Legal

Privacy policy

Last Updated: February 01, 2026

This Privacy Policy ("Privacy Policy") applies to the collection, use, processing, and disclosure of Personal Data/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as "Personal Data") when visitors and Customers (collectively "Users") access https://monograph.com (the "Site") and/or the related applications (collectively the "Platform"). This Privacy Policy does not apply to any Personal Data that we process on behalf of our customers through their use of our Services ("Customer Data"). Our customers' respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy.

The Platform is owned and operated by Monograph Inc. a Delaware C-Corporation company ("Company," "we," "us," or "our") with offices in the United States. Company collects Personal Data from its Users and processes, transfers and stores data within the United States. By using our Site, you consent to the collection, use and disclosure practices identified in this Privacy Policy.

All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in Company's Terms of Service. We may update this Privacy Policy from time to time in our sole discretion, so we encourage you to review the policy regularly. If we update the Privacy Policy, we'll let you know by posting the updated policy on our website, and/or we may send other communications.

1. What Information Is Collected by Company And How Is It Used?

Personal Data You Provide to Us Directly

Account Creation Information: When you sign up for a Subscription Services plan, Users may be asked to enter Customer's name and email address. Profiles for Subscription Services accounts will also require a Customer's mailing address, phone number, company, job title, and other company-related details to facilitate purchase of the products and the provision of services. Paid Subscription Services plans will additionally require payment debit and/or credit card or other third party payment processing information to process payments on the Platform. Emails submitted may also be utilized to (i) provide information regarding our services; and/or (ii) communicate material changes to our Terms of Service and Privacy Policy. Email Addresses: Users may optionally provide their email address to subscribe to our newsletters or to obtain additional information regarding our products and services. Users may unsubscribe at any time through the opt-out link contained within those communications. Purchases: Company may collect Personal Data and details associated with your purchases, including payment information. Any payments made via our Platform are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details). Your Communications with Us: Company and our service providers may collect the information you communicate to us, such as through email or our web chat tool. Surveys: We may contact you to participate in surveys. If you decide to participate, we may collect Personal Data from you in connection with the survey. Business Development and Strategic Partnerships: We may collect Personal Data from individuals and third parties to assess and pursue potential business opportunities. Job Applications: If you apply for a job with us, we will collect any Personal Data you provide in connection with your application, such as your contact information and CV.

Personal Data Collected Automatically

Device Information: Company may collect Personal Data about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information). Usage Information: Company may collect Personal Data about your use of the Platform, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Platform.

Personal Data Collected from Third Parties

Company may collect Personal Data about you from third parties. For example, if you access the Platform using a Third-Party Service (defined below), we may collect Personal Data about you from that Third-Party Service that you have made available via your privacy settings. In addition, Company customers may upload or otherwise provide Personal Data about others including, but not limited to, customers and employees. Cookies: Company, as well as third parties, may use cookies, pixel tags and other technologies to automatically collect Personal Data through your use of the Platform. As described in Section 2, Company also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set their browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the Site itself. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union ("EU") based Your Online Choices. Please be advised, however, that some Platform features/services may not function properly without cookies.

2. How We Use Personal Data

We collect Personal Data that you provide to us, Personal Data we collect automatically when you use the Platform, and Personal Data from third-party sources, as described below.

Service Providers

Company may disclose Personal Data to third-party service providers that assist us with the operation of the Platform. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services.

Hosting Services

Personal Data collected is shared with its website hosting partners, Amazon Web Services and Heroku, to facilitate its cloud hosting services.

Image Processing

Company integrates API's from imgIX to facilitate image processing and manipulation capabilities of content imported into the Platform as part of the Subscription Services. Personal Data contained within those documents is accessible to imgIX.

Customer Communications

Company utilizes SendGrid and Hubspot to send transactional and marketing related emails to our Customers.

Credit or Debit Card Information

Company does not itself store debit or credit card information on its servers. Company offers Stripe as a third-party payment processor to process purchases made through the Platform.

Intercom

Intercom, Inc., a third-party analytics service, is utilized to help Company understand the use of our Services and to communicate with Users by sending service-related notifications.

Customer Service – Error Tracking

Company utilizes Rollbar for services-related error monitoring, error notifications and de-bugging purposes.

Google Analytics

Company uses Google Analytics as a web analytics tool to track user behavior on its marketing Site. Google Analytics collects anonymized information as explained in its Privacy Policy. However, if you do not want Google Analytics to track your behavior on the Platform, you may opt-out by installing Google Analytics Opt-out Browser Add-on.

MixPanel

Google Analytics: Company uses Google Analytics as a web analytics tool to track user behavior on its marketing Site. Google Analytics collects anonymized information in accordance with its Privacy Policy. However, if you do not want Google Analytics to track your behavior on the Platform, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
MixPanel: Company utilizes MixPanel for tracking user-driven events in the web application. MixPanel collects information in accordance with its MixPanel Privacy Policy. You can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.

Third-Party Services You Share or Interact With

The Platform may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a "Third-Party Service"). Users may follow Company and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites. Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. You acknowledge that if you choose to use this feature, your friends, followers and subscribers on these third-party services or platforms will be able to view such activity. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services. The use of the information by such social networking websites will be governed by their privacy policies, and we do not control their use of the shared data. Users should click on the applicable Privacy Policies to review for more detail about information collected from these services.

Business Partners

Company may share your Personal Data with business partners to provide you with a product or service you have requested. Company may also share your Personal Data with business partners with whom we jointly offer products or services. Once your Personal Data is shared with our business partner, it will also be subject to our business partner's privacy policy. We are not responsible for the processing of personal information by our business partners.

Our Customers

If a Company customer uses the Platform to communicate, or manage its communications, with its customers, Company may share the Personal Data about these customers that is processed via the Platform with the Company customer. This may include, but is not limited to, Personal Data that the Company customer has uploaded itself to the Platform. In cases where you use the Platform as an employee, contractor, or other authorized user of a Company customer, that customer may access information associated with your use of the Platform including usage data and the contents of the communications and files associated with your account. In either scenario, personal information provided to the Company customer may also be subject to the Company customer's privacy policy. We are not responsible for the Company customer's processing of your Personal Data.

Affiliates & Advertising Partners

Affiliates: Company may share your Personal Data with our corporate affiliates. Advertising Partners: Company may share your Personal Data with third-party advertising partners. These third-party advertising partners may set cookies, pixels and other tracking tools on our Platform to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as "interest-based advertising", "personalized advertising", or "targeted advertising." Third Party APIs: Company may offer Customers the ability to integrate third party services (such as accounting applications) within the Platform via third party API's. Such integration will require Customers to specifically authorize Company's access. When authorized to access, Company will store a set of tokenized credentials to use with such third party API and exchange applicable data necessary to enhance features and functionality of the Subscription Services available to Customer. In addition, Customers have the option to use Stripe Connect to invoice and manage their payment options and processes with their end customers or clients, vendors or other parties. For more information on its data collection and use practices of these payment processors, please review Stripe's Privacy Policy. Other Potential Third-Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Company is involved in a merger, acquisition, or sale of all or a portion of its assets or similar corporate transaction, your Personal Data may be disclosed, sold, or transferred as a part of such transaction, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies, (4) protect your, our, or others' rights, property, or safety, (5) enforce our policies, contracts, or agreements with you; (6) collect amounts owed to us, and/or (7) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.

3. Is Information Collected By Or Disclosed To Third Parties?

Company discloses Personal Data to third parties for a variety of business purposes, including to provide the Platform, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. Company does not sell, trade, rent, or lease Personal Data to any third parties.

4. Children's Personal Data

We will retain account and purchase data as long as it is necessary to facilitate Customer's access and use of the Subscription Services. When a Customer's account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as Company determines such data is commercially necessary for its legitimate business interests.

5. How Long Does Company Retain Personal Data Collected?

We use Personal Data for a variety of business purposes, including to operate the Platform, for administrative purposes, and to provide you with marketing materials, as described below.

Operate the Platform: Company uses Personal Data to fulfill our contract with you and operate the Platform, such as: managing your information; providing access to certain areas, functionalities, and features of the Platform; answering requests for support; communicating with you; sharing Personal Data with third parties as needed to provide and operate the Platform; processing your financial information and other payment methods for products and services purchased; processing applications if you apply for a job we post on our Site; and allowing you to register for events.

Administrative Purposes: Company uses Personal Data for various administrative purposes, such as: pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention; detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity; carrying out analytics; measuring interest and engagement on the Platform; training and refining our algorithms and models; improving, upgrading, or enhancing the Platform; developing new products and services; creating de-identified and/or aggregated information (if we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws); ensuring internal quality control and safety; authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy; debugging to identify and repair errors with the Platform; auditing relating to interactions, transactions, and other compliance activities; enforcing our agreements and policies; and carrying out activities that are required to comply with our legal obligations.

Marketing: Company may use Personal Data to tailor and provide you with marketing and other content. Company may provide you with these materials as permitted by applicable law. If you have any questions about our marketing practices, you may contact us at any time as set forth in "Contact Us" below.

With Your Consent or Direction: Company may use Personal Data for other purposes that are clearly disclosed to you at the time you provide Personal Data, with your consent, or as otherwise directed by you. Automated Decision Making: Company may engage in automated decision making, including profiling. If you have questions about our automated decision making, you may contact us as set forth in "Contact Us" below.

6. Specific Information for California Residents

California law permits California-resident Customers to request and obtain from Company once a year, free of charge, certain information about their Personally Identifiable Information ("PII") (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided and include the email address associated with your account and a statement that you reside in California. We will make sure that the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from our systems. To request any other changes or information about our collection, use or disclosure of your information, please email us at legal@monograph.com.

7. What Is Company's Security Policy?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.

In addition, Company utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber's Personal Data. Subscribers should review Stripe's Security Policy for more information on their security practices. For information relating to data stored by Amazon Web Servers, please see the AWS Cloud Security Policy for more information on its security practices.

8. How Does The Platform Respond To "Do Not Track" Signals?

Third parties may keep track of your browsing activities across third party websites. California Business & Professions Code Section 22575(b) provides that California residents are entitled to know how we respond to "Do Not Track" browser signals. Certain web browsers enable users to activate a "Do Not Track" signal but at present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.

9. International Transfers of Personal Data

All Personal Data processed by Company may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.

10. Contact Us

If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Monograph Inc. at 548 Market St PMB 87085, San Francisco, California 94104 and/or at legal@monograph.com.

CREDIT OR DEBIT CARD INFORMATION

Company does not itself store debit or credit card information on its servers. Company offers Stripe as a third party payment processor to process purchases made through the Platform. For more information on its data collection and use practices of these payment processors, please review Stripe's Privacy Policy.

INTERCOM

Intercom, Inc., a third party analytics service, is utilized to help Company understand the use of our Services and to communicate with Users by sending service-related notifications. Information is collected pursuant to Intercom's Privacy Policy.

CUSTOMER SERVICE – ERROR TRACKING

Company utilizes Rollbar for services-related error monitoring, error notifications and de-bugging purposes. Customer information is processed in accordance with Rollbar's Privacy Policy.

ANONYMOUS DATA – ANALYTICS

Google Analytics: Company uses Google Analytics as a web analytics tool to track user behavior on its marketing Site. Google Analytics collects anonymized information in accordance with its Privacy Policy. However, if you do not want Google Analytics to track your behavior on the Platform, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
MixPanel: Company utilizes MixPanel for tracking user-driven events in the web application. MixPanel collects information in accordance with its MixPanel Privacy Policy. You can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.

SHARING SERVICES

Users may follow Company and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable Privacy Policies to review for more detail about information collected from these services.

THIRD PARTY APIS

Company may offer Customers the ability to integrate third party services (such as accounting applications) within the Platform via third party API’s. Such integration will require Customers to specifically authorize Company’s access. When authorized to access, Company will store a set of tokenized credentials to use with such third party API and exchange applicable data necessary to enhance features and functionality of the Subscription Services available to Customer.

THIRD PARTY SERVICES – INTERNAL USE

We may share Personal Data with third parties who provide services on our behalf for purposes such as accounting, facilitating the exchange of data between Company’s employees, internal reporting purposes, etc. We enter into contracts with such third parties regarding such services to ensure Personal Data is handled consistent with Company’s Privacy Policy and applicable law.

OTHER POTENTIAL THIRD PARTY DISCLOSURES

Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Company is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.

3. HOW DOES COMPANY COMPLY WITH THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT AND GDPR REGULATIONS RELATING TO CHILDREN?

The Platform is not directed to children under 18. Only persons aged 18 or older are authorized to subscribe to the Subscription Services and we do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without parental consent, he or she should contact Company at legal@monograph.com.

4. HOW LONG DOES COMPANY RETAIN PERSONAL DATA COLLECTED?

We will retain account and purchase data as long as it is necessary to facilitate Customer’s access and use of the Subscription Services. When a Customer’s account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as Company determines such data is commercially necessary for it legitimate business interests.

5. EU GENERAL DATA PROTECTION REGULATION (“GDPR”) NOTICES

6. YOUR CALIFORNIA PRIVACY RIGHTS

7. WHAT IS COMPANY’S SECURITY POLICY?

In addition, Company utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices. For information relating to data stored by Amazon Web Servers, please see the AWS Cloud Security Policy for more information on its security practices.

8. HOW DOES THE PLATFORM RESPOND TO “DO NOT TRACK” SIGNALS?

“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.

If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii) add a banner/notification to the Platform itself. Express consent will be obtained when required for any material changes in Company’s collection and use practices.

10. CONTACT US

If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103 and/or at legal@monograph.com.