Privacy Policy

Last updated: 8/23/2025GDPR & CCPA Compliant

1. Introduction

At Monetyze, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our digital marketplace platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

Account Information:
Email address, name, password (encrypted)
Profile Data:
User preferences, subscription tier, referral codes
Contact Information:
Email for communications and support

2.2 Authentication Data

We support multiple authentication methods:

OAuth Providers

Google OAuth, Discord OAuth (we receive basic profile information)

Magic Links

Email-based passwordless authentication

2.3 File and Transaction Data

  • Uploaded Files: File metadata, content, descriptions, pricing
  • Transaction Information: Purchase history, payment amounts, download records
  • Analytics Data: File performance, download statistics, revenue tracking

2.4 Technical Information

Analytics & Performance
• Vercel Analytics for performance monitoring
• Core Web Vitals through Speed Insights
System Data
• Server logs for security and debugging
• Browser type, IP address, OS

3. How We Use Your Information

Service Provision
• Creating and managing user accounts
• Processing file uploads and downloads
• Handling payments via Stripe
• Providing customer support
Platform Features
• Subscription tier management
• Referral program tracking
• Analytics and reporting
• Real-time notifications via SSE
Communications
• Email verification and security
• Purchase confirmations
• Service updates
• Customer support responses

4. Data Storage and Security

4.1 Database Storage

Primary Database

Neon PostgreSQL with encryption at rest

File Storage

Vercel Blob Store with secure access controls

Distribution

Automatic geographic distribution via Vercel

4.2 Security Measures

  • Authentication: Better-auth with Drizzle adapter for secure session management
  • Password Security: Industry-standard hashing and encryption
  • HTTPS Everywhere: All communications encrypted in transit
  • Access Controls: Role-based permissions and admin authorization

4.3 File Security

  • Secure file naming to prevent enumeration
  • Single-use download tokens with expiration
  • File type validation and security scanning
  • Protected blob storage with access controls

5. Third-Party Services

Payment Processing

We use Stripe for payment processing. Stripe handles all payment data according to PCI DSS standards. We do not store credit card information on our servers.

Email Services

We use Resend for transactional emails including verification, purchase confirmations, and notifications.

Hosting and Infrastructure
Vercel: Hosting, CDN, analytics, speed insights
Neon: PostgreSQL database hosting with encryption
Vercel Blob Store: Secure file storage and delivery
Authentication Providers

When using OAuth (Google, Discord), we only receive basic profile information (email, name) as permitted by your OAuth provider settings.

6. Data Sharing and Disclosure

We DO NOT sell your personal data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing

We may share your information only in these circumstances:

  • Service Providers: With trusted partners (Stripe, Resend, Vercel) to operate our service
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfer: In connection with a merger, acquisition, or sale of assets
  • Consent: When you explicitly consent to sharing

7. Your Rights and Choices

Data Access
• Request copy of your data
• Export files and transactions
• Access dashboard data
Data Correction
• Update profile information
• Correct inaccurate data
• Modify privacy preferences
Data Deletion
• Delete account and data
• Remove specific information
• 30-day soft delete policy
Marketing

You can opt out of non-essential emails. Essential service communications cannot be disabled while your account is active.

8. Data Retention

Account Data

We retain account information as long as your account is active or as needed to provide services.

File Storage
• Active files stored indefinitely
• Deleted files: 30-day recovery
• Downgrades: end of billing cycle
Transaction Records

Financial records are retained for legal and tax compliance requirements (typically 7 years).

9. International Data Transfers

Our services use global infrastructure (Vercel's global CDN, Neon's distributed database). Your data may be processed in countries outside your residence, but always with appropriate security measures.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it immediately.

11. Cookies and Tracking

We use cookies and similar technologies for:

Essential Functions

Authentication, session management, security

Analytics

Vercel Analytics for usage insights and performance monitoring

Preferences

Theme settings, language preferences

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (which we don't do).

13. European Privacy Rights (GDPR)

EU residents have rights under GDPR including data portability, right to rectification, right to erasure, and right to restrict processing. Contact us to exercise these rights.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of significant changes via email and update the "Last updated" date.

15. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, contact us:

Email

privacy@monetyze.com

Data Protection Officer

dpo@monetyze.com

Address

[Company Address]

16. Compliance and Certifications

We are committed to maintaining compliance with applicable privacy laws including GDPR, CCPA, and other regional privacy regulations.

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. If you have any questions or concerns, please don't hesitate to contact us.