All commitments written down, dated, and indexed. No surprises buried in a clickwrap.
Monowall Technologies, Inc. ("Monowall," "we") operates the Monowall control plane and the marketing site at monowall.ai. This policy describes what we collect, how we use it, and the rights you have over it.
Account identifiers (work email, name, employer), product telemetry (intent payloads, audit events you author), and minimal site analytics. We do not collect customer cloud-account credentials — those live in your tenant.
To operate, secure, and improve the service; to honor your audit-trail expectations; to communicate about service-related events. Never sold, never licensed, never trained on without an opt-in.
With sub-processors listed publicly (see Subprocessors below), and with regulators where compelled by law. We notify customers of any compelled disclosure unless legally prohibited.
Customer audit data retained per your contract (default 7 years). Marketing-site analytics retained 13 months. Account-level data deleted within 30 days of termination on request.
Access, correction, deletion, export, and objection — granted to all users regardless of jurisdiction. Email privacy@monowall.ai; we respond within 7 days.
Data Protection Officer · privacy@monowall.ai · Monowall Technologies, Inc., 228 Park Ave S, PMB 51119, New York, NY 10003-1502, USA.
These Terms govern access to and use of the Monowall service. By signing an Order Form or clicking through these Terms you agree to be bound by them. Enterprise customers' Master Services Agreement supersedes where it conflicts.
Our DPA is GDPR Article 28-aligned and incorporates the 2021 EU Standard Contractual Clauses (Module Two, controller-to-processor) plus the UK International Data Transfer Addendum. It executes automatically on signature of your MSA — no separate countersign required for SaaS customers.
Customer is controller; Monowall is processor. Aggregated, de-identified telemetry processed under our own controllership.
EU customers default to EU-only data residency. SCCs apply for any onward transfer; DPF certification for US processing.
30 days' advance notice before any new sub-processor takes effect; objection window of 14 days.
Counter-signed copy on request at privacy@monowall.ai.
The third parties below process customer data on our behalf. We publish this list in advance of any change; subscribers receive 30 days' notice via the Trust Center feed.
| Sub-processor | Purpose | Region | Status |
|---|---|---|---|
| Amazon Web Services | Primary infrastructure | us-east-1, eu-west-1, ap-southeast-2 | Active |
| Google Cloud Platform | Secondary infrastructure | us-central1, europe-west4 | Planned |
| Datadog | Observability | US1, EU1 | Planned |
| Stripe | Billing | US, EU | Planned |
| Vanta | Compliance evidence | US | Planned |
| Anthropic / Gemini | Brain reasoning (opt-in tenants only) | US | Active |
| Formspree | Demo-request form processing | US | Active |
Subscribe to change notices: privacy@monowall.ai.
If you've found a security issue in Monowall, please tell us. We commit to acknowledging within 24 hours, triaging within 5 business days, and recognizing the researcher publicly unless you ask us not to.
PGP · 4A3F 9E12 6BD0 8C7B 5F2A 1ED4 9C76 3318 22B0 7AE9
Encrypt anything sensitive; we publish the full key at /security/pgp.
Social engineering of our staff, denial-of-service, third-party services that aren't ours, and anything that requires accessing another customer's data.
Hall of fame at /security/hall-of-fame · Bug-bounty payouts $250–$25,000 per finding.