Privacy Policy
Last updated: April 2025. We value your privacy. This policy explains exactly what data we collect, why, and how we protect it.
1. Who We Are
Montu is operated by Heracleon Group, based in 6 October City, Egypt. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our platform at montuai.com. For privacy-related questions, contact us at omar@heracleon.com.
2. Information We Collect
We collect the following information when you create an account or use the Service: • Account information: your full name, business email address, and a securely hashed version of your password. • Business information: your store or website URL, content plan details, and performance data associated with your account. • Usage data: pages visited, dashboard interactions, and session duration — collected via server-side logs only. • Billing information: payment transactions are handled entirely by Paddle. We receive only a confirmation of successful payment and your subscription tier. We never see or store your credit card number, billing address, or other financial data.
3. How We Use Your Information
We use your information to: • Provide and operate the Service, including your client dashboard and content delivery. • Authenticate your identity and maintain your session securely. • Send transactional communications such as billing confirmations and service updates. • Improve the quality of our automation pipelines based on aggregated, anonymized performance data. • Comply with legal obligations. We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Where We Store Your Data
Your account data (name, email, hashed password, plan information) is stored in Airtable, a cloud database operated by Formagrid Inc. Airtable servers are located in the United States. By using the Service, you consent to the transfer of your data to this location. We apply Airtable's access controls and API key security to protect your data at rest and in transit (HTTPS).
5. Cookies and Tracking
We use a single session cookie to keep you logged in to the dashboard. This cookie is strictly necessary for the Service to function and is not used for advertising or cross-site tracking. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts. See our Cookie Policy for full details.
6. Third-Party Services
To deliver the Service, we use the following third-party providers who may process your data: • Airtable — database storage for account and plan data. • Paddle — payment processing. Paddle is a Merchant of Record and handles all billing data independently under their own privacy policy. • Vercel — hosting and infrastructure for the montuai.com platform. • n8n — workflow automation for content pipeline processing (self-hosted). Each provider is bound by their own privacy and data security policies.
7. Data Retention
We retain your account data for as long as your account is active. If you cancel your subscription, your account data is retained for 90 days to allow for re-activation, after which it may be deleted on request. Content produced for your account is yours and is not deleted by us — it remains in the delivery location (your site or Google Drive) unless you remove it.
8. Your Rights
You have the right to: • Access the personal data we hold about you. • Request correction of inaccurate data. • Request deletion of your account and associated personal data. • Object to the processing of your data in certain circumstances. To exercise any of these rights, email omar@heracleon.com. We will respond within 30 days.
9. Data Security
We take reasonable technical and organizational measures to protect your data, including: • HTTPS encryption for all data in transit. • Bcrypt hashing for stored passwords (we never store plaintext passwords). • API key authentication for all Airtable access. • Vercel's enterprise-grade infrastructure security. No system is completely secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.
10. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at omar@heracleon.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to your registered address at least 14 days before taking effect. The "last updated" date at the top of this page will always reflect the most recent revision.
12. Contact
For any privacy-related questions or requests, contact us at: omar@heracleon.com — Heracleon Group, 6 October City, Egypt.
Questions? Email us at omar@heracleon.com