Privacy policy & GDPR information
This page explains what data we process, why we process it, and the rights available to you under applicable data protection laws, including GDPR.
- We collect data needed to operate the platform, manage eligibility checks, and support onboarding.
- We apply security controls designed to protect data (see /security).
- You can request access, correction, deletion, restriction, portability, or object to processing where applicable.
- Cookies and preferences are described at /legal/cookies.
On this page
Overview
Monolith Equity (“Monolith”, “we”, “us”) processes personal data in connection with operating our website, onboarding users, responding to inquiries, and providing platform functionality for issuers and qualified investors.
This policy describes typical processing activities. Actual processing may vary based on enabled product features and the specific relationship you have with Monolith (visitor, prospect, investor, issuer, or service provider).
Data we collect
- Name, email address, phone (if provided)
- Account identifiers and role (issuer / investor)
- Support messages and communication metadata
- Log and audit events (security, access control, admin actions)
- Device and browser information (for security and troubleshooting)
- Approximate location derived from IP (for fraud prevention / geo controls)
- Identity and entity information necessary for KYC/KYB (if applicable)
- Proof of address or corporate documents (where required)
- Risk and compliance checks required for onboarding
- Pages visited and interactions (if analytics is enabled by consent)
- Cookie preferences and consent choices
- Security signals (rate limiting, abuse detection)
Do not send sensitive data via email unless requested and appropriate. For security disclosures, use Responsible Disclosure.
How we use data
- Protect accounts
- Detect abuse and fraud
- Maintain audit logs and access controls
- Account creation
- Eligibility/verification workflows
- Issuer/investor support
- Service messages
- Support responses
- Operational notices and maintenance updates
We aim to minimize data collection and restrict access on a need-to-know basis. See /security for governance, logging, and control design.
Legal bases
Where GDPR applies, we process personal data under one or more legal bases, depending on the context:
Retention
We keep personal data only as long as necessary for the purposes described above, unless a longer retention period is required by law or for dispute resolution and security.
You may request deletion where applicable; some records may be retained to comply with legal obligations or to protect the platform and users.
International transfers
Where personal data is transferred outside the EEA/UK, we use appropriate safeguards such as contractual protections and assessments where required by law. Transfer arrangements may depend on your geography and the service providers involved.
If you need more details on a particular transfer pathway, email contact@monolith.xyz.
Your rights
Depending on your location and applicable law, you may have rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. We may request verification before fulfilling a request.
- Access: receive a copy of your data
- Correction: fix inaccurate information
- Deletion: request erasure where applicable
- Objection: object to certain processing
- We confirm identity to protect you
- We respond within required timelines where GDPR applies
- We explain any lawful reasons we cannot fully comply
- We document fulfillment for audit and security
To submit a request, email contact@monolith.xyz with the request type and the account email (if applicable).
Requests & contact
Submit a privacy request
Use the template email below to help us respond quickly and securely.
Email contact@monolith.xyzSecurity
Sensitive disclosures
If you found a security issue, please use the responsible disclosure route.
Responsible Disclosure