Skip to main content
MonitorAI
Try Free →
Back to Home

Privacy Policy

Effective date: 29 April 2026
Last updated: 29 April 2026

This policy is written in plain language to be readable. It is a binding legal document — please read it before using MonitorAI. If anything is unclear, email us at monitorai-hello@outlook.com.

This Privacy Policy explains what personal data MonitorAI collects when you use our service, why we collect it, who we share it with, how long we keep it, and the rights you have over it. “MonitorAI,” “we,” “our,” and “us” refer to the controller named below. “You” means anyone who visits monitoragent.app or uses the MonitorAI app at my.monitoragent.app or on iOS/Android.

Who we are (data controller)

MonitorAI is operated as a sole proprietorship registered in Ukraine. As the data controller, we decide why and how your personal data is processed. The exact legal entity, registered address, and Ukrainian tax ID will be displayed here once registration with the relevant Ukrainian data protection authority is finalized.

If you are an EU/EEA, UK, or US resident, this policy is written to comply with the data protection laws that apply to you in addition to Ukrainian law (notably GDPR, UK GDPR, and CCPA/CPRA where applicable).

What data we collect

We collect only what we need to run MonitorAI. Specifically:

  • Account information — your email address, display name, and (optionally) profile photo URL provided through your chosen sign-in method, plus an internal user identifier.
  • Monitor content — the research prompts you write, the schedules you configure, the AI-generated execution results, and the change-detection history for each monitor.
  • Notification settings — your chosen channels (email, push, Telegram) and, if you connect Telegram, your Telegram chat identifier so the bot can deliver messages to you.
  • Device data — per-device push notification tokens, a randomly generated device identifier, your device platform (web, iOS, Android), and the app version. We use these to deliver notifications and to investigate problems.
  • Billing data — your subscription tier, status, and renewal dates, the billing provider used (Paddle for web, Apple In-App Purchases for iOS, Google Play Billing for Android), and the customer or transaction identifier issued by that provider. We do not see or store payment card details — only the billing provider does.
  • Operational logs — sign-in events, API request metadata (method, path, status, duration), error traces, and security events (such as detected prompt-injection attempts). We use these to keep the service reliable and secure.
  • Landing-page usage — anonymous, aggregated visit and interaction data on monitoragent.app. This is gathered only with your consent through the cookie banner; see our Cookies Policy for details.

Why we are allowed to process your data

Under the EU General Data Protection Regulation (GDPR) and equivalent laws, we must rely on a specific legal basis for each processing activity. Ours are:

  • Performance of a contract — to deliver the service you signed up for: running your monitors, sending notifications, billing your subscription, and providing support.
  • Legitimate interests — to keep the service secure, prevent abuse, debug errors, retain short-term operational logs, and improve product quality. We balance these interests against your rights and privacy.
  • Consent — for non-essential cookies and analytics on the landing page, and for connecting optional third-party channels such as Telegram. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, respond to lawful government requests, and meet tax and accounting requirements.

About the content you put into prompts

Anything you type into a research prompt is sent to our AI providers (Google Gemini for analysis and Brave Search for web queries) so the agent can do its job. To keep both you and third parties safe, please do not include in your prompts:

personal data of other identifiable people without their permission; regulated information such as health, financial, biometric, or government identifiers; trade secrets, source code, or confidential information you are not authorized to disclose; content that is unlawful, infringing, or designed to attack the AI system. You are responsible for the content you submit — see the corresponding clauses in our Terms of Service.

Transparency about AI

MonitorAI uses third-party large language models (Google Gemini) and the Brave Search API to research and summarize information for you. AI outputs are generated automatically and may be inaccurate, incomplete, hallucinated, or out of date. We do not edit or guarantee them. You should independently verify anything important before acting on it. AI outputs are not a substitute for professional, legal, financial, medical, or regulatory advice.

How we store and secure your data

Your data is stored on Google Cloud infrastructure hosted in the European Union. It is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted, secrets are held in a managed secrets vault, and per-user database rules prevent one user from reading another user’s data. No internet service can be made one hundred percent secure, and we therefore commit to reasonable, industry-standard protections rather than absolute guarantees.

International data transfers

Although our backend is hosted in the EU, some of the providers we rely on (notably Google Gemini, Brave Search, Telegram, Resend, Paddle, the Apple App Store, Google Play, and Google Analytics) may process data outside the EEA — including in the United States and other countries. Where required, transfers are protected by an adequacy decision of the European Commission, by Standard Contractual Clauses adopted by the Commission, or by another lawful transfer mechanism.

How long we keep your data

We keep personal data only as long as we need it for the purposes described above. Specifically:

  • Account, monitor, and notification data — retained while your account is active. You can delete individual monitors at any time and your entire account at any time from your profile.
  • Operational logs (sign-ins, API metadata, errors, security events) — retained for up to 30 days, then automatically purged.
  • Billing records — retained for as long as required by applicable Ukrainian tax and accounting law, even after account deletion, in a minimized form (no monitor content).
  • Deleted accounts — monitor content, notification settings, and per-device tokens are removed immediately. Operational logs are purged within 30 days. Backups are rotated on our standard schedule.

Cookies and analytics

monitoragent.app uses a small number of cookies and similar technologies. Strictly necessary cookies (for example, your language and theme preferences) are set automatically because the site cannot function without them. Analytics cookies (Google Analytics 4) are loaded only after you give consent through our cookie banner. You can change or withdraw your choice at any time using the “Cookie settings” link in the footer. Full details are in our Cookies Policy.

Your rights

If you are in the EU/EEA, UK, or another jurisdiction with comparable rights, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure (“right to be forgotten”) — request complete and permanent deletion of your account and associated data, including monitors, execution results, notification settings, and any Telegram connection data.
  • Data portability — request an export of your data in a machine-readable format.
  • Restriction of processing — request that we stop processing your data while a complaint is resolved.
  • Objection — object to processing that relies on our legitimate interests, including for direct marketing (we do not currently send marketing email).
  • Lodge a complaint — if you are unhappy with how we handle your data, you may complain to the Ukrainian Commissioner for Human Rights or, if you are in the EU/EEA, to your local data protection authority.

California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you additional rights:

the right to know what personal information we collect and how we use it; the right to access and to delete that information; the right to correct inaccurate information; and the right to opt out of “sale” or “sharing” of personal information.

We do not sell or share your personal information for cross-context behavioral advertising, and we do not knowingly process the personal information of consumers under 16 without affirmative consent.

We will not discriminate against you for exercising any of these rights. To exercise your CCPA/CPRA rights, email us at monitorai-hello@outlook.com; we will respond within the timeframes the law requires.

You may also designate an authorized agent to act on your behalf for any of these rights, subject to verification of your identity and the agent’s authority.

Deleting your account

You can permanently delete your account and all associated data at any time directly from your profile in the app. Deletion is immediate and removes:

  • Your account and sign-in credentials
  • All monitors, schedules, and execution results
  • All notification settings and any Telegram connection
  • All personal data we hold about you, except records we are legally required to keep (such as tax-relevant billing records, kept in minimized form)

Once deleted, your data cannot be recovered. You can also request deletion by emailing monitorai-hello@outlook.com. Operational logs are purged within 30 days; backups are rotated within 35 days.

Third-party services we rely on

We use a small number of vetted providers to run MonitorAI — Google Cloud for infrastructure and authentication, Google Gemini for AI analysis, Brave Search for web queries, Telegram for optional Telegram delivery, Resend for email delivery, Paddle for web subscriptions, Apple and Google for in-app purchases, and Google Analytics 4 (only after consent) for landing-page usage. Each of these providers acts as a processor or sub-processor under our instructions and is bound by appropriate data-processing terms.

Children

MonitorAI is not directed at children. The service is intended for users aged 16 and over (or older where required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email us at monitorai-hello@outlook.com and we will delete it.

Data breach notification

If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority without undue delay and in accordance with applicable law.

Government and law-enforcement requests

We disclose user data to government authorities only where we are legally required to do so, and we challenge requests we believe are overbroad or improperly issued. Where the law allows, we will tell you about a request before responding.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page shows when the latest version took effect. For material changes, we will notify you in advance through the app or by email so you have a chance to review the new version before it applies.

How to contact us

For any privacy question or to exercise your rights, email us at monitorai-hello@outlook.com. We respond from there.

monitorai-hello@outlook.com

We do not sell or share your personal data for advertising. We work hard to keep your data safe and to be straight with you about what we do with it.