Data controller
Sivcic Research (CHE-271.377.152), Krontalstrasse 8, 9000 St. Gallen, Switzerland. Contact for any privacy question: support@monexit.com.
What is collected
Only the data necessary to operate the service: email address, password hash, account and verification status, two-factor preference, payment-transaction metadata from Payrexx (no card details), basic security signals (IP, user agent, device type) used for security monitoring, audit logs of login and account-change events, and your saved notification preferences.
What is not collected
No Google Analytics, no Facebook Pixel, no advertising trackers, no third-party analytics. No browsing-history or behaviour tracking. No advertising or retargeting cookies. No profiling for marketing purposes. No use of data or metadata to train AI models. Personal data is never sold, shared, or monetised.
Where financial data lives
All bank-statement, receipt, and transaction data created in the Monexit desktop software is stored on your own device. None of it is transmitted to or stored on Monexit servers. The data on your device is protected by the standard data-protection measures your operating system already applies to your files.
Purposes and legal basis
Data is processed for: account management; software access; security protection; payment processing via Payrexx; legal compliance; and essential communication (email verification, security alerts, password resets). Legal bases under nDSG and GDPR include contract performance, legal obligations, legitimate interests in security monitoring, and consent for optional communications like newsletters.
Security measures
Data is transmitted using industry-standard transport security. Passwords are stored as one-way hashes and never in plain text. Optional two-factor authentication and rate-limiting protect against unauthorised access attempts. Continuous monitoring is used to detect suspicious activity.
Your rights
Under Swiss nDSG and GDPR, you have the right to access, correction, deletion, and data portability for the personal data Monexit holds about you. To exercise any of these, contact support@monexit.com from the email address associated with your account.
Privacy is respected. This policy explains what data is collected, why it is collected, and how it is protected in accordance with Swiss data protection law (nDSG) and GDPR.
1. Data Controller
Sivcic Research is responsible for the processing of personal data. For questions about data handling, contact:
Sivcic Research
CHE-271.377.152
Krontalstrasse 8
9000 St. Gallen
Switzerland
Email: support@monexit.com
2. Data Collected
Only data necessary to provide the software is collected. Here is exactly what is stored:
Account Data:
- Email address - Used for account identification, login, and essential communications
- Password hash - Securely hashed. Actual passwords are never stored
- Account status - Whether email is verified and account is active
- Two-factor authentication status - 2FA preference setting
- User role - Account access level
Security and Origin Data:
- IP addresses - Registration IP and last known IP for security monitoring
- Device information - Operating system and device type for security alerts
- User agent - Browser or client information
Authentication Data:
- Login attempt count - To protect against brute force attacks
- Account lockout status - Temporary lockout after failed login attempts
- Verification codes - Hashed 6-digit codes for email verification, password reset, and 2FA
Payment and License Data:
- License status - Current access level (Active or None)
- Plan type - Standard
- License type - Perpetual access
- Payment transactions - Transaction ID, amount, status, and date from Payrexx
Audit and Security Logs:
- Login/logout events - When and from where the account is accessed
- Password and email changes - Security-relevant account modifications
- Security events - Detected attack attempts (SQL injection, XSS, etc.)
Notification Preferences:
- Newsletter preference - Whether newsletter emails are desired
- Security alerts - Preference for security notifications
- Feature updates - Preference for product update emails
- Promotional emails - Preference for marketing communications
Privacy Consent:
- Consent status - Whether this privacy policy was accepted
- Consent date - When consent was provided
- Policy version - Which version of this policy was agreed to
3. Data NOT Collected
No Google Analytics, Facebook Pixel, advertising trackers, or third-party analytics are used. Personal data is never sold, shared, or monetized in any way.
- No browsing history or behavior tracking
- No advertising or retargeting cookies
- No third-party analytics integration
- No data sharing with social media platforms
- No profiling for marketing purposes
- No collection of sensitive personal data (health, financial, etc.)
- No collection of data or metadata to train AI models
4. Data Usage
Data is processed strictly for these purposes:
- Account management - Creating, maintaining, and securing accounts
- Software access - Providing access to the software and its features
- Security protection - Detecting and preventing unauthorized access and attacks
- Payment processing - Managing license purchases and transactions via Payrexx
- Legal compliance - Meeting Swiss legal requirements for financial software
- Communication - Sending essential emails (verification, security alerts, password resets)
5. Legal Basis for Processing
Under Swiss nDSG and GDPR, data is processed based on:
- Contract performance - Processing necessary to provide purchased access
- Legal obligations - Swiss law requires maintenance of certain records
- Legitimate interests - Security monitoring to protect all users
- Consent - For optional communications like newsletters and marketing
6. Data Security
Comprehensive security measures protect user data:
- Encryption - All data is encrypted during transmission using industry-standard protocols
- Password protection - Passwords are securely hashed and never stored in plain text
- Two-factor authentication - Additional login verification for enhanced account security
- Rate limiting - Automatic protection against unauthorized access attempts
- Access restrictions - Geographic and network-level access controls
- Security monitoring - Continuous monitoring for suspicious activity
7. Data Storage and Retention
Location:
All data is stored on servers in Switzerland.
Retention periods:
- Account data - Retained while account is active, plus 90 days after deletion request
- Security logs - Retained for 2 years as required by Swiss law
- Payment records - Retained for 10 years as required by Swiss accounting law
- Audit logs - Retained for 5 years for compliance purposes
8. User Rights
Under Swiss nDSG and GDPR, users have the right to:
- Access - Request a copy of all data held
- Rectification - Correct any inaccurate personal data
- Erasure - Request deletion of account and data (subject to legal retention requirements)
- Portability - Receive data in a machine-readable format
- Objection - Object to processing based on legitimate interests
- Withdraw consent - Revoke consent for optional processing at any time
To exercise these rights, contact support@monexit.com. Responses are provided within 30 days.
9. Third-Party Services
Minimal third-party services are used:
- Payrexx (Switzerland) - Payment processing. Only data necessary for payment is received (email, amount, plan type). See their privacy policy at payrexx.com
- SMTP Provider (Infomaniak, Switzerland) - Email delivery. Email addresses are processed only to deliver messages
- Bunny.net CDN - Software distribution. Only IP addresses are received and users are not tracked
10. Cookies
Only essential cookies are used:
- monexit_auth - Session authentication (httpOnly, Secure, SameSite=Strict). Required for login functionality
- monexit_consent - Stores privacy policy consent status. Required to remember consent choice
No tracking cookies, advertising cookies, or third-party cookies are used. All cookies are strictly functional.
11. International Transfers
Data is stored and processed exclusively in Switzerland. Personal data is not transferred outside of Switzerland or the European Economic Area.
12. Children's Privacy
This software is not intended for users under 18 years of age. Data from minors is not knowingly collected. If such data is discovered, it will be deleted promptly.
13. Changes to This Policy
This privacy policy may be updated to reflect changes in practices or legal requirements. When significant changes are made:
- The "Last updated" date below will be updated
- Re-consent will be requested through the consent banner if changes affect data processing
- Registered users will be notified via email for major changes
14. Contact and Complaints
For questions or concerns about this policy or personal data:
Email: support@monexit.com
Users also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) if they believe their rights have been violated.