Privacy Policy

Last Updated: September 16, 2025

Introduction

Welcome to Monstera AI! Your trust is of the utmost importance to us. We are committed to protecting your personal privacy and data security using industry-leading security measures. This Privacy Policy is intended to explain in a clear and transparent manner how we collect, use, store, share, and protect your information when you use our services. Please read and understand this policy carefully before using our services.

1. Information We Collect

To provide and optimize our services, we collect the following types of information:

1.1. Information You Provide Directly

1.1.1. Account Information

When you register for a Monstera AI account, we collect your username (or nickname) and email address. Your password is a one-way hashed and stored, as detailed in Section 7.

1.1.2. Bot Configuration Information

When you create or configure an AI Bot instance (which we refer to as a "role"), you will provide the role's name, the target live-streaming platform, the channel/room ID, and, optionally, an AI nickname and Custom Prompts.

1.1.3. Platform Account Credentials

To enable your AI Bot to log in and operate on third-party platforms on your behalf, we store the platform account Cookies that you provide and authorize. We understand the extreme sensitivity of this information. Therefore, this data is encrypted at the application layer before being stored in our database. For details, please see Section 7, "Data Security."

1.1.4. Payment and Transaction Information

When you purchase a service plan or redeem a top-up code, we record your transaction history and account balance changes. Please note that your payment information, such as credit card details, is processed directly by third-party payment service providers. We do not store your full payment card information on our servers.

1.1.5. Contact Information

When you communicate with us via a contact form or email, we collect the information you provide.

1.2. Information We Automatically Collect When You Use Our Services

1.2.1. Device and Log Information

When you visit our website, we automatically record technical information including your IP address, browser type, operating system, access time, and your activity logs on our website. This information is mainly collected through Vercel (our hosting provider) and Cloudflare Turnstile (our human verification service) to ensure service security, conduct traffic analysis, and implement rate limiting.

1.2.2. Website Analytics and Performance Monitoring

To continuously improve the performance and content of our website, and to ensure you enjoy a fast, smooth, and useful browsing experience, we need to analyze anonymous, aggregated statistical data. We promise that all data collected in this category cannot be traced to an individual.

Purpose of Analysis

This statistical data is mainly used for the following purposes:

  • Service Optimization: Analyzing overall user traffic and sources (e.g., which country visitors are from) to optimize our infrastructure and service performance.
  • Content Improvement: Understanding which pages and features are most popular so we can focus our resources on the content that is most valuable to you.
  • Technical Compatibility: Tallying the types of browsers and devices used by visitors to ensure our website's compatibility and display effectiveness across different platforms.
Tools Used

The main tools we use are:

  • Vercel Analytics & Speed Insights: Used to collect anonymous, aggregated website traffic data and front-end performance metrics.
  • Google Analytics: Used for website traffic analysis only, with all advertising tracking features (such as ad personalization) disabled.

1.2.3. User Experience Improvement Program

To genuinely improve every detail of your experience with our service, we have established a 'User Experience Improvement Program,' for which Microsoft provides the technology support.

Program Goals

The program aims to achieve two core goals: first, to help us visually understand how users interact with pages, thereby discovering and improving potential inconveniences in the design; and second, when technical problems occur, to assist our engineers in reproducing and locating hard-to-track program errors (Bugs), in order to enhance the stability and reliability of the service.

Privacy Safeguards

We treat your privacy as our highest priority. All potentially sensitive information (such as text you type in forms, passwords, etc.) is automatically removed or obscured on your device before it is ever recorded, ensuring it is never sent.

Data Association Explained

To provide more effective support and personalized experiences, for logged-in users, we associate this 'desensitized' interaction data with an internal account identifier. For anonymous visitors, we use a random identifier within the browser to understand overall trends.

Our Promise

We solemnly promise that all data collected by this program is used solely for improving our products and services. It will never be used for advertising, nor will it ever be shared with third parties for marketing purposes.

Your Control

Your participation is completely voluntary. You can opt out of this program at any time through your account settings, and your choice will not affect your access to our services in any way.

1.3. Information Processed by Your AI Bot on Your Behalf

Core Principles

The AI Bot is an automated agent that works for you. The ownership and control of all live-stream data it processes (chat, audio, and video) remain with you. We only perform the necessary, real-time, automated technical processing required to deliver the service functions you have configured.

Purpose of Data Processing

The sole purpose of the Bot processing live-stream data is to understand the context of the live stream in real-time within memory to generate appropriate interactions based on your Custom Prompts (if configured to do so). For example, it will summarize recent chat messages and voice transcriptions before sending them to a Large Language Model for analysis.

Data Storage

We do not intend to permanently store live audio/video streams or chat logs, except where required by law or for technical necessity. These data streams are typically processed in memory in real-time and are discarded after use. We may temporarily and anonymously store data snippets or error logs from failed processes for debugging and service quality improvement.

Sharing with Third Parties

To enable AI functionality, your Custom Prompts and processed, anonymized summaries of live-stream content may be sent to the world-leading Large Language Model (LLM) service providers we partner with. We select our partners based on strict criteria, ensuring they meet the highest industry standards in both technical capability and data security.

2. How We Use Your Information

We use your information mainly for the following purposes:

  • Provide and maintain services: Create and manage your account, run the AI Bots you configure.
  • Process transactions: Process your plan purchases and top-up code redemption requests.
  • Personalize experience: Optimize and improve our services based on your usage and feedback.
  • Security protection: Prevent fraud, abuse, and protect the security of our services and other users, for example through rate limiting and human verification.
  • Communicate with you: Send you emails related to account verification, password reset, service updates, and customer support.

3. Who We Share Your Information With

We promise not to sell your personal information. We only share parts of your information with trusted third-party service providers in the following necessary circumstances:

Cloud Infrastructure and Hosting Providers

To host our website, store your account data, and ensure our services run efficiently and securely, we partner with top-tier cloud infrastructure service providers. This includes our website hosting, database storage, task queuing, and caching services. We select reputable partners with robust security measures to process and store your data.

Payment and Communication Services

  • Payment Gateway Providers: To process your payments.
  • Email Service Providers: To send necessary service-related emails.

Security and Verification Services

Security and Bot Abuse Prevention Providers: We use third-party services to protect our website from malicious bot attacks and to perform human verification.

Analytics and Experience Optimization Services

Analytics and Experience Optimization Service Providers: To improve our website and services, we share anonymous, aggregated, or desensitized data with partners who provide website traffic analysis, performance monitoring, and user experience analysis. We have described these activities in detail in Section 1.2.

Core AI Functionality Providers

  • Large Language Model (LLM) Service Providers: As described in Section 1.3, we share necessary processed data with them to provide AI functionality.

4. International Data Transfers

Our services are based on a global cloud infrastructure. Consequently, your personal information may be transferred to, stored, and processed on servers located outside of your country or region, where data protection laws may differ from those in your jurisdiction. Regardless of where your information is processed, we will handle it in accordance with this Privacy Policy and take necessary contractual and technical measures (such as Standard Contractual Clauses) to ensure your data is adequately protected.

5. Cookies and Similar Technologies

5.1. What Are Cookies?

Cookies are small text files that websites store on your device to remember information and your preferences as you browse.

5.2. Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the operation of our website and cannot be disabled. For example, we use cookies from NextAuth.js to maintain your login session.

Analytics and Performance Cookies

These cookies help us collect information about how visitors use our website, such as which pages are visited and for how long. We use this information to improve website functionality and performance. These cookies are essential for enabling the Website Analytics and User Experience Improvement Program activities described in detail in Sections 1.2.2 and 1.2.3.

5.3. Your Choices Regarding Cookies

We respect your privacy choices. When you first visit our website, you will see a cookie consent banner. You can use it to accept or reject non-essential analytics and performance cookies. You can change your preferences at any time via the "Cookie Settings" link in our website footer. Please note that disabling certain cookies may affect your ability to use some of our services properly.

6. Your Rights and Choices

You have control over your personal information:

Access and Correction: You can log into your profile page at any time to access and modify your information, such as your name.

Data Deletion: You can request the deletion of your account through our support channels. Upon receiving your request and verifying your identity, we will delete all personal information and configuration data associated with your account (unless otherwise required by law).

Unsubscribing from Emails: You can opt out of receiving our marketing emails at any time by using the unsubscribe link included in them.

7. Data Security

Your trust is paramount. We take data security seriously and have designed a multi-layered, Defense-in-Depth system to protect your information, ensuring that your core sensitive data remains secure even if some components are compromised.

7.1. Password Security

We use a salted hashing algorithm (bcrypt) to store your login password one-way encrypted. This means your original password is never stored in plain text in our database. Not even our internal engineers can see or recover your original password. In a worst-case scenario, if the database were accessed, an attacker would only obtain irreversible hash values.

7.2. Platform Account Credential Security

This is the core of our security design. Your third-party platform Cookies are encrypted using the AES-256-GCM algorithm with a high-strength application-layer key, which is stored independently from the database. This means that even if our database server were to be fully compromised, an attacker would only obtain meaningless encrypted gibberish and would be unable to access your original Cookies. Decryption operations are performed only in a strictly authenticated in-memory environment, thereby providing the maximum possible protection for your accounts on third-party platforms.

7.3. Security in Transit

We use industry-standard TLS/SSL to encrypt all network data transmissions between your browser and our servers, as well as between our services and third-party services, to prevent data from being intercepted or tampered with during transit.

7.4. Inter-Service Communication Security

All internal API calls between the microservices distributed across different servers in our system are protected using key-based message authentication codes (HMAC-SHA256). Each request includes a time-sensitive signature, effectively preventing request forgery, replay attacks, and unauthorized internal service access.

7.5. Regular Reviews

We regularly review our data collection, storage, and processing practices to ensure they align with the latest security standards and best practices.

8. Data Retention

We only retain your personal information for as long as necessary to achieve the purposes stated in this policy, unless laws and regulations require or allow us to retain it for a longer period.

  • As long as your account is active, we will keep your account information and configuration data.
  • When you request deletion of your account, we will securely delete your personal identity information within a reasonable time (e.g., 30 days), unless there are special circumstances.
  • To comply with financial and legal obligations (e.g., tax, accounting, or anti-fraud requirements), some transaction records may be retained for several years after your account is closed.
  • Please note that your data may be retained in our backup systems for a limited time until the backup cycle ends and the backup data is securely overwritten.

9. Children's Privacy

Our services are not directed to children under the age of 13.

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and discover that your child has provided us with personal information without your consent, please contact us immediately.

If we become aware that we have collected personal information from a child without parental or guardian consent, we will take steps to remove that information from our servers immediately.

10. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our services or updates to legal requirements, so please review it frequently.

For non-material changes (such as correcting typos or formatting adjustments), we will only update the "Last Updated" date at the top of this page.

If we make material changes to this policy, we will provide you with a clear notice before the changes take effect, through one or more of the following methods:

  • Posting a prominent notice on our website;
  • Sending a notification email to your registered email address;
  • Displaying an update prompt the next time you log in to our service.

Your continued use of our services after the changes take effect signifies your full acceptance of and agreement to the revised Privacy Policy.

11. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, please contact us via:

Email: [email protected]