1. Overview
ManifestD is a product of Manifest Digital LLC ("we," "us," or "our"). This Privacy Policy describes how we collect, use, and protect information when you use the ManifestD platform — a B2B SaaS application for digitizing transfer manifest workflows under California DCC regulations.
By using ManifestD, you agree to the practices described in this policy.
2. Information We Collect
We collect information necessary to operate the platform and maintain compliance records:
- Business and account information (company name, license number, contact details)
- Driver and employee information entered by authorized dispatchers (name, employee ID, driver's license number)
- Electronic signatures (handwritten signature images captured via secure web forms)
- GPS coordinates at time of signing (collected with user consent)
- Device and browser metadata (IP address, user agent) for audit trail purposes
- METRC transfer manifest data uploaded to the platform
- Email addresses for sending signed document copies
3. How We Use Your Information
- To generate legally compliant electronic signature records for transfers
- To produce and file signed PDF manifests to your company's Google Drive
- To send transactional notifications (signing links, signed document copies) via email or SMS
- To maintain audit trails required by California DCC regulations
- To operate, maintain, and improve the ManifestD platform
- To respond to support requests and compliance inquiries
4. SMS Communications
ManifestD may send SMS messages to drivers and receiving staff containing secure links to digital signing flows. Phone numbers are entered by authorized company dispatchers — we do not collect phone numbers through public opt-in forms.
Recipients may opt out at any time by replying STOP to any message. For help, reply HELP or contact us at support@mnfestd.com. Message and data rates may apply.
5. Data Storage and Security
Signed documents and audit trail records are stored in your company's designated Google Drive folder using a service account with scoped access. Signature data, GPS coordinates, and metadata are stored in a secured PostgreSQL database hosted on Railway.
We implement industry-standard security measures including encrypted connections (TLS), token-based authentication for all signing flows, and access controls limiting data to authorized company users.
6. Data Sharing
We do not sell your data. We do not share your data with third parties for marketing purposes. We may share data only in the following circumstances:
- With your company's authorized users as part of normal platform operation
- With California DCC or law enforcement when required by law
- With service providers (Google Drive, Postmark, Telnyx) strictly for platform functionality
7. Data Retention
Signed manifest records and audit trails are retained for a minimum of 3 years in accordance with California recordkeeping requirements. You may request deletion of your account data by contacting us — note that compliance records required by law cannot be deleted prior to their required retention period.
8. Your Rights
California residents have rights under the CCPA including the right to know what personal information we collect, the right to request deletion, and the right to opt out of sale (we do not sell data). To exercise these rights, contact us at the address below.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify active users of material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.