Moniary Logo

Moniary

Privacy Policy - Moniary

Effective Date: April 8, 2025

Last Updated: April 8, 2025

Sunamity, s.r.o. ("Moniary", "we", "us", or "our"), located at Korunní 2569/108, Vinohrady (Praha 10), 101 00 Praha, Czech Republic, IČO: 22046496, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, and applications (collectively, the "Service"). This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and relevant US privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Please read this Privacy Policy carefully. By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not access or use the Service.

1. Information We Collect

We collect information about you in various ways when you use our Service:

  • Information You Provide Directly:
    • Account Information: When you register for an account, we collect information such as your name, email address, and password.
    • Payment Information: If you subscribe to paid plans, our third-party payment processor (Stripe) collects your payment card details. Moniary does not store your full payment card information.
    • Communications: If you contact us directly (e.g., for support), we may collect your name, email address, and the contents of your message.
  • Information Collected Automatically via Email Access:
    • Email Content (Limited Use): When you connect your email account (e.g., Gmail, Outlook) via secure authentication (OAuth), our Service automatically scans the content of your emails solely to identify and extract relevant data points from order confirmations, shipping notifications, return policies, and invoices. This includes information like merchant name, items purchased, price, order date, shipping status, tracking numbers, and estimated return deadlines. We access and process email content only as necessary to provide the core functionality of the Service.

      Our use of data obtained via Google APIs (like Gmail API) adheres strictly to the Limited Use requirements as specified in Google's API Services User Data Policy, specifically:

      • We only use this data to provide or improve user-facing features that are prominent in our application.
      • We do not transfer the data to third parties except as necessary for security purposes, legal compliance, or with your explicit consent.
      • We do not allow humans to read this data unless you have provided affirmative agreement, it's necessary for security purposes, required by law, or the data has been aggregated and anonymized for internal operations.
      • We do not use this data for advertising purposes, sell it to third parties, or use it for determining creditworthiness.
      • We do not use data obtained through Workspace APIs (including Gmail API) to develop, improve, or train artificial intelligence (AI), machine learning (ML), or similar technologies.
    • Metadata: We may collect metadata associated with these emails, such as sender, recipient, date, and subject line, to help categorize and manage the extracted data.
  • Information Collected Automatically Through Use of the Service:
    • Usage Data: We collect information about how you interact with our Service, such as features used, pages visited, clicks, time spent, and actions taken within the Moniary dashboard.
    • Device and Connection Information: We collect information about the device you use to access the Service, including IP address, browser type, operating system, device identifiers, and approximate location derived from your IP address.
    • Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) to operate and personalize the Service, analyze usage, and for authentication. See our "Cookies and Tracking Technologies" section below for more details and your choices.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Operate the Service: To create and manage your account, process your email data to extract order information, display your organized data, send return reminders, and provide other core features.
  • To Improve and Optimize the Service: To understand how users interact with the Service, analyze trends, troubleshoot issues, and develop new features. We do not use user data obtained through Workspace APIs (including Gmail API) to develop, improve, or train generalized artificial intelligence (AI), machine learning (ML), or similar models.
  • To Communicate With You: To send service-related communications (e.g., account verification, technical notices, updates, security alerts), respond to your support requests, and, with your consent, send marketing communications about Moniary you can opt-out of.
  • For Security and Fraud Prevention: To monitor for suspicious activity, prevent fraud, enforce our Terms of Service, and protect the rights and safety of Moniary, our users, and the public.
  • For Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
  • To Process Payments: To facilitate billing and payment processing via our third-party provider (Stripe).

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, our legal basis for collecting and using the personal information described above depends on the information concerned and the context:

  • Performance of a Contract: We process your account information, connected email data, and usage data as necessary to provide the Service you requested under our Terms of Service.
  • Consent: We rely on your consent to connect your email account(s) to the Service, to place certain non-essential cookies, and to send you marketing communications. You can withdraw your consent at any time.
  • Legitimate Interests: We process information for security, fraud prevention, service improvement (using anonymized/aggregated data), and certain non-marketing communications based on our legitimate interests, provided these are not overridden by your data protection interests or fundamental rights and freedoms.
  • Legal Obligation: We may process information to comply with legal requirements.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party vendors and service providers who perform services on our behalf, such as hosting providers (e.g., AWS, Google Cloud, Vercel), email API providers (e.g., Google, Microsoft, as necessary for connection), payment processors (Stripe), analytics providers (e.g., Google Analytics, Plausible), customer support tools, and communication tools. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
  • Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: If Moniary is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to standard confidentiality agreements.
  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized data (which does not identify you) for research, analysis, or other purposes.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for purposes such as:

  • Essential Operations: Authentication, security, session management.
  • Preferences: Remembering your settings and preferences.
  • Analytics: Understanding how the Service is used to improve it.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you block essential cookies, parts of the Service may not function properly. We may also use a cookie consent tool where legally required (e.g., in the EU) to manage your preferences for non-essential cookies.

6. Data Security

We implement technical and organizational measures designed to protect your personal information from unauthorized access, use, alteration, or destruction. These measures include encryption (e.g., HTTPS for data in transit, encryption for sensitive data at rest), access controls, and regular security assessments. However, no internet transmission or electronic storage is 100% secure, so we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, or other legal requirements). We retain your account information as long as your account is active. Extracted data may be retained while your account is active and for a short period afterward for recovery purposes, or until you delete it. Anonymized/aggregated data used for analytics or service improvement may be retained longer.

8. Your Privacy Rights

Depending on your location (especially if you are in the EEA, UK, Switzerland, or California), you may have the following rights regarding your personal information:

  • Right to Access: Request access to the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal information, subject to certain exceptions.
  • Right to Restrict Processing: Request restriction of how we process your information in certain circumstances.
  • Right to Data Portability: Request a copy of your information in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent as the legal basis (this does not affect the lawfulness of processing before withdrawal).
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising your privacy rights (relevant under CCPA/CPRA).

California Residents (CCPA/CPRA Specifics):

  • You have the right to know the categories and specific pieces of personal information we collect, use, disclose, and "share" (for cross-context behavioral advertising).
  • You have the right to opt-out of the "sale" or "sharing" of your personal information. While Moniary does not "sell" personal information in the traditional sense, you can exercise control over cookie-based tracking that might be considered "sharing" under CPRA via our cookie settings or browser controls. We do not knowingly sell or share the personal information of minors under 16.
  • You have the right to request correction of inaccurate personal information.
  • You have the right to limit the use and disclosure of sensitive personal information (e.g., precise geolocation, contents of mail - note: we process email content based on performing the service you request).

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request in accordance with applicable laws. We may need to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers or service providers may be located. These countries may have data protection laws that are different from the laws of your country (Czech Republic / EU).

If we transfer personal information from the EEA, UK, or Switzerland to other countries not deemed adequate by the European Commission, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or other valid transfer mechanisms, to ensure your information is protected.

10. Children's Privacy

The Service is not intended for or directed at children under the age of 16 (or 13 in the USA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

For Google API Services: Our application is considered a "mixed audience" application, not directed primarily at children. While users must be at least 18 years old to use our Service, we do not require users to sign in with a Google Account to access all features of the application.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. We may also notify you via email or through the Service. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Sunamity, s.r.o.
Korunní 2569/108, Vinohrady (Praha 10), 101 00 Praha, Czech Republic
IČO: 22046496
Email: privacy@moniary.com

13. Platform Integration Information

Google API Integration: This Privacy Policy URL is listed in our Google OAuth client configuration as required by Google's API Services User Data Policy. Our use of Google APIs adheres to the Google API Services User Data Policy and Google APIs Terms of Service.