Legal

Privacy Policy

Last updated: April 2026

Overview

Monolith ("we", "us", "our") operates get-monolith.com and its products Vigil and Groundwork. This policy explains what data we collect, why we collect it, and how we handle it. We collect only what we need to operate the service.

What we collect

  • Account data: Name, email address, and password when you create an account.
  • Billing data: Payment is handled by Stripe. We never store your card details.
  • Usage data: Log data, feature usage, and session information to operate and improve the service.
  • Business data: Content you create inside the product — jobs, receipts, assessments — stored securely in Supabase.

How we use it

  • To provide and operate the service
  • To send transactional emails (invoices, password resets, account notices)
  • To diagnose issues and improve reliability
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising.

Third-party services

  • Supabase: Database and authentication infrastructure.
  • Stripe: Payment processing. Subject to Stripe's own privacy policy.
  • Resend: Transactional email delivery.
  • Vercel: Hosting and CDN infrastructure.

Data retention

We retain your data for as long as your account is active. If you cancel your account, we will delete your data within 30 days upon written request.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by contacting us at hello@get-monolith.com.

California residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of your personal information.
  • The right not to be discriminated against for exercising these rights.

We do not sell your personal information. To exercise any of these rights, contact hello@get-monolith.com.

EEA and UK residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR or UK GDPR:

  • Right of access — obtain a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data.
  • Right to restriction — limit how we process your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.

Our legal basis for processing is contractual necessity and legitimate interests. To exercise your rights, contact hello@get-monolith.com. You also have the right to lodge a complaint with your local data protection authority.

Changes to this policy

We may update this policy from time to time. We will notify active users by email if changes are material. Continued use of the service after changes constitutes acceptance.

Contact

Questions about this policy: hello@get-monolith.com