Privacy Policy

Last updated: March 1, 2026

1. Introduction

Mandel AI, Inc. ("Mandel AI," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our AI-powered supply chain coordination platform, website, and related services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

We take our obligations under applicable data protection laws seriously, including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) for California residents, and other applicable privacy regulations. We encourage you to read this policy carefully and contact us with any questions.

2. Information We Collect

2.1 Account and Registration Data

When you create an account or register for our Services, we collect information you provide directly to us, including: your full name, business email address, company name, job title, phone number, billing address, and payment information. This information is necessary to create and manage your account, provide the Services, and communicate with you about your subscription.

2.2 Usage Data and Platform Analytics

We automatically collect information about how you interact with our platform, including: pages and features you access, actions you take within the platform, search queries, time and duration of sessions, error logs, performance data, and workflow configurations. This data helps us improve our Services, identify technical issues, and understand how customers use our supply chain coordination tools.

2.3 Supply Chain and Business Data

To provide our core Services, you may upload or connect data about your supply chain operations, including: supplier information, inventory data, logistics and shipment records, purchase orders, demand forecasts, carrier performance data, and warehouse operations data. This business data is processed on your behalf as a data processor, and you retain ownership and control of this information.

2.4 Device and Technical Data

We collect technical information about the devices and systems you use to access our Services, including: IP address, browser type and version, operating system, device identifiers, time zone settings, location data (if permitted), referral URLs, and network information. This information helps us ensure compatibility, security, and optimal performance of our platform.

2.5 Communications Data

When you contact us for support, send feedback, or communicate with our team, we collect and store the content of those communications, including email messages, support tickets, chat logs, and survey responses.

2.6 Integration and Third-Party Data

If you connect third-party services to our platform (such as ERP systems, CRMs, carrier APIs, or data feeds), we may receive data from those integrations as part of providing the Services. The data we receive is governed by the permissions you grant and the third-party's privacy practices.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and improving Services: To operate, maintain, and enhance our platform, process your transactions, and develop new features.
  • Account management: To create and manage your account, authenticate your identity, and process subscription payments.
  • Customer support: To respond to inquiries, resolve technical issues, and provide assistance with our platform.
  • Communications: To send service announcements, security alerts, product updates, and (with your consent) marketing communications.
  • Analytics and research: To analyze usage patterns, conduct research, measure the effectiveness of features, and improve our AI models and algorithms.
  • Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other security incidents.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, and government requests.
  • Business operations: To manage our business, including financial reporting, planning, and corporate transactions.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Services you have subscribed to and fulfill our contractual obligations.
  • Legitimate interests: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Legal obligation: Processing required to comply with applicable laws and regulations.
  • Consent: Where we rely on your consent, such as for marketing communications, you may withdraw consent at any time.

5. Data Sharing and Disclosure

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business, including: cloud infrastructure providers (AWS), payment processors, email and communication services, analytics providers, security and fraud detection services, and customer support platforms. These providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Business Transfers

If Mandel AI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information is transferred and subject to a different Privacy Policy.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Mandel AI, our users, or others.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you participate in case studies or partner integrations.

6. Data Retention

We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this policy. Account data is retained for the duration of your subscription plus an additional period of up to 3 years to comply with legal obligations and resolve disputes. When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it by law.

Supply chain and business data you upload is retained according to your subscription terms and any data processing agreements in place. You may request deletion of your data at any time by contacting our privacy team.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your information, including: TLS encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication, role-based access controls, regular security audits and penetration testing, SOC 2 Type II compliance, and 24/7 security monitoring. While we strive to protect your information, no security system is impenetrable. We encourage you to use strong passwords and notify us immediately of any suspected unauthorized access to your account.

8. International Data Transfers

Mandel AI operates primarily in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your country. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection. By using our Services, you consent to the transfer of your information as described in this policy.

9. Your Rights and Choices

9.1 GDPR Rights (EEA Residents)

If you are in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to restriction: Request restriction of processing in certain circumstances.
  • Right to withdraw consent: Withdraw consent where processing is based on consent.

9.2 CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the CCPA, including: the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

9.3 Communication Preferences

You may opt out of receiving marketing communications from us by clicking the unsubscribe link in any marketing email, updating your account preferences, or contacting us directly. We will still send you essential service communications related to your account and the Services.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activity and preferences. For detailed information about our use of cookies, please review our Cookie Policy. You can control cookies through your browser settings and our cookie preference center.

11. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will promptly delete that information. If you believe we may have inadvertently collected information from a child, please contact us immediately.

12. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or integrations. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by sending an email notification. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

Mandel AI, Inc.
Attn: Privacy Team
1 World Trade Center, Suite 8500
New York, NY 10007
Email: [email protected]
Phone: +1 (646) 555-2800

For EEA residents, you also have the right to lodge a complaint with your local supervisory authority if you believe your rights have been violated.