Privacy Policy

Last updated: April 8, 2026
1. Introduction

Torinit Technologies Inc. (“Monaro,” “we,” “us,” or “our”) operates Monaro, available at https://monaro.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the Service or interact with us.

We are committed to protecting your privacy in accordance with applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL), and US state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use the Service.

2. Information we collect

2.1 Information you provide

  • Account information: name, business email address, business name, job title, phone number.
  • Billing information: payment method details, processed by our payment provider. We do not store full payment card numbers.
  • Customer content: project files, mechanical drawings, specifications, takeoff outputs, and other materials you upload or generate within the Service (collectively, “Customer Content”).
  • Communications: emails, support tickets, and messages you send to us.

2.2 Information collected automatically

  • Usage data: pages visited, features used, actions taken within the Service, performance metrics.
  • Device and browser information: IP address, browser type, operating system, device identifiers.
  • Cookies and similar technologies: see Section 8.
3. How we use your information

We use your information to:

  • provide, operate, maintain, and improve the Service;
  • process payments and manage your subscription;
  • send transactional communications (account confirmations, receipts, support responses, security notices);
  • send product updates and marketing communications, where you have consented or where permitted by applicable law (see Section 9 for CASL);
  • detect, prevent, and respond to fraud, abuse, and security incidents;
  • comply with legal obligations and enforce our agreements.

3.1 Customer Content and AI models

This section is important and we want to be explicit:

  • We do not use Customer Content (including your drawings, project files, specifications, or takeoff outputs) to train, fine-tune, or otherwise improve any AI or machine-learning model.
  • We process Customer Content solely to deliver the Service to you (for example, to generate takeoffs from a drawing you have uploaded).
  • We may use aggregated, anonymised, and de-identified usage data (data that cannot reasonably be used to identify you, your organisation, or your projects) to monitor performance, debug, and improve the Service.
  • If we ever wish to use Customer Content for model training, we will obtain your explicit, opt-in consent first. Consent can be withdrawn at any time.
4. How we share your information

We do not sell your personal information. We do not share personal information for cross-context behavioural advertising.

We may share your information with:

  • Subprocessors: third-party service providers that assist us in operating the Service (for example, cloud hosting, payment processing, email delivery, analytics, and AI model providers). Each subprocessor is bound by written confidentiality and data-protection obligations and may only process your information on our documented instructions. A current list of our subprocessors is available at https://monaro.ai/subprocessors.
  • Professional advisors: lawyers, accountants, auditors, and insurers, under confidentiality.
  • Regulatory authorities or law enforcement: where required by applicable law, court order, or legal process.
  • A successor entity: in connection with a merger, acquisition, financing, reorganisation, or sale of assets. We will provide prior notice to affected users where reasonably practicable.
5. Data location and international transfers

Customer Content (drawings, project files, specifications, and takeoff outputs) is stored on infrastructure operated by Amazon Web Services in the United States.

Account and billing information may be processed in the United States or Canada by our payment, email, and analytics providers.

Certain technology and development services are provided by Torinit Technologies Inc., incorporated in Canada. Personal information accessed by Torinit Technologies remains subject to Canadian privacy law, including PIPEDA.

Where we transfer personal information across borders, we ensure appropriate safeguards consistent with applicable privacy laws, including contractual data-protection commitments with our subprocessors.

6. Data retention and deletion

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Upon termination of your account, we will delete or de-identify your personal information and Customer Content within ninety (90) days, except where retention is required by law, regulation, or for the establishment, exercise, or defence of legal claims.

Enterprise customers may negotiate alternative retention and deletion terms in their subscription agreement, including certificates of destruction.

7. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256);
  • role-based access controls and the principle of least privilege;
  • multi-factor authentication for administrative access;
  • logging, monitoring, and regular security reviews;
  • employee confidentiality obligations and security training.

We are actively pursuing SOC 2 Type II attestation. Customers may request our current security documentation, including subprocessor list, security overview, and questionnaire responses, by contacting security@monaro.ai.

No method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password and to enable any available security features on your account.

8. Cookies and similar technologies

We use cookies and similar technologies to operate the Service, remember your preferences, authenticate sessions, and analyse usage. You can control cookies through your browser settings; disabling certain cookies may affect Service functionality. We do not use cookies for cross-site advertising tracking.

9. CASL — Canadian commercial electronic messages

We send commercial electronic messages (including marketing emails) only where we have:

  • your express consent;
  • implied consent under CASL (for example, an existing business relationship or a conspicuously published business contact address relevant to your role); or
  • another lawful basis under CASL.

Every commercial electronic message we send identifies us, includes valid contact information, and includes a working unsubscribe mechanism that takes effect within ten (10) business days. To unsubscribe at any time, use the link in any message or email unsubscribe@monaro.ai.

10. Your privacy rights

Subject to applicable law, you have the right to:

  • access the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request deletion of your information (subject to legal retention obligations);
  • request a portable copy of your personal information;
  • withdraw consent or opt out of marketing communications at any time;
  • lodge a complaint with your privacy regulator.

To exercise these rights, contact privacy@monaro.ai. We will respond within thirty (30) days. We may need to verify your identity before fulfilling certain requests.

10.1 California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

  • Right to know: request the categories and specific pieces of personal information we have collected about you, the sources, the purposes of collection, and the categories of third parties with whom we share it.
  • Right to delete: request deletion of personal information we have collected from you, subject to legal exceptions.
  • Right to correct: request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: we do not sell personal information and do not share it for cross-context behavioural advertising. No opt-out is therefore required, but you may confirm this in writing to privacy@monaro.ai.
  • Right to limit use of sensitive personal information: we do not use or disclose sensitive personal information beyond what is necessary to provide the Service.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

You may designate an authorised agent to make a request on your behalf. Agents must provide written authorisation, and we may require you to verify your identity directly.

11. Children

The Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@monaro.ai and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least fourteen (14) days before taking effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We will maintain prior versions on request.

13. Contact us

Our designated Privacy Officer is responsible for compliance with this Policy and applicable privacy laws.

Privacy Officer: [INSERT NAME]
Email: privacy@monaro.ai
Mailing address: Torinit Technologies Inc., 155 Queens Quay E, Suite 200, Toronto, ON M5A 0B5, Canada

For general enquiries, you may also write to legal@monaro.ai. We take all privacy concerns seriously and will respond within thirty (30) days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca), the California Privacy Protection Agency (cppa.ca.gov), or your local privacy regulator.