Privacy Policy
Effective: June 3, 2026 · Last updated: June 3, 2026
1. Overview
MantisOps, LLC ("MantisOps," "we," "us") operates MantisRMM and Mantis360. This Privacy Policy explains what data we collect, why we collect it, and how we protect it.
2. Data we collect
2.1 Account data
When you register, we collect:
- Name, email address, and company name
- Billing address and payment information (processed by Stripe — we do not store raw card data)
- Product key and activation details
- Timestamp and IP of your acceptance of these terms
2.2 Product usage data
Our products collect data from your infrastructure to provide the Services:
The MantisRMM agent collects:
- System metrics (CPU, memory, disk, processes, services)
- Installed software and patch status
- Agent version, hostname, OS version, and connectivity status
- Remote desktop session frames (while an active session is in progress)
- Terminal command output (commands you execute via the console)
- File listings and transfers (files you access via the file browser)
The Mantis360 probe collects:
- Network scan results (IP addresses, open ports, device types, OS fingerprints)
- Vulnerability findings against CVE / NVD data
- DNS, WHOIS, and TLS certificate metadata for targets you scan
- Probe status, version, and connectivity data
2.3 Log data
We automatically collect:
- API request logs (endpoint, timestamp, response code — no request bodies)
- Error logs for debugging
- Authentication events (login attempts, MFA, session activity)
2.4 Cookies and browser data
Our web applications use:
- Session cookies (HttpOnly, Secure, SameSite=Strict on admin / Lax on customer-facing) for authentication
- No advertising or third-party tracking cookies
- HubSpot live chat widget (when enabled) sets a first-party cookie for conversation continuity
3. How we use your data
| Data type | Purpose |
|---|
| Account data | Account management, billing, support |
| Network scan data | Displaying results in your Mantis360 dashboard |
| Agent metrics | Displaying in your MantisRMM dashboard, alerting |
| Remote session data | Providing remote access; not recorded or stored server-side |
| Log data | Debugging, security monitoring, abuse prevention |
We do not sell your data. We do not use your infrastructure data to train AI models.
4. Storage and infrastructure
- All data is stored on Cloudflare's infrastructure (Workers D1 databases, R2 object storage)
- Cloudflare operates globally; data may be stored and processed in the United States and European Union
- Each customer's data is stored in an isolated per-tenant database — your data is not commingled with other customers'
- Data is encrypted in transit (TLS 1.2+) and at rest
5. Retention
| Data type | Retention period |
|---|
| Account data | Duration of subscription + 30 days after termination |
| Scan results and agent metrics | 90 days rolling history (configurable) |
| API and login audit logs | 90 days |
| Remote session frames | Not retained — streamed in real-time only |
| Payment records | 7 years (US tax / legal requirement) |
6. Sub-processors
We use the following third parties who may process your data. The current authoritative list lives at /legal/sub-processors.html.
| Service | Purpose |
|---|
| Cloudflare | Infrastructure, CDN, DDoS protection |
| Stripe | Payment processing |
| HubSpot | Customer support tickets and live chat |
| Resend | Transactional email delivery |
| Microsoft Graph API | Email sending for administrative correspondence |
We will notify you by email at least 30 days before adding a new sub-processor.
7. Your rights
Depending on your location, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (subject to legal retention requirements)
- Export your data in a portable format
- Object to certain processing
To exercise these rights, contact us at support@mantisops.net. We will respond within 30 days.
8. GDPR (EU/UK customers)
If you are located in the European Union or United Kingdom:
- Our lawful basis for processing is contract performance (providing Services you subscribed to) and legitimate interests (security, fraud prevention)
- For data transfers outside the EU/UK, we rely on Cloudflare's Standard Contractual Clauses
- Our Data Protection contact is security@mantisops.net
- You have the right to lodge a complaint with your local supervisory authority
Enterprise customers requiring a formal Data Processing Agreement should contact us.
9. Children's privacy
Our Services are not directed at individuals under 18. We do not knowingly collect data from minors.
10. Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encryption in transit (TLS 1.2+) and at rest
- Per-tenant data isolation (separate D1 database per customer)
- Multi-factor authentication on administrative accounts
- Login audit logging and anomalous-activity alerting
- Rate limiting and account lockout on authentication endpoints
- Regular dependency security reviews
To report a vulnerability, please email security@mantisops.net.
11. Changes to this policy
We will notify you by email at least 30 days before material changes take effect. Continued use of the Services after the effective date constitutes acceptance.
MantisOps, LLC
Email: support@mantisops.net
Security: security@mantisops.net
← Back to MantisOps