MonolithMonolith
Start investing
LEGAL
Privacy & GDPR

Your data, your rights. Clear controls.

This page summarizes how we collect, use, store, and protect personal data in line with GDPR and related regulations.

Overview

Monolith provides infrastructure for tokenized private markets. We process personal data to deliver services, meet legal obligations, prevent abuse, and improve our products.

Data We Collect

  • Identity & contact: name, email, phone, address, nationality.
  • Compliance data: KYC/KYB artifacts, sanctions & PEP checks.
  • Account & usage: logins, settings, activity, support requests.
  • Financial ops: payments, deposits/withdrawals, settlement metadata.
  • Technical: device, IP, cookies, crash logs, security events.

How We Use Data

  • Onboarding, verification, eligibility checks.
  • Executing operations (issuance, trading, distributions).
  • Customer support, incident response, and troubleshooting.
  • Security monitoring, audits, and regulatory reporting.

Retention

We keep records as long as necessary for contractual, legal, and security purposes. Typical retention ranges from 1–10 years depending on data type and jurisdiction.

Your Rights (GDPR)

  • Access, rectification, deletion, restriction, portability, objection.
  • Withdraw consent where processing is based on consent.
  • Complain to your local supervisory authority.

International Transfers

We prioritize EU data residency. When transfers occur, we use appropriate safeguards (e.g., SCCs) and assess third-country risks.

Subprocessors

We engage vetted providers for infrastructure, analytics, communications, and compliance checks. A current list is available on request or on our Legal Hub.

Cookies

We use essential cookies for authentication and security, and optional cookies (with consent) for analytics and product improvements. Manage preferences in your account.

Security

Encryption in transit/at rest, strict access controls, audit trails, monitoring, and responsible disclosure.

Children

Services are not directed to children. We do not knowingly process data of individuals under applicable age limits.

Changes

We may update this notice to reflect operational or legal changes. We’ll post revisions with an updated effective date.

Contact

Privacy questions? Email privacy@monolith.xyz.