Privacy policy
Last updated 14 July 2026.
Monk is run by Welsenes Brothers V.O.F., Nieuwe Prinsengracht 92-2, 1018VW Amsterdam, the Netherlands (KVK 77647157). We are the controller of the personal data described here.
Short version: we collect what we need to run Monk for you, we do not sell it, and you can have it deleted by sending one email.
What we collect
- Your account. Email address, and your name if you give it.
- Your brand setup. Your website, your Facebook page, the niche keywords and markets you choose, and the competitors you track.
- Your credentials. Your Meta access token and, if you use your own ad engine, its API keys. These are encrypted before they are stored, and they are never shown back to you in full or shared with anyone.
- Your usage. The ads Monk finds and generates for you, and the feedback you give on them.
- Site analytics. Anonymous, aggregated page visits through Vercel Analytics. No cookies, no cross-site tracking, no advertising profiles.
Why we collect it
To provide the service you asked for, which is the legal basis for almost everything here (performance of a contract). We also keep records we are required by law to keep, such as invoices.
What Monk does with your Meta account
Monk only ever reads your ad data. The access we ask for is read-only, it can never post an ad or spend your budget, and you can revoke it in Meta at any time.
Who we share it with
We use a small number of processors, and only for the job named:
- Supabase and Vercel, to store the data and run the site.
- Stripe, for payments. Your card details go to Stripe, never to us.
- Resend, to send you email.
- Anthropic, to work out your niche from your website.
- Meta, to read the public Ad Library and your ad performance.
- Higgsfield, to generate your ad creatives.
We do not sell your data, and we do not share it for anyone else’s advertising.
How long we keep it
For as long as you have an account. Ask us to delete it and we delete it, except for records we are legally required to keep.
Your rights
Under the GDPR you can ask us for a copy of your data, correct it, delete it, take it elsewhere, or object to how we use it. Email us and we will act on it. If you are unhappy with how we handled your request, you can complain to the Dutch data protection authority, the Autoriteit Persoonsgegevens.