Introduction

This Privacy Policy explains how Monkspace ("we", "us", or "our") collects, uses, shares, and protects your personal information when you use our platform, including any associated websites, mobile applications, services, or tools.

By accessing or using Monkspace, you agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, you should not use our services.

We are committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and other relevant laws.

Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

"Personal Data" means any information that relates to an identified or identifiable natural person.

"Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.

"Platform" refers to the Monkspace website, mobile applications, and all associated services, tools, or functionalities provided by Artcomun Technologies INC.

"User" means any individual who accesses or uses the Monkspace platform, including but not limited to visitors, registered users, artists, subscribers, buyers, and sellers.

"Artist" refers to a user who uploads, showcases, or sells original artworks via the Monkspace platform.

"Buyer" means a user who purchases or subscribes to content or services offered by an Artist on Monkspace.

"Stripe" refers to the third-party payment processor integrated into Monkspace to manage transactions securely.

"Data Controller" means the entity that determines the purposes and means of the processing of personal data. For Monkspace, this is Artcomun Technologies INC.

"Data Processor" means a third party that processes personal data on behalf of the Data Controller.

"Cookies" are small data files stored on a user's device that help enhance functionality, track usage, and personalize the user experience.

"GDPR" refers to the General Data Protection Regulation (EU) 2016/679, the EU regulation governing the protection of personal data.

Who We Are

Monkspace is operated by Artcomun Technologies INC, a company registered in the United States with the following business address:

Artcomun Technologies INC  

1401 Pennsylvania Ave. 105  

Wilmington, Delaware 19806  

USA

For the purposes of applicable data protection laws, Artcomun Technologies INC is the data controller responsible for your personal information collected through the Monkspace platform.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and compliance with applicable privacy laws, including the GDPR

If you have any questions specifically related to how we process your personal data or your rights under the GDPR, you may contact our DPO at: privacy@monkspace.io

What Data We Collect


Data We Collect by User Type

The types of data we collect may vary depending on your role and how you interact with the Monkspace platform. Here's a breakdown by user category:

Visitors:

  • IP address, browser type, device data, and cookies used for analytics and performance
  • Referral links and page interaction behavior

Registered Users (General):

  • Identity and contact information (name, email, profile photo)
  • Login credentials and communication preferences

Artists:

  • All general user data
  • Artist portfolio content (artwork images, titles, descriptions)
  • Artist biography and public profile information
  • Identity verification documents (e.g., ID, tax forms)
  • Stripe account integration data
  • Subscription tiers and pricing preferences

Buyers / Subscribers:

  • All general user data
  • Payment and transaction history (via Stripe)
  • Purchase or subscription preferences
  • Communication with Artists or support team

Sellers (if different from Artists):

  • Same as Artists, plus order fulfillment history and shipping details if applicable

How We Use Your Data

Use of Data by User Type

We tailor our data usage practices to fit the role you hold on the platform:

For Visitors:
 To analyze site traffic, enhance performance, and understand user behavior through anonymized data.

For Registered Users:
 To manage accounts, provide login access, customize preferences, and send necessary notifications.

For Artists:
 To display and promote artworks, manage portfolios, process payouts via Stripe, verify identity, and enable subscriptions or sales.

For Buyers/Subscribers:
 To process payments, enable access to subscribed content, manage ongoing subscriptions, and facilitate communication with Artists.

For Sellers (if applicable):
 To support order tracking, customer service, and any legal or financial reporting requirements associated with sales.

How We Share Your Data

We may share your personal information with the following parties, only when necessary and for legitimate purposes:

  • Payment Processors: Such as Stripe, for secure payment transactions and refunds
  • Hosting & Infrastructure Providers: Cloud services that power the platform (e.g., server, storage, CDN)
  • Analytics Tools: To analyze usage and improve performance (e.g., Mixpanel, Google Analytics)
  • Customer Support Tools: Used to manage support requests or feedback (e.g., Intercom, Zendesk)
  • Identity Verification Services: For Artists or sellers who need to be verified before receiving payments
  • Legal Authorities: When required by law, court order, or to respond to valid government requests
  • In Transactional Context: We may share contact details between Buyers and Artists during order fulfillment, as described in our Terms of Use

We do not sell your personal information to third parties. Any service providers we work with are contractually obligated to handle your data in accordance with applicable privacy laws and this policy.

Third-Party Service Providers and Data Processing Agreements

We rely on trusted third-party service providers (“Data Processors”) to help us deliver, maintain, and improve the Monkspace platform. These providers may process personal data on our behalf in accordance with our instructions and applicable privacy laws, including the General Data Protection Regulation (GDPR).

To ensure lawful and secure data processing, we have entered into Data Processing Agreements (DPAs) with these providers where required. These agreements require all processors to:

  • Act only on our documented instructions,
  • Implement appropriate technical and organizational safeguards,
  • Assist in responding to data subject rights requests,
  • Delete or return data upon termination of services,
  • Ensure onward data transfers comply with GDPR standards.

When personal data is transferred outside of the European Economic Area (EEA), we ensure such transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission,
  • Adequacy decisions recognizing certain countries as providing adequate protection, or
  • Binding Corporate Rules (BCRs) in the case of international corporate groups.

Stripe
 Purpose: Payment processing and payout management
 Data Location: United States
 Safeguard: Standard Contractual Clauses (SCCs) + DPA

Amazon Web Services (AWS)
 Purpose: Hosting, cloud infrastructure, and storage
 Data Location: United States and/or European Union
 Safeguard: SCCs + DPA

Google Analytics
 Purpose: Website and platform usage analytics
 Data Location: United States
 Safeguard: SCCs + DPA

Mixpanel
 Purpose: Behavioral analytics and user insights
 Data Location: United States
 Safeguard: SCCs + DPA

Intercom
 Purpose: Customer support and live chat functionality
 Data Location: United States
 Safeguard: SCCs + DPA

Zendesk
 Purpose: Support ticketing and helpdesk services
 Data Location: United States
 Safeguard: SCCs + DPA

Mailchimp
 Purpose: Email marketing and newsletter distribution
 Data Location: United States
 Safeguard: SCCs + DPA

Sendgrid
 Purpose: Transactional email delivery (e.g., password resets, alerts)
 Data Location: United States
 Safeguard: SCCs + DPA

Meta / Facebook Ads
 Purpose: Advertising and remarketing campaigns
 Data Location: United States
 Safeguard: SCCs + DPA

Google Ads
 Purpose: Online advertising and conversion tracking
 Data Location: United States
 Safeguard: SCCs + DPA

Zapier
 Purpose: Automation between different services and platforms
 Data Location: United States
 Safeguard: SCCs + DPA

These providers may have access to certain personal data only to the extent necessary for performing their designated functions. We regularly review their data practices to ensure compliance with our standards and applicable laws.

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as defined in the General Data Protection Regulation (GDPR):

Contractual Necessity: To provide the services you request, such as account creation, payment processing, and order fulfillment

Legitimate Interests: To operate, improve, and secure our platform, provided that such interests are not overridden by your rights

Legal Obligation: To comply with applicable laws, such as tax regulations and anti-fraud requirements

Consent: For certain activities, such as receiving promotional emails or cookies used for marketing purposes

Vital Interests: In rare cases, to protect the safety or legal rights of users or others

Where we rely on your consent, you have the right to withdraw it at any time.

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account-related data is retained while your account is active and for a limited period after deactivation or deletion.
  • Transaction and payment records may be retained for up to 7 years to comply with tax and accounting regulations.
  • Artist-related content (including artworks and subscription data) may be archived for up to 12 months after the end of a paid subscription, unless deletion is requested earlier.
  • Support interactions and communication logs may be stored for quality assurance and legal compliance.
  • When personal data is no longer required, we securely delete or anonymize it in accordance with applicable laws and industry standards.

Your Rights and Choices

Depending on your location and applicable privacy laws, you may have the following rights regarding your personal data:

Access: You can request a copy of the personal data we hold about you.

Correction: You may request that we update or correct inaccurate or incomplete information.

Deletion: You can request that we delete your account and personal data, subject to legal or contractual obligations.

Restriction: You may request that we temporarily or permanently stop processing some or all of your personal data.

Objection: You may object to the processing of your personal data for direct marketing or based on our legitimate interests.

Data Portability: You may request a copy of your personal data in a structured, machine-readable format.

Withdraw Consent: If you have given consent for any specific processing, you can withdraw it at any time.

To exercise any of these rights, please contact us at info@monkspace.io. We may require you to verify your identity before fulfilling your request.

Please note that some rights may be limited or subject to exceptions under applicable laws.

If you are located in Turkey, we process your personal data in accordance with the Turkish Personal Data Protection Law (Law No. 6698 – "KVKK"). You may exercise your rights under Article 11 of the KVKK, including the right to access, correct, delete, or object to the processing of your personal data, by contacting us at privacy@monkspace.io. We will respond to your requests in accordance with the procedures and timelines outlined in the KVKK.

​​Automated Decision-Making and Profiling

We do not use your personal data to make decisions based solely on automated processing that produce legal effects or similarly significant consequences for you.

In particular, we do not engage in automated decision-making or profiling as defined under Article 22 of the GDPR. Any personalization of content or recommendations on the platform is based on general usage patterns and is not intended to produce any significant legal effect.

Data Transfers and International Storage

Monkspace is operated globally, and your personal data may be transferred to and stored in countries outside of your own, including the United States.

We store and process your data using Amazon Web Services (AWS), which provides secure, scalable cloud infrastructure. These servers may be located in various jurisdictions depending on system performance and reliability needs.

Whenever we transfer your personal data internationally, we take appropriate steps to ensure that your data remains protected in accordance with applicable privacy laws, including implementing standard contractual clauses or relying on adequacy decisions where applicable.

By using Monkspace, you consent to the transfer of your data to countries outside of your country of residence, including jurisdictions that may have different data protection laws.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on Monkspace, analyze platform usage, and personalize content.

Cookies are small text files stored on your device that help us recognize you and improve site functionality. We use both session and persistent cookies for purposes such as:

  • Remembering your login preferences
  • Keeping you signed in across sessions
  • Understanding how users interact with the platform
  • Tracking referral activity and marketing performance
  • Analyzing behavior via tools like Mixpanel and Google Analytics

You can manage your cookie preferences through your browser settings, where you can choose to block or delete cookies. Please note that disabling cookies may affect the functionality of some features.

By using Monkspace, you consent to our use of cookies as described in this policy.

Children’s Privacy

Monkspace is a general audience platform and does not impose a minimum age requirement for account creation. However, we do not knowingly collect personal information from children under the age of 13 without verified parental consent.

If we learn that we have inadvertently collected data from a child under 13 without proper authorization, we will delete such information as soon as reasonably possible.

Parents or legal guardians who believe their child has submitted personal data without consent may contact us at info@monkspace.io to request deletion.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction.

These measures include but are not limited to:

  • Encrypted data transmission (e.g., HTTPS)
  • Secure cloud infrastructure and storage via trusted providers (e.g., AWS)
  • Access controls and authentication systems
  • Regular monitoring and internal audits

While we take reasonable steps to safeguard your information, no system is 100% secure. Users are responsible for maintaining the confidentiality of their login credentials and for notifying us immediately of any suspected unauthorized activity.

By using Monkspace, you acknowledge and accept these security limitations.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with applicable laws such as the GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, using the contact details associated with your account.

Our internal incident response procedures include prompt investigation, risk assessment, mitigation, documentation, and notification obligations to minimize impact and ensure compliance.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will notify users by one or more of the following methods:

  • Posting an update notice on the Monkspace website or dashboard
  • Sending an email to registered users (if applicable)
  • In-app notifications

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Artcomun Technologies INC
 1401 Pennsylvania Ave. 105
 Wilmington, Delaware 19806
 USA
 Email: privacy@monkspace.io

We will make every effort to respond to your request in a timely and transparent manner, in accordance with applicable data protection laws.

If your inquiry concerns data protection or your rights under applicable privacy laws (such as GDPR), you may also contact our Data Protection Officer (DPO) directly at:mprivacy@monkspace.io

If you are a resident of Turkey and wish to exercise your rights under the Turkish Personal Data Protection Law (KVKK), please contact us at: privacy@monkspace.io