Skip to content

Privacy policy

Describes how Mandrel (operated by [Company legal name — legal review]) collects, uses, stores, discloses, and protects information. Supplemental disclosures may apply depending on contractual terms with your employer or organization (“Customer”).

Last updated:

Related: Terms of service · Security & trust

Introduction

Mandrel delivers a cloud workspace for structuring organizational data—including configurable collections (“Collections”), forms, automations where enabled, and optional AI-assisted tooling. Protecting Personal Data processed through the Services matters to us. By accessing or using the Services, Customers and their Authorized Users acknowledge this policy alongside the Terms of Service.

Information we collect

1. Account data (admin-invited & self-registration)

Authorized operators may invite colleagues; self-service registration may be offered when administrators enable it for a deployment. Typical account metadata includes corporate email addresses, preferred names (first/last where supplied), authentication secrets (stored only as cryptographic hashes referencing industry-standard salted password hashes), RBAC assignments, invitations and acceptance history, organizational membership, and onboarding timestamps.

2. Session & authentication telemetry

Successful sign-ins mint short-lived bearer tokens and hashed refresh material stored in our database paired with originating IP address, HTTP user-agent strings, issuance timestamps, and rotation history. Unsuccessful login attempts log email keyed rows, outcome flags, IP address/user agent, and timestamps for abuse-detection horizons described below.

Cookies & comparable browser storage (cookies anchor)

Authenticated sessions rely on opaque tokens stored locally in browser sessionStorage/localStorage (currently under keys resembling mandrel_access/mandrel_refresh) controlled by Mandrel—not third-party trackers. Appearance preferences persist via @nuxtjs/color-mode mechanisms (typically a client preference cookie or local storage honoring your theme toggle). Organizational UI choices may reside in auxiliary Mandrel-managed keys such as selected organization shortcuts.

Mandrel routes do not intentionally load advertisement pixels and do not knowingly drop third-party marketing or analytics cookie profiles.

Name / key patternPurposeRetention
mandrel_access / mandrel_refreshEssential session credentials for Authorized Users signing in through the SPA.Until logout/rotation; aligns with JWT & configured refresh TTLs.
nuxt-color-modePreserve light/dark preference across navigations.Persistent until cleared manually.
mandrel_active_org (representative)Remember last selected organization slug for multitenant workspaces.Persistent until overwritten or cleared manually.

Customer data inside Collections

Customers upload or enter bespoke business payloads—customer lists, inventories, PHI/PII if they choose—in dynamic tables modeled per Collection. Customers determine lawful bases, notices, inventories, DPIAs, and onward vendor contracts for that material. Mandrel processes such Personal Data to provide/host Services and may qualify as Processor for Customer-controlled Customer Personal Data (**requires contractual alignment with counsel**).

AI assistant telemetry

Conversational payloads, session identifiers, timestamps, completions, tooling traces (including MCP/function dispatches where enabled), quotas, moderation metadata, and operational metrics such as latency and token bookkeeping may reside in Mandrel-managed stores. Inference may traverse Google Gemini when deployments supply credentials; subprocessors lists below matter for transfer analysis.

Administrative audits

Audit timelines may cover authentication events (AUTH), guarded API verbs (API when enterprise logging permits), substantive data workflows (DATA), administrative actions (ADMIN), and systemic jobs (SYSTEM) with contextual metadata describing actor, endpoints, payloads (where safe), timestamps, originating IP, and correlation identifiers enabling investigations.

Automations & workflows

Automation executions record statuses, durations, structured logs, sanitized error payloads, initiating users (where applicable), and references to originating records for deterministic replay/traceability.

How we use information

  • Authenticate Authorized Users and detect credential abuse patterns.
  • Deliver, troubleshoot, replicate, optimize, backup, restore, meter, invoice, notify (transactional).
  • Uphold security, incident response, legal compliance, subpoena handling where validated.
  • Support administrators and customers with reproducible forensic detail.
  • Analyze aggregated performance—not sold marketing profiles—to improve reliability.

Storage & safeguards

Hosted relational databases use parameterized/object-relational tooling (via Drizzle/ORM equivalents) resisting typical SQL injection. Passwords salted & hashed. RBAC pervades tenancy boundaries. Sensitive tokens avoided in marketing scripts. Adaptive rate limiting mitigates brute forcing. Incident response rotates secrets per policy.

Sharing & subprocessors

  • Mandrel does not sell Personal Data or rent mailing lists.
  • Google Gemini — AI inference workloads may traverse Google-managed APIs pursuant to contractual DPA safeguards when enabled (**customer counsel should confirm sufficiency for regulated industries**).
  • Hosting/email/monitoring/logging — production operators rely upon infrastructure partners (regions vary per deployment contract). Substitutions garner notice methods described further down.
  • Authorities — Mandrel complies with lawful, scoped compulsory process respecting appeal rights whenever viable.

Downloadable subprocessors appendix may be emailed on request via support@mandrel.cloud; substantive additions appear in changelog plus inline notice when legally permitted.

International transfers

Personnel, subprocessors, or Customers may reside in divergent jurisdictions—including the United States, European Economic Area, United Kingdom, or others. Appropriate SCCs/DPA safeguards/transfer analyses should be finalized with Mandrel contractual packages (**needs legal verification per deployment**).

Retention

  • Accounts: persist until contractual offboarding deletes tenant partitions unless earlier administrator-driven suspension.
  • Sessions/security logs: rotate per TTLs; breached credentials revoke immediately upon detection.
  • Audit logs: honor optional per-row expiry columns or enterprise archiving exports.
  • Assistant transcripts: persist until erased per workspace workflows or overarching tenant deletion.
  • Business payloads: soft-delete hides rows beneath deleted_at markers until deterministic purge pipelines or restores conclude.

Rights of data subjects

Subject to statute, Authorized Users may request access/rectification/erasure/export/objections through their Customer Administrators; Mandrel Support (support@mandrel.cloud) triages unresolved tickets. Responses require identity validation.

Administrative provisioning

Operators combine invitation-only onboarding with optional self-registration depending on tenancy configuration—including password policies, onboarding enforcement, SSO rollouts once contracted—and remain accountable for Authorized User inventories.

Children

Mandrel is not directed toward children under sixteen (16) or local equivalents. Custodial organizations must not knowingly supply minors’ Personal Data lacking lawful guardianship approvals.

Changes

Material edits update this header’s “Last updated” date plus changelog/email notifications where warranted; continued use signifies acknowledgment unless mandatory opt-in statutes demand distinct consent.

Contact

support@mandrel.cloud — general privacy. security@mandrel.cloud — coordinated disclosures and security escalation.

**Requires legal review** — liability caps, territorial specifics, HIPAA/Financial annexes, and processor DPAs exceed this engineering draft.