MonkeyIndexer
Home Pricing Blog API FAQ Contact
Sign in Get started
Home Pricing Blog API FAQ Contact Sign in
Home / Legal / Privacy

Privacy policy.

What we collect, why we collect it, and what we won't do. We treat customer data the way we'd want ours treated: respectfully, minimally, and with locked doors.

Last updated · June 5, 2026 · v3.2 · GDPR/CCPA compliant

MonkeyIndexer OÜ ("we", "us", "our") operates monkeyindexer.com and the related API service. This policy explains what personal data we collect, how we use it, and the rights you have over it.

01What we collect

Account information

When you sign up, we collect your name, email, hashed password, and — if you choose to provide it — company name and billing address.

Submitted URLs

URLs you submit for indexing are stored for service operation: queue management, status tracking, SLA monitoring, and your own dashboard history. We do not use submitted URLs for any advertising or third-party analytics.

Usage telemetry

Standard server logs (IP address, user agent, request timestamps) are retained for 30 days for security and abuse-prevention purposes, then automatically purged.

Payment data

We do not store your card number, CVV, or full bank details on our servers. Payments are processed by Stripe and PayPal under their own PCI-compliant infrastructure. We only retain transaction IDs and a redacted last-4 reference for receipts.

02How we use your data

We use your data only to:

  • Provide, maintain, and improve the MonkeyIndexer service
  • Process payments and send receipts
  • Send service announcements (e.g. downtime, breaches, terms updates)
  • Respond to your support inquiries
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with our legal obligations

That's the whole list. We don't sell your data. We don't share it with advertisers. We don't profile you.

03Marketing communications

We'll only send marketing emails (product updates, occasional newsletters) if you explicitly opt in. You can unsubscribe with one click at any time, and we'll process the request within 24 hours.

04Cookies & tracking

We use a small set of strictly necessary cookies for authentication and CSRF protection. We use one analytics cookie (self-hosted Plausible) that respects Do-Not-Track and contains no personal identifiers. We do not use third-party advertising, retargeting, or social-media tracking cookies.

05Sharing your data

We share data only with carefully selected service providers needed to run MonkeyIndexer:

  • Stripe / PayPal — payment processing
  • AWS & Hetzner — infrastructure and storage (EU regions only by default)
  • Postmark — transactional email delivery
  • Intercom — customer support conversations

Each is bound by a Data Processing Agreement and is GDPR-compliant. We never sell your data, share it with advertisers, or hand it to data brokers.

06Data retention

Account data is retained for as long as your account is active. After deletion, we keep anonymised transaction records for the legally-required period (typically 7 years for tax purposes). Submission history is retained for 12 months by default, or until you ask us to wipe it.

07Your rights

Under GDPR, CCPA, and similar laws, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — ask us to delete your data ("the right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — export your data in a machine-readable format
  • Objection — object to specific kinds of processing

To exercise any of these, email privacy@monkeyindexer.com. We'll respond within 30 days, usually within 48 hours.

08Security

We take security seriously:

  • All traffic is encrypted in transit with TLS 1.3
  • Data at rest is encrypted with AES-256
  • Passwords are hashed with bcrypt (cost factor 12)
  • API keys are stored as one-way hashes
  • Production access is restricted, audited, and 2FA-protected
  • We run quarterly third-party penetration tests

No system is perfectly secure. If a breach affects your data, we'll notify you within 72 hours of discovery.

09International transfers

Our default infrastructure is in the EU. If your data is transferred outside the EEA (e.g. for support tools), we rely on Standard Contractual Clauses to ensure your data receives equivalent protection.

10Children

MonkeyIndexer is not directed at children under 16, and we do not knowingly collect data from them. If you believe we have, please contact us and we'll delete it promptly.

11Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. The "last updated" date at the top reflects the most recent revision.

12Chrome browser extension

The optional MonkeyIndexer Chrome extension is governed by this same policy plus the following specifics required by Chrome Web Store program policies:

  • API key storage: the key you paste into the extension is stored locally in your browser using chrome.storage.local. It is not synced to other devices, transmitted to any third party, or visible to web pages you visit.
  • What the extension reads: only the URL of the tab you click "Submit" on. It does not read page contents, form data, passwords, cookies, browsing history, or anything else.
  • What the extension sends: only the URL you submit, sent over HTTPS to https://monkeyindexer.com/api/v1/submit with your API key as a Bearer token. Nothing else is transmitted.
  • What it does NOT do: no analytics, no telemetry, no tracking pixels, no third-party scripts, no remote code execution, no automatic submissions, no background data exfiltration.
  • Floating widget: appears on every http(s):// page; you can mute it per-domain via the gear menu (preferences stored locally). It is mounted inside a closed Shadow DOM so the host page cannot inspect or tamper with it.
  • Permissions explained: storage (save your key + mute list locally), activeTab (read current tab URL when you click the toolbar icon), host_permissions: https://monkeyindexer.com/* (call your account's API).
  • Removal: uninstalling the extension via chrome://extensions deletes the local storage including your API key. Revoking the key in your dashboard at /dashboard/api-tokens takes effect immediately for any subsequent requests, even if the key is still pasted into an installed copy elsewhere.

13Contact

Data Protection Officer: privacy@monkeyindexer.com. Postal: MonkeyIndexer OÜ, Attn: DPO, Maakri 19/1, 10145 Tallinn, Estonia. EU citizens may also lodge complaints with their local supervisory authority.

MonkeyIndexer

The fastest white-hat indexing service on the open web. Built for operators in a hurry.

Product
Pricing API docs FAQ Status
Company
Blog Contact Affiliates Changelog
Legal
Terms Privacy Refund policy Acceptable use
© 2026 MonkeyIndexer · All systems nominal
Made with caffeine & cron jobs