Last Updated: May 30, 2026
Effective: May 30, 2026
1. Who We Are
This Privacy Policy explains how Monkey On The Roads (“we”, “us”, “our”) collects, uses, and protects your personal data when you use:
- Our website: https://monkeyontheroads.com (the “Site”)
- Our mobile applications: Monkii Scout and Monkii Route (collectively, the “Apps”)
We are the data controller for personal data processed through the Service.
Contact details:
Monkey On The Roads
Email: monkeyontheroads@gmail.com / monkii.developer@gmail.com
We have not appointed a Data Protection Officer as we do not meet threshold requirements under applicable laws. Privacy enquiries can be directed to the emails above.
2. Scope and Applicable Law
This Policy applies to all personal data we process in connection with the Site and Apps. We comply with:
Other applicable privacy laws
GDPR (Regulation (EU) 2016/679) where applicable to users in the EEA/UK
Vietnam’s Law on Cyber Information Security (if your data is processed in Vietnam)
3. Personal Data We Collect
3.1 Data You Provide Directly
Via the Site:
- Comments: Name and email address
- Newsletter sign-up: Email address
- Contact forms: Name and email address
Via the Apps:
- Account registration: Email address, name, profile photo, country of residence, & any optional data you voluntarily provide.
- Travel planning content: Itineraries, routes, saved locations, notes, favorites, and any other content you create or upload within the Apps
- Communications: Messages you send to us via support email or in-app chat
- Feedback and surveys: Any information you voluntarily provide
3.2 Data We Collect Automatically
Via the Site:
- Usage data: Pages visited, time spent, search queries, timestamps
- Device data: IP address, browser type and version, operating system
Via the Apps:
- Usage data: Features used, in-app interactions, time spent, crash logs, performance data
- Device data: IP address, hardware model, OS version, unique device identifiers, mobile network information
- Location data: Precise or approximate location derived from GPS (with your permission). Location may be collected in the background when the app is in use or (with your permission) when closed.
3.3 Data From Third Parties
- Google Sign-In: If you sign in with Google, we receive your name and email address from Google.
- Apple Sign-In: If you sign in with Apple, we receive your name and email address (or a private relay email if you choose to hide your email).
4. How We Use Your Personal Data
We use your personal data for the following purposes, each supported by a legal basis under GDPR (where applicable):
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Art. 6(1)(b) — Performance of contract |
| Providing mapping, routing, and location-based services | Art. 6(1)(b) — Performance of contract |
| Saving your routes, notes, and travel content | Art. 6(1)(b) — Performance of contract |
| Sending transactional communications (account notifications, support replies) | Art. 6(1)(b) — Performance of contract |
| Sending newsletters and promotional communications (with your consent) | Art. 6(1)(a) — Consent |
| Analysing usage patterns to improve the Service | Art. 6(1)(f) — Legitimate interests |
| Displaying advertisements (Site only, via Google AdSense) | Art. 6(1)(a) — Consent (for personalised ads) |
| Complying with legal obligations | Art. 6(1)(c) — Legal obligation |
| Detecting and preventing fraud and abuse | Art. 6(1)(f) — Legitimate interests |
Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 10 — Your Rights).
5. Data Sharing
We do not sell your personal data. We share your data only with the following categories of recipients:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google (Maps Platform) | Mapping, routing, location services | Location data, search queries |
| Google (Sign-In) | Authentication | Name, email address |
| Apple (Sign-In) | Authentication | Name, email address |
| Google Analytics 4 (GA4) | Website and app analytics | Pseudonymised usage data, IP (anonymised) |
| Firebase | Mobile app analytics and crash reporting | Device data, usage events |
| Crashlytics | Crash reporting for app stability | Crash logs, device data |
| Google AdSense | Display advertising (Site only) | Cookie data, usage data (with consent) |
| Email newsletter service | Sending marketing emails | Email address, name |
| Professional advisers | Legal, accounting services | As necessary |
| Competent authorities | Legal compliance | As required by law |
We require all third-party processors to process data only on our documented instructions and to maintain appropriate security measures.
6. Analytics, Tracking, and Advertising
6.1 Analytics Tools
- Google Analytics 4 (GA4): Used to understand how users interact with the Site and Apps. IP addresses are anonymised. You can opt out via the Google Analytics Opt-out Browser Add-on.
- Firebase: Used for mobile app analytics, crash reporting, and performance monitoring. Provided by Google.
- Crashlytics: Used to collect crash logs to improve app stability.
6.2 Advertising (Site Only)
We use Google AdSense to serve advertisements on our Site. Google uses cookies to serve ads based on a user’s prior visits. You can opt out of personalised advertising by visiting Google’s Ads Settings. The Apps do not display advertisements unless stated otherwise.
7. Cookies
We use cookies and similar technologies on our Site. By using the Site, you consent to our use of cookies in accordance with this section.
| Category | Purpose | Legal Basis |
|---|---|---|
| Strictly Necessary | Essential for the Site to function (e.g., session management, security) | Art. 6(1)(b) — no consent required |
| Functional | Remember your preferences (e.g., language) | Art. 6(1)(a) — Consent |
| Analytics | Understand how you use the Site (GA4) | Art. 6(1)(a) — Consent |
| Marketing | Targeted advertising (Google AdSense) | Art. 6(1)(a) — Consent |
You can manage your cookie preferences at any time through our cookie banner. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
8. International Data Transfers
We are based in Vietnam. Your data is primarily processed within Vietnam. However, some of our service providers (such as Google) operate outside Vietnam and outside the EEA.
When we transfer personal data outside your country of residence, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) where required under GDPR
- Ensuring data is processed only for the purposes described in this policy
You may request a copy of the relevant safeguards by contacting us at monkeyontheroads@gmail.com.
9. Your Rights
Depending on your location (e.g., EEA/UK under GDPR), you may have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Right of access | Request a copy of the personal data we hold about you |
| Right to rectification | Ask us to correct inaccurate or incomplete data |
| Right to erasure (“right to be forgotten”) | Ask us to delete your data (including your profile photo, name, country, birthday, email, and app content) |
| Right to restriction | Ask us to limit processing of your data |
| Right to data portability | Request your data in a structured, machine-readable format |
| Right to object | Object to processing based on legitimate interests or for direct marketing |
| Right to withdraw consent | Withdraw consent at any time (e.g., for marketing emails or location access) |
To exercise any of these rights, contact us at monkeyontheroads@gmail.com or monkii.developer@gmail.com. We will respond within 30 days.
Location permissions: You can disable location access for the Apps at any time via your device settings.
Marketing opt-out: Every newsletter email contains an “unsubscribe” link.
You also have the right to lodge a complaint with your local data protection authority (e.g., the Dutch Data Protection Authority if you are in the Netherlands, or Vietnam’s Authority of Information Security if you are in Vietnam).
10. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, or as required by law.
| Data type | Retention period |
|---|---|
| Account data (profile photo, name, email, country, birthday, routes, saved locations) | Until account deletion + 30 days for fraud prevention |
| Comments | Indefinitely |
| Newsletter data | Until you unsubscribe |
| Contact form entries | 6 months |
| Analytics data | 26 months (GA4 default) |
| Support communications | 3 years |
| Cookie consent logs | 3 years |
You may delete your account and associated data at any time by contacting us. After the applicable retention period, data is securely deleted or anonymised.
11. Children’s Privacy
The Service is not directed to children under the age of 13 (or 16 where GDPR applies). We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will take steps to remove the data.
12. Security
We implement appropriate technical and organisational security measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS)
- Pseudonymisation and anonymisation where feasible
- Access controls for our systems
- Regular security testing
No system is completely secure. If you believe your account has been compromised, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the Service before the changes take effect. The “Last Updated” date at the top will always reflect the most recent version.
14. Contact Us
For any privacy-related questions, requests, or complaints:
Monkey On The Roads
Email: monkeyontheroads@gmail.com
Secondary email: monkii.developer@gmail.com
We aim to respond to all privacy-related enquiries within 10 business days.
