Privacy Policy

Information we collect

We collect account identity, login records, workspace names, consent records, credit balances, purchase metadata, support tickets, endpoint labels, application type, application version, mailbox provider, mailbox counts, folder counts, transfer status, warnings, logs, hashes, and troubleshooting events.

For website jobs, Migration Monkey stores migration metadata and job evidence. It does not store website files, database dumps, media libraries, theme files, plugin files, application archives, or backups by default.

For mailbox jobs, Migration Monkey stores metadata such as provider type, mailbox size, folder counts, message counts, progress, warnings, and audit logs. Email message bodies and attachments are not stored by default. Assisted encrypted mailbox relay, if offered for a difficult provider route, requires explicit job-level approval.

Google account data

When you sign in with Google, we request the minimum identity information needed for account login: your Google account identifier, email address, email verification status, name, and profile image when provided by Google. For Google sign-in, Migration Monkey does not keep Google access tokens after the login session is created.

When you choose a Gmail or Google Workspace mailbox migration, additional Google permissions may be requested only for that migration workflow. Those permissions are used to analyze and move the mailbox you authorized, report progress, verify the migration, and troubleshoot errors. Google mailbox data is not sold, used for advertising, or used to train AI models.

Migration Monkey's use and transfer of information received from Google APIs is intended to comply with the Google API Services User Data Policy, including the Limited Use requirements.

How we use information

We use information to authenticate users, estimate migration credits, run source and destination checks, coordinate direct endpoint transfers, create logs, detect failures, support customers, prevent abuse, reconcile payments, honor coupons or credits, satisfy legal obligations, and maintain security evidence.

How we share information

We share information only as needed to provide the service, process payments, operate hosting and security systems, support customers, comply with law, prevent abuse, or complete a user-directed migration to the destination system the account owner selected. We do not sell personal information.

Security and retention

Passwords and migration credentials should be supplied per migration and are not intended to be saved as reusable server records. Temporary job secrets are encrypted, scoped to the job, and removed when they are no longer needed. Saved server profiles should keep labels, hostnames, ports, and non-secret connection preferences only.

Audit logs, consent records, billing records, and job metadata may be retained as needed for support, accounting, security, SOC 2 style evidence, dispute handling, and legal compliance. Payload data is not retained by default because it is not meant to land on Migration Monkey systems.

GDPR and privacy rights

Where GDPR or similar privacy laws apply, you may request access, correction, deletion, export, restriction, or objection for personal data associated with your account. For migration payloads, the website owner, mailbox owner, or data controller remains responsible for the source and destination systems and for having authority to migrate that data.

Contact

For privacy requests, Google OAuth questions, account deletion, or security concerns, contact privacy@migrationmonkey.com or support@migrationmonkey.com.