Monowall / Legal

The
Contract Surface.

All commitments written down, dated, and indexed. No surprises buried in a clickwrap.

Privacy Policy

Effective 2026-03-01

Monowall Technologies, Inc. ("Monowall," "we") operates the Monowall control plane and the marketing site at monowall.ai. This policy describes what we collect, how we use it, and the rights you have over it.

What we collect

Account identifiers (work email, name, employer), product telemetry (intent payloads, audit events you author), and minimal site analytics. We do not collect customer cloud-account credentials — those live in your tenant.

How we use it

To operate, secure, and improve the service; to honor your audit-trail expectations; to communicate about service-related events. Never sold, never licensed, never trained on without an opt-in.

How we share

With sub-processors listed publicly (see Subprocessors below), and with regulators where compelled by law. We notify customers of any compelled disclosure unless legally prohibited.

Retention

Customer audit data retained per your contract (default 7 years). Marketing-site analytics retained 13 months. Account-level data deleted within 30 days of termination on request.

Your rights

Access, correction, deletion, export, and objection — granted to all users regardless of jurisdiction. Email privacy@monowall.ai; we respond within 7 days.

Contact

Data Protection Officer · privacy@monowall.ai · Monowall Technologies, Inc., 228 Park Ave S, PMB 51119, New York, NY 10003-1502, USA.

Terms of Service

Effective 2026-03-01

These Terms govern access to and use of the Monowall service. By signing an Order Form or clicking through these Terms you agree to be bound by them. Enterprise customers' Master Services Agreement supersedes where it conflicts.

  1. 01 · Account useYou're responsible for your account credentials, your users, and any intent you submit through them. Don't share seats; we issue them per-named-user for a reason.
  2. 02 · Acceptable useNo targeting of others' infrastructure, no use to violate law, no attempts to defeat the service's safety controls. We cooperate with customer audits of their own usage.
  3. 03 · Term & terminationAnnual term unless your Order Form says otherwise. Either party may terminate for uncured material breach with 30 days' notice. Your audit data is exportable for 30 days after termination.
  4. 04 · DisclaimersService is provided "as is" except for the warranties expressly set out in your MSA — which are deliberately strong and include uptime credits and security commitments.
  5. 05 · LiabilityAggregate liability capped at 12 months' fees paid, except for breach of confidentiality, IP indemnification, and gross negligence (uncapped). Standard for the category.
  6. 06 · Governing lawDelaware law; New York courts for any non-arbitrated dispute. EU customers contract with Monowall B.V. under Dutch law.

Data Processing Addendum

Version 2026.1

Our DPA is GDPR Article 28-aligned and incorporates the 2021 EU Standard Contractual Clauses (Module Two, controller-to-processor) plus the UK International Data Transfer Addendum. It executes automatically on signature of your MSA — no separate countersign required for SaaS customers.

Role

Customer is controller; Monowall is processor. Aggregated, de-identified telemetry processed under our own controllership.

Transfers

EU customers default to EU-only data residency. SCCs apply for any onward transfer; DPF certification for US processing.

Sub-processor notice

30 days' advance notice before any new sub-processor takes effect; objection window of 14 days.

Counter-signed copy on request at privacy@monowall.ai.

Subprocessors

Updated 2026-04-22

The third parties below process customer data on our behalf. We publish this list in advance of any change; subscribers receive 30 days' notice via the Trust Center feed.

Sub-processorPurposeRegionStatus
Amazon Web ServicesPrimary infrastructureus-east-1, eu-west-1, ap-southeast-2Active
Google Cloud PlatformSecondary infrastructureus-central1, europe-west4Planned
DatadogObservabilityUS1, EU1Planned
StripeBillingUS, EUPlanned
VantaCompliance evidenceUSPlanned
Anthropic / GeminiBrain reasoning (opt-in tenants only)USActive
FormspreeDemo-request form processingUSActive

Subscribe to change notices: privacy@monowall.ai.

Cookie Policy

Effective 2026-03-01

We use a minimal cookie set. No advertising, no cross-site tracking. Every non-essential cookie is opt-in regardless of jurisdiction.

Strictly necessary

Authentication, CSRF protection, session continuity. Cannot be disabled while you're signed in.

mw_sess · mw_csrf · 1st party

Performance

Anonymized page-view and error reporting. Self-hosted Plausible; no IP retention.

_plausible · 1st party · opt-in

Functionality

Remember your in-product preferences (theme, region picker, drawer state).

mw_pref · 1st party · opt-in

Responsible Disclosure

Safe-harbor scope

If you've found a security issue in Monowall, please tell us. We commit to acknowledging within 24 hours, triaging within 5 business days, and recognizing the researcher publicly unless you ask us not to.

Report to

security@monowall.ai

PGP · 4A3F 9E12 6BD0 8C7B 5F2A 1ED4 9C76 3318 22B0 7AE9

Encrypt anything sensitive; we publish the full key at /security/pgp.

In scope

  • *.monowall.ai web surfaces and the Brain control plane
  • Muscle Agent binaries published from monowall.ai/releases
  • Authentication, authorization, audit-chain integrity

Out of scope

Social engineering of our staff, denial-of-service, third-party services that aren't ours, and anything that requires accessing another customer's data.

Hall of fame at /security/hall-of-fame · Bug-bounty payouts $250–$25,000 per finding.