Monopigi

Privacy Policy

Last updated: 20 March 2026

This Privacy Policy explains how Monopigi ("we", "us", "our"), registered in the Netherlands, collects, uses, and protects your personal data when you use our platform and API ("Service"). We are committed to complying with the General Data Protection Regulation (GDPR) and applicable Dutch data protection law.

1. Data Controller

Monopigi, based in the Netherlands, is the data controller for the personal data processed through the Service. For questions about data processing, contact us at privacy@monopigi.com.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account data: email address, name (when provided), and organization information
  • API usage logs: endpoints called, timestamps, response codes, and response sizes — retained for 90 days
  • Payment information: processed by Stripe; we store only your subscription status and plan details, not card numbers
  • Authentication data: session tokens, OAuth provider identifiers (if using Google sign-in)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the Service, manage your account, and fulfill your subscription
  • Legitimate interest (Art. 6(1)(f) GDPR): API usage logging for security monitoring, abuse prevention, and service improvement

4. Data Processors

We use the following third-party processors, all of which comply with GDPR:

  • Stripe (USA, with EU data processing) — payment processing
  • Scaleway (France, EU) — cloud hosting and infrastructure
  • Google (USA, with EU data processing) — OAuth authentication (only if you choose Google sign-in)

5. Data Retention

  • Account data: retained while your account is active and for 30 days after deletion request
  • API usage logs: 90 days from the date of the API call
  • Payment records: 7 years as required by Dutch tax law (Algemene wet inzake rijksbelastingen)
  • Session data: automatically expires and is deleted after session timeout

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your data (subject to legal retention requirements)
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restriction: request restriction of processing in certain circumstances
  • Right to object: object to processing based on legitimate interest

To exercise any of these rights, contact us at support@monopigi.com. We will respond within 30 days.

7. Cookies

We use only a functional session cookie required for authentication. This cookie is strictly necessary for the Service to function and does not require consent under the GDPR ePrivacy Directive. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Profiling and Automated Decision-Making

We do not engage in profiling or automated decision-making that produces legal effects or similarly significantly affects you.

9. Data Protection Officer

For data protection inquiries, contact our Data Protection Officer at privacy@monopigi.com.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "last updated" date at the top reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy, contact us at privacy@monopigi.com.