How "we can't see your data" is a technical fact.

1Where your data lives

ManorMe is a self-hosted application. That means: every part of the running system — the database, the code, the documents, the user accounts — lives on infrastructure that you create, pay for, and control.

2What we can — and cannot — access

The clearest way to show this is in a single table. After your deployment is live:

The only information we hold about you is what you give us to support you — your email, the version of ManorMe you bought, and any support tickets you open. That information lives on our marketing CRM (Resend / Buttondown / equivalent) and never touches your ManorMe data.

3How to verify what we just told you

Anyone can claim "we can't see your data." We expect you to be skeptical. Here are the verification paths available — most of which you can perform yourself, in real time, without taking anything we say on faith.

Inspect the install transcript

During the onboarding call, you see every command we run, every environment variable we set, and every credential we create — all in your own Supabase and Vercel accounts, with you driving. You receive a written log of the entire session afterward. There is nothing in that transcript that grants us ongoing access.

Check the network traffic

Once your deployment is live, open your browser's developer tools (Network tab) and use the app. You'll see calls between your browser and your Supabase project — and no calls to manorme.ca domains. The only exception: if you opt in to the optional updates plan, ManorMe periodically checks our public release server for new versions. That check transmits only your license key, never any data from your database. You can disable it.

Verify the signed release

Every release of ManorMe is cryptographically signed. The hash of the binary running in your Vercel deployment is verifiable against the hash we publish on our release page. This means: the version running in your account is exactly the version we said we shipped, with no hidden modifications. The signing key and verification command are documented in the customer portal.

Audit your Supabase project

Log in to your Supabase dashboard. You created the project, you're the sole admin. You can audit who has connected to it (no one but you). You can revoke any access key at any time. You can delete the project and your ManorMe deployment ceases to exist — nothing of yours remains anywhere, including with us.

Independent security review (planned)

We are scheduling a third-party security audit by an established Canadian security firm before public launch. The audit report will be published in the customer portal, summarized publicly, and updated annually. We will name the firm and link the report here once complete.

Limited source review under NDA

We don't publish the source code openly — handing competitors a free head start on a $999 one-time product isn't a viable business. For sophisticated buyers who need code-level verification before purchase, we offer a limited source review under NDA, conducted via screen share with our team. Email hello@manorme.ca to arrange one.

4What is shared with third parties — and what isn't

Your ManorMe deployment is yours, but it depends on a few third-party services that you have your own relationship with — not us:

• Supabase (database and storage): your own project. Your data lives here. Supabase's privacy and security policies apply to the project you create. Data residency is Canadian (ca-central-1).
• Vercel (web hosting): your own team. Vercel hosts the running application. They cannot see your database — only the application logs you choose to enable.
• Stripe (purchase): used once, to take your ManorMe purchase. After that, Stripe knows you bought from us; we don't tell Stripe anything about what's in your deployment.
• Optional: OpenAI (voice capture): if you choose to enable voice features, you provide your own OpenAI API key. Voice audio passes through your account; we have no access. You can disable this entirely.
• Optional: a market data provider (Polygon, CoinGecko): if you enable live price updates, you provide your own API key. Same model.

5What we promise — and what we don't

What we promise

• The binary running in your account matches the signed release we published. Verifiable cryptographically.
• No telemetry, analytics, or remote access in any shipped version. The release notes for every version document exactly what changed.
• If we ever change this posture — for any future feature — we will tell you, in writing, in advance, and you can choose to stay on the version you have.
• An independent third-party security audit will be commissioned and published before paid launch, and refreshed annually.

What we don't promise

• That your Supabase or Vercel will never be compromised. That's between you and them. Use strong passwords, enable 2FA on both, keep your billing card secure.
• That we'll prevent you from giving someone else access. If you create a service account, share a password, or add a collaborator, that's your choice and your responsibility.
• That a court order couldn't compel us to release information we have about you — which is limited to your email, license key, and support history. We have nothing else to release.

6If you find something we missed

This is a small company, and the trust posture above is the entire value proposition. If you spot something in the architecture, the code, or anything we've claimed on this page that doesn't add up, we want to know.

Email security@manorme.ca. We respond within 48 hours. Responsible disclosure earns acknowledgment in the next release notes and our genuine gratitude.