Monodesk

01. DATA INGRESS & COLLECTION

(Human Summary: Hum wahi data lete hain jo app chalane ke liye zaroori hai. Koi hidden tracking nahi.)

1.1 Identity Objects

When you authenticate via Google or GitHub, we receive a limited payload: your email address, name, and avatar URL. We do not have access to your repositories or private emails unless explicitly granted via OAuth scopes.

1.2 System Telemetry

We use Google Analytics 4 (GA4) to track "Events" (e.g., button_click, page_load). This data is anonymized and helps us debug performance issues. We do not link telemetry logs to your financial secrets.

02. AUTHENTICATION HANDSHAKE (OAUTH 2.0)

(Human Summary: Hum aapka password kabhi nahi dekhte. Google aur GitHub hamein sirf ek "Token" dete hain.)

2.1 Delegated Auth

Monodesk does not store passwords. We utilize Supabase Auth to manage sessions via secure HTTP-only cookies.

2.2 Token Storage

We only store the provider_token to maintain your session. If you revoke access via your Google/GitHub security settings, our access token is immediately invalidated, and you will be logged out of the OS.

03. FINANCIAL DATA ISOLATION (STRIPE)

(Human Summary: Credit Card numbers humare server par kabhi touch bhi nahi hote. Seedha Stripe ke vault mein jaate hain.)

3.1 PCI-DSS Compliance

All payment processing is offloaded to Stripe, Inc. Monodesk never receives, processes, or stores your raw credit card information.

3.2 The "Customer ID"

We only store a stripe_customer_id and subscription_status (e.g., active, past_due) in our database to gatekeep premium features like the "Finance View."

04. AI DATA HANDLING & EPHEMERALITY

(Human Summary: Aapka startup idea humara training data nahi hai. Hum usse private rakhte hain.)

4.1 No Training on User Data

Your proprietary inputs (e.g., "My startup idea is X") and the generated outputs (e.g., "Strategy Deck") are stored in your private database rows protected by Row Level Security (RLS).

4.2 API Transmission

Data sent to LLM providers (Google Gemini/OpenAI) is for inference only. We have opted out of data retention policies where applicable, ensuring your prompts are not used to improve their public models.

05. DATA ENCRYPTION & SECURITY

(Human Summary: Database hacker-proof hai. Agar koi chura bhi le, toh usse sirf encrypted gibberish milega.)

5.1 Encryption Standards

All data in our database (Supabase/Postgres) is encrypted at rest using AES-256. Data in transit is protected via TLS 1.3.

5.2 Row Level Security (RLS)

We enforce strict RLS policies at the database engine level. A user with ID: 123 can physically only query rows tagged with user_id: 123. Cross-tenant data leakage is mathematically impossible at the query layer.

06. THE "DROP TABLE" RIGHT (DELETION)

(Human Summary: Jab aap account delete karte hain, hum sab kuch wipe kar dete hain. Koi "Soft Delete" nahi.)

6.1 Right to Erasure

You may request full account deletion via the Settings panel. Upon execution, we trigger a cascade delete function that wipes your User Record, Financial Logs, and Strategy Decks from our production database immediately.

6.2 Backup Expiry