Legal

Privacy Policy

What we collect, why, where it goes, and how to get it deleted.

Last updated · May 25, 2026

Note.This policy is a placeholder pending legal review. The principles below reflect how Monroe handles data today and won’t materially change.

1. What we collect

Account information

When you sign up, we collect your name, work email, the workspace you connect (Slack workspace ID, Teams tenant ID), and billing information processed by Stripe (we never store your full card number).

Workspace data

Monroe accesses the third-party data you authorize via OAuth — for example, messages from a Slack channel you grant access to, files in a specific Google Drive folder, issues in a GitHub repository. We access only what each run requires.

Usage data

We log run receipts (what was asked, what was done, credits used) for billing and audit. Server-level logs are retained 30 days; run receipts are retained for the life of your account.

2. How we use it

To run Monroe: fulfilling your prompts and producing the work you asked for.
To bill you: metering credits, processing invoices via Stripe.
To support you: diagnosing issues you report, with explicit consent for run-level access.
To improve the product: aggregated, de-identified metrics only.

3. What we don’t do

We do not use your workspace data to train foundation models.
We do not sell your data.
We do not share your data with third parties except subprocessors required to deliver the Service (listed below).

4. Subprocessors

Stripe — payment processing, billing.
Vercel — application hosting.
Amazon Web Services — compute, storage, networking.
Anthropic, OpenAI, OpenRouter — foundation model inference.

5. Security

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Connector scopes are least-privilege by default. Enterprise customers can request per-tenant key isolation. See our security overview for details.

6. Your rights

You can export your run receipts and delete your account from the dashboard at any time. EU and UK residents have additional rights under GDPR, including access, rectification, erasure, and portability. To exercise any right, write to privacy@getmonroe.com.

7. Children

Monroe is not directed at children under 16. We do not knowingly collect data from children.

8. Contact

privacy@getmonroe.com reaches a human.