Privacy Policy.

1. Who we are

Monolith is operated by Zap Group LLC d/b/a Raava Solutions ("Raava," "we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding it. It applies to thisismonolith.com, the Monolith application, and the managed services we provide.

2. Information we collect

Information you give us

• Account & contact information: name, business email, company name, role, phone (if provided), and the contents of any messages you send us.
• Onboarding inputs: the workflows, processes, policies, SOPs, sample documents, and credentials you provide so we can configure agents on your behalf. Credentials are handled with end-to-end encryption (libsodium) and stored in segregated secret storage.
• Customer Data: data your agents process or generate on your behalf in the course of running the Service.

Information we collect automatically

• Usage data: pages viewed, features used, requests made, timestamps, and approximate location derived from IP address.
• Device & technical data: browser type, operating system, device identifiers, and standard server logs.
• Cookies & similar technologies: small files used to keep you signed in, remember preferences, and measure aggregate site performance. See "Cookies" below.

Information from third parties

If you connect a third-party service to Monolith (for example, an email provider, CRM, or scheduling tool), we receive the information necessary to operate that integration on your behalf, governed by your authorization scope.

3. How we use information

• provide, operate, maintain, monitor, and support the Service;
• configure and run agents on your behalf, including the workflows you authorize;
• communicate with you about your account, security alerts, billing, and product updates;
• improve service reliability, security, and performance;
• detect, investigate, and prevent fraud, abuse, or violations of our Terms;
• comply with legal obligations and enforce our agreements.

We do not sell personal information. We do not use Customer Data to train third-party foundation models without your explicit written consent.

4. How we share information

We share information only as described here:

• Service providers (subprocessors): infrastructure, hosting, AI model providers, payment, email, error monitoring, and analytics vendors that process information on our behalf under contractual confidentiality and data-protection terms.
• Integrations you authorize: third-party services you connect to Monolith.
• Legal & safety: when required by law, valid legal process, or to protect rights, property, or safety of Raava, our customers, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, with notice to affected customers.

A current list of subprocessors is available on request at contact@raavasolutions.com.

5. Data retention

We retain Customer Data for the duration of your relationship with Raava and for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may request deletion of Customer Data at any time, subject to limited retention required by law or for legitimate business purposes.

6. Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit (TLS) and at rest where supported, segregated secret storage, principle-of-least-privilege access controls, and continuous logging and monitoring. No system is 100% secure; if we become aware of an incident affecting your Customer Data, we will notify you without undue delay.

7. Your rights

Depending on your jurisdiction, you may have the right to:

• access the personal information we hold about you;
• request correction or deletion of inaccurate or outdated information;
• request portability of your information in a structured, machine-readable format;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• opt out of the "sale" or "sharing" of personal information (we do not sell personal information).

To exercise any of these rights, contact us at contact@raavasolutions.com. We may need to verify your identity before fulfilling a request.

8. Cookies

We use a small number of cookies and similar technologies to keep you signed in, remember preferences, and measure aggregate site usage. You can control cookies through your browser settings. Disabling cookies may limit certain features of the Service.

9. International data transfers

We are based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. or other countries where Raava or our subprocessors operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses for international transfers.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where changes are material, notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

For privacy questions, requests, or complaints, contact us at contact@raavasolutions.com. You may also have the right to lodge a complaint with your local data protection authority.