Privacy Policy

Last updated: 2026-05-06

This Privacy Policy describes how MondoSoft ("we", "us") collects, uses, and protects personal information across our software products, including but not limited to InvoiceWatchr, PaperPulse, and Elenkhos (each, a "Product"). It applies to mondosoft.io and to each Product's own subdomain.

1. Information we collect

• Account information: the email address you register with, and a hashed credential (e.g. a SHA-256 hashed bearer token) used to authenticate your requests. We do not store passwords or unhashed tokens.
• Billing information: a Stripe customer ID and subscription ID. We do not store credit-card numbers — Stripe handles all payment data directly.
• Product usage data: the data you provide to and generate within each Product. Examples: in PaperPulse, the topic queries you save and the papers we matched; in InvoiceWatchr, the client emails and invoice metadata you upload to track follow-ups. Aggregate request counts may be retained in memory for service monitoring.
• Transactional records: timestamps of emails sent to you, login events, and similar minimal logs needed to operate the service and prevent abuse.

2. How we use your information

• To deliver each Product's core functionality (sending digests, sending invoice reminders, etc.).
• To process subscription payments through Stripe.
• To send transactional emails — login tokens, payment confirmations, account notices, and Product-specific notifications.
• To monitor service health and prevent abuse.

We do not sell your personal data, share it with advertisers, or use it for any purpose other than operating our Products.

3. Third-party processors

We share only the data necessary for the service to function with the following processors:

• Stripe — payment processing. stripe.com/privacy
• SendGrid (Twilio) — transactional and digest email delivery. twilio.com/legal/privacy
• Anthropic — for Products that use AI features (such as PaperPulse's tag-suggestion and journal-feed filtering, or Elenkhos's reasoning), the relevant text input is sent to the Claude API to generate the response. Anthropic does not train on this content per their commercial API policy. anthropic.com/legal/privacy
• Fly.io — application hosting and database storage.

4. Data retention

Your account data is retained for as long as your account is active. If you cancel a subscription, your data is preserved so you can re-subscribe and keep your settings. If you delete your account — via the in-app deletion control where available, or by emailing us — all of your data for that Product (account record, usage data, history) is permanently removed.

5. Your rights

• Access / portability: contact us to request a copy of your data.
• Deletion: use the in-product deletion control, or email us to request permanent removal.
• Correction: update your email or other settings from the Product dashboard.
• If you are in the EU/UK you have additional rights under GDPR; if you are in California you have additional rights under CCPA/CPRA. Email us to exercise them.

6. Cookies and local storage

Our Products use browser localStorage to persist authentication state between visits. We do not use third-party advertising or tracking cookies. We may use minimal first-party cookies for security and session management.

7. Security

Bearer tokens and similar credentials are hashed (SHA-256 or equivalent) before storage. All traffic is encrypted in transit via HTTPS. Tokens are rotated on each login and expire automatically after a defined TTL.

8. Children's privacy

Our Products are intended for adults and professional use. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected such data, contact us and we will delete it.

9. International users

Our infrastructure is hosted in the United States. By using our Products from outside the US, you consent to the transfer of your data to and processing in the US.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to active subscribers and reflected in the "Last updated" date above.

11. Contact

For privacy questions, data requests, or to exercise your rights, email doctor.mondosoft@gmail.com.