Manifest — Effective date: July 10, 2026
Manifest is operated by TribalHouse (contact: support@tribalhousestudios.com). This policy describes what data the plugin collects, where it is stored, and your rights.
We collect only data that you explicitly provide or that results from an explicit action you take inside the plugin.
Account data
Workspace data
Design data
Usage data
Payment data
All data is stored in Supabase (PostgreSQL database and object storage), hosted in the EU region (Frankfurt, Germany). Preview images and node snapshot JSON are stored in Supabase Storage behind signed URLs. Direct public access is not possible.
Within a workspace: all members of your Manifest workspace can see releases, commits, and committed items within that workspace. This is enforced by row-level security at the database level — workspace members cannot access data from other workspaces.
TribalHouse: we do not access individual design snapshot content except when required to diagnose a technical support issue you have reported, and only with your permission. We have access to aggregate usage metrics (commit counts, active users) for operational purposes.
Snapshot history (commits, node snapshots, and their preview images) is retained according to your plan’s history window and then deleted by a scheduled job that runs regularly:
Deletion happens in periodic batches, so items may persist briefly past the window before the next scheduled run removes them.
Account data: retained for as long as your account is active.
Deletion on request: you can request deletion of all data associated with your account by emailing support@tribalhousestudios.com. We will delete your account and all associated design data within 30 days. This action is irreversible.
You have the right to access a copy of the data we hold about you, correct inaccurate data, request deletion of your data, and object to processing where applicable under law. To exercise any of these rights, contact support@tribalhousestudios.com.
Communication between the plugin and backend uses HTTPS. Authentication tokens are stored in Figma’s clientStorage (local to the user’s machine). Row-level security policies enforce data isolation at the database layer.
If we make material changes to this policy, we will update the effective date and, where practicable, notify users via the plugin or by email.