MonospaceMonospace
Privacy First

Privacy Policy

Your data belongs to you. Here's exactly what we collect, why we collect it, and how we protect it.

Last updated: 29 March 2026

AES-256-GCM Encryption
EU Data Residency
Zero Tracking Cookies
No Data Sales

1. Who We Are

Monospace ("we", "us", "our") is a project management and workspace platform operated from the United Kingdom. Our website is monospace.page and the application is available at my.monospace.page.

Privacy Contact

privacy@monospace.page

2. What Data We Collect

We only collect what is necessary to provide and improve the service.

Account Data

When you sign up, we collect your name, email address, and profile picture via our authentication provider (Clerk). If you sign in with Google or another OAuth provider, we receive the profile information you authorise.

Workspace Data

Encrypted

This includes projects, boards, cards, tasks, notes, tickets, messages, purchase orders, subscriptions, and any other content you create within Monospace. All workspace data is encrypted at rest with AES-256-GCM.

Usage Data

We collect anonymous analytics via Vercel Analytics to understand how the product is used. This includes page views, session duration, and device type. We do not use tracking cookies or third-party advertising trackers.

AI Data

Opt-in only

If you use the AI assistant or AI development tools, your prompts and context are sent to the AI provider (OpenRouter for MiniMax 2.5, or your own Anthropic/OpenAI key). We do not store AI conversation history on our servers beyond your current session. AI providers may have their own data policies.

3. How We Use Your Data

We use your data for the following purposes:

  • To provide and maintain the Monospace service
  • To authenticate your identity and manage your account
  • To send transactional emails (account verification, password resets, ticket replies)
  • To provide AI-powered features when you opt in
  • To improve the product based on aggregate, anonymised usage data
  • To detect and prevent abuse, fraud, or security incidents

What we never do

We do not sell your data to third parties. We do not use your data for advertising. We do not share your data with data brokers.

4. Data Storage & Security

Security is foundational to how Monospace is built.

Encryption at Rest

AES-256-GCM

All workspace data is encrypted with AES-256-GCM at rest.

EU Data Residency

EU hosted

Data is stored on Convex servers in the EU (eu-west-1) region.

Authentication Security

Authentication is handled by Clerk with industry-standard security practices including bcrypt password hashing and session token management.

Transport Security

HTTPS

We enforce HTTPS everywhere. Security headers include HSTS (2-year max-age), X-Frame-Options DENY, X-Content-Type-Options nosniff, and a strict Referrer-Policy.

5. Sub-Processors

We use a limited number of trusted third-party processors to deliver our service.

ServicePurposeLocation
ConvexDatabase & backend
EU (Ireland)
ClerkAuthentication
USA
VercelHosting & CDN
Global (edge)
ResendTransactional email
USA
OpenRouterAI (MiniMax 2.5)
USA
EU hosted
US hosted

6. Your Rights (GDPR)

If you are in the UK or EU, you have the following rights. To exercise any of these, email privacy@monospace.page. We will respond within 30 days.

Right of Access

Request a copy of your personal data.

Right to Rectification

Correct inaccurate data.

Right to Erasure

Request deletion of your data ("right to be forgotten").

Right to Portability

Receive your data in a machine-readable format.

Right to Restriction

Limit how we process your data.

Right to Object

Object to processing based on legitimate interest.

Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

7. Cookies

Monospace uses zero tracking cookies. We use only essential session cookies required for authentication (managed by Clerk). No advertising cookies, no analytics cookies, no third-party tracking pixels.

Essential Cookies

Required

Authentication session cookies set by Clerk.

Tracking Cookies

None

We use no third-party tracking cookies.

Advertising Cookies

None

We do not use advertising networks.

8. Data Retention

Account DataWhile account is active

Deleted within 30 days of account deletion.

Analytics DataIndefinite

Anonymised, aggregate analytics data may be retained indefinitely.

BackupsUp to 90 days

Encrypted backup copies may persist for up to 90 days after deletion.

9. Children's Privacy

Monospace is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Your primary data is stored in the EU. Some sub-processors (Clerk, Resend, OpenRouter) operate from the USA. These transfers are protected by Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework.

Primary Storage

EU (eu-west-1) via Convex

Transfer Safeguards

SCCs & EU-US Data Privacy Framework

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any privacy-related questions or requests: