Privacy Policy

Example H2
Example H3
Example H4
Example H5
Example H6

AI Monster Privacy Policy

Effective Date: March 11, 2026

Last Updated:  March 11, 2026

This Privacy Policy explains how AI Monster, Inc. (“AI Monster,” “we,” “us,” or “our”) collects, uses, discloses, stores, and otherwise processes personal information when you visit our websites, create an account, join our waitlist or community, communicate with us, contribute content, or otherwise use services that link to this Privacy Policy (collectively, the “Services”).

This Privacy Policy is intended to provide transparent notice about our privacy practices and your choices.

1. Who We Are

AI Monster, Inc.

720 Seneca St Ste 107  #904

Seattle, WA 98101
Email: privacy@aimonster.ai

If you are in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, AI Monster is generally the controller of your personal data for the processing described in this Privacy Policy, unless we expressly state otherwise.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal information we collect when you:

  • visit our website;
  • sign up for an account, waitlist, newsletter, demo, webinar, submit a question, or event;
  • use our platform features;
  • create a profile;
  • submit prompts, messages, forms, feedback, support requests, or survey responses;
  • publish, comment on, annotate, fork, share, or license content through our Services;
  • interact with our emails, ads, or marketing pages;
  • communicate with us through social or business channels.

This Privacy Policy does not apply to:

  • information processed solely on behalf of business customers under separate contractual terms where we act as a processor or service provider;
  • third-party sites, services, or applications we do not control;
  • employment or recruiting data governed by a separate notice, if applicable.

3. Personal Information We Collect

We collect personal information in a few different ways.

Information you provide directly

You may provide us with:

  • your name;
  • work email address;
  • company name;
  • title or job function;
  • LinkedIn Profile URL;
  • account login credentials;
  • payment or transaction details, if applicable;
  • communications you send to us;
  • survey answers and event registrations;
  • profile details;
  • prompts, inputs, uploads, comments, annotations, posts, and other content you choose to submit;
  • licensing or sharing preferences you apply to your contributions;
  • any other information you choose to provide.

Information we collect automatically

When you use our Services, we and our service providers may automatically collect:

  • IP address;
  • device identifiers;
  • browser and device type;
  • operating system;
  • app or site usage data;
  • pages viewed;
  • referring URLs;
  • session information;
  • timestamps;
  • approximate location derived from IP address;
  • cookie IDs and similar identifiers;
  • diagnostic, crash, and performance information.

Note: The GDPR treats identifiers like IP addresses and cookie IDs as personal data where they relate to an identifiable person. 

Information from third parties

We may receive information from third parties such as:

  • analytics providers;
  • advertising and marketing partners;
  • authentication or identity providers;
  • payment processors;
  • event partners;
  • CRM and support vendors;
  • publicly available professional sources;
  • referral partners;
  • social media platforms, where you interact with us through them.

4. How We Use Personal Information

We may use personal information to:

  • provide, operate, maintain, and improve the Services;
  • create and manage accounts;
  • authenticate users and protect accounts;
  • process registrations, waitlists, inquiries, and transactions;
  • communicate with you about the Services, support, security, updates, and administrative matters;
  • personalize content and user experience;
  • enable community, collaboration, licensing, annotation, commenting, and content-sharing features;
  • monitor performance, debug issues, and improve usability;
  • protect against fraud, abuse, misuse, policy violations, and security incidents;
  • enforce our Terms and other policies;
  • comply with legal obligations;
  • establish, exercise, or defend legal claims;
  • send marketing communications in accordance with applicable law;
  • support product development and feature improvement, where permitted by law and consistent with applicable settings, disclosures, and contracts.

5. Lawful Bases for Processing

If you are in the EEA, UK, or Switzerland, we rely on one or more of the following lawful bases to process personal data:

  • Contract: where processing is necessary to provide the Services you requested or to take steps at your request before entering into a contract.
  • Legitimate interests: where processing is necessary for our legitimate interests, such as securing, operating, improving, and administering our Services, unless those interests are overridden by your rights.
  • Consent: where required by law, including for certain cookies, certain marketing activities, or specific optional data uses.
  • Legal obligation: where processing is required to comply with applicable law.
  • Vital interests or public interest: where applicable under law.

Note:GDPR requires transparency, lawful basis, and disclosure of user rights as part of compliant notice. 

6. Cookies and Similar Technologies

We use cookies and similar technologies such as pixels, local storage, SDKs, and analytics tools to:

  • keep the website functioning;
  • remember settings and preferences;
  • understand usage and improve performance;
  • measure marketing effectiveness;
  • personalize content and experiences;
  • support security and fraud prevention.

You can manage cookies through:

  • our cookie banner or preference center, where available;
  • your browser settings;
  • applicable privacy controls such as Global Privacy Control, where legally required.

7. Marketing Communications

We may send you newsletters, product updates, invitations, and other promotional communications where permitted by law. You can unsubscribe at any time by clicking the unsubscribe link in the message or contacting us at privacy@aimonster.ai.

We may also send you non-promotional messages, including service announcements, transactional notices, security alerts, and account-related communications.

Commercial email practices in the U.S. are governed in part by CAN-SPAM. 

8. Community Features, Public Content, and User Contributions

Some parts of the Services may let you create a public or semi-public profile and contribute content, including prompts, comments, annotations, forks, posts, submissions, metadata, licensing selections, or other materials.

If you make content available in public or shared areas of the Services, that content may be visible to other users and, depending on the feature, to search engines or the public. Please do not submit personal information or confidential information to public areas unless you want it disclosed that way.

You are responsible for the content you choose to submit and for ensuring you have the rights needed to share it.

9. How We Disclose Personal Information

We may disclose personal information to:

  • service providers, processors, and contractors that help us host, secure, support, analyze, and operate the Services;
  • payment processors and transaction partners;
  • analytics and communications vendors;
  • professional advisers such as lawyers, auditors, and insurers;
  • affiliates and corporate group entities;
  • event or integration partners, where relevant to the service we use;
  • law enforcement, regulators, courts, or other third parties when required by law or to protect rights, safety, and security;
  • buyers, investors, lenders, or counterparties in connection with a merger, financing, restructuring, acquisition, bankruptcy, or asset sale;
  • other users or the public, where we intentionally share information through public or collaborative features.

We do not sell personal information for money. However, some U.S. privacy laws define “sale,” “sharing,” or “targeted advertising” broadly enough to include certain advertising or analytics disclosures. Where those laws apply, we provide the rights described below.

10. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide the Services;
  • maintain business and legal records;
  • resolve disputes;
  • enforce agreements;
  • protect security and integrity;
  • comply with legal, tax, accounting, and regulatory obligations.

Retention periods vary based on the type of information, the sensitivity of the information, the context in which it was collected, whether the information is needed for safety or abuse prevention, and applicable legal requirements.

11. International Transfers

AI Monster is based in the United States and may process personal information in the United States and other countries where we or our service providers operate.

If you access the Services from the EEA, UK, or Switzerland, your personal information may be transferred to countries that may not provide the same level of legal protection as your home jurisdiction. Where required, we use appropriate safeguards for such transfers, such as Standard Contractual Clauses, adequacy-based transfers where available, or other lawful mechanisms.

The European Commission recognizes adequacy decisions and Standard Contractual Clauses as transfer tools under the GDPR framework. 

12. Security

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures may include access controls, encryption in transit and at rest where appropriate, logging, monitoring, and vendor security reviews.

No security measure is perfect, and we cannot guarantee absolute security.

13. Your Privacy Rights

Depending on where you live, you may have certain privacy rights.

EEA, UK, and Switzerland

Subject to applicable law, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • delete your data;
  • restrict processing;
  • object to certain processing;
  • receive a portable copy of certain data;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local supervisory authority.

The European Commission summarizes these GDPR rights as access, rectification, erasure, restriction, portability, objection, and rights related to profiling and automated decision-making. 

California and certain other U.S. states

Depending on applicable law, you may have the right to:

  • know what personal information we collect, use, disclose, sell, or share;
  • access specific pieces or categories of personal information;
  • delete personal information;
  • correct inaccurate personal information;
  • opt out of sale or sharing;
  • opt out of targeted advertising;
  • limit the use and disclosure of sensitive personal information, where applicable;
  • appeal a denial of your request, where applicable;
  • not be discriminated against for exercising your rights.

California law also requires covered businesses to honor valid Global Privacy Control signals for opt-out of sale or sharing. 

To exercise privacy rights, contact us at:

Email: privacy@aimonster.ai

We may need to verify your identity before fulfilling a request. You may also designate an authorized agent where permitted by law.

14. Sensitive Personal Information

Unless specifically disclosed otherwise, we do not use or disclose sensitive personal information for purposes that would require an additional right to limit under California law, except as permitted by law or as reasonably necessary to provide the Services you request.

If we do process sensitive personal information in ways that trigger additional rights, we will provide any notices required by law.

15. Global Privacy Control and Similar Signals

Where required by applicable law, we recognize and process Global Privacy Control or similar legally recognized browser-based opt-out signals as requests to opt out of sale or sharing and, where applicable, certain targeted advertising activities.

California’s Attorney General explains that GPC must be honored by covered businesses as a valid opt-out request. 

16. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without legally required parental consent.

If we learn that we collected personal information from a child under 13 in a manner not permitted by law, we will delete it as required.

COPPA applies to websites and online services directed to children under 13 and to general-audience services with actual knowledge that they are collecting personal information from children under 13. 

If you believe a child has provided us personal information in violation of applicable law, contact us at [privacy@aimonster.com].

17. Third-Party Links and Services

Our Services may contain links to websites, platforms, plugins, integrations, or services operated by third parties. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy notices.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above and, where required by law, provide additional notice.

19. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

AI Monster, Inc.

720 Seneca St Ste 107  #904

Seattle, WA 98101
Email: privacy@aimonster.ai


Data Protection Contact / DPO: Mani R. Subramani
  

Privacy Preference Page Overview and Requirements

A privacy preferences page is usually not a standalone legal requirement by name, but for most modern websites it is the practical control center that helps you meet GDPR/ePrivacy and CCPA/CPRA expectations around consent, opt-outs, and user choice. Regulators consistently expect users to be able to refuse non-essential cookies, withdraw consent later, and exercise privacy rights without friction

Here’s what your privacy preferences page should include.

What it needs to do

1. Let users control cookies and trackers

Users should be able to:

  • accept or reject non-essential cookies;
  • manage preferences by category, such as analytics, advertising, personalization, and functional cookies;
  • change their choices later, not just on the first visit;
  • withdraw consent as easily as they gave it.

EU and UK regulators require consent for non-essential cookies, and consent must be a real opt-in, not pre-ticked or implied. French regulator CNIL has also enforced the rule that refusing cookies should be as easy as accepting them. 

2. Identify categories clearly

The page should explain, in plain language:

  • which categories of cookies or tracking technologies you use;
  • what each category does;
  • whether each category is required or optional;
  • whether first-party or third-party tools are involved.

That level of specificity supports valid consent under GDPR-style standards and good cookie transparency practice. 

3. Name the tools or vendors where practical

For each optional category, disclose the main vendors or technologies involved, such as:

  • Google Analytics
  • LinkedIn Insight Tag
  • Meta Pixel
  • Hotjar or session replay tools
  • chat widgets
  • video embeds or map tools

ICO guidance says consent should be specific and should name third parties who rely on that consent. 

4. Distinguish strictly necessary cookies from optional ones

Your page should make clear that strictly necessary cookies do not require consent, while analytics, advertising, and similar tracking usually do. UK ICO guidance explains that only cookies that are truly essential to provide the service the user requested fall under the exemption. 

5. Give users a way to exercise U.S. privacy choices

If you are subject to California or other U.S. state privacy laws, the page should also let users:

  • opt out of sale or sharing, if applicable;
  • opt out of targeted advertising, if applicable;
  • submit access, deletion, and correction requests;
  • use or learn about Global Privacy Control, if applicable.

California’s Attorney General states that consumers have rights to know, delete, correct, and opt out, and covered businesses must honor valid GPC signals for opt-out of sale or sharing. 

6. Link to rights-request intake

The page should include a clear route to:

  • privacy request webform;
  • privacy email address;
  • identity verification process summary;
  • authorized agent instructions, if relevant.

This is especially important for CCPA/CPRA-style rights handling. 

7. Explain how consent and preferences are remembered

Tell users:

  • how you store their choices;
  • how long those choices last;
  • whether choices are browser-based, device-based, or account-based;
  • whether clearing cookies resets preferences.

The European Commission’s own cookie implementation stores cookie preferences so users are not asked every time. 

8. Make the page continuously accessible

Users should be able to reopen preferences at any time through a footer link or persistent control like:

  • Privacy Choices
  • Cookie Settings
  • Your Privacy Preferences

That supports the requirement that consent can be withdrawn later without disadvantage. 

What it should say

A strong privacy preferences page usually includes these sections:

  • Cookie categories and toggles
  • List of cookies / trackers
  • Purposes for each category
  • Third-party vendors involved
  • Retention or duration for cookies where practical
  • Sale / sharing / targeted advertising opt-out controls
  • GPC statement
  • Links to Privacy Policy and Cookie Policy
  • Rights-request links for access, deletion, correction
  • Contact email for privacy questions

Design requirements

From a compliance perspective, the UX matters almost as much as the wording.

Your page and banner should avoid:

  • pre-checked optional toggles;
  • hiding reject behind extra clicks when accept is one click;
  • bundling all optional uses together with no category choice;
  • placing optional cookies before consent;
  • vague labels like “improve experience” with no explanation.

Consent must be freely given and specific, and regulators have taken action where refusal is harder than acceptance. 

For AI Monster specifically

Because your site is likely to include community features, possible LinkedIn-based identity flows, analytics, and potentially AI-related product interactions, your privacy preferences page should also answer:

  • whether prompts, uploads, or community posts are used for product improvement or AI training;
  • whether third-party AI vendors receive any user content;
  • whether marketing or analytics tools observe logged-in behavior;
  • whether public posts are indexed or shared beyond the platform.

That is not just a best practice. It helps keep your actual practices aligned with your privacy disclosures. 

Minimum viable version

At minimum, your website should have:

  • a footer link to Privacy Preferences or Cookie Settings;
  • toggles for necessary, analytics, advertising, and functional cookies;
  • reject all and accept all at the same level;
  • a statement that optional cookies do not load before consent in the EU/UK;
  • a Do Not Sell or Share / targeted advertising opt-out path if applicable;
  • a privacy request form or email;
  • a GPC statement if California applies.

The practical test

Your CTO and web designer should be able to demonstrate:

  • what loads before consent;
  • what changes when a user clicks reject all;
  • where the preference record is stored;
  • how users change choices later;
  • whether GPC is honored;
  • how delete and access requests are submitted.