Legal
Privacy Policy
Last updated June 24, 2026
Your trust is the product. This policy describes, in plain language, what personal information we process and the protections in place around it.
Overview
AccessMonk provides remote support and unattended-access software for IT teams and managed service providers (MSPs). This Privacy Policy explains what personal information [Legal Entity Name] (“AccessMonk,” “we,” “us”) collects, why we collect it, how we protect it, and the choices you have. It applies to our website, the browser console, and our desktop and agent applications.
We are based in Canada and handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). If you access AccessMonk from outside Canada, additional local rights may apply to you.
Our role: controller and processor
For the personal information of our own account holders (the technicians and administrators who sign in), and for visitors to our website, AccessMonk is the organization responsible for that information.
When our customers use AccessMonk to support their own clients’ devices, we process information on their behalf and under their instructions — the customer is responsible for that information and for having the necessary authority and consents to access those devices. That relationship is governed by our Data Processing Agreement.
Information we collect
Account information. Name, work email, company name, and role for the users on a workspace. Passwords are stored only as a salted hash (Argon2), never in plain text.
Device information.For devices you enroll: hostname, operating system, agent version, online/offline status, connection health, and the device’s public IP address. This powers fleet management and connecting to a device.
Session information. Records of support sessions — start and end times, the technician involved, session type, and related audit events. We do not record or store the screen content, keystrokes, or files exchanged during a session; that media is transmitted between the participants and is not retained by us.
Billing information. Plan, subscription status, and a billing contact. Card payments are processed by Stripe — we never receive or store full card numbers.
Support & website information.Messages you send us (bug reports, feature requests, contact-form submissions) and standard server logs needed to operate and secure the service.
Why we use it
We use the information above to:
- operate the service, authenticate users, and enforce role-based access;
- connect technicians to the devices they are authorized to support;
- maintain security, prevent abuse, and keep audit trails;
- bill accounts and manage subscriptions;
- provide support and respond to your requests; and
- diagnose problems and improve reliability and performance.
We do not sell personal information, and we do not use the content of your support sessions for advertising or to train machine-learning models.
Consent
We collect, use, and disclose personal information with your consent, except where the law permits or requires otherwise. For account and device data, providing the information and using the service constitutes consent for the purposes described here. Where AccessMonk is used to access an individual’s device, the customer operating the workspace is responsible for obtaining any consent required by law. You may withdraw consent subject to legal and contractual limits; doing so may mean we can no longer provide some or all of the service.
Where your information is stored
Account, device, and session-metadata records are stored on servers located in Canada. Some service providers (for example, payment and email) may process limited information in other countries; where that happens, the information remains subject to contractual safeguards and may be accessible to authorities in those countries under their laws.
How we protect it
We apply safeguards appropriate to the sensitivity of the information, including:
- encryption in transit — TLS for the website, console, and API, and DTLS-SRTP for live session media;
- mandatory multi-factor authentication and role-based access for every workspace;
- per-tenant data isolation, brute-force lockout, and rate limiting;
- hashed passwords (Argon2) and encrypted, access-controlled database backups; and
- audit logging of security-relevant actions.
No method of transmission or storage is perfectly secure, but we work to protect your information and to continually improve our safeguards.
Retention & deletion
We keep account and device records for as long as your subscription is active. Audit logs are kept according to your configured retention window. When you close your account or ask us to delete your data, we delete or de-identify the associated personal information within [90] days, except where we must retain it to meet legal, accounting, or security obligations. Encrypted backups rotate out on their normal cycle (within 14 days).
Your rights
Subject to legal limits, you may ask to access the personal information we hold about you, correct inaccuracies, or have it deleted, and you may withdraw consent. Administrators can manage most account and device data directly in the console. For anything else, contact our Privacy Officer (below) and we will respond within the timelines set by applicable law.
If you have a concern we have not resolved, you may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
Children
AccessMonk is a business tool and is not directed to children. We do not knowingly collect personal information from children.
Changes to this policy
We may update this policy from time to time. We will post the revised version here with a new “last updated” date and, for material changes, provide additional notice where practical.
Contact our Privacy Officer
Questions, requests, or complaints about this policy or our handling of personal information can be sent to our Privacy Officer at privacy@accessmonk.com, or by mail to [Legal Entity Name], [Registered Address], [Province], Canada.