MonetAura← Back to site

Legal

Privacy Policy

Effective date: May 12, 2026 · Last updated: May 12, 2026

1. Who we are

MonetAura ("MonetAura", "we", "our", or "us") is a monetization studio for content creators in the health, wellness and professional services space. The service is operated by Isaias Metlich (independent operator, contactable at hola@monetaura.com) and made available through the domains monetaura.com and app.monetaura.com.

This Privacy Policy explains what personal data we collect when you use MonetAura, how we use it, who we share it with, and the choices and rights you have over it. By using MonetAura you agree to the practices described here.

2. What data we collect

2.1 Account data

  • Google account profile (email address and display name) when you sign in with Google.
  • Email allowlist membership — if your account is part of a closed-cohort allowlist, we store that flag.

2.2 Instagram and Facebook data (via Meta Graph API)

When you connect your Instagram Business or Creator account, MonetAura uses Facebook Login for Business and the Instagram Graph API to access:

  • Your Facebook user ID and the Facebook Page that your Instagram account is linked to (page ID, page name, page access token).
  • Your Instagram Business account ID, username, profile picture URL, biography, website, follower count, follows count and media count.
  • Your published media (posts, reels, carousels, stories): caption, media URLs, timestamps, permalinks, likes, comments and per-media insights such as reach, views, saves and shares.
  • Account-level insights: reach, impressions, profile views, follower count over time, accounts engaged and total interactions.
  • Audience demographics (aggregate gender / age / country / city / locale) and the online_followers metric (hour-of-day distribution of when your audience is active).

We do not read, store or display your Instagram or Facebook direct messages, and we do not publish or modify content on your account unless and until you explicitly enable a publishing feature in a future release.

2.3 Profile data you provide

  • Your creator profile information (niche, specialization, competitor handles, keywords, existing products, manually pasted insights).
  • Brief inputs, calendar entries, post drafts, landing-page content and other artifacts you create inside MonetAura.
  • Optional payment information processed by our future payment provider (Stripe). MonetAura itself never sees or stores raw card numbers.

2.4 Third-party public content

To generate competitor analyses and trend reports, MonetAura uses the Apify scraping platform to retrieve publicly available posts, captions and engagement counts from Instagram, TikTok and hashtag searches that you (the creator) explicitly designate as competitors or topics of interest. We do not retrieve private or follower-only content.

2.5 Technical data

  • Standard server logs (IP address, user agent, referrer, request path, timestamp) for security and abuse prevention.
  • Authentication cookies and session tokens (NextAuth) needed to keep you signed in.

3. How we use your data

  • To operate the MonetAura service and your personal dashboard.
  • To generate AI-assisted monthly briefs, calendar plans, post drafts and product strategy — your inputs and your Instagram metrics are sent to our LLM provider (Anthropic Claude) strictly for the purpose of generating your brief.
  • To surface analytics about your audience and content performance inside the app.
  • To send transactional emails (login, account, billing).
  • To monitor security, detect abuse, debug issues and improve product quality.
  • To comply with legal obligations.

We do not sell your personal data, do not share it with advertisers, and do not use your Instagram or Facebook data to train any general-purpose AI model.

4. Legal bases (GDPR)

  • Contract — processing necessary to deliver the MonetAura service you signed up for.
  • Consent — when you explicitly connect your Instagram account via Facebook Login, you consent to the listed Graph API data being read on your behalf. You may revoke this consent at any time (see Section 8).
  • Legitimate interest — security logging, fraud prevention and product analytics.
  • Legal obligation — when applicable laws require it.

5. Where data is stored and how it is protected

  • Application data is stored in a PostgreSQL database hosted on Railway (United States region).
  • The web frontend is served by Vercel.
  • Meta access tokens are encrypted at rest using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256) with a key that is held only in our server environment and never checked into source control. Tokens are never logged.
  • All traffic is served over HTTPS.
  • Access to production credentials is restricted to the operator (Isaias Metlich).

6. Who we share data with

We share limited data with the following sub-processors, only as needed to operate the service:

  • Anthropic (Claude API) — receives your brief inputs and the metric snapshots used to generate your monthly brief. Anthropic does not train on API data per its terms.
  • Meta Platforms, Inc. — through the Instagram Graph API; we read data from Meta but do not push your data into Meta beyond OAuth handshakes.
  • Apify — used only to fetch public content from accounts/hashtags you designate; we send Apify the handle or hashtag, not your personal data.
  • Google — for OAuth sign-in only; Google receives the fact that you are authenticating to MonetAura.
  • Railway, Vercel, Cloudflare — infrastructure hosting and DNS.

We do not transfer your data to any other third party except when (a) you explicitly direct us to, (b) we are legally compelled, or (c) it is strictly necessary to protect the rights, property or safety of MonetAura, our users or the public.

7. Retention

  • Account and creator-profile data are retained for as long as your account is active.
  • Generated briefs, calendar entries and landing-page content are retained until you delete them or close your account.
  • Server logs are retained for up to 90 days for security and debugging.
  • When you disconnect your Instagram account or delete your MonetAura account, we remove the related personal data as described in Data Deletion.

8. Your rights and choices

Depending on where you live (GDPR / CCPA / LGPD), you have some or all of the following rights:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Restriction or objection — limit how we process your data.
  • Portability — receive your data in a structured format.
  • Withdraw consent for the Instagram connection at any time by clicking "Disconnect" on the Instagram card in your dashboard, or by removing MonetAura under Facebook Business Integrations.

To exercise any of these rights, email hola@monetaura.com. We respond within 30 days.

9. Children

MonetAura is not directed to people under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

10. International transfers

Our infrastructure is primarily located in the United States. If you are in a region with data-export restrictions (e.g. the EU/UK), your data may be transferred to and processed in the US under Standard Contractual Clauses or equivalent safeguards offered by our sub-processors.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date. Material changes will be notified via email or an in-app notice.

12. Contact

Questions or requests: hola@monetaura.com.