← Back to MonaFlow
Privacy Policy
Effective Date: May 27, 2026
MonaFlow ("we," "us," or "our") operates the website monaflow.com and the MonaFlow application. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our services.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, phone number, business name, business address when you create an account or join our waitlist.
- Business Information: Trade license numbers, service descriptions, client information, and invoicing data you enter into the application.
- Payment Information: Payment details processed by our payment provider (Lemon Squeezy). We do not directly collect or store credit card information.
- Communications: Emails, support requests, and feedback you send to us.
1.2 Information Collected Automatically
- Device Information: Browser type, operating system, device type, IP address.
- Usage Data: Pages visited, features used, time spent, click patterns.
- Cookies and Similar Technologies: See our Cookie Policy for details.
1.3 Information from Third Parties
- Lemon Squeezy: Payment confirmation, subscription status, and transaction IDs.
- Analytics Providers: Aggregated usage data from analytics tools.
2. How We Use Your Information
We use your personal information to:
- Provide, maintain, and improve our services
- Process transactions and send related information (invoices, receipts)
- Send you product updates, newsletters, and marketing communications (with your consent)
- Respond to your support requests and inquiries
- Monitor and analyze usage to improve user experience
- Detect, prevent, and address fraud and security issues
- Comply with legal obligations
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Consent: When you have given explicit consent (e.g., joining waitlist, receiving marketing emails)
- Contract Performance: When processing is necessary to fulfill our contractual obligations to you
- Legitimate Interests: When necessary for our legitimate business interests (e.g., security, analytics) that are not overridden by your rights
- Legal Obligation: When required by law
4. Data Sharing
We do not sell your personal information. We share your data only with:
| Service | Purpose | Data Shared |
|---|
| Lemon Squeezy | Payment processing (Merchant of Record) | Name, email, payment details |
| Vercel | Application hosting | Non-personal usage data |
| Supabase | Database hosting | All application data (encrypted) |
| Resend | Email delivery | Name, email |
| Analytics | Usage analytics | Anonymized/aggregated data |
We require all third-party service providers to maintain adequate data protection standards.
5. Data Retention
| Data Type | Retention Period |
|---|
| Account data | Duration of account + 30 days after deletion |
| Waitlist data | Until you request removal or unsubscribe |
| Transaction records | As required by law (typically 5-7 years) |
| Usage/analytics data | 26 months (rolling) |
| Communications | 2 years after last interaction |
6. Your Rights
6.1 GDPR Rights (EEA Users)
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Request your data in a portable format
- Restriction: Request restriction of processing
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing
6.2 CCPA Rights (California Users)
- Know: Request disclosure of personal information collected
- Delete: Request deletion of personal information
- Opt-Out of Sale: We do not sell personal information.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
6.3 How to Exercise Your Rights
Email us at privacy@monaflow.com with "Privacy Request" in the subject line. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. Cookies
Please see our Cookie Policy for detailed information about how we use cookies and similar technologies.
8. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL) and at rest
- Access controls and authentication
- Regular security assessments
- Secure data backup procedures
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our processors, adequacy decisions where applicable, and your explicit consent where required.
10. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 18, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website, sending an email notification (for significant changes), and updating the "Effective Date" at the top. Continued use of our services after changes constitutes acceptance.
12. Contact Us
MonaFlow
Email: privacy@monaflow.com
For GDPR-related inquiries, you may also contact your local supervisory authority.
For CCPA-related inquiries, you may contact the California Attorney General.