Privacy Policy

This Privacy Policy describes how Manta ("we," "us," "our," or "the Company") collects, uses, stores, shares, discloses, and protects information when you visit our website located at manta.blue, engage our services, receive data or deliverables from us, communicate with us, or otherwise interact with our business in any capacity (collectively, the "Services").

Manta is a data and technology company. Our business activities include, but are not limited to, data sourcing, data licensing, data brokerage, lead generation, AI and technology solutions, software development, marketing technology, consulting, and related services. This Privacy Policy covers all of these activities.

By accessing our website, engaging our Services, or providing any information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access our website or use our Services.

We reserve the right to modify this Privacy Policy at any time, in our sole discretion, without prior notice. Changes are effective immediately upon posting to our website. Your continued use of the Services or website following any changes constitutes acceptance of the updated Privacy Policy. It is your sole responsibility to review this Privacy Policy periodically.

This Privacy Policy is incorporated into and subject to our Terms of Service.

We collect information from various sources and through various means. The types of information we collect depend on how you interact with us.

Information You Provide Directly

• Contact information: name, email address, phone number, mailing address, company name, job title

• Business information: company size, industry, project requirements, budget, goals

• Communication content: messages, emails, inquiries, feedback, and other communications you send to us

• Engagement materials: documents, data, specifications, briefs, and other materials you provide in connection with our Services

• Payment information: billing details, invoicing information (payment processing is handled by third-party processors; we do not store full credit card numbers)

• Any other information you voluntarily provide to us

Information Collected Automatically

When you visit our website, we may automatically collect:

• Device information: browser type, operating system, device type, screen resolution, device identifiers

• Usage data: pages visited, links clicked, features used, time spent on pages, navigation patterns

• Log data: IP address, access times, referring URLs, error logs, server logs

• Location data: approximate geographic location derived from IP address

• Cookies and similar technologies: session identifiers, preferences, analytics data (see Section 10)

Information from Third Parties

We may receive information from third-party sources, including:

• Analytics providers: aggregated website usage statistics

• Business partners: referrals, introductions, business context

• Publicly available sources: business directories, social media profiles, public records, government databases, websites, and other publicly accessible information

• Third-party data providers: licensed datasets, data aggregators, data brokers

• Payment processors: transaction confirmations, payment status

We may combine information collected from different sources to provide, improve, and personalize our Services.

We use collected information for the following purposes:

Providing and Delivering Services

• Responding to inquiries and communicating about engagements

• Scoping, planning, and delivering projects and Services

• Processing payments and managing billing

• Providing customer support and project updates

• Delivering data, deliverables, and work product

Operating and Improving Our Business

• Analyzing website usage to improve user experience

• Developing new services, features, and offerings

• Conducting internal research and analytics

• Debugging, testing, and fixing issues

• Training our team and improving our processes

• Benchmarking and performance analysis

Data Products and Services

• Sourcing, collecting, aggregating, cleaning, structuring, and preparing data for licensing and delivery to clients

• Developing and maintaining data products, databases, and datasets

• Enhancing, enriching, and validating data through various methods and sources

• Analyzing data trends, patterns, and market intelligence

• Creating derived, aggregated, or anonymized datasets

Communication

• Sending service-related notifications and updates

• Responding to your inquiries and requests

• Sending marketing communications (with your consent where required)

• Providing business development outreach

• Sending legal notices and policy updates

Legal, Safety, and Compliance

• Complying with applicable laws, regulations, and legal obligations

• Enforcing our Terms of Service and other agreements

• Protecting our rights, property, safety, and legitimate business interests

• Preventing, detecting, and investigating fraud, abuse, and security incidents

• Responding to legal process, subpoenas, and government requests

• Establishing, exercising, or defending legal claims

Other Purposes

• As described at the time of collection

• With your consent

• For any other lawful purpose related to our business operations

As a data and technology company, a core part of our business involves sourcing, compiling, aggregating, processing, and licensing data to clients. This section describes our practices related to the data we provide to others.

Types of Data We May Source and Provide

The data we source, compile, aggregate, and license to clients may include, but is not limited to:

• Business contact information (names, email addresses, phone numbers, job titles, company information)

• Consumer contact information (names, email addresses, phone numbers, mailing addresses)

• Demographic information (age ranges, geographic location, interests, preferences)

• Business data (company information, industry classifications, revenue ranges, employee counts)

• Property and real estate data

• Public records and government filings

• Online behavioral and interest data

• Market and industry data

• Website content and publicly posted information

• Social media profiles and publicly available posts

• Directory listings and public business registrations

• Any other data that we compile from available sources

How We Source Data

Data may be sourced through a variety of methods, including but not limited to:

• Publicly available information on the internet, including websites, directories, social media platforms, forums, public profiles, and publicly accessible databases

• Government and public records, including property records, business filings, court records, voter records, and other publicly filed documents

• Automated data collection technologies, including web scraping, web crawling, data extraction tools, APIs, and other automated or programmatic methods

• Licensed third-party datasets from data providers, aggregators, and data brokers

• Proprietary collection methods and technologies

• Manual research and compilation

• Business partnerships and data exchange agreements

• Opt-in and consent-based collection where applicable

• Any other data collection methods

We do NOT disclose our specific data sources, proprietary methodologies, collection techniques, scraping targets, extraction processes, or processing algorithms. These constitute confidential trade secrets and proprietary business information.

COMPLETE DISCLAIMER REGARDING DATA ORIGIN, ACCURACY, AND LEGITIMACY

WE MAKE ABSOLUTELY NO REPRESENTATIONS, WARRANTIES, GUARANTEES, OR CLAIMS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, REGARDING:

• THE ORIGIN, SOURCE, OR PROVENANCE OF ANY DATA WE PROVIDE

• THE ACCURACY, COMPLETENESS, TIMELINESS, RELIABILITY, VALIDITY, OR CORRECTNESS OF ANY DATA

• THE LEGITIMACY, LEGALITY, OR LAWFULNESS OF ANY DATA IN ANY JURISDICTION

• THE FITNESS, SUITABILITY, OR APPROPRIATENESS OF ANY DATA FOR ANY PARTICULAR PURPOSE, USE CASE, OR APPLICATION

• WHETHER ANY DATA WAS COLLECTED WITH THE CONSENT OR KNOWLEDGE OF THE DATA SUBJECTS

• WHETHER ANY DATA COMPLIES WITH ANY SPECIFIC LAW, REGULATION, INDUSTRY STANDARD, OR BEST PRACTICE IN ANY JURISDICTION WORLDWIDE

• WHETHER ANY DATA IS FREE FROM ERRORS, OMISSIONS, INACCURACIES, DUPLICATES, OR OUTDATED INFORMATION

• WHETHER ANY DATA IS COMPLETE, CURRENT, OR UP TO DATE

• THE DELIVERABILITY, VALIDITY, OR REACHABILITY OF ANY CONTACT INFORMATION

• WHETHER ANY INDIVIDUAL IN THE DATA HAS OPTED OUT OF, REVOKED CONSENT FOR, OR OBJECTED TO COMMUNICATIONS

• WHETHER ANY DATA INCLUDES INFORMATION ABOUT MINORS, DECEASED INDIVIDUALS, OR INDIVIDUALS WHO ARE OTHERWISE PROTECTED

• WHETHER THE DATA INFRINGES UPON THE RIGHTS OF ANY THIRD PARTY, INCLUDING INTELLECTUAL PROPERTY RIGHTS, PRIVACY RIGHTS, PUBLICITY RIGHTS, OR ANY OTHER RIGHTS

• THE COMPLIANCE OF DATA WITH ANY WEBSITE'S TERMS OF SERVICE, ROBOTS.TXT DIRECTIVES, OR OTHER ACCESS RESTRICTIONS

ALL DATA IS PROVIDED STRICTLY "AS IS," "AS AVAILABLE," AND "WITH ALL FAULTS." YOU ACCEPT ALL DATA IN ITS EXISTING CONDITION WITHOUT ANY GUARANTEE WHATSOEVER.

COMPLETE DISCLAIMER OF LIABILITY FOR DATA USE

YOU ACKNOWLEDGE AND AGREE THAT MANTA HAS ABSOLUTELY NO CONTROL OVER, AND ASSUMES NO RESPONSIBILITY, LIABILITY, OR OBLIGATION WHATSOEVER FOR, HOW YOU OR ANY THIRD PARTY USES, PROCESSES, STORES, TRANSMITS, SHARES, PUBLISHES, DISTRIBUTES, MODIFIES, OR OTHERWISE HANDLES ANY DATA PROVIDED BY OR OBTAINED FROM MANTA, REGARDLESS OF HOW SUCH DATA WAS SOURCED, COMPILED, OR DELIVERED.

Without limiting the generality of the foregoing, Manta is NOT responsible for and SHALL NOT BE LIABLE FOR:

• Any calls, texts, emails, direct mail, faxes, advertisements, social media messages, or any other communications of any kind sent using our data

• Any violation of the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Fair Credit Reporting Act (FCRA), Computer Fraud and Abuse Act (CFAA), or any other federal, state, local, or international law or regulation arising from your use of data

• Any fines, penalties, sanctions, lawsuits, class actions, mass actions, arbitration claims, regulatory actions, enforcement proceedings, cease and desist orders, injunctions, consent decrees, or legal consequences of any kind arising from your use of data

• Any harm, damage, annoyance, harassment, distress, or injury caused to any individual or entity as a result of your use of data

• Any claims by any individual that their information was collected, used, shared, or processed without their consent

• Any claims by any website, platform, or service that data was collected in violation of their terms of service, access policies, or technical restrictions

• Any claims that data collection methods violated any law, regulation, or third-party right

• Verifying that your intended use of data is lawful, ethical, or appropriate in your jurisdiction or any other jurisdiction

• Obtaining any consents, authorizations, permissions, licenses, or approvals required for your use of data

• Maintaining do-not-call lists, suppression lists, opt-out lists, unsubscribe lists, or any other compliance lists or databases

• Scrubbing data against any federal, state, or industry do-not-contact registries

• The accuracy, currency, validity, or reliability of any individual data point, record, field, or dataset

• Any business losses, lost revenue, lost customers, lost opportunities, lost profits, reputational harm, competitive harm, or any other direct, indirect, incidental, special, consequential, exemplary, or punitive damages resulting from your use of or reliance on our data

• Any decisions you make based on our data, including hiring decisions, credit decisions, insurance decisions, investment decisions, marketing decisions, or any other business or personal decisions

• Any third-party claims arising from your use of data, including claims by data subjects, competitors, regulators, platforms, or any other party

• Determining whether the data infringes upon any intellectual property rights, privacy rights, contractual rights, or any other rights of any third party

• Ensuring that data was collected in compliance with any website's terms of service, robots.txt files, CAPTCHA restrictions, rate limiting, or other technical access controls

YOU USE ALL DATA PROVIDED BY OR OBTAINED FROM MANTA ENTIRELY AT YOUR OWN RISK. YOU ARE SOLELY, EXCLUSIVELY, AND ENTIRELY RESPONSIBLE FOR ALL LEGAL, REGULATORY, ETHICAL, AND COMPLIANCE OBLIGATIONS RELATED TO YOUR ACQUISITION, POSSESSION, USE, STORAGE, PROCESSING, TRANSMISSION, AND DISPOSAL OF DATA.

WE STRONGLY AND URGENTLY RECOMMEND THAT YOU CONSULT WITH QUALIFIED LEGAL COUNSEL BEFORE ACQUIRING, POSSESSING, USING, STORING, PROCESSING, TRANSMITTING, OR DISPOSING OF ANY DATA FOR ANY PURPOSE WHATSOEVER.

No Responsibility for Downstream Use

Once data leaves our systems and enters your possession by any means, we have absolutely no visibility into, control over, or responsibility for its subsequent use, modification, combination, distribution, storage, transmission, publication, or disposal. You agree that any and all downstream use of data by you, your employees, contractors, agents, affiliates, clients, customers, successors, assigns, or any other party is entirely and exclusively your responsibility. We disclaim all liability, without exception, for any and all consequences arising from such downstream use.

No Responsibility for Data Collection Methods

WE MAKE NO REPRESENTATIONS OR WARRANTIES REGARDING THE LEGALITY, ETHICS, OR APPROPRIATENESS OF OUR DATA COLLECTION METHODS IN ANY JURISDICTION. Data collection laws, website terms of service, and regulatory requirements vary by jurisdiction and are subject to change. We do not guarantee that our data collection methods comply with the laws of your jurisdiction or the jurisdiction of any data subject. You acknowledge that by acquiring data from us, you assume all risk related to the methods by which such data was originally collected.

No Fiduciary Duty or Advisory Relationship

We are NOT your attorney, compliance officer, data protection officer, privacy advisor, or legal counsel. We do NOT provide legal advice, compliance advice, regulatory guidance, or professional opinions of any kind regarding data. The provision of data does not create any fiduciary, advisory, professional, or trust relationship between us.

Client's Independent Obligation to Comply

You represent, warrant, and covenant that before using any data obtained from Manta, you will:

• Independently assess the legal and regulatory requirements applicable to your intended use of the data in all relevant jurisdictions

• Obtain independent legal counsel regarding your compliance obligations

• Implement all necessary compliance measures, including but not limited to consent management, opt-out mechanisms, suppression file scrubbing, do-not-call registry compliance, and data security measures

• Assume full and exclusive responsibility for any and all consequences of your use of the data

Data Subject Rights Regarding Data We Provide

If you believe your personal information is included in data that we source, compile, license, or provide to clients, you may contact us at usemantasec@gmail.com to:

• Request information about whether we hold your personal information

• Request access to your personal information

• Request correction of inaccurate information

• Request deletion of your personal information from our active databases

• Request that we cease including your personal information in data provided to clients

• Opt out of having your information included in our data products

We will make commercially reasonable efforts to honor such requests within 30 days, subject to verification of your identity and applicable legal requirements. Please note that:

• Copies of your information may have already been provided to clients prior to your request, and we cannot control, retrieve, recall, or delete data already in the possession of third parties

• Your information may reappear in our databases if it is re-collected from public sources during subsequent data collection cycles

• We may retain certain information as required by law or for legitimate business purposes (e.g., maintaining suppression lists)

• Deletion from our active databases does not guarantee deletion from backup systems, which are purged on a rolling basis

No Consumer Reports

Data provided by Manta is NOT intended to constitute, and SHALL NOT be used as, a "consumer report" as defined by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. Manta is NOT a "consumer reporting agency" as defined by the FCRA. Our data products MUST NOT be used for any purpose regulated by the FCRA, including but not limited to:

• Credit eligibility determinations

• Insurance underwriting or eligibility

• Employment screening or hiring decisions

• Tenant screening or rental decisions

• Government licensing or benefits determinations

• Any other purpose requiring FCRA compliance

By acquiring data from Manta, you represent, warrant, and certify that you will NOT use any data for any FCRA-regulated purpose. Violation of this restriction may result in immediate termination of your access to our Services and data, and you agree to indemnify, defend, and hold harmless Manta from any claims, damages, fines, or penalties arising from your use of data for FCRA-regulated purposes.

We may share your information in the following circumstances:

Service Providers and Processors

We share information with third-party vendors, contractors, and service providers who assist us in operating our business and providing the Services, including:

• Cloud infrastructure and hosting providers

• Payment processors and billing services

• Analytics and tracking services

• Email and communication platforms

• Customer relationship management (CRM) systems

• AI model and API providers

• Development and project management tools

• Accounting and financial services

• Legal and professional advisors

These service providers are authorized to use your information only as necessary to provide services to us and are contractually obligated to protect your information.

Clients (Data Licensing)

As described in Section 4, we license data products to our clients as part of our core business operations. Information included in our data products may be shared with clients who purchase or license such data.

Legal Requirements and Protection of Rights

We may disclose information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws, regulations, legal process, or governmental requests

• Respond to subpoenas, court orders, warrants, or other legal process

• Cooperate with law enforcement or regulatory authorities

• Protect and defend our rights, property, safety, or legitimate business interests

• Protect the safety of our users, clients, or the public

• Investigate, prevent, or take action regarding suspected fraud, abuse, or illegal activities

• Enforce our Terms of Service and other agreements

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of assets, or other business transaction, your information may be transferred to the acquiring entity or successor. We will make reasonable efforts to notify you of any such transfer.

With Your Consent

We may share information for purposes not described in this Privacy Policy with your explicit consent.

Aggregated and De-Identified Data

We may share anonymized, aggregated, or de-identified data that cannot reasonably be used to identify you for analytics, research, marketing, industry benchmarking, and other business purposes. This data is not subject to the restrictions of this Privacy Policy.

Affiliated Entities

We may share information with our subsidiaries, affiliates, parent companies, and related entities for purposes consistent with this Privacy Policy.

Professional Advisors

We may share information with our attorneys, accountants, auditors, insurers, and other professional advisors as necessary for their professional services.

Disclosure Regarding Sale of Data

As a data company, our business involves the licensing, sale, and provision of data to clients. This may constitute a "sale" of personal information under certain privacy laws, including the California Consumer Privacy Act (CCPA).

The categories of personal information we may sell or license include:

• Identifiers (names, email addresses, phone numbers, mailing addresses)

• Professional or employment-related information (job titles, company names, industry)

• Internet or electronic network activity information (online behavioral data, interests)

• Geolocation data (geographic location derived from addresses or IP)

• Commercial information (purchase history, business activity)

• Demographic information (age ranges, household data)

Your Right to Opt Out

If you are a resident of a jurisdiction that provides you with the right to opt out of the sale of your personal information, you may exercise that right by contacting us at usemantasec@gmail.com with the subject line "OPT OUT — DATA SALE."

Upon receiving a verified opt-out request, we will:

• Cease including your personal information in data products licensed or sold to clients within 30 days

• Make commercially reasonable efforts to remove your information from our active data products

• Note that information already provided to clients prior to your opt-out request cannot be retrieved or recalled

We do not knowingly sell the personal information of individuals under the age of 16.

Do Not Track

Our website does not currently respond to "Do Not Track" browser signals. However, you may exercise your opt-out rights as described above.

We retain information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Periods

• Website visitor data (logs, analytics): retained for up to 24 months

• Client engagement records (communications, contracts, deliverables): retained for the duration of the business relationship plus 7 years for legal and tax compliance purposes

• Payment and financial records: retained as required by applicable law (typically 7 years)

• Support and communication records: retained for up to 5 years

• Data products and databases: maintained and updated on an ongoing basis as part of our core business operations; individual records may be retained indefinitely unless deletion is requested and honored

• Anonymized and aggregated data: retained indefinitely

Deletion Requests

You may request deletion of your personal information by contacting us at usemantasec@gmail.com. We will process deletion requests within 30 days, subject to:

• Verification of your identity

• Legal retention requirements

• Legitimate business needs (e.g., fraud prevention, legal claims)

• Technical limitations

Please note that deletion from our systems does not affect copies of your information already provided to clients, stored in backups, or retained for legal compliance.

Backup and Archival

Information may persist in backup systems for a reasonable period after deletion from active systems. We implement commercially reasonable measures to ensure backed-up data is eventually purged.

We implement commercially reasonable technical, administrative, organizational, and physical security measures to protect information in our possession and control against unauthorized access, disclosure, alteration, destruction, and misuse.

Technical Measures

• Encryption of data in transit using TLS/SSL protocols

• Encryption of sensitive data at rest

• Access controls and authentication mechanisms

• Regular security assessments and monitoring

• Firewall and intrusion detection systems

• Secure software development practices

Administrative Measures

• Access limited to authorized personnel on a need-to-know basis

• Confidentiality obligations for employees and contractors

• Incident response and breach notification procedures

• Vendor and third-party security assessments

• Regular review of security policies and procedures

Physical Measures

• Secure data center facilities (through cloud infrastructure providers)

• Physical access controls where applicable

IMPORTANT DISCLAIMER

NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR SECURITY SYSTEM IS 100% SECURE OR IMPENETRABLE. While we implement commercially reasonable security measures, we CANNOT AND DO NOT GUARANTEE:

• The absolute security of your information

• That our security measures will prevent all unauthorized access, disclosure, or breach

• That your information will never be accessed, disclosed, altered, or destroyed by a breach of our security measures

• That our systems will be free from vulnerabilities, errors, or interruptions

You acknowledge and accept the inherent risks of transmitting information electronically and storing information digitally. You are solely responsible for maintaining the security of your account credentials, passwords, API keys, and any other access mechanisms.

We are not responsible for security incidents or data breaches caused by:

• Your actions, negligence, or failure to maintain adequate security on your systems

• Third-party services, platforms, or providers outside our control

• Force majeure events

• Vulnerabilities in systems or software not operated by us

Depending on your jurisdiction and applicable law, you may have certain rights regarding your personal information. We respect these rights and will make commercially reasonable efforts to honor valid requests.

Rights You May Have

• Right to Access: request a copy of the personal information we hold about you

• Right to Correction: request correction of inaccurate or incomplete personal information

• Right to Deletion: request deletion of your personal information, subject to legal exceptions

• Right to Data Portability: request a copy of your data in a structured, commonly used, machine-readable format

• Right to Opt Out of Sale: opt out of the sale or sharing of your personal information (see Section 6)

• Right to Restrict Processing: request that we limit how we use your personal information

• Right to Object: object to processing of your personal information based on legitimate interests

• Right to Withdraw Consent: withdraw consent at any time where processing is based on consent

• Right to Non-Discrimination: you will not be discriminated against for exercising your privacy rights

• Right to Appeal: if we deny your request, you may have the right to appeal our decision

How to Exercise Your Rights

To exercise any of your privacy rights, contact us at:

• Email: usemantasec@gmail.com

• Include "PRIVACY REQUEST" in your subject line

• Specify which right(s) you wish to exercise

• Provide sufficient information for us to verify your identity

Verification

We may require verification of your identity before processing privacy requests. Verification methods may include:

• Confirming information we have on file

• Requesting government-issued identification

• Using a third-party verification service

Response Timeline

We will acknowledge receipt of your request within 10 business days and provide a substantive response within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the extension and the reason for it.

Limitations

We reserve the right to deny requests that are:

• Not verified or verifiable

• Excessive, repetitive, or manifestly unfounded

• In conflict with legal obligations or legitimate business interests

• Technically infeasible

• Potentially harmful to the rights of others

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and may still require you to verify your identity directly.

We use cookies and similar tracking technologies on our website to collect information and improve your experience.

Types of Cookies We Use

Essential Cookies:

• Session management and authentication

• Security features (CSRF protection, bot detection)

• Load balancing and server routing

• These cookies are strictly necessary and cannot be disabled

Functional Cookies:

• Remembering your preferences and settings

• Language and regional preferences

• Previously viewed pages or interactions

Analytics and Performance Cookies:

• Understanding how visitors use our website

• Measuring page performance and load times

• Identifying popular content and navigation patterns

• Improving our website and Services

Third-Party Analytics

We may use third-party analytics services (such as Google Analytics or similar) that use cookies and similar technologies to collect and analyze usage information. These third parties may use the information collected to provide measurement services and target ads. You can learn about and opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

We Do Not Use

• Third-party advertising cookies for displaying targeted ads on our website

• Cross-site tracking for advertising purposes

Your Cookie Choices

Most web browsers allow you to control cookies through browser settings, including:

• Blocking all cookies

• Accepting only first-party cookies

• Deleting cookies when you close your browser

• Receiving notifications when cookies are set

Please note that disabling essential cookies may affect the functionality of our website.

Other Tracking Technologies

We may also use:

• Pixel tags (web beacons) in emails to track open rates and click-through rates

• Local storage to maintain preferences

• Session replay tools to understand user interactions (anonymized)

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from or less protective than the laws in your country.

By using our Services, providing information to us, or engaging our business in any capacity, you explicitly consent to the transfer, storage, and processing of your information in the United States and other countries where we or our service providers operate.

Safeguards for International Transfers

Where required by applicable law, we implement appropriate safeguards for international data transfers, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Data Processing Agreements with service providers

• Encryption of data in transit and at rest

• Other appropriate safeguards as required by applicable law

EU-U.S. Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process and transfer your data in compliance with applicable data protection laws, including the GDPR and UK GDPR. We rely on appropriate legal mechanisms for any transfers of personal data outside of these regions.

Our Services and website are not intended for, directed at, or designed to attract children under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect, solicit, or maintain personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take prompt steps to delete such information from our systems.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at usemantasec@gmail.com so that we can take appropriate action.

Data Products and Minors

We make commercially reasonable efforts to exclude information about known minors from our data products. However, we cannot guarantee that our data products do not contain information about individuals under the age of 18, as the source data may not always include age information. If you become aware that our data products contain information about a minor, please contact us immediately.

Our website and Services may contain links to, integrate with, or rely upon third-party websites, services, platforms, APIs, tools, or content ("Third-Party Services") that are not owned or controlled by us.

This Privacy Policy applies solely to information collected by Manta. We are not responsible for the privacy practices, data collection, security measures, terms, or content of any Third-Party Services. We have no control over and assume no responsibility for Third-Party Services.

We strongly encourage you to review the privacy policies and terms of service of any Third-Party Services before providing your information or using such services.

Inclusion of links to Third-Party Services on our website does not imply endorsement, sponsorship, affiliation, or any relationship with those third parties.

Third-Party Service Providers We May Use

Our business operations may involve the following categories of third-party services:

• Cloud hosting and infrastructure (e.g., AWS, Google Cloud, Vercel)

• Payment processing (e.g., PayPal, Stripe)

• Analytics and monitoring (e.g., Google Analytics, Vercel Analytics)

• Communication and email (e.g., Gmail, Slack, Discord)

• AI and machine learning APIs (e.g., OpenAI, Anthropic)

• Project management and collaboration tools

• CRM and business tools

• Legal and accounting services

This list is not exhaustive and may change over time. We do not guarantee the privacy practices of any third-party service provider.

Manta may operate in a capacity that qualifies as a "data broker" under certain state and federal laws. A data broker is generally defined as a business that collects, processes, and licenses or sells personal information about individuals with whom it does not have a direct relationship.

State Registration

Certain states, including but not limited to California, Vermont, Oregon, and Texas, require data brokers to register with the state. We comply with applicable data broker registration requirements in states where we are required to register.

Your Rights as a Data Subject

If your personal information is included in data that we source, license, or sell, you have certain rights depending on your jurisdiction, including:

• The right to know whether we hold your personal information

• The right to access your personal information

• The right to request correction of inaccurate information

• The right to request deletion of your personal information

• The right to opt out of the sale of your personal information

To exercise any of these rights, contact us at usemantasec@gmail.com with "DATA BROKER REQUEST" in the subject line.

Transparency

We are committed to transparency in our data practices. We collect data from publicly available sources, licensed third-party providers, and other lawful sources. We do not collect data through deceptive, unfair, or unlawful means.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information:

• Identifiers (name, email, phone number, IP address, mailing address)

• Customer records (name, address, phone number, billing information)

• Commercial information (services purchased, transaction history)

• Internet or electronic network activity (browsing history, search history, interaction with our website)

• Geolocation data (approximate location from IP address)

• Professional or employment-related information (job title, company name, industry)

• Inferences (preferences, characteristics, behavior patterns)

Categories of Personal Information Sold or Shared

As described in Section 6, we may sell or share identifiers, professional information, internet activity, geolocation data, commercial information, and demographic information as part of our data licensing business.

Your California Rights

• Right to Know: request disclosure of the categories and specific pieces of personal information collected, sources, purposes, and third parties with whom we share it

• Right to Delete: request deletion of personal information, subject to exceptions

• Right to Correct: request correction of inaccurate personal information

• Right to Opt Out of Sale/Sharing: opt out of the sale or sharing of your personal information

• Right to Limit Use of Sensitive Personal Information: request limits on the use of sensitive personal information

• Right to Non-Discrimination: we will not discriminate against you for exercising your rights

How to Exercise Your Rights

• Email: usemantasec@gmail.com (subject line: "CCPA REQUEST")

• We will verify your identity before processing your request

• We will respond within 45 days (may be extended by an additional 45 days with notice)

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require written proof of authorization and may directly verify your identity.

Financial Incentives

We do not offer financial incentives for the collection, sale, or retention of personal information.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request a list of third parties to whom we have disclosed personal information for direct marketing purposes. To make such a request, contact us at usemantasec@gmail.com.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) and/or UK GDPR apply to our processing of your personal data.

Data Controller

Manta acts as the data controller for personal data collected through our website and in the course of our business operations.

Legal Bases for Processing

We process your personal data based on the following legal bases:

• Performance of a Contract: processing necessary to provide our Services to you

• Legitimate Interests: processing necessary for our legitimate business interests (improving Services, marketing, security, fraud prevention), where such interests are not overridden by your rights

• Legal Obligation: processing necessary to comply with applicable laws and regulations

• Consent: processing based on your freely given, specific, informed, and unambiguous consent (e.g., marketing communications)

Your GDPR Rights

• Right of Access: obtain confirmation of whether we process your personal data and request a copy

• Right to Rectification: request correction of inaccurate or incomplete personal data

• Right to Erasure ("Right to Be Forgotten"): request deletion of your personal data, subject to legal exceptions

• Right to Restriction of Processing: request that we restrict processing of your personal data

• Right to Data Portability: receive your personal data in a structured, commonly used, machine-readable format

• Right to Object: object to processing based on legitimate interests or for direct marketing purposes

• Right Not to Be Subject to Automated Decision-Making: not be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects

• Right to Withdraw Consent: withdraw consent at any time where processing is based on consent

• Right to Lodge a Complaint: lodge a complaint with a data protection supervisory authority in your jurisdiction

Exercising Your Rights

Contact us at usemantasec@gmail.com with "GDPR REQUEST" in the subject line. We will respond within 30 days (or within the timeframe required by applicable law).

Data Protection Officer

For GDPR-related inquiries, contact: usemantasec@gmail.com

Data Retention Under GDPR

We retain personal data only for as long as necessary for the purposes for which it was collected, as described in Section 7 of this Privacy Policy, or as required by applicable law.

Cross-Border Transfers

Transfers of personal data outside the EEA, UK, or Switzerland are conducted in accordance with applicable data protection laws using appropriate safeguards as described in Section 11.

Residents of certain U.S. states may have additional privacy rights under state-specific privacy laws.

Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the sale of personal data, targeted advertising, and profiling.

Colorado (CPA)

Colorado residents may have rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the sale of personal data, targeted advertising, and profiling.

Connecticut (CTDPA)

Connecticut residents may have similar rights to access, correct, delete, obtain a copy, and opt out of the sale of personal data and targeted advertising.

Utah (UCPA)

Utah residents may have rights to access and delete their personal data, as well as the right to opt out of the sale of personal data and targeted advertising.

Other States

Additional states may enact privacy laws over time. We will make commercially reasonable efforts to comply with applicable state privacy laws as they become effective.

Exercising State Privacy Rights

To exercise any state-specific privacy rights, contact us at usemantasec@gmail.com with "STATE PRIVACY REQUEST" in the subject line. Please specify your state of residence in your request.

We will process requests in accordance with the applicable state law and within the timeframes required by such law.

Do Not Track (DNT)

Our website does not currently respond to "Do Not Track" browser signals, as there is no industry-standard technology for recognizing or honoring DNT signals. However, you may exercise your privacy rights as described in this Privacy Policy.

Global Privacy Control (GPC)

We will make commercially reasonable efforts to honor Global Privacy Control (GPC) signals as an opt-out of the sale or sharing of personal information where required by applicable law. If we detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale of your personal information.

We do not intentionally collect sensitive personal information, which may include:

• Social Security numbers or government identification numbers

• Financial account numbers, credit card numbers, or debit card numbers (we use third-party payment processors)

• Precise geolocation data

• Racial or ethnic origin

• Religious or philosophical beliefs

• Union membership

• Genetic or biometric data

• Health or medical information

• Sexual orientation or sex life information

• Criminal history

• Immigration status

If you believe we have inadvertently collected sensitive personal information, please contact us immediately at usemantasec@gmail.com so that we can take appropriate action.

Data Products and Sensitive Information

We make commercially reasonable efforts to exclude sensitive personal information from our data products. However, data sourced from public records or third-party providers may contain information that could be considered sensitive under certain laws. We disclaim responsibility for sensitive information that may be present in data sourced from public or third-party sources.

In the event of a data breach affecting your personal information, we will:

• Investigate the breach promptly and take appropriate measures to contain and remediate it

• Assess the scope, severity, and potential impact of the breach

• Notify affected individuals within the timeframe required by applicable law (generally within 72 hours of becoming aware of the breach where required by GDPR, and as otherwise required by applicable state or federal law)

• Notify relevant regulatory authorities where required by applicable law

• Provide information about the nature of the breach, the types of information affected, and steps you can take to protect yourself

Limitations

• We are not responsible for data breaches caused by your actions, your systems, or third-party services outside our control

• Notification obligations apply only to the extent required by applicable law

• We may delay notification if advised by law enforcement or if notification would impede an ongoing investigation

• Our notification does not constitute an admission of fault or liability

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date

• Sending email notification for material changes (where we have your email address)

• Displaying a notice on our website

Changes are effective immediately upon posting unless otherwise stated. Your continued use of our website or Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

For material changes that significantly affect how we use your personal information, we will make reasonable efforts to provide prominent notice before the changes take effect.

If you have questions, concerns, complaints, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us:

**Email:** usemantasec@gmail.com

**Website:** manta.blue

Please include "PRIVACY" in your subject line for privacy-related inquiries.

For data subject access requests, opt-out requests, or other privacy rights requests, please include the specific right you wish to exercise and sufficient information for us to verify your identity.

We aim to respond to privacy inquiries within 30 days, or within the timeframe required by applicable law.

For urgent privacy matters or data breach reports, please clearly indicate "URGENT — PRIVACY" in your subject line.

By using our website, Services, or providing information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.