Security & Trust at ModelMonkey
Built with security and privacy at our core. We're committed to protecting your data and being transparent about our practices.
Infrastructure & Hosting
Where your data lives and how it's protected
Server Location
Our primary servers are hosted in Singapore, providing low latency for Asia-Pacific users while maintaining high security standards.
Database Security
We use PostgreSQL with encryption at rest and SSL connections. Our database is not accessible from the internet, providing an additional layer of security.
Content Delivery
All connections use HTTPS/TLS encryption to protect data in transit. Your data is never transmitted over unencrypted connections.
Key Management
Sensitive data encryption keys are managed using Google Cloud KMS, providing enterprise-grade key security and rotation capabilities.
Data Protection
How we keep your spreadsheet data secure
Encryption
In Transit: All data is encrypted using HTTPS/TLS
At Rest: Database encryption with AES-256
Keys: Managed through Google Cloud KMS
Data Retention
Spreadsheet Data: Not stored permanently, only processed during active sessions (max 24 hours)
Search Indexes: Metadata only, deleted within 30 days of account deletion
Logs: Retained for 90 days for debugging
No Permanent Storage
Your spreadsheet data remains in your Google Sheets. We only process the data you share during active sessions and never store copies permanently.
Session Security
Sessions automatically expire after 24 hours or when you close them. All session data is cleaned up immediately upon expiration.
Authentication & Access
How we verify your identity securely
OAuth Authentication
We use Google OAuth and Microsoft OAuth for authentication. We never see or store your passwords.
Secure Tokens
Session tokens use JWT (JSON Web Tokens) with 24-hour expiration and are signed with secure HMAC algorithms.
Minimal Permissions
We only request the minimum necessary permissions to access your Google Sheets. We cannot access other files in your Drive.
No Password Storage
We never ask for or store your Google or Microsoft passwords. All authentication is handled through their secure OAuth systems.
Third-Party Services
Trusted partners we work with
Anthropic Claude (AI Processing)
What we share: Only spreadsheet content relevant to your specific request
Data handling: No permanent storage, no model training with your data, no advertising use
Location: Anthropic's secure cloud infrastructure
Stripe (Payment Processing)
What we share: Payment information and subscription details
Security: PCI DSS Level 1 certified (highest level of payment security)
Google & Microsoft APIs
Purpose: Reading from and writing to your spreadsheets
Security: OAuth tokens, no password storage, minimal API scopes
Brave Search (Web Search)
What we share: Only your search query text
Privacy: We do not send your spreadsheet data with web search requests
Compliance & Certifications
Our commitment to security standards
Current Status
We are working towards ISO 27001 and SOC 2 Type II compliance. These certifications demonstrate our commitment to information security management.
Privacy Laws
We comply with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) requirements.
Google Workspace Verified
ModelMonkey is a verified Google Workspace add-on, meeting Google's security and privacy standards for Marketplace apps.
Data Protection Officer
For privacy-related questions or to exercise your rights under GDPR/CCPA, contact our Data Protection Officer at dpo@modelmonkey.io
Our Privacy Principles
What we promise our users
No Data Selling
We will never sell your data to third parties. Ever.
No Advertising
Your data is never used for targeted advertising.
Minimal Collection
We only collect data necessary to provide our service.
Transparency
Clear privacy policy with detailed data practices.
User Control
You can delete your data at any time.
No AI Training
Your data is not used to train AI models without consent.
Frequently Asked Questions
Where is my data stored?
Your spreadsheet data remains in your Google Sheets. We only process it during active sessions (max 24 hours) and don't store copies permanently. Our servers are located in Singapore, and we use PostgreSQL for database storage with encryption at rest.
Who has access to my spreadsheets?
Only you have access to your spreadsheets through OAuth authentication. ModelMonkey accesses your sheets only when you explicitly use the service, and only for the data you choose to share with the AI. Our staff cannot access your spreadsheet data.
How long do you keep my data?
Spreadsheet data is not stored permanently - only during active sessions. Session data is deleted when the session ends or after 24 hours. Search indexes (metadata only) are retained while you use the service and deleted within 30 days of account deletion. Error logs are kept for 90 days.
Is my data used to train AI models?
No. We do not use your spreadsheet data to train AI models. When we process your requests through Anthropic Claude, they do not use your data for model training without explicit consent.
What happens if I delete my account?
When you delete your account, all your personal data, session history, and search indexes are deleted within 30 days. Since we don't store your spreadsheet data permanently, there are no copies to delete.
Do you comply with GDPR and CCPA?
Yes. We comply with both GDPR (for EU users) and CCPA (for California users). You have the right to access, rectify, erase, restrict processing, port your data, and object to processing. Contact our Data Protection Officer at dpo@modelmonkey.io to exercise these rights.
How do you handle security incidents?
We have structured logging, monitoring, and incident response procedures in place. In the event of a security breach affecting personal data, we will notify affected users and relevant authorities as required by law.
Questions About Security?
For security or privacy questions, contact our Data Protection Officer
Contact DPOFor more details, read our Privacy Policy and Terms of Service