← Back to Home

Privacy Policy

Last Updated: February 19, 2026

1. Introduction

Monolithic LLC ("Monolithic," "we," "us," or "our") operates the software-as-a-service platform available at www.getmonolithic.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account and Identity Information

When you create an account or use our Service, we collect:

  • Account Details: Name, email address, organization affiliation, and role within your organization
  • Authentication Information: Email verification status, multi-factor authentication settings, and authentication method configurations
  • Invitation Data: When you invite others to join your organization, we collect the recipient's name and email address

2.2 Session and Technical Information

To maintain security and provide the Service, we automatically collect:

  • Session Data: Session tokens (hashed), session expiration times
  • Device and Network Information: IP address, browser user-agent, and device information
  • Geolocation Data: IP-based geolocation information for security purposes

2.3 Usage and Preference Data

We collect information about how you use and configure the Service:

  • User Preferences: In-app settings and configuration preferences
  • Activity Data: Time entries, timesheets, work descriptions, and timezone settings
  • In-App Notifications: Notification metadata, read/unread status, and action history

2.4 Organization and Billing Information

For organizations using our Service:

  • Organization Data: Organization name and administrative settings
  • Billing Information: Stripe customer identifiers, subscription status, entitlements, quantities, and renewal dates (payment card details are stored by Stripe, not by us)

2.5 DMARC and Email Authentication Data

As part of our email authentication services, we process:

  • Domain Information: Email domains you configure for DMARC monitoring
  • DMARC Reports: XML reports sent by email providers, including sender domains, email volumes, and authentication results
  • Email Authentication Records: SPF, DKIM, and DMARC authentication outcomes
  • IP Metadata: Source IP addresses from email sending sources, including enriched network and geolocation data for analysis

3. How We Use Your Information

We use the information we collect to:

  • Provide and Maintain the Service: Enable account creation, authentication, session management, and core platform functionality
  • Process DMARC Data: Analyze email authentication reports, identify sending sources, and provide source classification insights
  • Billing and Subscriptions: Process payments, manage subscriptions, and track usage-based billing through our payment processor (Stripe)
  • Improve the Service: Analyze usage patterns, troubleshoot issues, and develop new features
  • Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity
  • Communications: Send service-related notifications, updates, and administrative messages
  • Compliance: Meet legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), our legal basis for collecting and using your personal information depends on the data involved and the context:

  • Contract Performance: Processing necessary to provide the Service you have requested
  • Legitimate Interests: Fraud prevention, security, and service improvement. We rely on legitimate interests for IP-based geolocation only for security purposes (e.g., detecting unauthorized access), not for general analytics.
  • Legal Compliance: Meeting regulatory requirements and responding to legal requests
  • Consent: Where you have explicitly consented to specific processing activities, including the use of non-essential cookies or tracking technologies

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following situations:

5.1 Service Providers

We use trusted third-party service providers to support our Service:

  • Stripe: Payment processing and subscription management
  • Oracle Cloud Infrastructure: Cloud hosting and infrastructure services
  • Cloudflare: Content delivery, security, and DDoS protection

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Business Transfers

If Monolithic is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Requests from government authorities
  • Protection of our rights, property, or safety
  • Prevention of fraud or security threats

6. Data Retention

We retain your personal information for as long as:

  • Your account remains active
  • Necessary to provide the Service
  • Required by law or for legitimate business purposes
  • You have not requested deletion

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate purposes such as dispute resolution, fraud prevention, or enforcement of our agreements.

DMARC report data may be retained for analytical and historical purposes but will be disassociated from identifiable user accounts upon account deletion.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS; sensitive data at rest is encrypted
  • Authentication: Password hashing using secure algorithms, support for multi-factor authentication
  • Access Controls: Role-based access controls and principle of least privilege
  • Session Management: Secure session tokens with automatic expiration
  • Infrastructure Security: Regular security updates, firewalls, and intrusion detection

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request a copy of your personal information
  • Export your data in a machine-readable format

8.2 Correction and Deletion

  • Update or correct inaccurate information
  • Request deletion of your personal information (subject to legal retention requirements)

8.3 Restriction and Objection

  • Restrict processing of your information in certain circumstances
  • Object to processing based on legitimate interests

8.4 Withdraw Consent

  • Withdraw consent for processing where consent is the legal basis

To exercise these rights, contact us at privacy@getmonolithic.com. We will respond to requests within 30 days.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.

9.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

9.3 Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

9.4 Right to Opt-Out of Sale or Sharing

We do not sell your personal information, nor do we share it for cross-context behavioral advertising purposes.

9.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

9.6 How to Submit a Request

To submit a California privacy rights request, contact us at privacy@getmonolithic.com. We will verify your identity before processing your request and respond within 45 days, with an extension of up to an additional 45 days where reasonably necessary.

10. International Data Transfers

Our Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For EEA and UK users, we ensure adequate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers certified under appropriate data protection frameworks
  • Other legally approved transfer mechanisms

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state (strictly necessary)
  • Remember your preferences and settings (functional)
  • Analyze Service usage and performance (analytics)
  • Enhance security and prevent fraud (strictly necessary)

Cookie Consent: Strictly necessary cookies are required for the Service to function and cannot be disabled. For all other cookie categories, we will request your consent where required by applicable law (including for EEA and UK users under the ePrivacy Directive). You can manage your cookie preferences at any time through our cookie settings panel within the Service.

You can also control cookies through your browser settings, but disabling certain cookies may limit your ability to use features of the Service.

For more detailed information about the specific cookies we use and their purposes, please refer to our Cookie Notice, available within the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the Service

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Monolithic LLC
Email: privacy@getmonolithic.com

For EEA and UK users, you also have the right to lodge a complaint with your local data protection authority. For EEA users, a list of national supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.