Privacy Policy
1. Data Controller
MONARA.FUN · Rua P. S. Antão 177 · 1150-226 Lisbon, Portugal
support@monara.fun
2. Data We Collect
- Registration: name, email, encrypted password, country
- KYC: identity document and selfie — stored temporarily and deleted immediately after verification
- Transactions: purchases, wallet movements, card transfers
- Payment: payment method, transaction ID (no card data — processed by Stripe/PayPal)
- Communications: internal messages, emails
- Technical: IP address, browser, device, session data
- Affiliate: referral links, referred users, commissions
3. Purpose of Processing
- Account management, purchases, transfers, wallet
- Identity verification (KYC) — temporary, deleted after review
- Payment processing via Stripe / PayPal
- Affiliate programme tracking and commissions
- Transactional emails, system messages, support
- Fraud prevention and security
- Legal obligations under Portuguese law or, where longer retention periods apply, the law of the user''s country of residence
4. Legal Basis (GDPR Art. 6)
- Art. 6(1)(b) — Contract performance
- Art. 6(1)(c) — Legal obligation (KYC, retention)
- Art. 6(1)(f) — Legitimate interest (security, fraud prevention)
- Art. 6(1)(a) — Consent (marketing emails, if sent)
5. Third-Party Sharing
We share data only with: Stripe and PayPal (payment processing), Mailgun/SMTP (email delivery), Hostinger (EU-based hosting). No sharing with advertisers or third parties for marketing. No sharing without consent except as required by law.
6. Retention Periods
- Account data: while active + 2 years after deletion
- Transaction data: 7 years (Portuguese tax law)
- KYC documents: deleted immediately after verification
- Internal messages: 60 days (auto-deleted)
- Technical logs: 30 days
- Email logs: 90 days
7. Your Rights (GDPR)
You have the right to: access, rectification, erasure, restriction, data portability, and objection. You may also lodge a complaint with the Portuguese supervisory authority CNPD (www.cnpd.pt) or the authority in your country of residence. All requests: support@monara.fun — processed within 30 days.
8. Cookies & Tracking
We use only technically necessary session cookies for login and CSRF protection. No tracking cookies, no advertising cookies, no third-party tracking. No cookie banner required.
9. Security
Passwords are hashed with ARGON2ID. All connections via HTTPS/TLS. CSRF protection on all forms. Rate limiting against brute-force. No payment data stored on our servers. KYC documents deleted immediately after review. Regular backups on Hostinger infrastructure.
10. Policy Changes
Material changes notified by email or in-platform message at least 14 days before taking effect. The date of last update is shown at the top of this page.
11. Contact & Complaints
support@monara.fun
Supervisory authority: CNPD — www.cnpd.pt
You may also contact the supervisory authority in your country of residence.