Privacy Policy

Introduction

Manifold Finance is committed to protecting the privacy and security of personal information we collect from visitors to our website, users of our services, inventors, clients, licensees, partners, investors and job applicants. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, the rights available to data subjects, and how to contact us about privacy matters.

This Policy applies to personal data collected through manifoldfinance.com, its subpages and related web properties (the “Site”), our secure client portal, and other online or offline interactions with Manifold Finance where this Policy is expressly referenced. It also describes how we handle personal information in the context of our IP development, licensing, portfolio management and investment services.

Controller and Contact Information

Data controller

The data controller responsible for processing personal information collected via the Site and our services is Manifold Finance. If you are uncertain whether we are the controller for a particular dataset or engagement, contact us using the information below and we will clarify.

Contact details

If you have questions, requests or concerns relating to this Privacy Policy or our data practices, please contact us:

  • Email: privacy@manifoldfinance.com
  • Portal support: support@manifoldfinance.com

Scope and Applicability

This Policy explains how we process personal information in the following contexts:

  • Visitors browsing the public Site.
  • Users who create accounts on the Site or the secure client portal.
  • Inventors and submitters who provide invention disclosures or technical materials.
  • Prospective and actual clients, licensees, partners and counterparties.
  • Investors, sponsors and financial counterparties.
  • Job applicants, candidates and contractors.
  • Subscribers to newsletters and marketing communications.
  • Users of any interactive features (contact forms, feedback, surveys).

Where we process personal data in the context of a specific contractual engagement (for example, under a client agreement), contractual terms and notices provided with that agreement will complement this Policy and may include specific processing details that take precedence for that engagement.

Types of Personal Data We Collect

We collect different categories of personal data depending on the nature of the interaction. Typical categories include:

Contact and identity data

  • Full name, title, organization, job role.
  • Email address, telephone number, physical address.
  • Company name and corporate details (for organization contacts).

Account and authentication data

  • Username, account identifiers, hashed passwords, authentication tokens.
  • Two-factor authentication data (where enabled).

Professional and engagement data

  • Inventor disclosures and technical descriptions.
  • Professional background, CVs, education and employment history for applicants.
  • Client onboarding documents and engagement metadata (project names, roles, contractual points).

Financial and transactional data

  • Billing and invoicing details, bank account information (for payments), tax identification numbers (where required).
  • Payment transaction records and remittance details where we provide financing or receive fees.

Usage and technical data

  • IP address, device type, browser, operating system, pages viewed, referral/exit pages, time stamps, and interactions with the Site.
  • Cookies and similar tracking technologies.
  • Log files and server analytics data.

Communications and content

  • Messages sent to us via contact forms, email, or the portal (including attachments).
  • Recorded support interactions, transcripts, and call logs.

Sensitive data (special categories)

  • We generally avoid collecting sensitive personal data (e.g., health, race, religion). If such data is provided in the course of an engagement or application, we will only process it where permitted by law and with appropriate safeguards; we will notify you and obtain explicit consent where required.

How We Collect Personal Data

We collect personal data through multiple channels:

Directly from you

  • When you submit a contact form, inquiry, inventor disclosure, or job application.
  • When you create an account on the portal or sign documents electronically.
  • When you communicate by email, telephone, or post.

Automatically

  • When you visit the Site, we automatically collect technical and usage information via cookies, server logs and analytics tools.
  • We may collect device and connection information to protect the Site and users.

From third parties

  • From service providers (payment processors, background check vendors, identity verification services).
  • From public sources (professional networking profiles, publicly filed patent data).
  • From partners, referrals and intermediaries who introduce clients or candidates.

Purposes of Processing and Legal Bases

We process personal data to perform core business activities and to comply with legal obligations. The lawful bases for processing depend on the context and jurisdiction; common legal bases we rely on include consent, performance of a contract, legitimate interests, and legal obligations.

Core purposes

  1. To provide our services and manage engagements
  • What: Use contact, identity, technical and financial data to onboard clients, manage projects, deliver licensing and advisory services, manage investments and process payments.
  • Legal basis: Performance of a contract with the data subject, or to take steps at the request of the data subject prior to entering a contract.
  • Examples: Creating project workspaces, delivering royalty statements, processing invoices.
  1. To operate and secure the Site and portal
  • What: Maintain secure authentication, prevent fraud, investigate abuse, and maintain technical operation of the Site and portal.
  • Legal basis: Legitimate interests (security and operation), or performance of a contract (for portal users).
  • Examples: Password validation, two-factor authentication, monitoring for anomalous access.
  1. To communicate and support users
  • What: Respond to inquiries, provide customer support, send transaction confirmations and administrative messages.
  • Legal basis: Performance of a contract, legitimate interests (customer service), or consent (for marketing communications).
  • Examples: Email updates on licensing negotiations, support ticket responses.
  1. For marketing and newsletters (with consent where required)
  • What: Send newsletters, event invitations and marketing materials.
  • Legal basis: Consent in jurisdictions requiring it, or legitimate interests in others where permitted and balanced.
  • Examples: Monthly blog digest or webinar invites.
  1. To comply with legal and regulatory obligations
  • What: Retain and disclose records when legally required (tax, audit, litigation or regulatory inquiries).
  • Legal basis: Compliance with legal obligations.
  • Examples: Tax reporting, litigation hold preservation.
  1. For recruitment and HR processes
  • What: Process applicant CVs, interviews and background checks for hiring decisions.
  • Legal basis: Performance of pre-contractual measures, legitimate interests, or consent for background checks.
  • Examples: Evaluating candidates, verifying references.
  1. For analytics and improvement
  • What: Analyze how visitors use the Site to improve content, usability and services.
  • Legal basis: Legitimate interests (service improvement) or consent for tracking technologies in applicable jurisdictions.
  • Examples: Aggregate analytics, A/B testing.
  1. For research and product development
  • What: Use anonymized or de-identified data to develop internal processes and service offerings.
  • Legal basis: Legitimate interests.
  • Examples: Aggregated metrics for product roadmaps.

Cookies and Similar Technologies

What we use cookies for

We use cookies and similar technologies (pixel tags, local storage) to provide Site functionality, remember preferences, enable security features, and collect analytics. Cookies fall into categories:

  • Strictly necessary cookies: Required to operate the Site and portal (session cookies, authentication).
  • Performance and analytics cookies: Collect aggregated statistics about usage (pageviews, time on page).
  • Functional cookies: Remember user preferences and settings.
  • Advertising/targeting cookies: Used to deliver relevant third-party content or ads where enabled.

Consent and control

Where required by law, we request your consent before setting non-essential cookies. You can manage cookie preferences through our cookie banner, browser settings, or by adjusting preferences in your portal account. Disabling certain cookies may limit Site functionality.

Third-Party Services and Sharing

We share personal data with third parties when necessary to provide services or as required by law. Categories of recipients include:

Service providers and subprocessors

  • Cloud hosting and infrastructure providers.
  • Payment processors and banks (for billing and remittance).
  • Email and communication platforms.
  • Analytics providers and marketing platforms.
  • Identity verification and background check vendors.

These providers act as data processors and are contractually required to keep data confidential and secure.

Professional advisors and counsel

External law firms, patent counsel, accountants and auditors to support legal, prosecution and financial matters. Sharing is limited to what is necessary and governed by confidentiality.

Transaction counterparties

Potential licensees, buyers, investors or counterparties may receive limited personally identifying information as part of a transaction process (for example, a counterpart’s authorized contact details). Where disclosure includes confidential technical materials, it occurs only under NDA or under the terms of the relevant engagement.

Regulatory and legal authorities

Where required by law, court order or legitimate government request we will disclose personal data to legal authorities or regulators.

Business transfers

In the event of a reorganization, merger, sale, or acquisition, we may transfer personal data as part of the transaction; we will require the acquirer to use personal data in a manner consistent with this Policy.

International Data Transfers

Our operations and service providers may be located in multiple countries. Where we transfer personal data outside the country of the user’s residence (including transfers from the EEA or UK to other jurisdictions), we take steps to ensure adequate safeguards are in place such as:

  • Standard contractual clauses approved by the European Commission or other legitimate transfer mechanisms.
  • Ensuring recipients are subject to an adequate level of protection under applicable law.
  • Implementing additional technical and organizational controls as needed.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, to comply with legal obligations, resolve disputes, enforce our agreements, or as required for record keeping and compliance.

Retention periods vary by data type and purpose. Examples:

  • Client engagement data and accounting records: retained for the longer of contractual duration and statutory limitation periods (often several years) to comply with tax and audit obligations.
  • Portal account and authentication data: retained as long as the account is active and for a period afterwards to support legal obligations or investigations.
  • Marketing consent and newsletter subscriptions: retained while you remain subscribed and for limited time after unsubscribing to record your preference.
  • Applicant data: retained for a reasonable time after the recruitment process ends (typically 6–24 months) unless you consent to longer retention or a statutory requirement applies.

If you wish to request deletion of specific personal data, see the “Your Rights” section below.

Security Measures

We maintain administrative, technical and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security practices include:

  • Encryption in transit (TLS) and at rest for sensitive information.
  • Access controls, role-based permissions and privileged access management.
  • Logging, monitoring and intrusion detection systems.
  • Regular internal and third-party security testing and vulnerability assessments.
  • Incident response plans, including notification processes when required by law.

While we use reasonable measures, no system can be guaranteed to be fully secure. If you suspect a security incident involving your personal data, contact privacy@manifoldfinance.com immediately.

Data Breach Notification

In the event of a confirmed data breach that affects personal data, we will follow applicable notification requirements:

  • We will promptly contain and investigate the incident.
  • If required by law, and where feasible, we will notify affected individuals and relevant supervisory authorities without undue delay.
  • Notifications will include the nature of the breach, likely consequences, measures taken and mitigation steps for affected individuals.

Children’s Privacy

The Site and our services are not directed to children under 16 (or a higher age where local law requires). We do not knowingly collect personal data from children. If you believe we have collected information from a child in violation of this Policy, please contact us and we will take steps to delete the information.

Your Rights and Choices

Depending on your jurisdiction, you may have privacy rights with respect to personal data we hold about you. These rights vary by law; examples include:

Access and portability

You may request access to a copy of personal data we hold about you and, where feasible, receive a machine-readable copy for portability.

Correction

You may request correction of inaccurate or incomplete personal data.

Deletion

You may request deletion of personal data where there is no legal reason for us to retain it.

Restriction and objection

You may request restriction of processing or object to processing based on legitimate interests. In certain cases, we may no longer be able to provide services if you object to necessary processing.

Withdraw consent

Where processing is based on consent, you can withdraw consent at any time; withdrawal does not affect processing which occurred prior to withdrawal.

Opt-out of marketing

You may opt out of marketing communications by clicking the unsubscribe link in marketing emails or contacting privacy@manifoldfinance.com.

Data subject complaints

If you are in the EEA or another jurisdiction with a supervisory authority, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we may address your concerns.

How to exercise your rights

Submit requests via privacy@manifoldfinance.com with the subject line “Privacy Rights Request” and provide sufficient information to identify yourself and the data you want to access, correct or delete. We will respond within applicable statutory timeframes and may request additional information to verify your identity where necessary.

Special Notices for Residents of Specific Jurisdictions

European Economic Area (EEA), United Kingdom and Switzerland

For EEA/UK/Swiss residents, legal bases for processing include contractual necessity, compliance with legal obligations, consent, and Manifold’s legitimate interests. We will honor rights granted by the GDPR (access, rectification, erasure, restriction, objection, portability) and provide DPA-level protections for transfers.

California Residents (CCPA/CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know categories of personal information collected, to request deletion, to opt out of sale/sharing for targeted advertising (if applicable), and to non-discrimination for exercising privacy rights.

Other jurisdictions

We aim to comply with local privacy laws in jurisdictions where we operate. If you have questions about how local law applies, contact privacy@manifoldfinance.com.

Recruitment and Job Applicants

When you apply for a position with us, we collect and process applicant personal data (CV, contact details, references, interview notes) to evaluate your candidacy and for hiring decisions. By submitting an application you consent to this processing for recruitment purposes. If you are not selected, we may retain application materials for future opportunities only with your consent.

Inventor Disclosures and Confidential Technical Materials

Inventor submissions frequently include sensitive technical information. Our approach:

  • We encourage limited initial disclosure (abstract) until an NDA is in place.
  • When detailed disclosures are provided, they are stored in secure project workspaces with restricted access.
  • We sign NDAs or process mutual confidentiality agreements where required.
  • Only authorized Manifold personnel and designated external counsel or potential commercial partners (under NDA) will access detailed technical materials.
  • We use role-based access control and document watermarking for sensitive files.

Client Portal and Account Data

Registered users of our client portal have accounts that contain project documents, financials, messages and audit logs. Portal data processing is necessary to provide contractual services. Portal accounts are secured by passwords and can optionally use 2-factor authentication. Account owners control team access and may invite users; account administrators are responsible for assigning appropriate permissions.

Automated Decision-Making and Profiling

We may use automated tools to assist with internal processes such as risk scoring, prioritization of leads or candidates, and fraud detection. These tools are designed to assist human decision-makers and do not constitute sole-basis automated decision-making that has legal or similarly significant effects on individuals. Where required by applicable law, we will notify you and provide meaningful information about the logic involved and how to request human review.

Marketing Communications and Unsubscribing

We only send marketing communications to individuals who have opted in or where we have a legitimate interest and provide an easy opt-out. Every marketing email includes an unsubscribe link. You may also opt out by contacting privacy@manifoldfinance.com.

Links to Other Sites

The Site may contain links to third-party websites. This Policy does not apply to third-party websites. We encourage you to review the privacy notice of every website you visit. We are not responsible for third-party privacy practices or content.

Changes to This Privacy Policy

We may update this Policy periodically to reflect changes in law, our practices or the services we provide. When we make material changes, we will post a prominent notice on the Site and update the “Last Updated” date at the top. Continued use of the Site after posting changes constitutes acceptance of the updated Policy.

Data Processing Agreements and Subprocessors

Where we engage subprocessors (e.g., cloud hosting, analytics, email delivery), we enter written agreements imposing data protection obligations. Contact us and we will provide relevant information pursuant to contractual arrangements and applicable law.

How to Contact Us

If you have questions about this Privacy Policy, want to exercise data rights, or wish to make a complaint, contact:

  • Email: privacy@manifoldfinance.com
  • Postal: Manifold Finance — Privacy Office

We aim to respond to data subject requests within applicable legal timeframes. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.

Effective Date and Updates

This Privacy Policy is effective as of the date posted on the Site. We review and update it regularly; please check the Site for the current version.

Additional Disclosures

  • Recordkeeping: Record retention and deletion schedules are governed by contractual obligations and legal retention periods (tax, regulatory, litigation).
  • Encryption and backups: Sensitive data is encrypted in transit and where feasible at rest; we maintain regular backups and secure key management practices.
  • Vendors located outside your jurisdiction: Where vendors are outside the EEA/UK/other local areas, transfers are protected by standard contractual clauses or other lawful mechanisms.
  • Security incidents: We maintain an incident response plan; affected individuals will be notified in accordance with applicable laws.

Thank you for reading our Privacy Policy. We are committed to responsible data stewardship and to working with you transparently. If you need any clarification about how we handle your personal data, please contact us.