Privacy Policy

MonkMode ("we", "us", "our") is operated by MonkMode AI Pty Ltd, an Australian company. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our web application at monkmodeai.com (the "Service"). We are committed to compliance with the Australian Privacy Act 1988 (Cth) and its Australian Privacy Principles (APPs), and, to the extent applicable, the EU General Data Protection Regulation (GDPR) 2016/679.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Selfie Images (Biometric-adjacent data)

When you upload a selfie, the image is transmitted over an encrypted connection (TLS 1.3) to our AI analysis service. We do not store your raw selfie image on our servers after analysis is complete. The image is processed in memory, the structured analysis result (face shape, skin tone, hair traits, etc.) is returned to your browser, and the image is discarded. We do not build facial recognition databases, biometric templates, or persistent facial embeddings from your images.

1.2 Account Information

If you create an account, we collect your name, email address, and a hashed (bcrypt) password. We never store plaintext passwords. If you sign in with Google, we receive your name, email, and Google profile ID from Google's OAuth service.

1.3 Analysis Results

Your analysis results (score, trait classifications, improvement recommendations) may be stored in our database associated with your account to power the My History feature. You can delete this data at any time by contacting us at [email protected].

1.4 Payment Information

Payments are processed by Stripe, Inc. We never see or store your full card number, CVV, or expiry date. We store only your Stripe Customer ID for subscription management purposes. Stripe's privacy policy is available at stripe.com/privacy.

1.5 Usage Data

We collect anonymised usage analytics (page views, feature interactions) via Umami Analytics, a privacy-focused, cookie-free analytics platform. No personally identifiable information is collected through analytics. We do not use Google Analytics or Meta Pixel.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service
• Generate your personalised appearance analysis and recommendations
• Manage your account and subscription
• Send transactional emails (account confirmation, password reset, receipt)
• Respond to your support requests
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising profiling or share it with data brokers.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, our legal bases for processing personal data are:

• Contract performance — processing necessary to provide the Service you have requested (Art. 6(1)(b) GDPR)
• Legitimate interests — anonymised analytics and service improvement (Art. 6(1)(f) GDPR)
• Legal obligation — retaining transaction records as required by law (Art. 6(1)(c) GDPR)
• Consent — where you have explicitly consented to optional processing

4. Data Retention

Account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial records required under the Corporations Act 2001 (Cth) are retained for 7 years). Selfie images are never retained beyond the duration of a single analysis request (typically under 30 seconds).

5. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest for database storage, bcrypt password hashing, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

7. Your Rights

Under the Australian Privacy Act and GDPR, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Data portability — receive a copy of your data in a machine-readable format (GDPR)
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is consent-based
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or with your local EU supervisory authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, requests, or complaints, contact our Privacy Officer at: