Privacy Policy.

Information We Collect

We collect information you provide directly to us, including name, email address, and any other information you choose to provide when using our services.

We automatically collect certain information about your device when you use our website, including IP address, browser type, operating system, and usage data through standard server logs.

Categories of Information We Collect

We may collect the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (purchase history, products viewed)
• Internet or network activity (browsing history, interactions with our website)
• Geolocation data (derived from IP address)
• Inferences drawn from the above to create a profile

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your requests and transactions
• Send you technical notices and support messages
• Respond to your comments and questions
• Comply with legal obligations

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds under GDPR and UK GDPR:

• Contract Performance: Processing is necessary to fulfill our contract with you, including responding to inquiries, preparing quotes, delivering services, and managing projects
• Consent: You have given explicit consent for specific processing activities, such as receiving marketing communications or newsletters. You can withdraw consent at any time
• Legal Obligation: Processing is required to comply with legal obligations, such as tax laws, accounting regulations, and data protection requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as:
  • Improving our website and services
  • Security monitoring and fraud prevention
  • Internal analytics and business operations
  • Responding to legal claims or protecting our rights
  We always balance our legitimate interests against your rights and freedoms

Note for non-EEA/UK users:

Cookies & Tracking

We use minimal cookies and tracking technologies on our website. Here's what we use and why:

Essential Cookies:

• Session cookies: Temporary cookies that maintain your session as you navigate our site (e.g., remembering form inputs during your visit)
• Load balancing cookies: Technical cookies used by our hosting provider (Vercel) to ensure proper site functionality and performance

These essential cookies are necessary for the website to function properly and do not require your consent.

Analytics:

• We use basic analytics tools to understand how visitors use our website (pages visited, time spent, navigation patterns). This helps us improve our site and services
• Analytics data is anonymized and aggregated where possible

What We DON'T Use:

• Marketing or advertising cookies
• Third-party tracking cookies for behavioral advertising
• Social media tracking pixels (unless explicitly embedded in content you choose to view)
• Cross-site tracking technologies

Managing Cookies: You can control and delete cookies through your browser settings. Note that disabling essential cookies may affect site functionality. Most browsers allow you to:

• View and delete existing cookies
• Block third-party cookies
• Block all cookies (not recommended as it may break site functionality)
• Delete all cookies when you close your browser

For more information about cookies and how to manage them, visit allaboutcookies.org.

Third-Party Links and Services

Our service relies on third-party service providers to function (such as hosting, payment processors, and analytics) and may also contain links to external websites (External Links). This Privacy Policy only applies to Monoline and its direct services.

Use of Service Providers

We employ various third-party Service Providers (like hosting, analytics, and payment processors) to facilitate our operations. These providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.

• We use Vercel Blob for file storage, which is a secure storage bucket provided by our hosting company.

External Links and Your Responsibility

We may provide links to external websites for your convenience. When you click on these links, you will leave our site. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. If you follow an External Link, their rules apply. You should read their privacy policy if you have concerns about how they handle your data.

We do not endorse or make any representations about these external sites. If you interact with social media features or embedded content provided by other companies, those interactions are also governed by the policies of the company providing them.

International Transfers

Cross-Border Data: Monoline operates from New Zealand, but your information may be processed, stored, or accessed in countries outside your home jurisdiction, including:

• New Zealand: where Monoline is based and primary operations occur
• United States: where our hosting provider (Vercel), email service (Resend), and payment processors (Stripe) operate
• European Union: where some service providers may have data centers
• Other jurisdictions: where our service providers maintain infrastructure

Data Protection Standards: When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

Adequacy decisions

Service provider commitments:

Different countries have different data protection laws. By using our services, you acknowledge that your information may be transferred to and processed in countries with different privacy protections than your home country. We take steps to ensure your data remains protected regardless of where it is processed.

Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect your data:

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols
• Secure hosting: Our website is hosted on Vercel's secure infrastructure with industry-standard security practices
• Payment security: All payment processing is handled by a PCI-DSS compliant provider (Stripe) — we never store your full payment credentials
• Access controls: Access to your personal information is restricted to authorized personnel only on a need-to-know basis
• Secure file handling: Project files are stored securely and deleted according to our retention policy
• Regular monitoring: We monitor our systems for security threats and unauthorized access attempts

Security Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continually work to protect your information using industry-standard practices.

Breach Notification

In the unlikely event of a security incident that compromises your personal information (e.g., your contact details), we will take immediate steps to contain the issue and will notify affected individuals and relevant authorities (such as the New Zealand Privacy Commissioner) as required by applicable law, typically within the mandated timeframes.

Because we collect only limited personal information (primarily contact details you provide and standard server logs), we anticipate that any required notification would be limited in scope.

Data Retention

We retain your information only as long as necessary for the purposes outlined in this policy:

• Contact inquiries: deleted within 90 days after inquiry unless a project commences or you request to remain on our mailing list
• Active project data: retained for the duration of the project and up to 30 days after completion to allow for revisions or follow-up questions
• Project files: securely deleted within 30 days after project completion unless you request extended storage or we need to retain them for dispute resolution
• Payment and transaction records: retained for 7 years to comply with tax, accounting, and legal obligations (New Zealand, Australia, UK, EU, US requirements)
• Communications history: retained for up to 2 years for customer service and support purposes
• Server logs and analytics: typically retained for 90 days for security and performance monitoring, then automatically deleted

You can request early deletion of your information at any time by contacting us, subject to our legal and contractual obligations (such as tax record retention requirements).

Automated Decision-Making & Profiling

No Automated Decisions: We do not use automated decision-making processes that produce legal effects or similarly significantly affect you. All decisions regarding your projects, quotes, and services involve human review and judgment.

No Profiling: We do not engage in profiling activities (automated processing of personal data to evaluate, analyze, or predict your personal preferences, behavior, interests, or other characteristics).

Basic Analytics Only: While we use analytics tools to understand general website usage patterns, this data is used only for improving our services and is not used to make automated decisions about you or to create individual profiles.

Future Changes: If we ever introduce automated decision-making or profiling that significantly affects you, we will:

• Update this Privacy Policy and notify you of the changes
• Seek your explicit consent where required by law
• Provide information about the logic involved and the significance of such processing
• Give you the right to obtain human intervention, express your point of view, and contest the decision

Anonymous and Aggregated Data

We may collect, use, and share anonymous, de-identified, or aggregated data that does not identify you personally. This type of data is not considered personal information under applicable privacy laws.

What is Anonymous Data?

Anonymous data is information that has been processed to remove or obscure any identifiable information, making it impossible to reasonably link the data back to a specific individual. This includes data that has been stripped of names, email addresses, IP addresses, and other identifying characteristics.

What is Aggregated Data?

Aggregated data is information combined from multiple users or sources, presented in summary or statistical form. For example, "80% of users prefer feature X" or "average session duration is 5 minutes." This data does not identify individual users.

How We Use This Data

We may use anonymous and aggregated data for various purposes, including:

• Conducting research and development
• Creating reports and insights about service performance
• Benchmarking and industry analysis

Sharing Anonymous Data

We don’t share your information with anyone. The only data we ever see are what you send us directly and the usual anonymous server logs that every website quietly collects. That’s it — no tracking, no selling, no mysterious “partners.”

Your Privacy is Protected

We take appropriate technical and organizational measures to ensure that data is properly anonymized or aggregated before use or disclosure. Once data is anonymized, we cannot reverse the process to re-identify individuals, and you cannot opt out of our use of this data as it no longer relates to you personally.

California Privacy Rights (CCPA/CPRA)

CCPA/CPRA Rights Overview

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information, including the right to Know (access), Correct, and Delete your personal information.

No Sale or Sharing of Personal Information

We do not sell, share, or disclose your personal information to third parties for cross-context behavioral advertising or for monetary consideration, as those terms are defined under the CCPA and CPRA. Since we do not engage in these activities, we do not provide a "Do Not Sell or Share My Personal Information" link.

How to Exercise Your Rights

To exercise your right to Know, Correct, or Delete your personal information, you may:

• Email us at: ping@monoline.net
• Submit a request through our website contact form
• Call us at: [your phone number if applicable]

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf by providing written authorization.

Response Timeframe

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to 90 days total), we will inform you of the reason and extension period in writing, as required by law.

Marketing and Communication Preferences

We respect your communication preferences and will only send you marketing communications if you have given us permission to do so.

Types of Communications

With your consent, we may send you:

• Newsletters and updates about our services
• Promotional offers and special deals
• Product announcements and feature updates
• Industry news and educational content

Managing Your Preferences

You can opt out of receiving marketing communications at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email
• Updating your communication preferences in your account settings
• Contacting us directly at [your email]

Please note that even if you opt out of marketing communications, we may still send you transactional emailsrelated to your account or services you've requested.

Transactional Communications

We will continue to send you essential service-related communications (such as account notifications, password resets, order confirmations, and important service updates) regardless of your marketing preferences, as these are necessary for the operation of our services.

Processing Time

When you unsubscribe, we will process your request within 10 business days. You may receive communications that were already scheduled during this processing period.

Your Consent

By providing your email address and opting in to marketing communications, you consent to receive promotional materials from us. You can withdraw this consent at any time using the methods described above.

Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. We do not currently respond to DNT signals as there is no industry-wide standard for how to interpret and respond to these signals.

However, we minimize tracking on our site by design. See ourCookies & Trackingsection above for details on what we actually collect.

Children's Privacy

Age Restriction: Our services are not directed at, or intended for use by, children under the age of 16 (or under 13 in jurisdictions where that is the applicable age, such as the United States under COPPA).

We do not knowingly collect, use, or disclose personal information from children under these age thresholds. If you are under 16 (or 13, where applicable), please do not use our services or provide any personal information to us.

Parental Notice: If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at ping@monoline.net.

Our Response: If we become aware that we have inadvertently collected personal information from a child under the applicable age without proper parental consent, we will take immediate steps to delete that information from our systems as quickly as possible.

Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) in the United States, GDPR-K requirements in the EU/UK, and similar children's privacy laws in other jurisdictions where applicable.

Complaints and Dispute Resolution

We are committed to resolving any concerns you may have about how we handle your personal information. If you have a complaint or dispute regarding our privacy practices, we encourage you to contact us first so we can work to resolve the issue.

How to Make a Complaint

If you wish to make a complaint about our privacy practices, please contact us at:

• Email: ping@monoline.net

Please provide as much detail as possible about your complaint, including:

• Your contact information
• A description of the issue or concern
• Any relevant dates, communications, or documentation
• What outcome you are seeking

Our Response Process

When we receive your complaint, we will:

• Acknowledge receipt of your complaint within 5 business days
• Investigate the matter thoroughly and impartially
• Provide you with a written response within 30 days
• Explain our decision and any actions we will take
• Inform you of your right to escalate the complaint if you are not satisfied

If we need more time to investigate, we will inform you and provide an estimated timeframe for resolution.

Escalation to Regulatory Authorities

If you are not satisfied with our response, or if you prefer not to contact us directly, you have the right to lodge a complaint with the relevant data protection authority:

New Zealand Residents:

Office of the Privacy Commissioner
Website: www.privacy.org.nz
Phone: 0800 803 909
Email: enquiries@privacy.org.nz

European Union Residents:

You may contact your local data protection authority. A list of authorities is available at: edpb.europa.eu

California Residents:

Alternative Dispute Resolution

In some cases, we may offer alternative dispute resolution mechanisms, such as mediation or arbitration, to resolve privacy-related disputes. We will inform you if these options are available for your specific situation.

No Retaliation

We will not retaliate against you for making a good faith complaint about our privacy practices. Your decision to file a complaint will not affect your ability to use our services or result in any adverse action against you.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices or legal requirements.

Notification of Changes

When we make changes, we will update the "Last Updated" date at the top or bottom of this page and post the revised policy on our website.

For significant (material) changes that affect your rights, we will post a prominent notice on our website before the changes take effect.

Your Continued Use

By continuing to use our services after changes become effective, you acknowledge and agree to the updated terms. We encourage you to review this policy periodically.

Contact Us

• ping@monoline.net
• Business Address: Monoline, 13 14 Leigh Road, 0985 Matakana
  Jurisdiction: New Zealand

We are committed to resolving any privacy concerns promptly and in accordance with applicable privacy laws.