Privacy Policy

Last updated: February 20, 2026

MonkeyThorn Meet is built on the principle that your conversations are yours alone. This policy is intentionally short because we collect almost nothing.

What We Do Not Collect

• Call content — We never record, transcribe, or process audio or video. When end-to-end encryption is enabled, we are technically unable to access call content even if compelled.
• Participant names — Our server does not log who joins a call. Display names exist only in your browser and in the encrypted WebRTC session.
• Chat messages — In-call chat is transmitted via WebRTC data channels and is not stored on our servers.
• Analytics or tracking — We do not use cookies, tracking pixels, Google Analytics, or any third-party analytics service. There are zero third-party scripts on this site.
• Device fingerprints — We do not fingerprint your browser or device.
• IP address logs — We do not maintain access logs beyond standard infrastructure operation (see Data Retention below).

What We Do Collect

• Email address — When you purchase a plan, we collect your email address to associate with your access code. We do not send marketing emails.
• Usage duration — For paid accounts, we track the total seconds of video usage to meter against your purchased hours. This is stored as an aggregate number per account, not per-call.
• Room event counts — We log that a room was created and how many participants joined (as a count, not identities) for operational monitoring. These logs are automatically purged after 7 days.
• Payment information — Payments are processed by Stripe. We do not store your credit card number, expiration date, or CVC. See Stripe's Privacy Policy.

End-to-End Encryption

When you create a room, a passphrase is automatically generated and included in the invite link's URL fragment (the part after the #). URL fragments are never sent to the server — they exist only in your browser. This means:

• We cannot decrypt your calls.
• We cannot comply with requests to provide call content, because we do not have it.
• If you lose the passphrase, there is no way to recover it.

Data Retention

• Call data — Not retained. Calls exist only while in progress.
• Room event logs — Automatically deleted after 7 days.
• Usage session records — Automatically deleted after 30 days. Only aggregate totals remain on your account.
• Account data — Retained as long as your account has a positive balance. You may request deletion at any time.

Third Parties

We use the following third-party services and no others:

• Stripe — Payment processing. Stripe receives your payment information directly; we never see your card details.
• Amazon Web Services (AWS) — Infrastructure hosting. Our servers run on AWS EC2 in the US East region.
• Let's Encrypt — TLS certificate issuance for encrypted connections.

We do not sell, share, or provide your data to any other party. There are no advertising partners, data brokers, or AI training pipelines.

Law Enforcement

If we receive a valid legal request for user data, we can only provide what we have: an email address and aggregate usage duration for paid accounts. We cannot provide call content, participant identities, chat messages, or call metadata because we do not collect or retain this information.

Children

MonkeyThorn Meet is not directed at children under 13. We do not knowingly collect information from children.

Changes

If we change this policy, we will update the date at the top of this page. Material changes will be noted on the landing page.

Contact

For privacy questions or data deletion requests, contact MonkeyThorn Meet support.