Monolith Privacy Policy

1. What Monolith Tracks

Monolith is a compliance infrastructure platform that tracks regulated assets — lead aprons, sterile trays, laboratory instruments, and similar equipment subject to periodic inspection requirements.

Monolith does not track people. The data model enforces this boundary at the schema level. No field can hold a patient name, medical record number, date of birth, Social Security number, or any identifier defined as Protected Health Information (PHI) under HIPAA. This is not a policy decision — it is an architectural constraint.

2. No Third-Party Tracking

The monolith.ekoche.com subdomain runs:

• ✗No Google Analytics (GA4)
• ✗No Google Tag Manager (GTM)
• ✗No Meta Pixel / Facebook SDK
• ✗No Hotjar, FullStory, or session recording
• ✗No cookies of any kind
• ✗No browser fingerprinting
• ✗No third-party scripts of any kind

You can verify this by inspecting the network tab in your browser's developer tools. The only requests are to monolith.ekoche.com itself.

3. Self-Hosted Analytics

We use a self-hosted, first-party event sink to understand aggregate product usage. This system:

• ✓Records only event names (e.g., “demo opened”) and bucketed properties
• ✓Sets no client ID, session ID, or cookies
• ✓Stores no IP addresses (raw, hashed, or truncated)
• ✓Strips User-Agent to device class only (mobile/desktop/tablet) and OS family
• ✓Cannot link any two pageviews to the same person

4. Compliance-Asset Download Resolution

This is the single, narrow, documented exception to our no-IP-storage policy. It applies only to first-party downloads of compliance artifacts from the following endpoints:

• /compliance/security-posture-whitepaper.pdf
• /compliance/hecvat-lite.pdf
• /compliance/caiq-on-request

It does not apply to landing pages, the demo, the pilot form, or any other route.

How it works

When a request hits one of the above endpoints, a server-side function performs a single-request resolution:

1. Read the requesting IP address from request headers.
2. Resolve the IP to a publicly-registered Autonomous System Number (ASN) and organization name using a self-hosted static ASN database (GeoLite2-ASN, updated weekly). No third-party API is called at request time.
3. If the ASN maps to a residential ISP, mobile carrier, consumer cloud, or VPN/Tor exit node, the resolution is discarded and only {asset, timestamp, network_class: "other"} is persisted.
4. If the ASN maps to a corporate network (healthcare system, hospital, institutional registrant), persist {asset, timestamp, network_name, asn_number}.
5. Discard the raw IP before the request returns. The raw IP is never written to any persistent store.

What is stored

What is NOT stored

• ✗No IP address (raw, hashed, or truncated)
• ✗No user-agent fingerprint, browser version, or OS minor version
• ✗No cookie, session ID, or client-side identifier
• ✗No geolocation (city, state, or country)
• ✗No joinable key — two visits from the same network appear as independent rows

Why this exception exists

This mechanism surfaces the same information a buyer would disclose in the first sentence of a phone call (“Hi, I'm calling from Example Health System”). It operates at the level of a public corporate identifier — not a person. The raw IP, which could theoretically be linked to an individual, never reaches persistent storage.

5. Interactive Demo

The interactive demo at /demos/lead-apronsruns entirely in your browser using sql.js (SQLite compiled to WebAssembly) and IndexedDB. No demo data is transmitted to our servers. When you reset the demo, all data is cleared from your browser's local storage.

6. Pilot Request Form

The pilot request form collects: name, work email, organization, role, estimated departmental asset count, and an optional message. This data is stored in a private Airtable base accessible only to the founder.

The form includes a client-side and server-side PHI regex guard that blocks submission if patterns resembling SSNs, medical record numbers, or dates of birth are detected. If you need to discuss patient-adjacent information, we will arrange a secure channel after first contact.

7. Data Controller