Magic Monkeimagically fast ⚡← Back to Magic Monkei

Last updated · May 18, 2026

Privacy Policy

Magic Monkei LLC ("Magic Monkei", "we", "us", or "our") is the controller of personal data processed in connection with the Service. This Privacy Policy explains what data we collect, how we use it, how long we retain it, and what rights you have over it.

If your jurisdiction grants you statutory rights that exceed those described here, those statutory rights prevail.

1. Personal data we collect

We collect personal data that you provide directly, that is generated by your use of the Service, and that is received from third-party providers acting on our behalf:

  • Account data: name, email address, password hash, country, locale, phone number (if you choose to add one).
  • Authentication data: session tokens, passkey credentials, email-verification status.
  • Payment data: handled by Stripe. We receive a customer identifier and billing country; we do not receive or store full payment-card numbers.
  • Usage data: download history, request logs, error reports, and similar operational telemetry.
  • Connection data: IP address, user-agent string, and the Cloudflare CF-IPCountry header, which we use to determine pricing currency.
  • Support data: any information you provide when contacting us by email or messaging.

2. How we use personal data

We process personal data to: operate and secure the Service; create and maintain your account; bill and collect subscription fees; provide support; comply with legal obligations; detect, prevent, and respond to fraud, abuse, and security incidents; and improve the Service through aggregate analysis.

3. Legal bases (GDPR Art. 6)

Where the General Data Protection Regulation applies, we rely on the following bases: performance of the contract (operating the Service for you); compliance with legal obligations (tax, accounting); our legitimate interests in operating and securing the Service (balanced against your rights and freedoms); and, where required, your consent (which you can withdraw at any time).

4. Categories of sub-processors

We engage third-party service providers to operate the Service. Each provider is bound by a written data-processing agreement that restricts their use of personal data to the purposes we authorize. We disclose by category below; specific named providers are available on request (see § 4.1).

Stripe (payments) and Cloudflare (content delivery and edge security) are named here because their presence is observable from the Service itself — Stripe handles checkout and recurring billing and receives billing email, country, and the card data you enter at checkout; Cloudflare terminates TLS at the edge, mitigates abuse, and provides the geolocation signal we use to determine which currency to display.

  • Payment processor — checkout, recurring billing, refunds, and dispute handling.
  • Content-delivery and edge-security provider — TLS termination, distributed denial-of-service mitigation, and geolocation for currency selection.
  • Cloud-infrastructure provider — hosts our application servers, primary database, object storage, and internal networking.
  • Transactional-email provider — sends verification, billing, and security messages.
  • Operational-logging and observability provider — receives request metadata and error telemetry for incident response. Does not receive subscription content, payment-card data, or password values.
  • Product-analytics provider (planned) — when enabled, receives pseudonymous event data tied to a hashed user identifier.

4.1 Requesting the current named list

A current list of named sub-processors, including the country in which each operates and the safeguards governing international transfers, is available on request from [email protected]. The same list is provided as an exhibit to our Data Processing Agreement for Subscribers who require one. We will give reasonable advance notice when we add or replace a named sub-processor.

5. International data transfers

Magic Monkei is established in the United States, and several of our sub-processors operate globally. When personal data is transferred outside your country, we rely on the Standard Contractual Clauses adopted by the European Commission and equivalent safeguards under UK and Brazilian law.

6. Data retention

We retain personal data only for as long as is necessary for the purposes described above. Account data is retained for the duration of the subscription and for up to twenty-four (24) months thereafter to handle disputes and meet accounting obligations. Operational logs are retained for no longer than ninety (90) days. After these periods, data is deleted or anonymized.

7. Security

See the Security page for a description of the technical and organizational measures we implement to protect personal data.

8. Children

The Service is not directed to children, and we do not knowingly collect personal data from anyone under eighteen (18) years of age. If you believe we have done so, contact [email protected] and we will delete the data.

9. Cookies and similar technologies

We use first-party cookies for authentication, locale preference, and security. We do not use third-party advertising cookies. A cookie banner is presented where required by applicable law; you may refuse non-essential cookies without losing access to core Service features.

10. Your rights — European Economic Area (GDPR)

If you are located in the EEA, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; receive a copy of your data in a structured, machine-readable format (portability); and lodge a complaint with your local supervisory authority. Requests can be made at [email protected]. We respond within one calendar month.

11. Your rights — United Kingdom (UK GDPR)

Residents of the United Kingdom have rights substantially equivalent to those listed in §10 and may lodge a complaint with the Information Commissioner's Office (ICO).

12. Your rights — California (CCPA / CPRA)

California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under the CCPA/CPRA), and the right to non-discrimination for exercising these rights. To submit a verifiable consumer request, contact [email protected]. You may designate an authorized agent in writing.

13. Your rights — Brazil (LGPD)

Residents of Brazil have the rights set forth in Article 18 of Lei Geral de Proteção de Dados, including confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, and revocation of consent. Requests can be made at [email protected]. Our Encarregado de Proteção de Dados (Data Protection Officer) can be reached at the same address.

14. Other jurisdictions

If you reside outside the jurisdictions named above, you may still exercise rights to access, correct, or delete your personal data by writing to [email protected]. We honor reasonable requests to the extent we are able to verify your identity and to the extent doing so does not conflict with our legal obligations.

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to active Subscribers and reflected in the "Last updated" date at the top of this page.

16. Contact

Privacy questions and rights requests: [email protected]. Legal correspondence: [email protected].