Download
··

This document is available in Portuguese as per the legal requirements of the company's jurisdiction. A translated version may be provided in the future.

Privacy

Privacy Policy and Data Protection

Effective date: April 02, 2026

Data Controller: Montres Global Ltda. – "MON 3"

Contact: contato@mon3.co

Objective

This policy establishes information security guidelines for the protection of the company's data and systems. All data is protected with encryption in transit and at rest, multi-factor authentication, and periodic backups. All our incidents are recorded and reported to the DPO and, when applicable, to ANPD.

At MON 3, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy and Data Protection Policy explains how we collect, use, share, and protect your personal information when you use our services, in accordance with the provisions of the General Data Protection Regulation (GDPR). This policy has been designed to align with both the LGPD (Brazil) and, when applicable, the GDPR (European Union), reflecting the fact that our services may be accessed internationally.

MON 3 is a technology service provider (software provider/technical intermediary), and is neither a financial institution nor a virtual asset service provider. We are a technology provider that has a connectivity platform with infrastructure from duly licensed and regulated third-party partners to operate in all jurisdictions where we operate. We do not provide financial services directly; we act exclusively as technological intermediaries and systems integrators. All regulated activity — including custody, settlement, transfer of funds, and identity verification (KYC/KYB/AML/CFT) — is performed by licensed partner institutions in their respective jurisdictions. MON 3 technically integrates this infrastructure and does not perform its own custody or direct movement of funds.

Data Protection Officer (DPO): Pedro Motta — pedro.motta@mon3.co

Definitions

Personal Data

Any information relating to an identified or identifiable natural person, such as names, addresses, email addresses, identification numbers, and IP addresses.

Data Subject

The user to whom the data refers.

Data Controller

The entity that determines the purposes and means of processing personal data. In this case, it is MON 3 and our licensed partners.

Data Processor

The entity that processes personal data on behalf of the data controller. These are the suppliers and licensed partners that process your data as determined by MON 3.

Information We Collect

We collect and process, together with our licensed partners, the following categories of personal data:

Personal Data

Full name, CPF (Brazilian tax ID), date of birth, sex, gender, nationality, identity document, facial photo and proof of residence, driver's license, passport number.

Contact Data

Email address, phone number, residential/mailing address, emergency contact information.

Financial Data

Bank account numbers, credit card information, income details, tax identification number, financial transaction history.

Technical, Location, and Device Data

Device model, browser type, operating system, IP address, geolocation, Wi-Fi identifiers, location history, session logs, cookies, and usage data (clickstream, session duration).

Transaction and Financial Data

Transaction history, amounts, on-chain activity, PIX transactions, amounts, timestamps, payment behavior and payment method, billing addresses.

Usage Data

Website or app usage patterns, session duration, pages visited, clickstream data, error logs, and crash reports.

User Account Data

Usernames and account identifiers, profile photos and avatars, user-generated content (profile descriptions, bios), user preferences and settings.

Support Data

Customer service communications, support tickets, chat logs.

Employment and Income Data

Job title, employer, income, workplace location, account verification data, and employment-related identifiers (when necessary for payment eligibility as per licensed partner requirements).

Biometric and Verification Data

Data collected through our licensed partners, including biometric facial matching and digitized documents.

Marketing and Analytics Data

Preferences, referral source, behavior on our website or app.

Communications

If you contact us directly, we may request additional information, such as your name, email address, residential address, phone number, and other relevant personal data.

Payment Information

Our services, through the use of infrastructure by licensed partner financial institutions, allow users to make international payments. We use duly regulated third-party financial institutions to process payments in fiat currency and stablecoins.

Information Collected from Other Sources and Third Parties

We may obtain personal data from third-party partners and suppliers to provide complete and integrated services. These third parties may include:

  • Payment service providers: licensed financial institutions that process your transactions.
  • Identity verification partners: providers that verify your identity as required by law.
  • Advertisers and marketing partners: to better understand your interaction with our services and provide personalized recommendations.
  • Third-party sources: We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available through your privacy settings.

How We Use Your Data

Our collection, use, and sharing of data are based on various legal bases, depending on the context. These include:

  • To fulfill obligations and provide you with the services for which we have received your consent;
  • To understand your needs and preferences in using our services, to evaluate and understand the effectiveness of the advertising materials we provide;
  • To develop new service and product offerings and improve existing ones, to notify you of changes related to our services;
  • To verify and control the identity of users who open and operate accounts, in order to prevent fraud, deception, and other illegal activities;
  • To comply with legal requirements regarding anti-money laundering and counter-terrorism financing;
  • To ensure the security of our website, our services, and your account;
  • To support, respond to, and resolve your complaints and questions related to the use of our services and the capabilities of our website;
  • To make automated decisions, including profiling. Our processing of your personal information will not result in a decision based solely on automated processing that significantly affects you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are authorized by law to make such automated decisions;
  • To use personal information and other information about the user to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which the user accesses our Services, or other analyses we create;
  • To understand how our users use our services, provided that such data cannot identify any individual;
  • When processing is necessary for the performance of a contract with you;
  • When we need to use your data to fulfill legal obligations;
  • When we have a legitimate interest that does not override your fundamental rights.

Data Usage Purposes

We use your data for various purposes, including:

Service and application provision and maintenance: to ensure the functionality and availability of our services.

Payment processing and order execution: to process payments and complete orders in compliance with transparency and competitiveness rules.

Fraud prevention: to detect and prevent fund losses, including those resulting from fraud and misuse of our services and applications.

Compliance with laws and regulations: to ensure compliance with relevant laws and regulations, such as anti-money laundering and counter-terrorism financing.

User communication and support: to communicate directly with you or through our partners for customer support, notifications about service changes and updates, important service-related information, marketing, and promotions.

Service improvement: to continuously improve the quality, performance, and features of our services.

Research and development: to conduct research and development activities related to our services, including the development of new app features and functionalities.

Measurement and analytics: to understand how users interact with our services, analyze user behavior, and identify preferences.

Security: to promote the security and integrity of your funds, our services, and data through continuous protection measures and monitoring.

User account management: to manage user accounts, including setup, recovery, and account closure.

Personalization: to tailor user experiences based on preferences and behaviors, providing personalized content and recommendations.

How We Share Your Data

We may share your information with various third parties to support and enhance our business operations, including:

  • Suppliers and service providers: who assist us in maintaining and optimizing our business.
  • Licensed partner financial institutions: to process your transactions and complete your orders.
  • Identity verification services: to ensure compliance with legal requirements.
  • Licensed partners: authorized and duly regulated third parties who may process, view, and manage your data to provide integrated services or enhanced functionalities.
  • Advertisers and marketing partners: to better understand your interaction with our services and provide personalized recommendations.
  • Law enforcement: to support investigations, maintain legal compliance, and ensure the security of our application and users.
  • Transfers, mergers, and acquisitions: in the event of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets, or succession, your personal information may be disclosed to the new owner, acquirer, or successor of the company or other relevant third parties.

Data Sharing with Third Parties

We share your data with partners and processors under data protection agreements and standard contractual clauses (SCCs):

Identity and Verification Services

Licensed partners responsible for identity and document verification, biometric data matching, in compliance with KYC/KYB and applicable regulations.

Payment Services

Licensed partner financial institutions responsible for executing payments in fiat currency and stablecoins, including PIX, ACH, Wire, SWIFT, and other available payment networks. These partners may independently collect additional data for AML, fraud prevention, and payment eligibility.

Infrastructure and Analytics

Cloud hosting, security, analytics tools, CRM platforms, and observability.

Legal and Regulatory Authorities

As necessary for compliance with applicable financial regulations, court orders, AML/CFT rules, or government institutions.

Licensed Partner-Specific Data Usage

When you use payment features, the following applies:

  • Our licensed partners may collect employment, income, and location data for payment eligibility and compliance with AML laws in applicable jurisdictions.
  • MON 3 securely transfers relevant data (such as full name, CPF, address, and KYC verification results) to licensed partners.
  • Licensed partners may retain data for 5 to 7 years or more, when required by law.
  • MON 3 cannot override or delete data independently retained by licensed partners. Users may contact the responsible partner directly for privacy and data protection inquiries.

International Data Transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to the USA, the UAE, the EU, or other countries, which may have data protection laws different from those of your country of residence. We strive to safeguard your information in accordance with the requirements of applicable legislation.

Your data may be processed and stored in:

  • The United States of America (licensed partners);
  • The European Union / United Kingdom (licensed partners and for hosting and analytics);
  • Brazil (licensed partners, PIX intermediaries, and MON 3 database);
  • Other countries where we operate.

All transfers are protected by encryption, SCCs, and compliance with Article 33 of the LGPD.

Global Data Protection Framework

  • We apply a baseline of data protection measures that meet the highest standards required in any jurisdiction where we operate.
  • We implement additional safeguards when necessary to meet specific regional requirements.
  • We regularly review and update our practices to reflect evolving international data protection laws and standards.

Data Localization Requirements

When applicable local laws require data to be stored in specific territories, we maintain the necessary infrastructure to ensure compliance with these data localization requirements while providing a seamless global service.

We are committed to maintaining the highest standards of data protection, regardless of where your data is processed or stored. If you have questions about how your data is handled in a specific country or region, please contact our Data Protection team.

Data Security and Data Storage

We implement security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Access controls: restricting access to your personal information to authorized personnel for legitimate business purposes.

Employee training: training our staff on data security best practices.

Data backups: performing regular data backups to prevent data loss.

Incident response: establishing incident response procedures to promptly address and mitigate any security incidents.

End-to-end encryption for sensitive data.

Role-based access control and MFA.

Secure cloud storage and physical infrastructure.

Biometric verification through secure licensed partners.

Regular audits, backup systems, and incident response plans.

While we strive to protect your information, no security system is impenetrable. We continuously evaluate and enhance our security practices to better protect your data.

We will not sell, rent, or lease your information to third parties. However, we may share your information with trusted third parties to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange deliveries. All such entities will be prohibited from using your personal information for any purpose other than what we have respectively requested, and they will be required to maintain full confidentiality in handling this information. We will not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.

Our website may, from time to time, contain links to and from the websites of our partner networks. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before submitting any personal data to these websites.

Data Retention

We will retain your personal information for as long as you are a customer of MON 3 services. We may retain your personal information for a maximum period of 5 years after you cease to be a customer. The reasons we may do so are:

  • To respond to a question or complaint, or to show whether we gave you fair treatment;
  • To study customer data as part of our own research;
  • To comply with legal standards that apply to record-keeping.

We will retain your personal information only for the period necessary to fulfill the specific purposes for which it was collected. We may also retain your data for more than 5 years if certain laws do not allow us to delete them for legal, regulatory, or technical reasons.

For the time necessary to provide the services;

Compliance required by AML and regulatory law (minimum of 5 to 7 years for transactions);

Until deletion of the user's account (with limitations due to legal obligations or partner retention requirements).

Your Rights as a Data Subject

As a user of our services and application, you have certain rights regarding the personal data we collect and use:

  • Right of access: request access to the personal data we hold about you.
  • Right to rectification: request the correction of inaccurate or incomplete personal data.
  • Right to erasure (Right to Be Forgotten): request the deletion of your personal data in certain circumstances.
  • Right to restriction of processing: request the limitation of processing of your personal data in certain situations.
  • Right to data portability: receive your data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
  • Right to object: object to the processing of your data, including for direct marketing purposes.
  • Rights related to automated decision-making: request human intervention and review of decisions made solely by automated means.
  • Withdraw consent at any time (note: withdrawal may limit access to the service);
  • File a complaint with ANPD.

Note: MON 3 is a technology service provider and not a financial institution. As our licensed partners are regulated financial service providers, they are subject to certain regulatory obligations that may limit our ability to delete some of your data, including AML compliance, financial record-keeping (5 to 7 years), and fraud prevention.

To exercise your rights, send an email to: contato@mon3.co

Legal Basis for Processing (art. 7 of LGPD)

Consent (e.g., marketing or optional features);

Legal or regulatory obligation (e.g., AML requirements);

Contract performance (e.g., transaction execution);

Legitimate interest (e.g., fraud prevention, platform analytics);

Data Processing Purposes

We process personal data for the following purposes, with verification conducted by licensed partners:

  • KYC/KYB/AML verification and fraud detection;
  • Account creation and platform access;
  • Execution of on-chain and fiat transactions;
  • Customer communication and support;
  • Platform security infrastructure improvements and feature development;
  • Legal compliance with LGPD, AML laws, and cross-border regulations;
  • Terms enforcement and investigation of misuse or threats.

MON 3 is a technology service provider (software provider/technical intermediary), and is neither a financial institution nor a virtual asset service provider. We are a technology provider that has a connectivity platform with infrastructure from duly licensed and regulated partners.

Cookies and Tracking Technologies

We use:

  • Session cookies;
  • Security cookies;
  • Behavior tracking (analytics and session tools).

You can disable cookies in your browser. Some features may not function properly if disabled. Visit our Cookie Policy for more information.

Age Restrictions / Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not intentionally collect personal information from minors. If we become aware that we have inadvertently collected personal data from a person under 18 years of age, we will take appropriate steps to delete such information from our records. If you believe we may have information from or about a child under 18, please contact us immediately at contato@mon3.co.

Changes to This Policy

We may periodically update this Privacy Policy to reflect changes in our data processing practices and legal requirements or to improve transparency and clarity. Any substantial changes to this Privacy Policy will be incorporated directly into the Policy and will be available for review on the website and app.

Changes will be published at www.mon3.co, and major updates will be communicated via email and in-app notice. We recommend that you review this Policy periodically to stay informed about how we handle your data.

The Company reserves the right to modify the Privacy Policy at any time, at its sole discretion. If the user does not agree with the amended version, they must immediately discontinue their access to the website and stop using all services. If you continue to use the services, the amended Privacy Policy will have legal effect and your actions will constitute acceptance of the changes.

Contact Us

Email: contato@mon3.co

Data Protection Officer (DPO): Pedro Motta — pedro.motta@mon3.co

Website: www.mon3.co

Last updated: April 02, 2026