Privacy Policy
Last updated: April 2025. We value your privacy. This policy explains exactly what data we collect, why, and how we protect it.
1. Who We Are
Montu is operated by Heracleon Group. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our marketing automation platform at montuai.com. For privacy-related questions, contact us at contact@montuai.com.
2. Information We Collect
We collect the following information when you create an account or use the Service: • Account information — your full name, business email address, and a securely hashed version of your password. • Business information — your store or website URL, brand profile, target audience, content plan details, and performance data tied to your account. • Site data — results from the automated audits, sitemap crawls, keyword research, and competitor analysis we perform on your domain. • Connected account tokens — when you connect WordPress, Shopify, WooCommerce, a custom CMS, Facebook, Instagram, X, LinkedIn, or TikTok, we securely store the access tokens needed to publish on your behalf. We never store your social account passwords. • Generated content metadata — references to articles, products, social posts, and design assets we have produced for you, kept so you can manage your library inside the dashboard. • Usage data — pages visited, dashboard interactions, and session duration, collected via server-side logs only. • Billing information — payment transactions are handled entirely by Paddle (our Merchant of Record). We receive only a confirmation of successful payment and your subscription tier. We never see or store your card number, billing address, or other financial data.
3. How We Use Your Information
We use your information to: • Provide and operate the Service, including the dashboard, content delivery, and Pilot orchestration. • Run audits, build keyword strategies, and generate content, social posts, and design assets based on the data you have provided. • Publish content to your connected websites and social channels on your behalf, on the schedule you have configured. • Authenticate your identity and maintain your session securely. • Send transactional communications such as billing confirmations and service updates. • Improve our automation pipelines based on aggregated, anonymized performance data. • Comply with legal obligations. We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Where We Store Your Data
Your account data (name, email, hashed password, plan information, brand profile, generated content metadata, and connected account tokens) is stored in a managed PostgreSQL database (Neon), hosted in the European Union. By using the Service, you consent to the transfer of your data to this location. Access is restricted via TLS-encrypted connections and credentials held only on our deployment infrastructure.
5. Cookies and Tracking
We use a single session cookie to keep you logged in to the dashboard. This cookie is strictly necessary for the Service to function and is not used for advertising or cross-site tracking. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts. See our Cookie Policy for full details.
6. Third-Party Services
To deliver the Service, we use the following third-party providers who may process your data: • Neon (managed PostgreSQL) — database storage for account, plan, and content metadata. • Vercel — hosting and infrastructure for the montuai.com platform. • Paddle — payment processing. Paddle is a Merchant of Record and handles all billing data independently under their own privacy policy. • Connected publishing destinations — WordPress, Shopify, WooCommerce, and custom CMSs that you authorize Montu to publish to on your behalf. • Connected social platforms — Meta (Facebook, Instagram), X, LinkedIn, and TikTok, where you authorize Montu to publish. • AI model providers — used to power generation pipelines for content, design, and analysis. We send only the operational context required for each task and do not transmit your account credentials. • n8n — workflow automation engine for content pipeline processing (self-hosted). Each provider is bound by their own privacy and data security policies.
7. Data Retention
We retain your account data for as long as your account is active. If you cancel your subscription, your account data is retained for 90 days to allow for re-activation, after which it may be deleted on request. Content produced for your account is yours and is not deleted by us — it remains in the delivery location (your site, store, or social channel) unless you remove it.
8. Your Rights
You have the right to: • Access the personal data we hold about you. • Request correction of inaccurate data. • Request deletion of your account and associated personal data. • Disconnect any connected platform at any time from the dashboard, which immediately revokes our publishing access. • Object to the processing of your data in certain circumstances. To exercise any of these rights, email contact@montuai.com. We will respond within 30 days.
9. Data Security
We take reasonable technical and organizational measures to protect your data, including: • HTTPS encryption for all data in transit. • Bcrypt hashing for stored passwords (we never store plaintext passwords). • Encrypted storage for connected account tokens. • TLS-encrypted database connections with credentials held only on our deployment infrastructure. • Vercel's enterprise-grade infrastructure security. No system is completely secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.
10. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at contact@montuai.com and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to your registered address at least 14 days before taking effect. The "last updated" date at the top of this page will always reflect the most recent revision.
12. Contact
For any privacy-related questions or requests, contact us at: contact@montuai.com.
Questions? Email us at contact@montuai.com