GDPR Compliance — Monaveo

Our Commitment to GDPR

Monaveo, operated by Monaveo Ltd., is fully committed to protecting personal data in compliance with the UK GDPR (as retained in UK law under the Data Protection Act 2018) and the General Data Protection Regulation (EU) 2016/679. As a UK company providing services in the United Kingdom, the European Union, and globally, GDPR compliance is at the core of how we build and operate our platform.

Your Role, Our Role

You as Data Controller

As a Monaveo customer (MSP), you are the Data Controller for the personal data collected through managed devices. You determine the purposes and means of processing.

Monaveo as Data Processor

We act as Data Processor on your behalf. We process data only according to your instructions and solely to provide the Monaveo service. Our obligations are detailed in our Data Processing Agreement.

How We Protect Personal Data

Encryption

All commands and responses between dashboard and agents are encrypted end-to-end. Our relay servers forward encrypted data without the ability to decrypt it. Each device has a unique cryptographic identity.

Tenant Isolation

Every MSP account is strictly isolated. One MSP's data can never be accessed by another. Customer, site, and device data are separated at the database level with enforced access controls.

Access Control

Role-based access control (RBAC) ensures users only access data and features relevant to their role.

Data Minimization

We collect only data necessary to provide the RMM service. No unnecessary personal data is collected from managed devices.

Your Rights Under UK GDPR and EU GDPR

If your personal data is processed through Monaveo, contact the MSP managing your devices (the Data Controller) to exercise these rights:

Right of Access (Art. 15) — Request a copy of your personal data
Right to Rectification (Art. 16) — Correct inaccurate data
Right to Erasure (Art. 17) — Request deletion of your data
Right to Restrict Processing (Art. 18) — Limit processing
Right to Data Portability (Art. 20) — Receive data in machine-readable format
Right to Object (Art. 21) — Object to processing on legitimate interests

Monaveo customers exercising rights on their own account data: contact hello@monaveo.com.

Data Breach Procedures

Notify affected Data Controllers within 72 hours
Provide full breach details including scope, affected data, and remediation
Cooperate with Controllers and supervisory authorities

Data Residency & Regional Isolation

Monaveo offers regional data residency. When creating an account, customers choose their data region:

EU Region: All data processed and stored in Germany (Contabo GmbH). Subject exclusively to German and EU law. No data leaves the EU.

US Region: All data processed and stored in New Jersey, USA (Contabo GmbH). Completely independent from the EU environment.

For services that necessarily operate globally (e.g., Stripe for billing), only payment data is involved — never managed device data. Appropriate safeguards including Standard Contractual Clauses are in place where required.

Sub-processors

Listed in our Data Processing Agreement. Customers are notified before new sub-processors are engaged.

Lead Supervisory Authority

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Website: ico.org.uk

Users residing in the European Economic Area (EEA) may also lodge a complaint with their local Data Protection Authority (e.g., the Hellenic Data Protection Authority for users in Greece).

Contact Us

Monaveo Ltd.

Company No.: 17173409 (Registered in England & Wales)

Email: privacy@monaveo.com

Address: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom