Privacy Policy

This Privacy Policy describes how Monster Automation ("we", "us") processes personal data when you use monster-automation.com and our business automation platform.

1. What data we collect

  • Account data: email, name, role in your Workspace, user identifier.
  • Workspace data: projects, tasks, modules, support tickets, documents, and settings created by you or your team.
  • Payment data: invoice and transaction details. Card details are processed by Stripe; we do not store full card numbers.
  • Technical data: IP address, browser type, access logs, cookies, session identifiers.
  • Communications: messages via website forms, email support, and Workspace invitations.

2. Cookies and locale

We use cookies for authentication (Supabase Auth), saving interface language (the i18next cookie), and session security. You can delete cookies in your browser settings; this may limit service functionality.

3. Subprocessors and infrastructure

We rely on trusted providers to operate the platform:

  • Supabase — authentication, PostgreSQL, data storage with Row-Level Security.
  • Vercel — application hosting, CDN, serverless functions.
  • Stripe — payment processing and billing.
  • Resend — transactional email notifications (invitations, alerts).

Client secrets and API keys are stored in Supabase Vault and decrypted only on the server; they are never sent to the browser.

4. Purposes of processing

  • Providing and improving the Monster Automation platform.
  • Authentication, authorization, and data isolation between Workspaces (multi-tenancy).
  • Billing, invoicing, and contract fulfillment.
  • Technical support and user communications.
  • Security and abuse prevention.
  • Compliance with applicable law.

5. Retention

Account data is retained while your account or Workspace is active. After account deletion, data is removed or anonymized within a reasonable period, except where law requires longer retention (for example, financial records for up to 7 years). Technical logs are kept only as long as needed for security and diagnostics.

6. Your rights

Depending on your jurisdiction, you may have the right to:

  • Request access to your personal data.
  • Correct inaccurate data.
  • Request deletion (right to erasure).
  • Restrict or object to processing.
  • Receive a portable copy of your data.

To exercise your rights, contact hello@monster-automation.com. We respond within 30 days.

7. Security

We use HTTPS, Row-Level Security in PostgreSQL, role-based access control (RBAC), and server-side secret handling. Access to production data is limited to authorized personnel.

8. Policy changes

We may update this policy. The current version is always available on this page. Material changes will be communicated via email or an in-platform notice.

Last updated: June 2026. Questions: hello@monster-automation.com or contact form on the homepage.