Monetrix Group Inc. (“Monetrix”, “we”, “us”, or “our”) is committed to protecting the privacy and personal information of individuals who access or use our website, digital interfaces, embedded widgets, APIs, and related services (collectively, the “Services”). This Privacy Policy explains how Monetrix collects, uses, processes, stores, discloses, and protects personal information in connection with the Services. This Privacy Policy applies to:

• Individuals who create Accounts with Monetrix;
• Individuals who initiate transactions;
• Business Clients and their authorized representatives;
• Visitors to our website.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

Monetrix operates as a registered Money Services Business in Canada and processes personal information in accordance with applicable privacy and financial crime legislation.

• 2.1 Canadian Privacy Law (PIPEDA): Monetrix complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private-sector organizations collect, use, and disclose personal information in Canada.
• 2.2 European Data Protection (GDPR Principles): Where applicable, Monetrix applies principles consistent with the General Data Protection Regulation (GDPR) for Users located in the European Economic Area (EEA), including: Lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.
• 2.3 AML and Regulatory Obligations: As a regulated financial services provider, Monetrix is legally required to collect, verify, retain, and report certain personal information under applicable anti-money laundering and counter-terrorist financing legislation. These legal obligations may override certain deletion or restriction requests.

Monetrix collects personal information necessary to provide Services, comply with legal obligations, prevent fraud, and maintain platform integrity.

• 3.1 Information You Provide Directly: Full legal name, date of birth, residential address, email address, telephone number, government-issued identification details, proof of address documentation, selfie or biometric verification images, payment method information, and bank account details. For Business Clients: Corporate registration documents, shareholder information, UBO details, and board resolutions.
• 3.2 Transaction Information: Fiat transaction amounts, Digital Asset wallet addresses, blockchain transaction hashes, timestamps, and IP addresses associated with transactions.
• 3.3 Technical and Usage Information: IP address, device identifiers, browser type, operating system, session logs, and device fingerprinting data to help detect fraud and ensure platform security.
• 3.4 Information from Third Parties: Data from identity verification providers, blockchain analytics providers, payment processors, banking partners, and sanctions screening databases.

Monetrix processes personal information for legitimate business and regulatory purposes:

• 4.1 Provision of Services: To create and manage Accounts, execute transactions, process payments, and communicate transaction confirmations.
• 4.2 Compliance with Legal Obligations: To conduct identity verification (KYC), monitor transactions for suspicious activity, and comply with AML reporting obligations.
• 4.3 Fraud Prevention and Risk Management: To detect and prevent fraud, identify suspicious behavior, enforce transaction limits, and prevent chargebacks.
• 4.4 Platform Security and Improvement: To maintain system integrity, detect unauthorized access, improve functionality, and analyze service performance.

Where GDPR principles apply, Monetrix processes personal information under:

• 5.1 Contractual Necessity: Processing is necessary to perform the contract between you and Monetrix.
• 5.2 Legal Obligation: Processing is required to comply with applicable financial crime, AML, and regulatory obligations.
• 5.3 Legitimate Interests: Processing is necessary for Monetrix’s legitimate interests, including fraud prevention and platform security.
• 5.4 Consent (Where Applicable): For specific activities such as marketing. You may withdraw consent at any time, subject to regulatory retention obligations.

Monetrix does not sell personal information. However, we may share it in limited circumstances:

• 6.1 Service Providers and Infrastructure Partners: Trusted third-party providers for KYC, blockchain analytics, payment processing, banking partners, and cloud hosting.
• 6.2 Regulatory and Law Enforcement Authorities: When required by law, subpoena, or to prevent fraud and financial crime.
• 6.3 Corporate Transactions: In the event of a merger, acquisition, or sale of assets, subject to confidentiality safeguards.
• 6.4 Business Client Disclosures: Sharing with authorized representatives of a Business Client entity.

Monetrix operates internationally and may transfer personal information across jurisdictions.

• 7.1 Cross-Border Processing: Personal information may be processed in Canada or other jurisdictions where our service providers operate.
• 7.2 Safeguards for International Transfers: We implement contractual data protection clauses, risk-based vendor assessments, and technical security measures.

We retain personal data only for as long as necessary. As a registered MSB, Monetrix is legally required to retain certain records for minimum statutory periods under Canadian legislation, which may override deletion requests. When no longer required, data is securely deleted or anonymized.

Monetrix implements technical safeguards including encryption of data in transit and at rest, multi-factor authentication, and network monitoring. Access is restricted to authorized personnel. In case of a material data breach, affected individuals and regulators will be notified as required by law.

Subject to applicable law and regulatory retention obligations, you have the following rights:

• 10.1 Access and Correction: Request access to or correction of your personal information.
• 10.2 Withdrawal of Consent: Withdraw consent at any time (does not affect prior processing).
• 10.3 Restriction and Objection: Request restriction of or object to certain processing activities where GDPR principles apply.
• 10.4 Deletion Requests: Request deletion, subject to our legal and regulatory retention requirements.
• 10.5 Complaints: File a complaint with the relevant data protection authority.

We use essential cookies for platform functionality and analytics cookies to understand user interaction and detect fraud. Users can manage preferences through browser settings.

Services are not directed to individuals under eighteen (18). Monetrix does not knowingly collect information from minors and will delete such data if discovered.

Monetrix may update this Privacy Policy to reflect changes in law or operational practices. Continued use of the Services constitutes acceptance of the updated policy.

If you have questions regarding this Privacy Policy or your personal information, contact us at:

• Email: compliance@monetrix.io