Mony
Home Pricing Blog

Privacy Policy

Last updated July 5, 2026

1. Scope of This Policy

Monycompany Inc. ("Mony," "we," "us," or "our") provides an AI agent that lives inside iMessage and SMS and connects to third-party apps you choose to link. This Privacy Policy describes how we collect, use, disclose, and safeguard information in connection with usemony.com and the Mony agent (together, the "Service"). It applies to everyone who texts Mony, creates an account, or visits our website. It does not apply to third-party apps you connect to Mony; their own privacy policies govern their handling of your data.

By using the Service, you acknowledge the practices described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account information. Your phone number, which we use to identify your account and verify your identity via a one-time passcode sent through our SMS provider, Twilio.

Message content. The content of messages you send to Mony over iMessage or SMS, and the responses Mony sends back, so the agent can carry on a conversation and remember context across sessions.

Connected app data. If you connect a third-party app (for example Spotify, Google Calendar, Google Drive, Notion, Gmail, Ticketmaster, Eventbrite, Yelp, OpenTable, Apple Maps, Apple Music, or Perplexity), we receive an OAuth authorization token and access the specific data needed to perform the actions you ask Mony to do, such as reading a calendar event, searching a note, or looking up a song or venue. We request only the scopes needed for the features you use, and never your password for those services.

Device and usage data. Device type and operating system, general location derived from your phone number's country (via carrier lookup), timestamps of messages, feature usage, and diagnostic/crash data.

Website data. If you visit usemony.com, we (and our analytics providers) may collect IP address, browser type, pages viewed, and referring URLs through cookies and similar technologies; see Section 7.

We do not intentionally collect sensitive categories of personal information such as government IDs, precise geolocation, health information, or biometric data, and we ask that you avoid sending us that kind of information in your messages to Mony.

3. Sources of Information

We collect information (a) directly from you, when you sign up, message Mony, or connect an app; (b) automatically, through your use of the Service; and (c) from the third-party platforms you choose to connect, via their OAuth authorization flow.

4. How We Use Information

  • Operate, maintain, and personalize the Mony agent and its responses.
  • Verify your account and send you service messages (like OTP codes).
  • Take actions on your behalf in apps you've connected, at your request.
  • Diagnose problems, prevent fraud and abuse, and keep the Service secure.
  • Improve our product, including how the agent understands and responds to requests.
  • Comply with legal obligations and enforce our Terms of Service.

5. Legal Bases for Processing (EEA / UK / Switzerland)

If you're located in the European Economic Area, the UK, or Switzerland, we process your personal data under the following legal bases:

  • Contract: to provide the Service you've requested, such as verifying your account or relaying a message.
  • Consent: where you affirmatively connect a third-party app or opt in to a specific feature; you may withdraw consent at any time.
  • Legitimate interests: to secure the Service, prevent fraud, and improve our product, balanced against your rights and expectations.
  • Legal obligation: where processing is required to comply with applicable law.

6. AI Processing

Mony uses third-party AI model providers, including Anthropic, to generate responses to your messages. Message content is transmitted to these providers solely to process your request, subject to our data processing agreements with them. We do not permit these providers to use your data to train their models outside the terms of those agreements. Because Mony's responses are generated by machine-learning models, they may occasionally be incomplete or inaccurate; see the AI-Generated Content Disclaimer in our Terms of Service.

7. Cookies & Tracking Technologies

usemony.com uses cookies and similar technologies (such as local storage) to keep the site functional, remember your preferences, and understand aggregate traffic patterns through analytics tools. You can control cookies through your browser settings; blocking them may affect site functionality. We do not currently respond to browser "Do Not Track" signals, as no common industry standard for interpreting them has been adopted.

8. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with:

  • Service providers who process data on our behalf, including Supabase (database and storage), Twilio (SMS/OTP delivery), Anthropic (AI processing), and our hosting and infrastructure providers, each bound by contractual confidentiality and data-protection obligations.
  • Connected app providers, only to the extent needed to carry out an action you requested.
  • Professional advisors such as lawyers and auditors, as needed.
  • Successors, in connection with a merger, acquisition, or sale of assets (see Section 17).
  • Legal or safety authorities, where required by law, subpoena, or court order, or to protect the rights, safety, or property of Mony, our users, or the public.

9. Data Retention

We retain account and message data for as long as your account is active, so Mony can maintain conversational context, plus a limited period afterward for backups, fraud prevention, and legal compliance. OAuth tokens for connected apps are retained until you disconnect the app or delete your account, at which point we revoke and delete them. You may request earlier deletion at any time (Section 12).

10. Data Security

We use industry-standard technical and organizational safeguards, including encryption in transit and access controls, to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Security Incident Notification

If we become aware of a security incident that compromises your personal information in a way that triggers a legal notification obligation, we will notify you and any required regulators in accordance with applicable law.

12. Your Privacy Rights

California Residents (CCPA/CPRA)

If you're a California resident, you have the right to: know what personal information we've collected about you and how it's used and shared; request deletion of your personal information; correct inaccurate personal information; and opt out of the sale or sharing of personal information (we do not sell or share personal information as defined by the CCPA). We will not discriminate against you for exercising these rights. To exercise a right, contact us at the email below, or have an authorized agent do so on your behalf; we may need to verify your identity before fulfilling a request.

EEA, UK & Switzerland Residents (GDPR)

You have the right to access, correct, or erase your personal data; restrict or object to processing; request data portability; and withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local data protection supervisory authority.

Other U.S. States

If you reside in a state with a comprehensive privacy law (such as Colorado, Connecticut, Virginia, or Utah), you may have similar rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising, sale, or certain profiling. We honor these rights consistent with the applicable law of your state.

Nevada Residents

Nevada law permits residents to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law; you may still submit a request to confirm this by contacting us below.

13. International Data Transfers

Mony is operated from the United States, and information we collect is processed and stored there. If you access the Service from outside the U.S., your information will be transferred to, and processed in, the U.S., which may not have data protection laws as comprehensive as those in your country. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers.

14. Children's Privacy

Mony is not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or the applicable minimum age in your jurisdiction). If you believe a child has provided us with personal information, contact us and we will promptly delete it.

15. Marketing Communications

We may send you product updates or service-related messages. You can opt out of non-essential messages at any time by replying STOP to any text, or by contacting us below. You cannot opt out of essential service messages (like OTP verification codes) while your account remains active.

16. Third-Party Links

The Service may reference or link to third-party websites or apps we don't control. This Policy doesn't apply to those third parties, and we're not responsible for their content or privacy practices. Review their policies before providing them information.

17. Business Transfers

If Mony is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its assets, your information may be transferred as part of that transaction. We'll notify you if a change in ownership materially affects how your personal information is handled.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We'll update the "Last updated" date above, and where changes are material, we'll notify you through the product or another reasonable means before they take effect.

19. Contact Us

Questions about this Policy, or requests to access, correct, or delete your data? Email us at support@usemony.com. We aim to respond to verifiable requests within the timeframe required by applicable law.

© 2026 Monycompany Inc.
TermsPrivacy