LEGAL

Monai Privacy Policy

Effective as of June 21, 2026

Monai (and our subsidiaries and affiliates) (collectively, "Monai", "we", "us" or "our") provides a regulated digital banking and payments platform. This Privacy Policy describes how Monai processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including, as applicable, our website, mobile application, and web dashboard) as well as our marketing and other activities described in this Privacy Policy (collectively, the "Service").

European Users: Please see the Notice to European Users section below for additional information for individuals located in the European Economic Area or United Kingdom.

Privacy at a Glance

  • What we collect. Identity and verification data, transaction data, device and usage data, and communications with us.
  • How we use it. To operate the Service, verify your identity, comply with financial crime and sanctions obligations, and, with your permission, send you marketing materials.
  • Who we share it with. Our affiliated entities, regulated service providers (including identity verification, card program, and payment partners), professional advisers, and authorities where required by law. We do not sell your data to data brokers or advertisers.
  • Your rights. You can access, correct, delete, or export your data, and object to certain uses. European and UK users have additional rights under GDPR and UK GDPR.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, email address, mailing address, and phone number.
  • Demographic data, such as your city, state, country of residence, postal code, and age.
  • Profile data, such as the username and password that you set to establish an account on the Service, company name, and any other information you add to your account profile.
  • Communications data based on our exchanges with you, including when you contact us through the Service, email, or otherwise.
  • Transactional data, such as information relating to or needed to complete your transactions on or through the Service, including transaction numbers and transaction history.
  • Financial data, such as your account balance, payment card details (masked card number and expiry date), and other associated information.
  • Government-issued identification data, such as passport number, driver's license number, and an image of the relevant identification document.
  • Identity verification and anti-money laundering (AML) data, which we collect when you proceed with identity verification or any AML or know-your-customer (KYC) requirement, including your full name, country of residency, email address, government-issued identification, date of birth, and a photograph or image of you.

Third-party sources. We may combine personal information we receive from you with personal information that we obtain from other sources, such as public records, data providers, service providers, and marketing partners.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your device, and your interaction with the Service, such as device data (operating system, browser type, IP address, unique identifiers), online activity data (pages viewed, content engaged with, navigation paths), and communication interaction data (email opens and clicks).

How we use your personal information

We may use your personal information for the following purposes:

  • Service delivery and operations. To provide the Service, operate our business, enable security features, establish your user profile, communicate with you about the Service, and provide support.
  • Service personalization. To understand your needs and interests, personalize your experience, and remember your selections and preferences.
  • Service improvement and analytics. To analyze usage of the Service, improve the Service, and develop new products and services.
  • Marketing. To send you direct marketing communications and personalize these messages based on your needs and interests. You may opt-out as described below.
  • Compliance and protection. To comply with applicable laws, protect rights and safety, prevent fraud and illegal activity, and verify your identity and conduct AML, counter-terrorist financing, sanctions, and KYC checks.
  • Data sharing in corporate events. To share certain personal information in the context of actual or prospective corporate events.
  • Aggregated data. To create aggregated, de-identified and/or anonymized data for lawful business purposes.

How we share your personal information

We may share your personal information with:

  • Corporate affiliates. Our corporate subsidiaries and affiliates.
  • Service providers. Third parties that provide services on our behalf (hosting, IT, customer support, email delivery, marketing, analytics).
  • Professional advisors. Lawyers, auditors, bankers and insurers.
  • Authorities. Law enforcement, government authorities, and private parties where necessary.
  • Business transferees. In the context of actual or prospective business transactions, mergers, acquisitions, or insolvency.

Retention

We generally retain personal information to fulfill the purposes for which we collected it, including for legal, accounting, or reporting requirements.

  • Identity verification, KYC, and AML data is retained for the duration of our relationship with you and for at least five (5) years after that relationship ends, or longer as required by applicable law.
  • Transactional data and financial data is retained for at least five (5) years following the relevant transaction or the end of our relationship with you.
  • Marketing data is retained until you opt out or following 24 months of inactivity.
  • Communications data is retained for up to 3 years from the date of the relevant communication.

When we no longer require personal information, we may delete it, anonymize it, or isolate it from further processing.

Your choices

  • Access or update your information. You may review and update certain account information by logging into your account.
  • Opt-out of communications. You may opt-out of marketing-related emails by following the unsubscribe instructions or by contacting us.
  • Cookies. For more information about cookies and how to manage your preferences, see our Cookie Policy.
  • Declining to provide information. We need to collect personal information to provide certain services. If you do not provide required information, we may not be able to provide those services.
  • Delete your content or close your account. You may request to close your account by contacting us. We are required by law to retain certain personal information after closure.

Security

We employ technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We operate through affiliates in multiple jurisdictions. Your personal information may be transferred to locations where privacy laws may not be as protective as those in your jurisdiction. For transfers of personal information out of the European Economic Area or the United Kingdom, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses.

Children

The Service is not intended for use by anyone under the age of eighteen (18). Identity verification (KYC) conducted by our verification provider will verify your age and may decline applications that do not satisfy this requirement.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the date and posting the revised policy on the Service. Your use of the Service after the effective date constitutes your acknowledgment of the modified policy.

How to contact us

If you have questions about our practices or would like to exercise any privacy-related right, please contact us:

Notice to European users

The information in this section applies only to individuals located in the European Economic Area (EEA) or United Kingdom (UK) ("Europe").

References to "personal information" include "personal data" as defined in the GDPR (General Data Protection Regulation 2016/679) and the UK GDPR.

Our legal bases for processing

Our legal bases for processing your personal information are:

  • Contractual Necessity — where we need to process your information to deliver the Service to you.
  • Legitimate Interests — where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
  • Compliance with Law — where we need to comply with a legal or regulatory obligation.
  • Consent — where we have your specific consent.

Retention

We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including to satisfy legal, accounting, or reporting requirements. When we no longer require the information, we will delete or anonymize it.

Your additional rights

European data protection laws may give you certain rights regarding your personal information:

  • Access. Provide you with information about our processing and access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information where there is no good reason for continuing to process it.
  • Transfer. Transfer to you or a third party a machine-readable copy of your personal information.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our processing of your personal information.
  • Withdraw Consent. Withdraw consent at any time when we process based on consent.

You may submit these requests by contacting us. We will respond to legitimate requests within one month of receipt.

Right to lodge a complaint

If you are not satisfied with our response, you can make a complaint to the data protection regulator in your habitual place of residence.

Geographic, regulatory, and other eligibility limits apply, and are subject to change.