Monnett Privacy Policy

1. Introduction

Welcome to Monnett. We are Monnet Social S.A., a company based in Luxembourg, at the heart of Europe.

This Privacy Policy explains clearly and transparently how we collect, use, and protect your personal data worldwide. It is written to comply with the highest European standards: the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the Artificial Intelligence Act (AI Act). 

With Luxembourg as our lead supervisory authority, we also look ahead to future rules, so you can trust that your rights will not only be respected, but anticipated.

Monnett is built on the belief that privacy is not a feature, but a foundation. Our promise is simple: your data belongs to you. We use it only to serve you, never to exploit you. Transparency, accountability, and responsible use of technology are at the core of everything we do.

By creating an account or using our services, you agree to the terms described here and acknowledge the processing of your data as outlined below. If we ever make important changes, we will inform you directly and clearly. No surprises, no hidden clauses.

Thank you for placing your trust in us. By choosing Monnett, you are supporting a new kind of social media: one that puts people before algorithms, and values at the forefront.

 

2. Privacy Policy

2.1 Data Controller

Monnet Social S.A., a public limited liability company (société anonyme) incorporated and existing under the laws of Luxembourg, having its registered office at 65 rue De La Vallée, L-2661 Luxembourg, Grand Duchy of Luxembourg, and registered with the Luxembourg Trade and Companies’ Register (Registre de Commerce et des Sociétés, Luxembourg) under number B297382.

Email: privacy@monnett.social

 

DPO: As a small startup, GDPR restricts our ability to appoint a Data Protection Officer in-house, since all available candidates are currently senior leadership, which would create a conflict of interest under the regulation. We are actively working to identify an independent and compliant solution for the DPO role and will update this notice as soon as a suitable arrangement is established.

 

2.2 Types of Data Collected

We collect the following data:

  • Identity & Account Data: Full name (if provided), birthdate, age, username, email, password (hashed), profile photo (if provided), payment data related to account plans (if provided)
  • User-Generated Content (UGC [What we call People-Generated Contet]): Posts, photos, videos, text, audio, comments, metadata (when and if provided)
  • Interaction Data: Likes, messages, followers, other types of activity
  • Device & Usage Data: IP address, device type, OS, cookies, session logs
  • Location Data: If enabled 
  • AI Interaction Data: Prompts, responses, and feedback provided during use of AI features, when and if implemented on Monnett Platforms. This data may be stored and used in anonymized form to improve AI models. You will be able to opt out of such data processing via your account settings.

 

2.3 Legal Basis and Purposes

We process your data to:

  • Create and manage your account
  • Facilitate social interactions and communication
  • Display and distribute your content 
  • Enable third parties in the future to advertise on our platform, without sharing your individual person data or usage data (we do not track how individuals navigate the platform and we do not listen to individuals while present on the platform)
  • Comply with legal obligations
  • Improve our services and features
  • Provide personalised recommendations and content 

 

2.4 Rights to Commercial Use of People-Generated Content (so called ‘UGC’)

By uploading content to our platform, you retain all copyright and ownership rights to your work. You grant us a non-exclusive, royalty-free, worldwide license to reproduce, display, perform, and share your content within our websites, platforms, services, and affiliated digital channels. This license covers the right to:

  • Project, share, and reproduce your content across our websites and platforms.
  • Enable reposting and sharing of your content by other people within the platform (including appearance on their profiles, feeds, or pages)
  • Display your content publicly (for content and accounts set to public) and in platform-curated collections.

This license is solely for the purpose of operating, promoting, and improving our services, and does not transfer your copyright or ownership. You may revoke this license by deleting your content from our platform.

 

2.5 AI Governance, Features, Risk Management and Transparency

We will categorize AI features by risk level and implement risk mitigation strategies, including human oversight, transparency disclosures, and opt-out mechanisms. We will comply with Recitals 10, 118, and 136 of the EU AI Act and maintain a registry of high-risk AI systems.

Our platform in the future may include AI-powered features such as content recommendations, automated moderation, and AI-generated responses or summaries. If and when that happens we commit to:

  • Transparent explanations of AI usage
  • Sufficient human oversight for critical decisions affecting users
  • User opt-out options where required
  • Compliance with EU AI Act principles

 

2.6 Data Transfer Mechanisms

To provide our services, we may need to transfer your personal data outside the European Economic Area (EEA), for example if you travel abroad, or if you live outside of the EEA. Whenever this happens, we make sure your data is protected according to strict EU privacy laws (GDPR).

 

We do this by using:

  • Special approved contracts called Standard Contractual Clauses (SCCs) that make sure companies receiving your data keep it safe.
  • Carefully assessing the privacy rules where your data is sent and adding extra protections if needed.

This means that wherever your data is stored or processed, we do the utmost to ensure it stays secure and your privacy rights are respected.

 

2.7 Data Retention

We retain your data according to the following typical timeframes:

Data Type Retention Period Reason
Basic account information While account is active + 1 year Contract management
People-generated content (‘UGC’) While account is active + 3 months ‘User’ access, legal compliance, we remove any data from our services as soon as someone decides to delete their account, however it may take up 3 months for copies and data in our back-ups to be fully deleted.
AI Interaction Data (when available) While account is active + 1 year Service improvement
Profile and User preferences and consents While account is active, and/or until revoked + 1 year (the record of consent, not the consent itself) Consent management
Legal and tax-related records While account is active and up to 10 years after account deletion Legal obligations

 

2.8 Your Rights

You have the right to:

  • Access, correct, delete, restrict, object, withdraw consent, and port your data
  • Contact the CNPD (https://cnpd.public.lu) if you are in the EU/EEA.

 

2.9 Security Measures

We use encryption, access controls, audits, and breach notification procedures to protect your data.

 

2.10 Children 

At Monnett, the safety and privacy of minors are a top priority. To help protect young people, we have implemented the following measures:

  • Private Accounts by Default: Our aim is for minors’ accounts to be set to private, so their personal information, posts, and data are only visible to approved connections. 
  • Content Recommendations and Controls: Our platform’s recommendation systems and algorithm controls ensure we are giving children more control over their feeds and experience.
  • Blocking, Muting, and Group Controls: Minors can block or mute any person(s) easily, helping to prevent cyberbullying and unwanted interactions.
  • Limits on Addictive Features: Features designed to encourage excessive use, such as streaks are not there. We also place safeguards around AI chatbots and remove design elements that unduly push engagement.
  • Commercial Protection: We do not exploit minors’ limited commercial understanding. Minors are protected from manipulative commercial practices, unwanted spending, and addictive elements like virtual currencies or loot boxes.
  • Moderation and Support: We continuously improve moderation and reporting tools, provide prompt feedback, and offer parental control options to support minors and their families.

 

Through these efforts, Monnett aims to create a safer, more respectful environment for young people to connect and express themselves online.

The app is not intended for users under 16 years of age (or if the minimum in your Country is higher for the usage of social media networks, then the minimum age in your Country). If we discover underage usage we will delete the relevant accounts promptly. 

We aim to implement default private profiles for minors, we don’t engage in behavioral profiling, and disable persuasive design features such as streaks and typical ‘gamification’. We also provide controls and moderation tools in line with relevant regulatory guidelines.

 

3. Changes and Notifications

We maintain a regulatory roadmap and commit to updating this policy in line with future EU regulations and best practices globally. Major changes will be communicated via changelogs, emails and in-app notifications. We may consult people on our platform before implementing significant updates.

 

4. Contact Us

For questions or requests: Contact us

 

Monnet Social S.A.

65 rue De La Vallée, L-2661 Luxembourg, Grand Duchy of Luxembourg

Email: welcome@monnett.social

 

By using Monnett, you agree to this Privacy Policy.