Monetika Privacy Policy
Updated: April 14, 2026
Version 1.1
- Effective date: 09/04/2026
- Last updated: 09/04/2026
Introduction
This Privacy Policy describes how personal data is collected, used, shared, and protected when you visit or use the Monetika service, including the websites at monetika.courses and any associated mobile or desktop applications (together, the "Service"). It supplements and should be read together with the Terms of Service and the Refund Policy.
We take your privacy seriously. This document is written to explain, in practical language, what happens to the information you give us and what rights you have over it. Where the law gives you specific rights — most notably under the European Union's General Data Protection Regulation (GDPR), the UK Data Protection Act, and similar regimes — we summarize those rights and explain how to exercise them.
This Privacy Policy is governed by the same law and dispute-resolution rules as the Terms of Service. Capitalized terms used here have the meanings set out in the Terms of Service unless otherwise defined.
1. Who We Are and Who Is Responsible for Your Data
The entities responsible for the processing of your personal data are identified on the Operator Information Page, published at https://monetika.courses/legal/operator (English) and https://monetika.courses/ru/legal/operator (Russian), which is an integral part of this Privacy Policy.
The Operator Information Page sets out which entity acts as the data controller for which category of processing. In summary, and as of the date of publication of this Privacy Policy:
Massive Dynamic Limited (Hong Kong), the developer and technical operator of the platform, is the data controller for all processing carried out in the operation of the software, servers, AI infrastructure, analytics, and product-level security. This includes Account data stored on the servers, usage logs, AI interaction logs, and data flowing through our platform infrastructure.
The current regional service operator, as identified on the Operator Information Page, contracts with end users and collects payments, and is the data controller for all processing relating to contract formation, payments, refunds, user communications, and customer support.
Because these two entities jointly determine how certain categories of your data are processed, they act as joint controllers under Article 26 of the GDPR with respect to that shared processing. The essence of our joint-controller arrangement is that Massive Dynamic Limited handles technical processing and the regional service operator handles contractual processing; each is responsible for compliance with the data protection rules applicable to its respective domain. Regardless of this internal division, you may exercise your data subject rights against either of us, and we will coordinate internally to respond to you.
When the planned migration to Paddle described on the Operator Information Page is complete, the data controller for users of Monetika Global will become Massive Dynamic Limited alone. Users of regional instances will continue to be served by the applicable regional operator. We will update this Privacy Policy and notify users before that change takes effect.
2. What Data We Collect
We collect only the data we need to provide the Service, to keep it working and secure, and to comply with our legal obligations. The categories of data we collect are set out below.
2.1. Account data. When you register, we collect your email address, a hashed version of your password, your chosen display name, your date of birth (for age verification), and the language and country you select. We do not ask for your real name unless you choose to provide it.
2.2. Profile and learning data. As you use the Service, we store your course progress, completed lessons, quiz answers and scores, achievements unlocked, and settings (including your chosen content tone and interface preferences).
2.3. AI interaction data. When you use AI Features (AI Lesson Explainer, AI Chat Assistant, AI Expense Analyzer), we store the inputs you send to the AI (your prompts, questions, or expense entries), the outputs the AI returns, and the metadata about each interaction (timestamp, model used, token count). This is necessary to provide the feature, to calculate your usage against Fair Use limits, and to detect abuse.
2.4. Payment and subscription data. When you purchase a PRO subscription, we receive from our payment processor a record of the transaction (amount, currency, date, last four digits of the card, transaction ID), but we do not receive or store your full payment card details. Your full card details are handled exclusively by the payment processor, which is PCI DSS-compliant. For purchases processed through Paddle, the processor is Paddle.com Market Limited.
2.5. Technical and usage data. When you visit the Service, we automatically collect technical data such as your IP address, browser type and version, operating system, device type, screen resolution, referring URL, the pages you visit, and the actions you take (clicks, scrolls, time spent on page). This data is used for security, for debugging, and for understanding how the Service is used in aggregate.
2.6. Communications data. When you contact us by email, through support chat, or through any other channel, we store your messages and any attachments you send, together with metadata (timestamp, the channel used, our response).
2.7. Cookies and similar technologies. We use cookies and similar technologies to keep you logged in, to remember your preferences, to measure the performance of the Service, and to show advertising on the free tier. The specific cookies we use and how you can control them are described in Section 8 of this Privacy Policy.
2.8. Data we do not collect. We do not knowingly collect special categories of personal data under Article 9 of the GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data about your sex life or sexual orientation). If you voluntarily include such information in a chat message to an AI Feature, a support inquiry, or a profile field, it will be stored alongside the rest of your interaction data, but we do not ask for it and we do not use it to make decisions about you.
3. Why We Collect Your Data (Purposes and Lawful Basis)
Under the GDPR and similar laws, we must have a lawful basis for every category of processing. The table below summarizes the purposes and the corresponding lawful basis.
We process your Account data, profile data, and learning data in order to provide the Service to you, to allow you to create and manage your Account, to track your learning progress, and to deliver the core features you have requested. The lawful basis for this processing is performance of a contract (Article 6(1)(b) of the GDPR): you and we have entered into an agreement, and we must process this data to fulfill it.
We process your AI interaction data for the same reason — performance of the contract — and additionally to enforce Fair Use limits, to detect abuse, and to improve the reliability of the AI Features. For the abuse-detection and Fair Use enforcement purposes, the lawful basis is our legitimate interest (Article 6(1)(f) of the GDPR) in preventing fraud, protecting the Service, and ensuring that resources are allocated fairly among users.
We process your payment and subscription data to charge you, to issue receipts, to process refunds, and to keep financial records as required by law. The lawful basis is performance of a contract and compliance with a legal obligation (Article 6(1)(c) of the GDPR) for the accounting and tax records portion.
We process your technical and usage data for security (detecting attacks, unauthorized access, and abuse), for debugging and stability, and for aggregate analytics. The lawful basis for the security portion is our legitimate interest in protecting the Service and its users. The lawful basis for the analytics portion is either your consent, where the analytics tools require it (see Section 8), or our legitimate interest in understanding and improving the Service, balanced against your privacy rights.
We process your communications data in order to respond to your inquiries and to maintain a record of correspondence for customer service, dispute resolution, and legal purposes. The lawful basis is either performance of a contract (for inquiries related to your Account) or legitimate interest (for general inquiries).
We send you transactional emails — such as account confirmations, password resets, renewal reminders, refund confirmations, and service notices — as part of performance of the contract. We do not send you marketing emails unless you have explicitly opted in; the lawful basis for marketing emails is your consent (Article 6(1)(a) of the GDPR), which you may withdraw at any time by unsubscribing through the link in any marketing email or by contacting us.
4. Who We Share Your Data With
We do not sell your personal data. We do not share it except with the categories of recipients described below, each of which has a specific and limited role.
4.1. Payment processors. Transaction data is shared with the payment processor that handles your purchase — the payment processor identified on the Operator Information Page for the relevant instance, and in the future Paddle for users of Monetika Global following the planned migration. The payment processor uses this data only to process the payment, to detect fraud, and to comply with financial regulation. The payment processor has its own privacy policy; for Paddle, available at https://www.paddle.com/legal/privacy.
4.2. AI model providers. When you use AI Features, the text of your input is sent to one or more third-party AI model providers for processing. We currently use providers including, but not limited to, Google (Gemini models), OpenAI (GPT models), and Anthropic (Claude models). The specific provider used for a given request depends on our infrastructure configuration and may change without notice. The AI provider processes your input to generate a response and returns it to us; it does not use your input to train its foundation models where we have configured the integration to prevent this, which is the case for our production setup. Each AI provider has its own privacy policy; we publish the current list of providers and links to their privacy policies on request.
4.3. Analytics services. We use Google Analytics to measure how the Service is used in aggregate (which pages are most visited, how long users stay, where users come from). Google Analytics collects data using cookies and similar technologies and processes that data on our behalf. Google may link this data to other data it holds about you through its other services. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout or by declining analytics cookies in our cookie consent banner. Google's privacy policy is available at https://policies.google.com/privacy.
4.4. Advertising services. On the free tier of the Service, we display advertising through Google AdSense. Google AdSense uses cookies and similar technologies to serve ads based on a user's prior visits to the Service and to other websites across the internet, and to measure the performance of ads. Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to the Service and to other websites. You can opt out of personalized advertising by visiting Google's Ads Settings at https://adssettings.google.com, by visiting https://www.aboutads.info (for users in the United States), or by visiting https://www.youronlinechoices.eu (for users in the European Union). Our cookie consent banner also lets you decline advertising cookies directly. For more information about how Google uses data from sites or apps that use its services, visit https://policies.google.com/technologies/partner-sites.
4.5. Hosting, infrastructure, and security providers. The Service runs on cloud infrastructure and content delivery networks, and uses security services (for example, for DDoS protection and for bot detection). These providers process personal data on our behalf under data processing agreements that require them to protect your data and to use it only for the purpose of providing the relevant service.
4.6. Email and communications providers. Transactional emails (password resets, receipts, renewal reminders, service notices) are sent via third-party email delivery services that process the recipient address and message content on our behalf.
4.7. Legal and regulatory recipients. We may disclose your personal data to a court, regulator, law enforcement agency, tax authority, or other public body where we are required to do so by law, by a valid court order, or by a lawful request from a competent authority. We will resist overly broad or unjustified requests where we believe it is lawful and appropriate to do so.
4.8. Successors in interest. If we sell, merge, reorganize, or otherwise transfer all or part of our business, including in connection with the planned migration described on the Operator Information Page, we may transfer your personal data to the successor entity. In such a case, the successor will be bound by commitments equivalent to those in this Privacy Policy, and you will be notified in advance as described in the Terms of Service.
5. International Transfers of Personal Data
The Service is operated from Hong Kong, and it uses third-party providers that may be located in the United States, the European Economic Area, the United Kingdom, and other jurisdictions. This means that your personal data is transferred internationally as part of the ordinary operation of the Service.
For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on the Standard Contractual Clauses(SCCs) published by the European Commission (Commission Implementing Decision (EU) 2021/914), or on equivalent safeguards recognized under applicable law. Copies of the SCCs in force for a particular transfer are available upon request to the contact address shown on the Operator Information Page.
When you use AI Features, your input may be transferred to AI providers located in the United States or other countries. We have selected AI providers that, to our knowledge, have implemented appropriate safeguards for international transfers of personal data from the EEA, including participation in frameworks such as the EU-U.S. Data Privacy Framework where applicable.
6. How Long We Keep Your Data
We keep your personal data only for as long as we need it, after which we either delete it or anonymize it so that it can no longer be associated with you. The specific retention periods depend on the category of data.
Account data, profile data, and learning data are kept for as long as your Account is active. If you delete your Account, we delete or anonymize this data within ninety (90) days, except where a longer retention period is required by law.
AI interaction data is kept for a period of up to twelve (12) months from the date of the interaction, after which it is deleted or anonymized, except where a longer period is needed to investigate a specific abuse incident.
Payment and subscription data, including receipts and transaction records, are kept for the period required by the applicable tax, accounting, and anti-money-laundering laws, which is typically between five (5) and ten (10) years from the date of the transaction. This retention is a legal obligation and cannot be shortened at the user's request.
Technical and usage data contained in server logs are kept for a maximum of twelve (12) months for security and debugging purposes, after which they are deleted or anonymized.
Communications data (support emails, chat transcripts) is kept for up to three (3) years from the date of the communication, or for longer if needed for a specific dispute or legal claim.
If a specific dispute, investigation, or legal proceeding requires longer retention of any category of data, we retain it only for as long as reasonably necessary to protect our legal position, after which the normal retention rules resume.
7. Your Rights
Depending on your country of residence, you have the following rights in relation to your personal data. If you are a consumer resident in the European Union, European Economic Area, the United Kingdom, or Switzerland, these rights flow from the GDPR or its equivalents. Similar rights exist in many other jurisdictions.
7.1. Right of access. You have the right to know whether we are processing personal data about you, to obtain a copy of that data, and to be informed about how we process it.
7.2. Right of rectification. You have the right to ask us to correct any inaccurate or incomplete personal data about you. Most profile data can be corrected directly through your Account settings.
7.3. Right of erasure. You have the right to ask us to delete your personal data in certain circumstances, including when it is no longer needed for the purposes for which it was collected, when you withdraw consent (where consent was the basis), or when the processing is unlawful. This right is subject to exceptions, notably where we are required by law to keep the data.
7.4. Right to restriction of processing. You have the right to ask us to limit how we process your personal data in certain circumstances — for example, while we verify the accuracy of data you have contested.
7.5. Right to data portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where this is technically feasible.
7.6. Right to object. You have the right to object to the processing of your personal data where the lawful basis is legitimate interest, including for direct marketing purposes, and we will stop the processing unless we have compelling legitimate grounds that override your rights.
7.7. Right to withdraw consent. Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
7.8. Right not to be subject to automated decision-making. We do not make automated decisions that produce legal effects or similarly significant effects concerning you without human involvement. Some features of the Service, such as Fair Use enforcement, rely on automated analysis of usage patterns, but the decision to take action against your Account involves human review except in cases of obvious abuse.
7.9. Right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority. If you are in the European Economic Area, you may lodge your complaint with the data protection authority of the member state in which you reside.
8. Cookies and Similar Technologies
We use cookies and similar technologies on the Service for several purposes. A cookie is a small text file placed on your device by a website you visit. Some cookies are essential to the operation of the Service; others are used for analytics or advertising.
Essential cookies are required for the Service to function. They include session cookies that keep you logged in, security cookies that protect against fraud, and cookies that remember your language and display preferences. Essential cookies do not require your consent under applicable law.
Analytics cookies are used by Google Analytics to measure how the Service is used. These cookies collect information in an aggregated form, including your IP address (which is truncated before storage), the pages you visit, the time you spend on the Service, and the links you click. You can control analytics cookies through our cookie consent banner.
Advertising cookies are used by Google AdSense and its advertising partners to serve ads to free-tier users of the Service, to measure the performance of those ads, and to prevent the same ad from being shown too many times. Third-party vendors, including Google, may use cookies to serve ads to you based on your prior visits to the Service and to other websites. You can control advertising cookies through our cookie consent banner. You can also opt out of Google's use of cookies for personalized advertising by visiting https://adssettings.google.com and adjusting your preferences. Users in the European Union can also visit https://www.youronlinechoices.eu to opt out of personalized advertising from participating networks. Users in the United States can visit https://www.aboutads.info.
If you are in a jurisdiction that requires consent for non-essential cookies (including all European Union member states, the United Kingdom, and others), we ask for your consent through a cookie consent banner before placing any non-essential cookies on your device. You can change your consent choices at any time by clicking the "Cookie settings" link in the footer of the Service.
Your browser also allows you to refuse or delete cookies directly. Instructions for doing this are available in your browser's help documentation. Please note that if you disable all cookies, some parts of the Service may not function correctly.
9. Children's Data
The Service is available to users from the age of fourteen (14), subject to the conditions set out in Section 3 of the Terms of Service. The PRO subscription is available only to users aged eighteen (18) or older; users aged fourteen to seventeen may access the PRO subscription only through a parent or legal guardian who contracts with us on their behalf.
In accordance with Article 8 of the GDPR, where a user is below the age at which they can give valid consent to information society services in their country of residence, we require verifiable parental consent for any processing that relies on consent as its lawful basis. The specific age varies by EU member state (it is 16 in Germany, Austria, Luxembourg, and several others; 14 in Italy; 13 in the United Kingdom, Belgium, Denmark, Estonia, Finland, Latvia, Malta, Portugal, and Sweden; and 15 in France, Czechia, Greece, Slovenia, and Croatia).
We do not knowingly process data of children below the age of fourteen (14). If you believe that we have collected personal data of a child below that age without the consent of a parent or legal guardian, please contact us and we will delete the data promptly.
10. How We Protect Your Data
We apply technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS/HTTPS), encryption of sensitive data at rest, access controls and authentication for our internal systems, logging and monitoring of access to personal data, regular backups, and periodic security reviews. No system can be absolutely secure, and we cannot guarantee the security of data transmitted over the internet; you transmit data to us at your own risk.
11. Changes to This Privacy Policy
We may amend this Privacy Policy from time to time. The amendment procedure and user notification rules are the same as those set out in Section 18 of the Terms of Service. Where a change materially affects the way we process your personal data, we will notify you by email in advance of the change taking effect. The date at the top of this document indicates the version currently in force.
12. Contact
To exercise any of your rights under this Privacy Policy, to ask a question about how we process your personal data, or to raise a concern, please contact us at the email address published on the Operator Information Page of the Monetika website. We will respond within thirty (30) days of receiving your request, or sooner where required by law. If your request is complex or concerns a large volume of data, we may extend the response period by up to two additional months, and we will inform you of the extension within the initial thirty-day period.
END OF PRIVACY POLICY