Privacy Policy

1. Data Controller

MONARA.FUN · Rua P. S. Antão 177 · 1150-226 Lisbon, Portugal
support@monara.fun

2. Data We Collect

  • Registration: name, email, encrypted password, country
  • KYC: identity document and selfie — stored temporarily and deleted immediately after verification
  • Transactions: purchases, wallet movements, card transfers
  • Payment: payment method, transaction ID (no card data — processed by Stripe/PayPal)
  • Communications: internal messages, emails
  • Technical: IP address, browser, device, session data
  • Affiliate: referral links, referred users, commissions

3. Purpose of Processing

  • Account management, purchases, transfers, wallet
  • Identity verification (KYC) — temporary, deleted after review
  • Payment processing via Stripe / PayPal
  • Affiliate programme tracking and commissions
  • Transactional emails, system messages, support
  • Fraud prevention and security
  • Legal obligations under Portuguese law or, where longer retention periods apply, the law of the user''s country of residence

4. Legal Basis (GDPR Art. 6)

  • Art. 6(1)(b) — Contract performance
  • Art. 6(1)(c) — Legal obligation (KYC, retention)
  • Art. 6(1)(f) — Legitimate interest (security, fraud prevention)
  • Art. 6(1)(a) — Consent (marketing emails, if sent)

5. Third-Party Sharing

We share data only with: Stripe and PayPal (payment processing), Mailgun/SMTP (email delivery), Hostinger (EU-based hosting). No sharing with advertisers or third parties for marketing. No sharing without consent except as required by law.

6. Retention Periods

  • Account data: while active + 2 years after deletion
  • Transaction data: 7 years (Portuguese tax law)
  • KYC documents: deleted immediately after verification
  • Internal messages: 60 days (auto-deleted)
  • Technical logs: 30 days
  • Email logs: 90 days

7. Your Rights (GDPR)

You have the right to: access, rectification, erasure, restriction, data portability, and objection. You may also lodge a complaint with the Portuguese supervisory authority CNPD (www.cnpd.pt) or the authority in your country of residence. All requests: support@monara.fun — processed within 30 days.

8. Cookies & Tracking

We use only technically necessary session cookies for login and CSRF protection. No tracking cookies, no advertising cookies, no third-party tracking. No cookie banner required.

9. Security

Passwords are hashed with ARGON2ID. All connections via HTTPS/TLS. CSRF protection on all forms. Rate limiting against brute-force. No payment data stored on our servers. KYC documents deleted immediately after review. Regular backups on Hostinger infrastructure.

10. Policy Changes

Material changes notified by email or in-platform message at least 14 days before taking effect. The date of last update is shown at the top of this page.

11. Contact & Complaints

support@monara.fun
Supervisory authority: CNPDwww.cnpd.pt
You may also contact the supervisory authority in your country of residence.

← Back