Privacy policy & GDPR information
This page explains what data we process, why we process it, and the rights available to you under applicable data protection laws, including GDPR.
- We collect data needed to operate the platform, manage eligibility checks, and support onboarding.
- We apply security controls designed to protect data. See /security.
- You can request access, correction, deletion, restriction, portability, or object to processing where applicable.
- Cookies and preferences are described at /legal/cookies.
On this page
Overview
Monolith Equity, Monolith, we, or us, processes personal data in connection with operating our website, onboarding users, responding to inquiries, and providing platform functionality for issuers and qualified investors.
This policy describes typical processing activities. Actual processing may vary based on enabled product features and the specific relationship you have with Monolith, such as visitor, prospect, investor, issuer, or service provider.
Data we collect
- Name, email address, phone if provided
- Account identifiers and role, issuer or investor
- Support messages and communication metadata
- Log and audit events for security, access control, and admin actions
- Device and browser information for security and troubleshooting
- Approximate location derived from IP for fraud prevention or geo controls
- Identity and entity information necessary for KYC or KYB where applicable
- Proof of address or corporate documents where required
- Risk and compliance checks required for onboarding
- Pages visited and interactions if analytics is enabled by consent
- Cookie preferences and consent choices
- Security signals such as rate limiting and abuse detection
Do not send sensitive data by email unless requested and appropriate. For security disclosures, use Responsible Disclosure.
How we use data
- Protect accounts
- Detect abuse and fraud
- Maintain audit logs and access controls
- Account creation
- Eligibility and verification workflows
- Issuer and investor support
- Service messages
- Support responses
- Operational notices and maintenance updates
We aim to minimize data collection and restrict access on a need to know basis. See /security for governance, logging, and control design.
Legal bases
Where GDPR applies, we process personal data under one or more legal bases, depending on the context.
Retention
We keep personal data only as long as necessary for the purposes described above, unless a longer retention period is required by law or for dispute resolution and security.
You may request deletion where applicable. Some records may be retained to comply with legal obligations or to protect the platform and users.
International transfers
Where personal data is transferred outside the EEA or UK, we use appropriate safeguards such as contractual protections and assessments where required by law. Transfer arrangements may depend on your geography and the service providers involved.
If you need more details on a particular transfer pathway, email contact@monolith.xyz.
Your rights
Depending on your location and applicable law, you may have rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. We may request verification before fulfilling a request.
- Access, receive a copy of your data
- Correction, fix inaccurate information
- Deletion, request erasure where applicable
- Objection, object to certain processing
- We confirm identity to protect you
- We respond within required timelines where GDPR applies
- We explain any lawful reasons we cannot fully comply
- We document fulfillment for audit and security
To submit a request, email contact@monolith.xyz with the request type and the account email, if applicable.
Requests & contact
Submit a privacy request
Use the template email below to help us respond quickly and securely.
Email contact@monolith.xyzSecurity
Sensitive disclosures
If you found a security issue, please use the responsible disclosure route.
Responsible Disclosure