Back to Monet

Last updated: March 8, 2026

Privacy Policy

How Monet handles your data — and why the answer is mostly “it doesn’t.”

TL;DR
  • Your code, terminal output, and AI conversations never leave your Mac
  • No analytics, telemetry, or crash reporting
  • We collect the bare minimum for licensing and payment
  • Push notifications use Expo’s service with tokens stored locally on your machine
  • Delete ~/.monet/ and your data is gone

1. Our Philosophy

Monet is built local-first. Your source code, terminal sessions, and AI conversations stay on your Mac. No cloud servers process your data. The Monet daemon runs on your machine, and remote access works through your own private network (typically Tailscale). This privacy policy explains the minimal data we do handle.

2. What We Don’t Collect

We want to be clear about what we have no access to. Monet does not collect:

  • Source code or file contents
  • Terminal output or command history
  • AI conversations or prompts
  • Keystrokes or input data
  • Usage analytics or behavioral data
  • Crash reports or diagnostics
  • Telemetry of any kind

All terminal data stays on your Mac. We have no mechanism to access it, and we have no interest in building one.

3. What We Do Collect

License Validation

When Monet launches, it sends a brief HTTPS request to verify your license. This request includes your license key, a hashed device identifier, and the app version. No other data is transmitted. The lawful basis for this processing is contract performance — we need to verify that your license is valid.

Push Notifications

If you enable push notifications, Expo push tokens are stored locally on your Mac at ~/.monet/devices.json. When a notification fires (for example, when an agent needs your approval), the token and notification content are sent to Expo’s push notification service. You can configure notification preferences per-device and disable them at any time.

Payment Data

Payments are processed through Stripe. We receive your email address, name, Stripe customer ID, license key, and purchase date. We never receive or store your full card number. This data is retained for the duration of your license plus any period required by tax regulations.

Support Communications

If you email us at hello@monet.dev, we retain those communications to provide support. We don’t use support emails for marketing or share them with third parties.

4. Third-Party Services (Bring Your Own Keys)

Monet supports integration with AI and voice services through your own API keys. These keys are stored locally on your Mac and are never sent to any Monet server. API calls go directly from your device to each provider. Monet never proxies, logs, or accesses your keys on any server.

You are responsible for reviewing the privacy practices of any services you connect:

5. Network Architecture

The Monet daemon runs on localhost or your local network. Remote access is provided through your own Tailscale (or similar) VPN — there are no Monet relay servers, proxies, or cloud intermediaries. WebSocket connections are authenticated using a locally-generated token stored in your config file.

6. Local Data Storage

All Monet data is stored at ~/.monet/ on your Mac. This includes:

  • config.json — configuration and auth token (file permissions: 0o600)
  • SQLite database for projects, sessions, and preferences
  • Push notification device tokens

To remove all local Monet data, delete the ~/.monet/ directory. That’s it.

7. Children’s Privacy

Monet is not directed at children under the age of 13 (or 16 in the EU and UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@monet.dev and we will delete it promptly.

8. Your Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to access, rectify, erase, port, and object to the processing of your personal data. Because Monet is local-first, most of your data is already under your direct control — you can view, modify, or delete it yourself on your Mac.

For license and payment data that we hold, contact hello@monet.dev to exercise your rights. We will respond within 30 days.

9. California Privacy Rights

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information.

Categories of personal information we collect:

  • Identifiers — email address, Expo push token
  • Commercial information — purchase history, license key

We do not sell or share your personal information as defined by the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.

10. Data Security

Our local-first architecture is our primary security control — data that never leaves your machine cannot be intercepted or breached on a remote server. Beyond that, Monet uses cryptographically random auth tokens, restrictive Unix file permissions (0o700 for the config directory, 0o600 for sensitive files), and encrypted WebSocket connections when used with Tailscale. There is no cloud database to secure because there is no cloud database.

11. International Transfers

License validation requests are processed by a server located in the United States. Push notifications are routed through Expo’s push notification service (US-based). If you use Bring Your Own Key integrations, API calls are sent directly to the respective providers, most of which are US-based. No other international transfers of your data occur.

12. Changes to This Policy

We may update this privacy policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. For material changes, we will notify license holders by email. Your continued use of Monet after changes are posted constitutes your acceptance of the updated policy.

13. Contact

If you have questions about this privacy policy or how your data is handled, contact us at hello@monet.dev.

J.R. Wells
hello@monet.dev