Legal

Privacy Policy

Last updated: December 29, 2025

1. Introduction

This Privacy Policy describes how Monito ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our browser debugging and bug reporting service, including the browser extension and web application at monito.dev (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile picture URL (if using OAuth authentication)
  • OAuth tokens and account information from authentication providers (GitHub)

2.2 Session and Authentication Data

  • IP address
  • User agent (browser and device information)
  • Session tokens and expiration times
  • Active organization membership

2.3 Subscription and Payment Information

  • Polar customer ID
  • Subscription tier and status
  • Trial period information

Note: Payment card details are processed directly by Polar and are not stored on our servers.

2.4 Debug Session Data

When you use the browser extension to record debugging sessions, we collect extensive data including:

Network Activity:

  • Complete HTTP/HTTPS requests and responses
  • Request and response headers
  • Request and response bodies
  • URLs, status codes, and timing information
  • WebSocket message types and frame data

User Interactions:

  • Click events with coordinates and DOM selectors
  • Keypresses and text input
  • Form submissions and values entered
  • Text selections
  • Mouse movements and scroll events

Console Output:

  • Console logs, warnings, and errors
  • Error stack traces
  • Severity levels and timestamps

Visual Data:

  • Screenshots of browser windows
  • Screen recordings (video)
  • Camera recordings (if enabled)

Navigation Data:

  • URLs visited
  • Page transitions and navigation timing
  • Frame identifiers and document identifiers

Device and Browser Information:

  • User agent string
  • Browser name, version, and engine
  • Operating system name and version
  • Device type, vendor, and model
  • CPU architecture
  • Screen resolution and device pixel ratio
  • Available memory and JavaScript heap size
  • Network connection type and speed
  • Supported browser features (WebGL, WebAssembly, etc.)
  • Touch device capability
  • Performance timing data

2.5 Organization and Team Data

  • Organization names and slugs
  • Organization logos and metadata
  • Team member roles and permissions
  • Team invitation data (email addresses, roles, status)

2.6 Analytics Data

We use Vercel Analytics to collect anonymous usage data on our website, including:

  • Page views
  • Navigation patterns
  • General performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Store and display debug sessions, enable bug reporting and sharing
  • Account Management: Create and manage your account, authenticate users
  • Payment Processing: Process subscriptions and handle billing through Polar
  • Communication: Send transactional emails (account confirmations, password resets, subscription updates) via SendGrid
  • AI Features: Process debug session data using OpenAI to provide AI-powered analysis and insights
  • Analytics: Understand how users interact with our website to improve the Service
  • Team Collaboration: Enable sharing of debug sessions within organizations
  • Legal Compliance: Comply with applicable laws and regulations

4. How We Store Your Information

4.1 Database Storage

Account information, session metadata, debug events, and organization data are stored in a PostgreSQL database.

4.2 File Storage

Screenshots, screen recordings, and network request/response payloads are stored in Cloudflare R2 (S3-compatible object storage).

4.3 Data Location

Your data may be transferred to and stored on servers located outside your country of residence, including in the United States and Europe.

5. Third-Party Services

We share your information with the following third-party services to provide and improve our Service:

5.1 Polar

Purpose: Payment processing and subscription management

Data shared: Customer ID, subscription information

Privacy Policy: https://polar.sh/legal/privacy

5.2 GitHub

Purpose: OAuth authentication

Data shared: Email, name, profile picture

Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

5.3 Vercel Analytics

Purpose: Website analytics

Data shared: Anonymous page views and navigation patterns

Privacy Policy: https://vercel.com/legal/privacy-policy

5.4 SendGrid

Purpose: Transactional email delivery

Data shared: Email addresses, email content

Privacy Policy: https://www.twilio.com/legal/privacy

5.5 OpenAI

Purpose: AI-powered features and analysis

Data shared: Debug session data for processing

Privacy Policy: https://openai.com/policies/privacy-policy

5.6 Cloudflare R2

Purpose: File storage for screenshots, recordings, and network payloads

Data shared: Files uploaded during debug sessions

Privacy Policy: https://www.cloudflare.com/privacypolicy/

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Account data: Retained until you delete your account
  • Debug session data: Retained for up to 1 year from creation, or until you delete the session
  • Payment records: Retained as required by law for tax and accounting purposes
  • Analytics data: Retained in anonymized form indefinitely

You may delete individual debug sessions or your entire account at any time through your account settings or by contacting us.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, or alteration:

  • Data encryption in transit (HTTPS/TLS)
  • Encrypted storage for sensitive data
  • Regular security audits
  • Access controls and authentication
  • Secure infrastructure provided by trusted cloud providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Your Rights (GDPR and Other Privacy Laws)

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Data Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at bartosz@monito.dev. We will respond to your request within 30 days.

If you are a European resident, you have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Cookies and Tracking

We use essential cookies for authentication and session management. Vercel Analytics may use cookies for analytics purposes. You can control cookies through your browser settings.

11. Public Sessions and Data Sharing

Important: When you mark a debug session as public, all data in that session becomes accessible to anyone with the session link. This includes network requests/responses, screenshots, console logs, and all other captured data.

You are solely responsible for ensuring that public sessions do not contain confidential, sensitive, or personally identifiable information.

When you join an organization, other members of that organization may access your debug sessions unless you explicitly mark them as private.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service.

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Europe. These countries may have data protection laws that differ from your jurisdiction.

By using the Service, you consent to the transfer of your information to these countries. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: bartosz@monito.dev