Monitsal
Request demo
Legal

Privacy Policy

Last updated: April 29, 2026

At Salmonit S.A.S. («Monitsal», «we») we take seriously the privacy of the personal data we process through our ticket management and workflow automation platform. This policy describes what data we collect, how we use it, with whom we share it, and the rights you have over it.

This policy applies to all visitors of monitsal.com, authorized users of product instances (e.g., customer.monitsal.com), and anyone who contacts us through enabled channels.

1. Data controller

The data controller is Salmonit S.A.S., incorporated under the laws of the Argentine Republic, with offices in the City of Buenos Aires.

  • General email: infomonitsal.com
  • Privacy inquiries: privacymonitsal.com

2. What data we collect

We collect the following categories of data:

  • Account data: first name, last name, email, company, role, optional phone, assigned permissions.
  • Product usage data: tickets created, comments, attachments, assignments, timestamps, change history. This data is uploaded by the customer and is owned by them (see section 6).
  • Technical data: IP address, browser type and version, operating system, device identifiers, pages visited, access dates and times, error logs.
  • Communication data: messages you send through contact forms, support, or email.
  • Cookies and similar technologies: see section 9.

We do not collect special categories of data (sensitive data per Argentina's Law 25.326 art. 7, nor health, religion, political affiliation or sexual data) unless the customer voluntarily uploads them as ticket content. In that case, the customer is responsible for the legal compliance of that processing.

3. How we use the data

We use the data for the following purposes:

  • Provide, maintain, and improve the Monitsal service.
  • Create and administer your user account.
  • Provide technical and commercial support.
  • Send administrative communications (service changes, security alerts, billing).
  • Comply with legal, accounting, and tax obligations.
  • Detect and prevent fraud, abuse, and breaches of these terms.
  • Generate aggregated, anonymous statistics to understand product usage and improve it.
  • With your prior consent, send marketing communications (you can opt out at any time).

4. Legal bases for processing

Processing of your data is based on one of the following legal bases, depending on the applicable jurisdiction:

  • Argentina (Law 25.326 and Decree 1558/2001): consent of the data subject, performance of a contract or contractual relationship, and legitimate interest of the controller.
  • European Union (GDPR Art. 6): contract performance (Art. 6.1.b), legitimate interest (Art. 6.1.f), and consent (Art. 6.1.a) where applicable.
  • Brazil (LGPD Art. 7): contract performance, compliance with legal obligation, and legitimate interests.
  • Other Latin American countries (Mexico — LFPDPPP, Colombia — Law 1581/2012, Chile — Law 19.628, Peru — Law 29.733): we apply the equivalent legal bases under each local regulation.

5. Sharing with third parties (sub-processors)

To operate the service, we engage sub-processors that meet security and privacy standards equivalent or superior to ours. The main ones are:

  • Supabase Inc. — PostgreSQL database, authentication, file storage. Servers in the US, Brazil, or Europe depending on the region chosen for each customer. supabase.com/privacy
  • Vercel Inc. — frontend hosting and global CDN. vercel.com/legal/privacy-policy
  • Formspree Inc. — receiving contact and demo forms. formspree.io/legal/privacy-policy
  • Transactional email providers (when applicable) for product notifications.

We do not sell your personal data to third parties. We only share it with the listed sub-processors, with authorities under valid legal obligation, or with your explicit consent.

6. International data transfers

Some of our sub-processors have servers outside your country of residence (typically the US or the European Union). When this happens, we apply the safeguards required by applicable regulation:

  • Standard Contractual Clauses (SCCs) of the European Commission for transfers from the EU.
  • Verification that the destination country provides an adequate level of protection or, otherwise, the safeguards required by AAIP (Argentina), ANPD (Brazil), and equivalent authorities.
  • Data Processing Agreements (DPA) with each sub-processor.

7. Data retention

We retain your data for the following periods:

  • Account data and product usage data: while your account is active, and up to 90 days after termination to allow accidental restoration.
  • Technical backups: rotating retention for up to 30 days.
  • Billing data: in accordance with Argentine tax regulations, up to 10 years.
  • Marketing data: until you opt out or request deletion.
  • Security logs: up to 12 months for incident investigation.

Once these periods expire, the data is deleted or anonymized irreversibly.

8. Your rights as data subject

You have the following rights over your personal data (ARCO rights in Argentine and Latin American terminology, equivalent to GDPR and LGPD rights):

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate, incomplete, or outdated data.
  • Erasure: request deletion when the data is no longer necessary.
  • Objection: object to processing on legitimate grounds.
  • Portability (GDPR / LGPD): receive your data in a structured, commonly used format.
  • Restriction of processing (GDPR): request limitation while a dispute is resolved.
  • Withdrawal of consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to privacymonitsal.com. We respond within a maximum of 10 business days (Argentina) or the timeframe applicable in your jurisdiction.

If you believe we are not respecting your rights, you may file a complaint with the supervisory authority in your jurisdiction:

  • Argentina: Agencia de Acceso a la Información Pública (AAIP) — argentina.gob.ar/aaip
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
  • EU: data protection authority of the corresponding member state
  • Other countries: equivalent local supervisory authority

9. Cookies and similar technologies

We use cookies for the following purposes:

  • Essential: keeping the session active, remembering basic preferences, security. They do not require consent because they are strictly necessary for the service.
  • Analytics (optional): understanding aggregated, anonymous site usage. Only activated with your consent.

You can configure your browser to reject all cookies or be notified when one is sent. If you reject essential cookies, some service features may not work properly.

10. Data security

We implement reasonable technical and organizational measures to protect your data from unauthorized access, loss, alteration, or disclosure:

  • Encryption in transit (TLS 1.2 or higher) for all communications.
  • Encryption at rest (AES-256) in the database via Supabase.
  • Per-instance isolation: each customer has their own database and domain.
  • Role-based access control (RBAC) and Row-Level Security (RLS) policies on the database.
  • Automatic daily backups with 30-day retention.
  • Audit logs for critical operations.
  • Regular team training in security best practices.

In case of a security incident affecting your data, we will notify you within a reasonable timeframe in accordance with applicable regulation (72 hours under GDPR when applicable).

11. Minors

Monitsal is a B2B product intended for use by people over 18 in professional contexts. We do not knowingly collect data from minors. If we discover we have collected data from a minor without the corresponding parental consent, we will delete it promptly.

12. Changes to this policy

We may update this policy periodically. Any material change will be notified by email to account administrators and published on this page at least 30 days before taking effect. The last updated date appears at the top of the document.

13. Contact

For any inquiries about this policy, exercising rights, or privacy-related complaints, you can write to:

  • Email: privacymonitsal.com
  • Postal address: Salmonit S.A.S., City of Buenos Aires, Argentina