MonoClaw

Privacy Policy

How we collect, use, and protect your personal information.

Privacy Policy

PRIVACY POLICY

Effective Date: April 4, 2026

1. Introduction and Territorial Scope

1.1 This Privacy Policy explains how Sentimento Technologies Limited (“Sentimento”, “we”, “us”, “Data User” or “Data Processor” as context requires) collects, uses, stores, and protects personal data when you visit www.monoclaw.app (“Website”) or access the Client Dashboard (“Dashboard”). This Policy is incorporated by reference into the Master Configuration Services, Bailment and Software Licence Agreement (the “Master Agreement”) and the Acceptable Use Policy.

1.2 Exclusive Service Model – Hong Kong SAR Only: While the Website is accessible globally for informational purposes, we exclusively provide Configuration Services, Bailment, and Software Licensing to bona fide residents of the Hong Kong Special Administrative Region (“HK SAR”) or companies duly incorporated under the Companies Ordinance (Cap. 622) with principal places of business within HK SAR.

1.3 Non‑HK Visitors: For visitors accessing the Website from outside HK SAR who are ineligible for services, we process only minimal technical data necessary for: (a) website security; (b) export control compliance screening against Sanctions Lists; and (c) fraud prevention. No service data is collected from non‑HK visitors.

1.4 Data Roles Under PDPO:

  • Data User (Controller): For website analytics, hardware diagnostic logs, device photographs, contract execution data (electronic signatures, IP addresses, audit trails, device fingerprints), sanctions screening records, and Sentimento’s business records.
  • Data Processor: For Client Account creation data (initial usernames and provisioning credentials) and for any third‑party credentials the Client uploads to enable optional integrations, processed on behalf of the Client (which remains Data User for any employee or end‑user data routed through such integrations). The terms of Schedule C (Data Processing Agreement) of the Master Agreement govern such processing.

 

2. Data We Collect

2.1 Authentication and Identity Data:

  • Google SSO: Google OAuth 2.0 token claims (including the subject identifier), email verification status, and session metadata. We do not store Google passwords.
  • Native Signing System (NSS): For contract execution, we collect: IP address (HKT timestamped), device metadata (browser type, operating system, screen resolution), city‑level geolocation, the Google SSO subject identifier, session duration, and time spent on the signature page. These are retained as an audit trail and bound to a cryptographic hash of the executed document for non‑repudiation, in a manner that satisfies the requirements of the Electronic Transactions Ordinance (Cap. 553) (Master Agreement, Clauses 1.3–1.5).
  • Identity Verification:
    • Individuals: HKID number (last 4 digits only), full legal name, Hong Kong residential address, and Hong Kong mobile number;
    • Entities: Business Registration Certificate number, company name, registered HK address, and beneficial ownership information (required for sanctions screening against the OFAC SDN List, EU Consolidated List, and UN Security Council Consolidated List).

2.2 Optional Integration Configuration Data:

MonoClaw is delivered as a local‑first system; bundled local inference and local‑only operation are the defaults. If the Client elects to enable an optional integration through the in‑product onboarding flow (for example, a hosted inference provider, a messaging platform, an email connector, or a calendar service), Sentimento collects and processes only the minimum configuration data necessary to enable that integration during the Configuration Period, namely:

  • Provider‑issued credentials (API keys, bot tokens, app passwords, OAuth grants) supplied by the Client via the secure upload function on the Dashboard, processed as Strictly Confidential Information and destroyed in accordance with Section 7 below;
  • Identifiers required to register the Client with the chosen provider (for example, a messaging handle or account identifier), to the extent the Client uploads them to the Dashboard;
  • Allow‑list metadata stored locally on Client Hardware (not on Sentimento’s servers after handover) so the Client can change it at any time using the in‑product onboarding tooling.

Sentimento neither selects integrations on the Client’s behalf nor maintains a remote copy of integration credentials after delivery.

2.3 Transaction and Financial Data:

  • Apple Orders: Apple Order Confirmation Numbers, hardware serial numbers, MAC addresses, and model specifications;
  • Payments: Stripe transaction identifiers and payment confirmation tokens. We do not store credit card numbers; payment instruments are processed directly by Stripe Inc.;
  • Hosted Inference Provider credentials (where the Client elects to upload one): temporary processing during the Configuration Period only (see Section 7 below).

2.4 Technical and Diagnostic Data:

  • Hardware Diagnostics: Diagnostic logs, photographic evidence of device condition and seal application, and serial number verification records (stored via Supabase in Singapore);
  • Technical Metadata: IP addresses (screened for sanctioned territories), device metadata, timestamps (HKT, NTP‑synchronised), session duration, and city‑level geolocation (for export control compliance and geoblocking enforcement).

2.5 Export Control and Sanctions Data:

  • Sanctions screening results, beneficial ownership verification records, and Military End User status verification (retained for 5 years minimum per regulatory requirements).

 

3. Legal Basis for Processing

3.1 HK SAR Clients (PDPO):

  • Performance of Contract: To execute the Master Agreement, provide the Configuration Services, bail Client Hardware, and license MonoClaw;
  • Legal Compliance: To comply with applicable export controls, sanctions screening obligations, anti‑money‑laundering rules, and other regulatory requirements;
  • Legitimate Interests: Fraud prevention, network security, enforcement of HK‑only service restrictions, and prevention of prohibited dual‑use technology transfers.

3.2 Non‑HK Visitors (GDPR Article 49 Derogations):

For EU/EEA/UK visitors browsing the site but ineligible for services, we rely on:

  • Article 49(1)(d): Processing necessary for important reasons of public interest (export control compliance, sanctions prevention, and cybersecurity);
  • Article 49(1)(b): Processing necessary for the performance of a contract (if you proceed to sign up and verify HK eligibility).

3.3 CCPA (California): We do not “sell” personal information. We process minimal data for security, compliance, and fraud prevention only.

 

4. Use of Data

  • Service Delivery and Bailment: Authenticating Dashboard access, processing orders, executing electronic signatures via the Native Signing System, performing hardware diagnostics, and managing the bailment of Client Hardware;
  • Optional Integration Setup: Configuring any integrations the Client elects to enable (Clause 4.6 and 4.9 of the Master Agreement), using only the Client‑supplied credentials and identifiers and only for the duration of the Configuration Period;
  • Export Control Compliance: Screening against the OFAC SDN List, EU Consolidated List, and UN Security Council Consolidated List to prevent prohibited users from accessing dual‑use technology;
  • Security & Audit: Maintaining audit trails for contractual non‑repudiation in accordance with the Electronic Transactions Ordinance (Cap. 553) (Clauses 1.4–1.5, Master Agreement);
  • Dashboard Notifications: All contractual notices, billing communications, and legal correspondence are posted exclusively to the Dashboard (Clause 11.6, Master Agreement). Processing of notification metadata is essential for contract performance.

 

5. Local‑First Operation and Post‑Delivery Data Processing

5.1 Local‑First by Default:

Per Schedule B, Section 2.2 of the Master Agreement, MonoClaw is delivered as a local‑first system: bundled local inference, local skill execution, and local data storage on Client Hardware are the defaults. Any outbound network activity (hosted inference calls, messaging‑platform connections, scheduled jobs, optional cloud‑backed plugins, or similar) occurs only as a result of a configuration the Client explicitly enables, and only against endpoints the Client controls or has chosen.

5.2 No Sentimento Remote Operator Capability:

Following delivery of configured Client Hardware and after Sentimento has destroyed the transient integration credentials referenced in Section 7, Sentimento maintains no remote operator capability to access, monitor, modify, or disable MonoClaw or any data stored on Client Hardware without an action explicitly initiated by the Client through the in‑product tooling. The Client controls all subsequent outbound network activity via the configurations it enables. Sentimento neither operates nor proxies that activity on the Client’s behalf, and bears exclusive responsibility for the security of Client Hardware post‑delivery (Master Agreement, Clause 8.6).

 

6. International Data Transfers

We transfer data to the following jurisdictions under the safeguards indicated:

Destination

Purpose

Safeguard

Singapore

Supabase database hosting (hardware diagnostic logs, metadata, photographic evidence)

Standard Contractual Clauses (SCCs)

United States

Stripe (payment processing), Google LLC (Single Sign‑On authentication), and the parent entity of Supabase Inc.

SCCs and respective vendor certifications; contractual commitments per Schedule E

Client‑elected destinations

Where the Client elects to enable an optional integration (for example, a hosted inference provider, messaging platform, or cloud‑backed plugin), data routed to the chosen provider is transferred to whichever jurisdiction(s) that provider operates in. Sentimento does not select these providers on the Client’s behalf and is not a controller of data the Client routes through them.

Direct legal relationship between Client and chosen provider; Schedule E

EU/UK

Incidental processing of visitor IP addresses for security screening

Article 49 derogations (public interest/security)

We do not transfer personal data to jurisdictions lacking adequate protection except as necessary for export control compliance or with appropriate safeguards (SCCs). Once delivered, Client Hardware operates locally; any subsequent transfer to a third country is determined entirely by the integrations the Client enables.

 

7. Data Retention

We retain personal data only for the periods necessary to fulfil the purposes outlined above, or as required by law:

Data Category

Retention Period

Legal Basis

Hardware logs/photographs

1 year from delivery date, then permanent deletion (Clause 6.3(a), Master Agreement)

Latent defect claims support

Contract execution data (signatures, audit trails, NSS records)

7 years from execution (or longer if required by limitation periods) (Schedule C, Section 8(b))

Legal proceedings / evidence

Account creation data

Deleted within 30 days of contract termination, unless legal proceedings require retention (Clause 6.3(c))

PDPO minimisation principle

Sanctions screening records

5 years minimum (regulatory requirement)

Export control compliance

Failed registration attempts (non‑HK)

90 days then deletion

Security / fraud prevention

Optional integration credentials (hosted‑provider API keys, messaging‑platform tokens, OAuth grants, app passwords)

Deleted within 24 hours of final‑payment confirmation (Clause 4.6(e), Master Agreement)

Contractual obligation

Messaging identifiers (where the Client elects to enable a messaging platform)

Stored locally on Client Hardware after delivery; Sentimento retains a server‑side copy only for the duration of the Configuration Period and then deletes it

Contract performance and minimisation

 

8. Your Rights

8.1 PDPO Rights (HK SAR):

You may request access to and correction of your personal data under the PDPO. A reasonable fee may be charged for access requests. To exercise rights: submit requests via the Dashboard secure messaging system (Clause 11.6). We respond within 30 days.

8.2 GDPR Rights (EU Visitors):

Subject to Article 49 derogations, you may request erasure of browsing data. You have no right to data portability for service data because we cannot provide services outside HK SAR.

8.3 CCPA Rights (California):

You may request disclosure of categories of personal information collected (minimal) and request deletion (subject to sanctions screening retention requirements).

8.4 Dashboard Access:

You must check the Dashboard at least once every Business Day during the Configuration Period, and at least once per calendar week thereafter (Clause 11.6(c)). Failure to monitor the Dashboard does not extend statutory response deadlines.

 

9. Security Measures

  • Encryption: Passwords hashed using industry‑standard adaptive algorithms (such as bcrypt or Argon2); TLS 1.3 for transmission; AES‑256 for data at rest;
  • Audit Trails: Append‑only audit storage for signed contracts and audit logs (Clauses 1.4–1.5, Master Agreement);
  • Access Controls: Role‑based access limited to essential personnel only;
  • Geoblocking: IP‑based restrictions for sanctioned territories (Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine);
  • Secure Deletion: Optional‑integration credentials and other temporary configuration data destroyed using secure data destruction methods ensuring no recoverable remnant (Clause 4.6(e)).

 

10. Third‑Party Processors

Sentimento relies on the following third‑party processors to operate the Website and the Dashboard:

Processor

Purpose

Jurisdiction

Terms

Google LLC

Single Sign‑On authentication; Dashboard access

United States

Google Privacy Policy

Stripe Inc.

Payment processing; PCI‑DSS compliance

United States

Stripe Privacy Policy

Supabase Inc.

Database hosting (diagnostic logs, metadata)

United States (data resident in Singapore region)

Supabase Privacy Policy; SCCs executed

Apple Inc.

Hardware manufacturing; macOS licensing

United States

Apple Privacy Policy

Where the Client elects to enable an optional integration with a third party not listed above (for example, a hosted inference provider, messaging platform, email connector, or calendar service), the Client enters into a direct legal relationship with that provider in accordance with Schedule E. Sentimento is not a processor or controller of any data the Client routes through such provider after delivery (Clause 7.2, Master Agreement).

 

11. Changes to this Policy

We may update this Policy by posting changes to the Dashboard. Material changes regarding data use will be notified via Dashboard urgent notice (Clause 11.6). Continued use constitutes acceptance. For active Orders, the Policy version current at the Order date governs unless otherwise agreed.

 

12. Contact and Complaints

For data protection inquiries or to exercise your rights under the PDPO:

Method: Dashboard secure messaging system (exclusively)

Response Time: 30 days

For complaints under the PDPO, you may contact the Office of the Privacy Commissioner for Personal Data, Hong Kong.