Privacy Policy

Last updated: December 4, 2025

1. Introduction

At monaOS ("we", "our", or "us"), we respect your privacy and are committed to protecting your personal data. monaOS is a multi-agent orchestration platform that enables you to build and deploy AI teams. This privacy policy explains how we handle your personal data, agent configurations, and workflow data when you use our Platform, and informs you about your privacy rights.

2. Data We Collect

We collect and process the following types of data:

  • Account Information: Email address, display name, password (encrypted)
  • Profile Data: Onboarding status, user preferences, workspace settings
  • Project & Agent Data: Project configurations, agent definitions, templates, tools, and message schemas
  • Workflow Data: Agent communications, task executions, message history, and orchestration logs
  • Usage Data: Agent performance metrics, system interactions, API usage
  • Technical Data: IP address, browser type, device information, access logs
  • Credentials: Third-party API keys and secrets you configure for your agents (encrypted)

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the multi-agent orchestration platform
  • To authenticate and authorize your access to projects and agents
  • To execute your AI agent workflows and inter-agent communications
  • To store and retrieve agent configurations, templates, and tools
  • To process agent messages and maintain workflow state
  • To provide observability, monitoring, and performance metrics
  • To improve and optimize the Platform
  • To communicate with you about service updates and billing
  • To comply with legal obligations

4. Data Isolation and Security

We implement strict data isolation practices:

  • Project Isolation: Each project operates in an isolated environment with dedicated agent containers
  • Credential Encryption: API keys and secrets are encrypted at rest using industry-standard encryption
  • Agent Sandboxing: Agents run in containerized environments with scoped access to tools and credentials
  • Access Controls: Row-level security (RLS) policies and RBAC enforce strict data access restrictions
  • Audit Logging: All agent actions, data access, and modifications are logged for security and compliance
  • Network Security: All data transfers use TLS/SSL encryption in transit

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When you delete your account, we will:

  • Immediately revoke your access to the Platform
  • Delete your personal information within 30 days
  • Retain anonymized usage data for analytics (with no personally identifiable information)

6. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase: Database and authentication services
  • Google Cloud Run: Containerized agent execution environment
  • LLM Providers: OpenAI, Anthropic, or your own providers (as configured by you)
  • Stripe: Payment processing and subscription management
  • Third-Party APIs: Any external services you configure your agents to use

Each third-party service has its own privacy policy. We recommend reviewing their policies.

7. Your Rights

Under data protection laws, you have rights including:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing of your personal data

8. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your authentication session
  • Remember your preferences
  • Analyze Platform usage and performance

You can control cookies through your browser settings. Note that disabling cookies may affect Platform functionality.

9. Children's Privacy

Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@monaos.ai

← Terms & ConditionsBack to Home →