Privacy Policy
Last updated: March 2026
This privacy policy explains how Monopigi ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at monopigi.com and our API services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Greek data protection law.
1. Data Controller
The data controller responsible for your personal data is:
Monopigi
The Netherlands, European Union
Email: info@monopigi.com
2. What Data We Collect
We collect and process the following personal data:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | To issue and manage your API key, and to contact you about your account or service changes | Contract performance (Art. 6(1)(b) GDPR) |
| API key hash | To authenticate your API requests. We store a cryptographic hash, not the plain-text key | Contract performance (Art. 6(1)(b) GDPR) |
| API usage logs (endpoint, timestamp, API key hash) | To enforce rate limits, monitor service health, prevent abuse, and generate usage statistics | Legitimate interest (Art. 6(1)(f) GDPR) |
| Payment information | To process payments for paid plans. Payment data is handled entirely by Stripe; we do not store card numbers or bank details | Contract performance (Art. 6(1)(b) GDPR) |
We do not collect any special categories of personal data. We do not use analytics or tracking cookies on our website. We do not create user accounts beyond an email address linked to an API key.
3. How We Use Your Data
We use your personal data exclusively for the following purposes:
- Providing and maintaining the Monopigi API service
- Authenticating API requests and enforcing rate limits
- Processing payments for paid subscription plans
- Communicating with you about service updates, security notices, or changes to your account
- Monitoring and improving service performance and reliability
- Complying with legal obligations
We do not sell your personal data. We do not use your data for profiling, automated decision-making, or marketing purposes.
4. Cookies and Tracking
Our website does not use cookies, tracking pixels, or any form of analytics tracking. We do not use third-party advertising or marketing tools.
5. Data Retention
We retain your personal data for as long as necessary to provide our services:
- Email address and API key hash — retained for the duration of your use of the service. If you request deletion, we will erase this data within 30 days.
- API usage logs — retained for 90 days for operational purposes, then automatically deleted.
- Payment records — retained as required by applicable tax and accounting law (typically 7 years under Dutch law).
6. Third-Party Processors
We share your personal data with the following third-party service providers, all of which process data in compliance with GDPR:
Stripe
Stripe processes payments on our behalf. When you subscribe to a paid plan, Stripe receives your payment details (card number, billing address) directly. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy.
Cloudflare
Our website is hosted on Cloudflare Pages. Cloudflare may process your IP address and request metadata for the purpose of delivering web pages and providing DDoS protection. See Cloudflare's privacy policy.
Scaleway
Our API backend and database are hosted on Scaleway in France (EU). Scaleway acts as a data processor for all data stored in our infrastructure. See Scaleway's privacy policy.
7. International Data Transfers
Your personal data is stored and processed entirely within the European Union. Our API infrastructure is hosted on Scaleway in France, and our website is served from Cloudflare's network, which includes EU edge locations.
Stripe may transfer payment data to the United States. Stripe relies on Standard Contractual Clauses (SCCs) and additional safeguards to ensure an adequate level of data protection. We do not otherwise transfer your personal data outside the EU/EEA.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct inaccurate or incomplete data.
- Right to erasure — You can ask us to delete your personal data ("right to be forgotten").
- Right to restriction — You can ask us to restrict the processing of your data in certain circumstances.
- Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
- Right to object — You can object to processing based on our legitimate interests.
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please email us at info@monopigi.com. We will respond to your request within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest
- API keys stored as cryptographic hashes, never in plain text
- Access controls limiting who can access personal data within our systems
- Regular review of our security practices
10. Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for the Netherlands is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Bezuidenhoutseweg 30, 2594 AV The Hague, The Netherlands
Phone: +31 70 888 8500
Website: www.autoriteitpersoonsgegevens.nl
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
12. Contact Us
If you have any questions about this privacy policy or our data practices, please contact us:
Email: info@monopigi.com