Insert Schema To Play

Privacy Policy

Last Modified: September 25, 2025

Schema Monster is a service offered by Monsterverse LLC, a Wyoming limited liability company (“Monsterverse,” “Schema Monster,” “we,” “us,” “our”).

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, retain, and protect information in connection with: (i) our website located at www.schemamonster.com (the “Website”); (ii) the Schema Monster WordPress Plugin (the “Plugin”); and (iii) any related services, documentation, support channels, and content we provide (collectively, the “Services”).

By accessing or otherwise using the Website or any Services, you agree to be contractually bound by this Privacy Policy. This Privacy Policy applies to information that we collect, use, and maintain as a controller (e.g., account, billing, and support communications). Important: The Plugin is designed to operate locally in your WordPress environment. Schema Monster does not store or host your website content, schema markup, AI prompts, or AI outputs. AI functionality is provided via your own OpenAI account (you “bring your own key”). Payment processing is handled by Stripe. See Third-Party sections below.

This Privacy Policy describes how Personally Identifiable Information (“PII”) or Personal Data (as defined by applicable law) may be collected, used, or disclosed by the Services. PII is information that can be used on its own, or with other information, to identify, contact, or locate a single person, or to identify an individual in context.

The Right to Modify

We may modify this Privacy Policy at any time by posting amended terms on the Website or otherwise providing notice (e.g., by email or dashboard notice). Your continued use of the Services after the “Last Modified” date indicates your acceptance of the amended terms. You should review this Privacy Policy periodically for updates. Unless otherwise required by law, we will not materially change our policies and practices to make them less protective of Personal Data previously collected without obtaining the consent of affected users.

What Personal Information Do We Collect?

1) Information You Provide to Us Directly

When you register for a Schema Monster account (if applicable), subscribe to a plan, download or activate the Plugin, purchase a product, sign up for communications, request support, or submit information through forms on our Website, we may collect:

  • Identity & Contact Data: name, business name, email address, telephone number, mailing address.
  • Account & Authentication Data: username, hashed password (if an account portal is provided).
  • Communications: messages sent to support@schemamonster.com or billing@schemamonster.com, survey responses, testimonial submissions.
  • License & Subscription Data: license key(s), plan tier, activation counts (aggregated), renewal dates, status.

2) Billing & Payment

All payments are processed by Stripe. We do not store payment card numbers or complete payment credentials. Stripe may collect and process payment information in accordance with its policies.

3) Automatically Collected Information (Website)

When you visit our Website, we may automatically collect certain technical data through cookies, pixels, and similar technologies, including: IP address, device and browser type, operating system, language preferences, referring/exit pages, clickstream data, date/time stamps, and generalized geolocation. We use this information to operate, maintain, and improve the Website.

4) Plugin-Related Information

The Plugin is designed to operate locally. We do not collect your site’s content, AI prompts, or AI outputs from your WordPress environment. However, to administer licensing and anti-fraud measures, the Plugin may transmit minimal activation metadata (e.g., a hash of your domain, license key status, Plugin version) to our licensing endpoint. This telemetry does not include your schema markup, page contents, or AI data.

How Do We Use Your Information?

We may use the information we collect for the following purposes:

  • To provide and administer the Services: account setup, license activation, plan entitlements, access control.
  • To process transactions: working with Stripe to bill subscriptions and manage renewals.
  • To deliver support and respond to requests: troubleshooting, bug reports, compatibility guidance.
  • To personalize and improve the experience: tailoring content, documentation, and onboarding.
  • To send service-related communications: updates, security notices, feature changes, policy changes.
  • To request feedback, ratings, or reviews of Services or content.
  • To develop and improve the Website and Plugin: performance monitoring, diagnostics, and product development (aggregated/anonymous).
  • To protect the Services, our users, and our business: fraud prevention, license abuse mitigation, enforcement of terms, and compliance with legal obligations.

We also analyze overall usage of our Website and limited licensing telemetry in aggregate to enhance and improve the Services, repair errors or bugs, and develop new versions of the product. We do not analyze your website content, schema markup, or AI outputs, because we do not receive or store them.

What Are Your Rights?

Depending on your jurisdiction (e.g., EU/EEA under GDPR, UK under UK GDPR, California under CCPA/CPRA), you may have certain rights regarding your Personal Data, such as:

  • Right to withdraw consent (where processing is based on consent).
  • Right of access to your Personal Data and certain supplementary information, under conditions set by law.
  • Right to rectification of inaccurate Personal Data.
  • Right to erasure (“right to be forgotten”), under certain conditions.
  • Right to restrict processing, under certain conditions (e.g., if contested).
  • Right to data portability of Personal Data you provided to us, in a structured, commonly used, machine-readable format, under certain conditions.
  • Right to object to processing, under certain conditions (including to direct marketing).
  • Rights related to automated decision-making, where applicable.
  • Right to lodge a complaint with a supervisory authority (e.g., in the EU/EEA or UK).

To exercise rights, contact support@schemamonster.com. We may request verification of your identity and jurisdiction before responding. For CCPA/CPRA requests, you may also designate an authorized agent as permitted by law.

Data Retention

We retain account-level and billing-related Personal Data only as long as necessary to provide the Services, for legitimate business purposes (e.g., tax, audit, compliance), and as required by law. Unless you request otherwise, we generally delete or anonymize account-level Personal Data within twelve (12) months of account cancellation, subject to legal holds and our obligations under applicable law. We reserve the right to charge a fee for extraordinary data retention beyond standard periods and to update retention practices consistent with legal, regulatory, and operational requirements.

Important: Because we do not store your website content, schema markup, AI prompts, or AI outputs, there is nothing for us to delete in that regard. Such data remains solely in your environment and under your control.

International Data Transfers

Schema Monster is operated from the United States. If you access the Services from outside the U.S., you understand that your Personal Data may be transferred to, stored, and processed in the U.S. and other countries where data protection laws may differ from those of your jurisdiction. Where required, we implement appropriate safeguards for international transfers (e.g., Standard Contractual Clauses).

How Do We Protect Your Information?

Operational Data Handling (Security Program)

This section pertains to the Website and account/billing operations (not your local site data). We maintain administrative, technical, and organizational measures designed to:

  • Protect the security and confidentiality of account and billing Personal Data we process.
  • Safeguard against anticipated threats or hazards to the security or integrity of such Personal Data.
  • Protect against unauthorized access, accidental or unlawful destruction, loss, alteration, or misuse.
  • Ensure proper disposal of Personal Data and require service providers to do the same.

We continuously enhance our security procedures as new technologies and practices become available. No method of transmission or storage is 100% secure; you are responsible for safeguarding your WordPress environment, hosting, OpenAI account, and any credentials under your control.

Account Information

If we provide a user account portal, we may store identity and contact details (name, email, business name, address) and login (hashed password). Passwords are not visible to our staff.

Billing Information

We do not store credit card numbers or full payment credentials. Billing is handled by Stripe in compliance with applicable PCI standards. See https://stripe.com/privacy.

Log Data

Our servers may automatically collect log data on the Website, such as IP addresses, timestamps, and request metadata. We use logs for security, troubleshooting, and compliance purposes. Plugin activation telemetry may record license status, Plugin version, and hashed domain for anti-fraud/license management.

Cookies and Log Files (Website)

We use cookies and similar technologies to operate and improve the Website, remember preferences, analyze usage, and measure performance. Some cookies are set by third parties (see Google services below). You can manage cookies through your browser. Disabling cookies may affect Website functionality.

Consumer Data Privacy (Visitor Information)

This section pertains to information of end-consumers visiting your website when you use the Plugin.

  • No Collection by Schema Monster: The Plugin does not send your visitors’ personal information, IP addresses, or browsing data to Schema Monster. We do not log your visitors’ IP addresses or place cookies on your visitors via the Plugin.
  • Local Operation: The Plugin operates within your WordPress site. Any schema injection, content processing, or AI prompting occurs locally in your environment and/or directly with OpenAI under your account credentials.
  • Your Responsibilities: You are responsible for posting and complying with your own website privacy policy and cookie practices, and for obtaining any consents required by law in your jurisdiction. Schema Monster disclaims liability for your independent compliance obligations.

Third-Party Disclosure

We do not sell, trade, or otherwise transfer your Personal Data to outside parties for monetary value. We may disclose limited Personal Data:

  • Service Providers / Subprocessors: With vendors who help operate our Website and deliver Services (e.g., hosting, email, analytics, licensing), subject to confidentiality obligations.
  • Stripe: For payment processing; Stripe’s collection and use of data is governed by its own privacy policy.
  • OpenAI: We do not send your prompts or outputs to Schema Monster; your use of OpenAI is via your own account and is governed by OpenAI’s policies.
  • Legal / Safety: To comply with law, enforce our terms, or protect our rights, property, users, or the public.
  • Corporate Transactions: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred to the successor, who will be bound by substantially similar privacy obligations.

Where permitted by law, we may share information in aggregated or de-identified form that does not identify you (e.g., aggregated licensing metrics).

Third-Party Links

The Website may contain links to third-party sites (“Third-Party Websites”). We provide these links for convenience only. Third-Party Websites are not under our control; their privacy and security practices are governed by their own policies. You are responsible for reviewing such policies before providing information.

We may also maintain public social media accounts (e.g., YouTube). Interactions with us there are governed by those platforms’ terms and privacy policies.

Google Services, OpenAI, Stripe — Policies and Integrations

Google Analytics (Website)

We use Google Analytics to understand how visitors use our Website. Google Analytics uses cookies and similar technologies to collect and analyze information about Website usage and to report on activities and trends. You can learn more here:

Google Ads / Remarketing (Optional)

If enabled, we may use Google Ads (including remarketing), which uses cookies to serve ads based on users’ prior visits. Users can opt-out via Google’s Ads Settings or the Network Advertising Initiative opt-out page.

YouTube & Google API Services (Future/Optional)

If we integrate with YouTube Data API v3 or other Google APIs (e.g., to display help videos or retrieve metadata you authorize), our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you connect your account or authorize scopes, we will request the minimum necessary scopes to enable the feature, and we will only use the data for the purpose you authorized (e.g., reading YouTube video metadata to embed as VideoObject schema).

Google Search Console API (Optional)

If you choose to connect Google Search Console to view performance insights in our admin UI (if/when available), access is read-only and restricted to the scope you authorize for your verified properties. Data remains governed by Google’s policies. We do not sell or share GSC data.

OpenAI (Bring-Your-Own-Key)

AI generation features are powered by your own OpenAI account and API key. We do not receive, store, or proxy your prompts or AI outputs. All AI usage, costs, and compliance obligations rest with you and OpenAI.

Stripe (Payments)

We use Stripe to process payments and manage subscriptions. Stripe collects and processes payment data in accordance with its policies. We do not store full payment credentials.

Google API OAuth Scopes (If/When Enabled)

If we later provide integrations that require sensitive or restricted Google OAuth scopes, we will request only what is needed for the stated purpose. Examples (subject to change as features expand):

Product / API Example Scope / Access Purpose (Example)
YouTube Data API v3 Read metadata for authorized channels/videos Read video titles/descriptions to embed VideoObject schema and improve search understanding.
Google Search Console API Read-only access to verified properties Display performance metrics to help correlate schema coverage with impressions/clicks.
Google APIs (various) Limited Use as applicable Only to the extent required for the feature you authorize; no sale or unauthorized transfer.

We will adhere to Google API Services User Data Policy (including Limited Use): we will only use the data for the user-facing feature you enabled, will not sell the data, and will not transfer it except as necessary to provide or improve the feature with your consent or as required by law.

Third-Party Behavioral Tracking

We do not allow third-party behavioral tracking through the Plugin on your website visitors. On our Website, we may use Google Analytics and (if enabled) Google Ads remarketing or a Facebook pixel to measure Website performance and ad effectiveness; these do not provide us with your visitors’ identities and are subject to provider policies and your browser settings.

Cookies

We use cookies, web beacons, and similar technologies on our Website to: (i) remember user preferences; (ii) maintain sessions; (iii) analyze traffic; (iv) improve performance; and (v) support marketing. You can manage cookies through your browser settings; disabling cookies may limit some Website functionality. We do not set cookies on your site’s visitors via the Plugin.

Fair Information Practices

In line with Fair Information Practice Principles, if a data breach involving Personal Data that we control occurs, we will notify affected users by in-site notice or email within seven (7) business days, or as otherwise required by law. You may have rights to pursue enforceable legal rights against data processors that fail to comply with applicable laws. We cooperate with regulatory and law enforcement authorities as required.

CAN-SPAM Act

We may collect your email address to:

  • Send information or respond to inquiries and requests.
  • Process orders and send transaction-related notices.
  • Send important updates related to products or Services.
  • (If you opt-in) Send marketing communications.

To comply with CAN-SPAM, we will:

  • Not use false or misleading subjects or email addresses.
  • Identify marketing messages as advertisements where required.
  • Include our valid physical mailing address.
  • Monitor email service providers for compliance where applicable.
  • Honor unsubscribe requests promptly.
  • Provide a clear unsubscribe link in marketing emails.

Security

We strive to prevent unauthorized access to Personal Data we control; however, no Internet, wireless, or over-the-air transmission is 100% secure. You must choose strong, unique passwords and safeguard your credentials. If you forget your password (if an account portal exists), we will send reset instructions to your registered email. Our employees cannot view your plaintext password.

You control what Personal Data you provide when using the Website or contacting support. You are responsible for maintaining the confidentiality of your identifiers, passwords, and any Personal Data you store or transmit. We are not responsible for the actions of third parties with whom you choose to share information. We cannot guarantee or verify the accuracy of Personal Data provided by others; you release us from liability in connection with such content.

Important: You are solely responsible for securing and backing up your WordPress environment, your OpenAI account and usage, and your website content. We do not store or back up your website or AI data.

Children’s Privacy

Our Website and Services are not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under 16 without verifiable parental consent. If you are under 16, do not use or access the Services. If we learn that Personal Data has been collected from a child under 16 without consent, we will take appropriate steps to delete it. Parents or guardians who discover that a child under 16 has provided Personal Data may contact us as set forth below to request deletion.

Contacting Us

If you have any questions about this Privacy Policy or your Personal Data; to make an access or correction request; to exercise applicable rights; to make a complaint; or to obtain information about our policies and practices with respect to service providers and international transfers, contact:

Schema Monster / Monsterverse LLC

Support: support@schemamonster.com

Billing: billing@schemamonster.com

Plain-English Summary (Non-Contractual)

  • Local by design: We don’t store your website content, schema markup, or AI data.
  • Your OpenAI account: You bring your own key; prompts and outputs stay between you and OpenAI.
  • Stripe handles payments: We don’t store your card number.
  • Minimal data: We keep only what we need for accounts, licenses, and support.
  • Your site, your policy: You’re responsible for your website’s privacy/cookie disclosures.

Note: This Privacy Policy is intended to be comprehensive and law-firm–grade. Before publication, have counsel verify jurisdiction-specific requirements (e.g., EU/UK SCCs for transfers, DPA availability on request, state privacy law notices such as Virginia/Colorado/Connecticut/UCPA, Canada PIPEDA disclosures, and your physical mailing address).