iMangroveiMangrove
HomePlatformFAQ
HomePlatformFAQ

Privacy

Privacy Policy

Last updated: 2026-05-14

How Mangrove collects, uses, and safeguards data — written for financial teams who need to defend it in due diligence.

IntroductionData we collectHow we use itFinancial Agent safeguardsSharing & sub-processorsYour rightsContact

1. Introduction

Mangrove is the Agent Workspace for financial teams — research, reporting, client service, and operational workflows run on trusted data, controlled execution, and audit-ready outputs. This policy explains how we handle personal data, customer content, and operational telemetry.

This policy applies to the Mangrove web product (imangrove.ai), its associated APIs, and the Mangrove mobile / desktop clients. It does not apply to third-party platforms our customers connect (Lark, AWS, AI providers) — those are governed by their own privacy notices.

2. Data we collect

Account data: name, email (or placeholder `{open_id}@lark.local` when Lark does not authorize email), avatar, organization, role assignments.

Usage data: page views, feature interactions (action events such as `chat_share`, `kb_search`), session timestamps, device and browser fingerprint for security review.

Customer content: documents you upload, conversations, knowledge base entries, generated reports, task run state. This content belongs to the customer tenant, not Mangrove.

Inferred operational data: vector embeddings, intent routing decisions, agent run traces. Used to operate the product; never sold.

3. How we use it

Provide the service — sign-in, model routing, knowledge retrieval, agent execution, report rendering.

Improve the product — aggregate, de-identified usage signals to understand which workflows succeed and which need work. We do not train foundation models on customer content; we may use anonymized failure samples to tune our own intent router and tool selection.

Operate safely — fraud, abuse, and security incident detection; rate limiting; audit log retention.

Comply with law — respond to lawful requests; preserve evidence under legal hold.

4. Financial Agent safeguards

Mangrove is built for due diligence by financial counterparties. The following safeguards are available; specific configurations depend on your deployment.

Deployment

Private deployment keeps data on your side

In private deployment, all customer content, embeddings, run state, and audit logs stay inside your network. Mangrove does not exfiltrate data to a multi-tenant cloud you don't control. Available in self-hosted Docker Compose, VPC, and on-premise variants.

Redaction

Tenant-local redaction before model calls

Sensitive fields (names, national IDs, account numbers, monetary amounts) pass through a tenant-controlled redaction model before any payload reaches a third-party model provider. The provider sees only redacted text; the mapping table stays inside your perimeter.

Encryption

AWS KMS with customer-managed keys

When Mangrove hosts ingestion artifacts (original documents, parsed structures, intermediate OCR / table outputs), they are encrypted with AWS KMS CMKs in your AWS account. Mangrove cannot read or decrypt without a key grant you control; key revocation makes the data unreadable to us.

Providers

Model provider boundaries are explicit

Each AI provider is listed in your admin console with its data retention, training-on-customer-data, and region commitments. You can disable any provider per tenant; routing falls back to allowed providers automatically.

5. Sharing & sub-processors

We share data only with sub-processors that operate Mangrove on our behalf, under contractual data protection terms. Current sub-processors:

• Lark Suite (OAuth, optional knowledge sync) — see Lark privacy notice.

• AI providers (OpenAI, Anthropic, Google, OpenRouter, and customer-configured providers) — only redacted payloads.

• Cloud infrastructure (AWS, customer-managed for hosted deployments).

• Error monitoring (internal `/api/client-error` reporter; no third-party Sentry by default).

We do not sell personal data. We do not share customer content with marketing partners.

6. Your rights

Subject to your jurisdiction (GDPR, CCPA, China PIPL), you have rights to access, correct, export, restrict, or delete your personal data. Contact us at the email below; we respond within 30 days.

For customer content (documents, conversations) within an enterprise tenant, requests are typically routed to the tenant admin who owns the contract.

7. Contact

Data protection inquiries: privacy@imangrove.ai

If you are an enterprise customer, your account team is the primary contact for contract-level questions.

iMangrove

The AI Knowledge Base & Research Copilot for Financial Teams.

Product

  • Why Mangrove
  • Workflow
  • Architecture
  • Deployment

Trust

  • Governance
  • Proof Ledger
  • FAQ

Legal

  • Privacy policy

Mangrove does not provide investment advice, does not automate trading, and does not guarantee returns. All workflows operate under human approval and audit.

© 2026 Mangrove. All rights reserved.