Monoceph Privacy Policy
Effective Date: 12/15/2025
Last Updated: 3/16/2026
This Privacy Policy describes how Monoceph Co (“Monoceph,” “we,” “us,” “our”) collects, uses, shares, and protects your personal information when you use the Monoceph application, including through our website, mobile applications (iOS and Android), and related services (collectively, the “Service”), as well as the promotional website at monoceph.co (the “Website”).
Monoceph is a life management tool. You give it structured information about your life (income, expenses, commitments, goals, recurring needs), and it generates a schedule based on what needs to happen and when. This policy covers all data involved in that process.
By creating an account or using the Service, you consent to the collection, processing, and storage of your information as described in this policy. If you do not agree, do not use the Service.
Information We Collect
Information you provide
Account information. When you create an account, we collect your name, email address, and password. If you enable two-factor authentication, we store the associated verification method.
Product data. You create and manage the following types of data within the Service: resources (things you need, have, or produce, such as money, time, food, or energy), transactions (actions that change your resources), tasks (things you need to do), and events (time-bound occurrences like meetings or appointments). This data is provided directly by you and is central to how the Service works.
Information from third-party services
Financial data via Plaid. If you connect a bank account, we use Plaid, Inc. (“Plaid”) to retrieve your financial data. Plaid collects your bank credentials directly through its own interface; we never see or store your bank login. Through Plaid, we receive: transaction history (merchant name, amount, date, category), account metadata (account name, type, and masked account number), account balances, and institution information.
Monoceph uses Plaid, Inc. to gather your data from financial institutions. By using the Service, you grant Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your financial institution according to Plaid’s privacy policy, available at https://plaid.com/legal.
Calendar and other integrations. If you connect external services (such as calendar providers) to import events or other data, we receive the data you authorize those services to share.
Information collected automatically
Connection data. When you use the Service or visit the Website, our servers automatically record your IP address, browser type and version, operating system, device type, referring URL, pages or screens viewed, and the date and time of your visit. On mobile devices, this may also include your device model and operating system version. This data is used for security monitoring, debugging, and maintaining the Service. It is not used for advertising or profiling.
Cookies on the promotional website. The Website at monoceph.co uses analytics cookies to understand how visitors find and interact with the site. These cookies are placed by Google Analytics and may collect information such as pages visited, time on site, and traffic source. The Service (the application itself) does not use analytics or advertising cookies.
How We Use Your Information
We use your information to provide and maintain the Service. Specifically:
- To generate your schedule based on your resources, transactions, tasks, and events.
- To display your financial data from connected bank accounts.
- To authenticate you and secure your account.
- To sync new data from your connected bank accounts and other integrated services.
- To detect and respond to security incidents.
- To debug and improve the Service.
- To understand how visitors find the promotional website (analytics cookies on monoceph.co only).
- To comply with legal obligations.
We do not use your personal or financial data for advertising, profiling, behavioral targeting, or any purpose other than providing the Service to you.
How We Share Your Information
We do not sell your personal information. We have not sold personal information in the past and will not sell it in the future. This includes financial data received through the Plaid API.
We do not share your personal information for cross-context behavioral advertising.
We share your information only in these limited circumstances:
Plaid. Plaid receives your bank credentials directly (not through us) and provides us with your financial data. Plaid’s use of your data is governed by its own privacy policy at https://plaid.com/legal.
Analytics provider (promotional website only). Google Analytics receives cookie-based analytics data from visitors to monoceph.co. This data relates to website usage, not to your account or product data within the Service.
Legal requirements. We may disclose your information if required by law, subpoena, court order, or government request, or if disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers. If Monoceph is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
Categories of Personal Information Disclosed for a Business Purpose
For California residents and as required by the CCPA, the following table describes the categories of personal information we have collected and disclosed for a business purpose:
| Category | Collected | Disclosed to | Business Purpose |
|---|---|---|---|
| Identifiers (name, email, IP address) | Yes | Not disclosed to third parties | Account management, security |
| Financial information (transactions, balances, account metadata) | Yes | Received from Plaid | Providing the Service |
| Internet or network activity (browser type, pages viewed) | Yes | Google Analytics (promotional website only) | Security, website analytics |
| Sensitive personal information (account login credentials) | Yes | Not disclosed to third parties | Authentication |
Sources of personal information: Directly from you (account and product data), from Plaid (financial data), and automatically from your device (connection data and cookies).
We do not sell or share any category of personal information.
Cookies and Tracking Technologies
Promotional website (monoceph.co)
The Website uses analytics cookies provided by Google Analytics. These cookies collect anonymous usage data such as pages visited, session duration, and referral source. You can block these cookies through your browser settings or by using a cookie-blocking extension. The Website will function without them.
The application (web and mobile)
The Monoceph application uses only essential cookies and local storage required for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled while using the Service.
Do Not Track
Some browsers transmit a “Do Not Track” (DNT) signal. There is no industry standard for how websites should respond to DNT signals. The Monoceph application does not track you for advertising purposes and does not respond differently based on a DNT signal. For the promotional website, if you enable the Global Privacy Control (GPC) signal in your browser, we will treat it as a valid opt-out request under applicable state privacy laws.
Third-Party Tracking
No third parties collect personally identifiable information about your online activities over time and across different websites through the Monoceph application. On the promotional website, Google Analytics may collect anonymized usage data as described above.
Data Retention and Deletion
We retain your personal and product data for the duration of your active account.
If you delete your account:
- Your personal data, product data (resources, transactions, tasks, events), and financial data are permanently deleted.
- Plaid access tokens for your connected bank accounts are revoked immediately.
- Database backups containing your data are rotated out within 35 days.
- Consent records (your acceptance of this Privacy Policy and Terms of Service) are retained for up to 3 years for legal compliance purposes.
You may also disconnect individual bank accounts at any time through the application. When you disconnect an account, we stop syncing new data from that account. Previously synced transaction data remains in your account unless you delete it or delete your account entirely.
Connection data (server logs) is retained for up to 90 days for security and debugging purposes, then permanently deleted.
Analytics data collected on the promotional website is retained according to the Google Analytics retention policies and is not linked to your Monoceph account.
Data Security
Your data is stored in encrypted databases hosted on Amazon Web Services (AWS) in the United States. We use the following security measures:
- All data is encrypted in transit using TLS 1.2 or higher.
- All data is encrypted at rest using AES-256 encryption.
- Access to production systems is restricted by role-based access controls and multi-factor authentication.
- Application and infrastructure activity is monitored and logged for security purposes.
- We never receive or store your bank login credentials. Those are handled entirely by Plaid.
No method of transmission or storage is 100% secure. If we become aware of a security breach affecting your personal information, we will notify you and any applicable regulators as required by law.
Your Privacy Rights
Depending on your state of residence, you may have some or all of the following rights regarding your personal data. These rights apply under the California Consumer Privacy Act (CCPA/CPRA) and comprehensive privacy laws currently in effect in Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.
Right to know / access. You can request a copy of the personal information we have collected about you. California residents may request information collected since January 1, 2022, or earlier if we retain it.
Right to correct. You can request correction of inaccurate personal data. You can also correct most data directly within the application.
Right to delete. You can delete your account and all associated data at any time through the application settings. You can also contact us to request deletion.
Right to portability. You can request an export of your data in a machine-readable format.
Right to opt out of sale or sharing. We do not sell your personal information or share it for cross-context behavioral advertising. There is nothing to opt out of. If this changes in the future, we will provide a clear opt-out mechanism before any such activity begins.
Right to limit use of sensitive personal information. We use sensitive personal information (account credentials) only for providing the Service. We do not use it for purposes that would trigger the right to limit.
Right to non-discrimination. We will not deny you the Service, charge you different prices, or provide a different quality of service for exercising any of your privacy rights.
Right to appeal. If we decline a privacy request, you may appeal by contacting us at [email protected]. We will respond to your appeal within the timeframe required by your state’s law. If your appeal is denied, you may contact your state’s Attorney General.
How to Exercise Your Rights
To exercise any of these rights, you can:
- Use the relevant features in the application (account deletion, data export, data correction).
- Email us at [email protected].
We will verify your identity before processing your request. We may ask you to confirm your email address or provide additional information to match your request to your account. We do not require you to create an account solely to make a privacy request.
We will respond to all verifiable requests within 45 days. If we need additional time (up to 45 more days), we will notify you of the extension and the reason.
Authorized agents may submit requests on your behalf. We may require proof of authorization (such as a signed letter or power of attorney) and may still verify your identity directly.
California-Specific Disclosures
In addition to the rights described above, California residents have the following rights under the CCPA:
Right to know categories. You may request the categories of personal information collected, the sources, the business purpose for collection, and the categories of third parties with whom it is shared. This information is provided in this policy and will be provided in response to a verified request.
Financial incentives. We do not offer financial incentives or price differences in exchange for the retention or sale of personal information.
Shine the Light (California Civil Code § 1798.83). We do not disclose personal information to third parties for their direct marketing purposes.
Children’s Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].
International Users
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using the Service, you consent to this transfer.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address associated with your account) and by posting the updated policy within the application and on our website. The “Last Updated” date at the top of this policy will be revised accordingly. Your continued use of the Service after the updated policy is posted constitutes acceptance of the changes.
We will not make material retroactive changes to how we handle previously collected data without your consent.
Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, contact us at:
Monoceph Co
455 East Eisenhower Parkway
Suite 300 PMB 1163
Ann Arbor, MI 48108
If you are a California resident and are not satisfied with our response to your privacy request, you may contact the California Privacy Protection Agency at https://cppa.ca.gov.
