To facilitate payment transactions on your behalf.

All third-party processors are bound by data processing agreements in accordance with Article 28 of the GDPR. They may only process your data on our instructions and for the purposes we specify. They cannot use your data for their own purposes.

We do not sell, rent, or share your personal data with any third party for their own marketing or commercial purposes.

6. Data Security

We take the security of your data seriously. All personal data stored by Manano is encrypted at rest using industry-standard encryption algorithms. We also employ encryption in transit (TLS/SSL), access controls, and regular security reviews to protect your information.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission and, where required, you, in accordance with Articles 33 and 34 of the GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Account data: Retained while your account is active and for a reasonable period thereafter to allow reactivation.
  • Financial records: Retained for a minimum of 6 years in accordance with Irish tax legislation (Taxes Consolidation Act 1997).
  • Message data: Retained while your account is active. Deleted upon account closure and completion of any legal retention period.

8. International Data Transfers

Some of our third-party processors may be located outside the European Economic Area (EEA). Where this is the case, we ensure appropriate safeguards are in place, including:

  • EU-approved Standard Contractual Clauses (SCCs);
  • Adequacy decisions by the European Commission; or
  • Other approved transfer mechanisms under Chapter V of the GDPR.

9. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): You may request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction (Article 18): You may request restriction of processing in certain circumstances.
  • Right to data portability (Article 20): You may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You may object to processing based on legitimate interests.
  • Rights related to automated decision-making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal effects.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request, as required by the GDPR.

10. Cookies and Analytics

Our website uses essential cookies required for functionality and analytics cookies (Google Analytics) to understand how visitors use our site. Analytics data is aggregated and does not personally identify you. You may disable non-essential cookies through your browser settings.

11. Children's Data

Our service is designed for business use by tradespeople and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes via WhatsApp or other appropriate means. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Website: www.dataprotection.ie

14. Governing Law

This privacy policy is governed by and construed in accordance with the laws of Ireland and the European Union, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018 (as amended).