Privacy Policy

EFFECTIVE DATE: JUNE 29, 2026 · VERSION 1.2 · CONTACT: [email protected]

MONOLITH ("we", "our", "us") operates the news intelligence platform at monolith.news. This policy describes what data we collect, why we collect it, who we share it with, how long we keep it, and your rights.


1. Who We Are

MONOLITH is a real-time news intelligence platform operated by Monolith News LLC, a Wyoming limited liability company. We aggregate publicly available RSS feeds and provide AI-assisted analysis of news content.

For data-related enquiries: [email protected]

EU/UK Representative: As a U.S. company directing services to EU and UK residents, we are in the process of appointing a formal Article 27 GDPR representative in the EU/EEA and a UK GDPR representative. In the interim, all data subject requests for EU/UK residents are handled directly by us at [email protected] within the statutory 30-day response period.


2. Data We Collect

2.1 Account Data (registered users only)

FieldPurposeLegal Basis
UsernameAccount identifierContract performance
Display nameUI personalisationContract performance
Password hash (PBKDF2-SHA-256)Authentication — plaintext never storedContract performance
Email address (optional)Verification, magic-link login, digestLegitimate interest / consent
Account tierFeature access gatingContract performance
Creation timestampAccount management, abuse preventionLegitimate interest

2.2 Session Data

Active sessions are stored server-side in Cloudflare KV with a hard 7-day expiry. Sessions contain username, display name, and tier. They contain no passwords or payment details.

2.3 Payment Data (Pro subscribers)

Paddle processes all payments. We store from Paddle webhook events: email address, Paddle subscription ID, plan type, and validity period. We do not store credit card numbers, CVVs, or billing addresses.

2.4 AI Query Processing

When you use AI chat, your messages are forwarded to AI providers (Groq, Anthropic, OpenAI, OpenRouter). We log: event type, tier, model used, username, and timestamp. We do not log the full text of your query in our own systems.

2.5 Push Notifications

If you enable push notifications, we store your browser push endpoint, encryption keys, username, and subscription timestamp in Cloudflare KV solely to deliver notifications.

2.6 Behavioural Data (local only)

Topic preferences and reading history used for feed personalisation are stored exclusively in your browser's localStorage. This data never leaves your device.


3. Data Retention

Data TypeRetention Period
Account dataUntil account deletion request
Sessions7 days (auto-expire)
Payment recordsDuration of subscription + 7 years
Push subscriptions90 days from last renewal
Security event log7 days (rolling)
Rate limit counters60 seconds – 1 hour (auto-expire)

4. Third-Party Processors

ServicePurpose
CloudflareInfrastructure, CDN, KV storage, DNS
PaddlePayment processing (Merchant of Record)
GroqAI inference (free tier)
OpenRouterAI model routing (Pro tier)
AnthropicAI inference (Pro tier)
OpenAIVoice synthesis (TTS)
ElevenLabsVoice synthesis (TTS)
ResendTransactional email

5. Your Rights

5.1 Rights for EU / EEA Residents (GDPR)

Under the General Data Protection Regulation you have the following rights:

To exercise any of these rights, email [email protected]. We will respond within 30 days (extendable to 90 days for complex requests, with notice).

If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. A directory of EU data protection authorities is available at edpb.europa.eu.

5.2 Rights for UK Residents (UK GDPR)

UK residents have equivalent rights under the UK GDPR and Data Protection Act 2018. You may also complain to the Information Commissioner's Office (ICO).

5.3 Rights for California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, to request deletion, to opt out of sale (we do not sell personal data), and to non-discrimination for exercising these rights. Submit requests to [email protected].

5.4 Account Deletion

To delete your account and all associated data, use the Account Settings page within the app or email us directly. Deletion requests are processed within 14 days.


6. International Data Transfers

MONOLITH is operated from the United States. Our infrastructure providers (Cloudflare, Groq, Resend, Anthropic, OpenAI, OpenRouter, ElevenLabs) process data on servers in the United States and other countries outside the EU/EEA.

Where personal data is transferred from the EU/EEA or UK to a third country, we rely on the following safeguards:

You may request a copy of the relevant SCCs by emailing [email protected].


7. Cookies

MONOLITH does not use tracking cookies. We use browser localStorage for session management and feed personalisation. No third-party advertising cookies are set.


8. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately.


9. Changes to This Policy

We will notify registered users by email of material changes at least 14 days before they take effect. The current version is always available at monolith.news/privacy.


10. Contact

MONOLITH · Monolith News LLC
Email: [email protected]