Privacy Policy

Welcome to Monty AI ("we," "us," or "our"). We operate the website montyai.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By accessing or using the Service, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account through our OAuth providers, we collect the following information from your Google or GitHub account:

• Name
• Email address
• Profile picture (avatar URL)

We do not collect or store your OAuth provider password. Authentication is handled securely through Google OAuth 2.0 and GitHub OAuth.

1.2 Usage Data

We automatically collect certain information when you access and use the Service, including:

• Pages visited, features used, and actions taken within the platform
• Course progress, quiz results, and learning activity
• Device type, browser type, and operating system
• IP address and approximate geographic location
• Referring URLs and session duration

1.3 User-Generated Content

When you interact with the Service, we store content you create or provide, such as course topics, chat messages with our AI assistant (Monty), notes, and any other data you voluntarily submit.

1.4 Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number or full payment details on our servers. Stripe may collect and store payment information in accordance with their own Privacy Policy.

2. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

• Essential cookies: Required for authentication, session management, and core functionality.
• Analytics cookies: Used by PostHog (see Section 4) to understand how users interact with the Service.
• Advertising cookies: Used by Google AdSense and third-party advertising partners to deliver relevant advertisements (see Section 3).
• Preference cookies: Store your preferences such as theme mode and display settings.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

3. Google AdSense and Third-Party Advertising

We use Google AdSense to display advertisements on the Service. Google and its advertising partners may use cookies, web beacons, and similar technologies to serve ads based on your prior visits to our Service and other websites.

Google's use of advertising cookies enables it and its partners to serve ads based on your visit to our site and/or other sites on the internet. You may opt out of personalized advertising by visiting Google Ads Settings.

Third-party vendors, including Google, use cookies to serve ads based on your prior visits. You may opt out of some third-party vendors' use of cookies for personalized advertising by visiting aboutads.info.

4. Analytics (PostHog)

We use PostHog, a product analytics platform, to understand how users interact with the Service. PostHog collects data such as page views, button clicks, feature usage, session recordings, and performance metrics. This data helps us improve the user experience and identify issues.

PostHog processes data in accordance with their Privacy Policy. You may opt out of analytics tracking by contacting us at [email protected].

5. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service, including personalized AI-generated courses and learning experiences
• To authenticate your identity and manage your account
• To personalize your experience, including AI-driven course recommendations and adaptive learning content
• To process transactions and manage subscriptions
• To communicate with you, including service updates, security alerts, and support messages
• To analyze usage patterns and improve the Service
• To display relevant advertisements through Google AdSense
• To detect, prevent, and address fraud, abuse, or technical issues
• To comply with legal obligations

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service providers: We share data with third-party providers that help us operate the Service, including hosting (Vercel), database (Neon), payment processing (Stripe), analytics (PostHog), and advertising (Google AdSense).
• AI model providers: Course topics and learning prompts may be sent to AI service providers (such as OpenAI and Google Gemini) to generate educational content. We do not send personally identifiable information with these requests.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid legal requests by public authorities.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request that we correct inaccurate or incomplete personal data.
• Deletion: You can request that we delete your personal data and account. Upon request, we will delete your account and associated data, except where retention is required by law.
• Opt-out of analytics: You can request to opt out of PostHog analytics tracking.
• Opt-out of personalized ads: You can opt out of personalized advertising through Google Ads Settings or your browser settings.
• Data portability: You can request your data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legitimate business purposes or legal obligations (such as tax reporting, fraud prevention, or dispute resolution).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Secure authentication via OAuth 2.0 (no passwords stored)
• Database encryption at rest through our hosting provider
• Regular security reviews and monitoring
• Access controls limiting employee access to personal data

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

10. Children's Privacy (COPPA Compliance)

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete such information.

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers as quickly as possible.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and the European Economic Area. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date above. Your continued use of the Service after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, your personal data, or our data practices, please contact us: