Privacy Policy

Monitoraa is a website change monitoring service. Hallasoft Oy is the data controller for personal data collected through this service.

This policy applies when you visit our website, use the app or dashboard, receive emails from us, or otherwise interact with Monitoraa.

We collect only the data needed to run and improve the service:

• Account data: email, password (stored in hashed form), and optional profile or avatar metadata.
• Monitoring data: URLs you add, relevant page content or metadata extracted for change detection, and change history.
• Billing data: plan information, payment status, and customer identifiers from Stripe (we do not store full card numbers).
• Logs and security data: request logs, audit events, abuse-prevention signals, and operational metrics.
• Support or feedback data you choose to send us, such as emails or bug reports.

We process personal data to:

• Provide, operate, and improve the monitoring service, including change detection and notifications.
• Authenticate you, secure accounts, prevent abuse or fraud, and protect the service.
• Communicate about service updates, billing, account status, or support requests.
• Comply with legal, tax, and accounting obligations.

We rely on performance of a contract to provide Monitoraa to you, and on our legitimate interest for security, logging, and service reliability.

Where consent is required by law for a specific processing activity, we will ask for it separately and allow you to withdraw it.

We use trusted service providers (data processors) to run Monitoraa. They process data only as needed to deliver the service to you and under our instructions.

Key processors include:

• Supabase: authentication and database hosting for the app.
• Vercel: web hosting for the Monitoraa app frontend.
• Render: hosting for worker and background jobs.
• Stripe: payments, invoicing, and billing metadata.
• Resend: transactional email delivery.

Monitoraa uses only essential cookies and local storage needed for authentication, session continuity, CSRF protection, and language or UI settings.

We do not use analytics, advertising, or cross-site tracking cookies.

Account and monitoring data are kept while your account is active. You can delete monitors or close your account to request deletion of associated data, subject to any legal retention obligations.

Logs and backups are retained for a limited period for security, debugging, and reliability, then deleted or anonymized.

We use industry-standard safeguards such as encryption in transit, access controls, and least-privilege practices to help protect your data.

No system is perfectly secure. If you suspect a security issue or unauthorized access, contact us at support@monitoraa.com.

If you are in the EU/EEA, you have GDPR rights, including the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Delete data or request restriction of processing, subject to legal obligations.
• Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Lodge a complaint with your local data protection authority.

For privacy questions or to exercise your rights, email support@monitoraa.com.

You may also contact your local data protection authority if you believe your data protection rights have been violated.