Privacy Policy
1. Introduction
Mantis ("we", "us", "our") operates justmantis.com, an AI-powered YouTube analytics platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.
By using Mantis, you agree to the collection and use of information as described in this policy.
2. Information We Collect
Account Information
When you sign up, we collect your email address and name via Google OAuth (powered by Supabase).
YouTube Submission Data
When you submit a YouTube URL for analysis, we collect and store:
- The YouTube video URL and video ID
- Publicly available video metadata from the YouTube Data API: title, channel name, publish date, view count, like count, comment count, video duration, and video description
- AI-generated analysis results including scores, recommendations, and action plans derived from the video
Temporary Audio Data
To generate transcriptions, we temporarily download audio from YouTube videos to our server. This audio is used solely to produce the transcript and analysis. Note: current implementation does not automatically delete these temporary files after processing.
Usage Data
We track how many times you use each feature per month to enforce plan limits.
Payment Information
Payments are processed by Stripe. We do not store your credit card number, CVV, or full payment details. We store your Stripe customer ID and subscription status only.
Technical Data
We collect error logs, performance data, and usage analytics to improve the service via Sentry and PostHog.
3. How We Use Your Information
We use your information to:
- Provide, operate, and improve the Mantis service
- Generate AI-powered video audits, channel breakdowns, scripts, and trend analysis
- Enforce monthly usage limits based on your plan
- Process payments and manage your subscription
- Send transactional emails (receipts, account notices)
- Monitor for abuse and protect the security of the service
- Comply with legal obligations
4. AI Processing Disclosure
This is important. When you submit a YouTube URL, the following occurs:
- Video metadata and derived transcript content are sent to Anthropic (Claude) and/or OpenAI (GPT-4o, Whisper) to generate analysis
- These third-party AI providers process your submitted data under their own terms and privacy policies
- Anthropic does not train on API inputs by default. See: anthropic.com/privacy
- OpenAI does not train on API inputs by default. See: openai.com/policies/privacy-policy
We do not submit personally identifiable information to AI providers — only YouTube content metadata and derived text.
5. Third-Party Services
We use the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Authentication and user data storage | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Anthropic | AI analysis (Claude) | anthropic.com/privacy |
| OpenAI | AI analysis (GPT-4o, Whisper) | openai.com/policies/privacy-policy |
| YouTube Data API | Video metadata | policies.google.com/privacy |
| PostHog | Product analytics | posthog.com/privacy |
| Sentry | Error monitoring | sentry.io/privacy |
| Render | Backend hosting | render.com/privacy |
| Vercel | Frontend hosting | vercel.com/legal/privacy-policy |
6. Data Retention
- Audit results and history: Retained indefinitely until you delete your account
- Audit cache: Automatically expires after 24 hours
- Usage records: Retained for billing and abuse prevention purposes
- Temporary audio files: Stored on our server during processing; we are working to implement automatic deletion after transcription completes
7. Data Security
We implement industry-standard security measures including:
- HTTPS encryption on all connections
- Environment-variable-only storage of API keys and secrets
- HTTP security headers (HSTS, CSP, X-Frame-Options)
- Signature verification on all Stripe webhook events
- Error monitoring via Sentry
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of all data we hold about you
- Deletion: Request deletion of your account and associated data
- Portability: Export your data in a machine-readable format
- Correction: Request correction of inaccurate data
- Objection: Object to processing of your data for analytics purposes
To exercise any of these rights, email support@justmantis.com. We will respond within 30 days.
9. GDPR (European Users)
If you are located in the European Economic Area, you have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority. Our legal basis for processing is:
- Contract: To provide the service you signed up for
- Legitimate interests: Security, fraud prevention, service improvement
- Consent: Analytics tracking (where consent is given)
10. CCPA (California Users)
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell your personal information. To submit a request, contact support@justmantis.com.
11. Cookies
We use essential cookies for authentication and session management. We use analytics cookies (PostHog) only with your consent. You can manage cookie preferences via the consent banner on our site.
12. Children's Privacy
Mantis is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact support@justmantis.com.
13. Changes to This Policy
We may update this policy periodically. We will notify you of significant changes by email or by posting a notice on the site. The "Last Updated" date at the top will always reflect the most recent version.
14. Contact
For privacy-related questions or requests:
Email: support@justmantis.com
Operated by: Luis Herrera, Florida, United States