Privacy Policy

1. Data Controller

DEPLOYALO SA DE CV (hereinafter "the Company"), a company incorporated under the laws of Mexico, is the data controller responsible for the processing of personal data you provide through the MONO platform (accessible at mono.chat), in compliance with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations.

For any matter related to this Privacy Policy, you may contact us at: privacidad@mono.chat.

2. Personal Data Collected

To provide our services, we collect the following categories of personal data:

Identification Data

• Full name
• Email address
• Phone number (required for WhatsApp integration)

Service Usage Data

• Messages sent and received through the platform
• Shared files (documents, images, voice notes)
• Conversation history with the AI assistant
• User settings and preferences

Technical Data

• IP address and connection data
• Device type and operating system
• Platform access and usage logs
• Billing data processed through Stripe

3. Purposes of Data Processing

Primary Purposes

• Providing the AI personal assistant service through WhatsApp, Telegram, and Discord
• Creating and managing your user account
• Processing your messages to generate AI-powered responses
• Managing the secure storage of your data on your private virtual server (VPS)
• Processing payments and managing your subscription
• Providing technical support

Secondary Purposes

• Improving and optimizing our services
• Sending communications about service updates
• Generating aggregated and anonymized usage statistics

If you do not wish your personal data to be processed for secondary purposes, you may notify us at privacidad@mono.chat.

4. Data Security and Storage

Protecting your data is our top priority. We implement military-grade security architecture:

Zero-Knowledge Architecture

MONO operates under a zero-knowledge model. This means that even we, as platform operators, do not have the technical ability to access the contents of your data. Your information is encrypted before being stored, and only you hold the key to decrypt it.

AES-256-GCM Encryption

All messages, files, and stored data are encrypted using the AES-256-GCM standard (Advanced Encryption Standard with Galois/Counter Mode), the same level of encryption used by government agencies and financial institutions worldwide.

PBKDF2 Key Derivation

Your data encryption key is derived from your password using the PBKDF2 algorithm (Password-Based Key Derivation Function 2) with 600,000 iterations. This derived key is never stored on our servers, ensuring that only you can decrypt your information.

Private Virtual Server (VPS)

Each user has a dedicated private virtual server exclusively assigned to their account. Your data is never commingled with other users' data, providing an additional layer of isolation and security.

5. Data Sharing with Third Parties

To operate the service, we share data with the following third parties:

Cloudflare

We use Cloudflare for infrastructure services, content delivery network (CDN), and attack protection. Cloudflare may process connection data (IP address, HTTP headers) as part of its normal operations.

OpenAI and Anthropic (AI Processing)

Your messages are sent to artificial intelligence providers (OpenAI and/or Anthropic) to generate assistant responses. These providers process the content of your messages solely to generate responses and are subject to their respective privacy policies and commitments not to use data for model training under their business plans.

Stripe (Payment Processing)

Payments are processed through Stripe, a PCI DSS Level 1 certified payment platform. MONO does not store credit card data or financial information directly; all such information is managed exclusively by Stripe.

6. Data Retention and Deletion

Your personal data is retained for as long as your account remains active and you maintain an active subscription.

Upon cancellation of your subscription, all your data is permanently and irreversibly deleted at the end of the billing period. We employ a process of cryptographic deletion: by destroying the encryption key, all encrypted data becomes mathematically unrecoverable, even if the encrypted data were to temporarily persist on storage media.

Billing data may be retained for the period required by applicable Mexican tax regulations.

7. Your Data Rights (ARCO Rights)

In accordance with the LFPDPPP, you have the right to:

• Access: Know what personal data we hold about you and how we process it.
• Rectification: Request correction of your personal data when it is inaccurate or incomplete.
• Cancellation: Request deletion of your personal data from our records.
• Opposition: Object to the processing of your personal data for specific purposes.

To exercise any of these rights, send your request to privacidad@mono.chat including:

• Full name of the data subject
• Email address associated with your MONO account
• Clear description of the right you wish to exercise
• Documents verifying your identity or legal representation of the data subject

We will respond to your request within a maximum of 20 business days from the date of receipt.

8. Data Portability

You have the right to request the portability of your personal data in a structured, commonly used, and machine-readable format. To exercise this right, send your request to privacidad@mono.chat.

9. Cookies

MONO uses only strictly necessary session cookies for the operation of the service. We do not use tracking cookies, advertising cookies, or third-party analytics.

Session cookies are automatically deleted when you close your browser or when the session expires.

10. Children's Privacy

MONO is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will promptly delete such information. If you believe that a child has provided personal data to MONO, please contact us at privacidad@mono.chat.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any material changes will be notified through the platform or by email at least 30 days in advance. The current version will always be available at mono.chat/en/privacy.

12. Regulatory Authority

If you believe your right to personal data protection has been violated by any conduct on our part, you may file a complaint with Mexico's National Institute for Transparency, Access to Information, and Personal Data Protection (INAI). For more information, visit www.inai.org.mx.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at:

• Company: DEPLOYALO SA DE CV
• Email: privacidad@mono.chat
• Website: mono.chat