Last Updated: 2025/10/08

Moneda Digital GmbH ("Moneda", "we", "us", "our" or "Company") is committed to protecting your privacy. This Privacy Policy how we handle your personal data, your rights under the GDPR, and the steps we take to protect your information when you use our services ("Service"). We aim to be transparent, respectful, and secure in everything we do. By using Moneda, you agree to the practices described in this Privacy Policy.

If you have any questions or concerns, you can contact us at [email protected].

1. Purposes and Legal Bases for Data Processing

We process personal data for the following purposes. The legal basis for each processing activity is listed together with a short explanation and category:

• Account Management: When you create an account or profile to use our Services, we collect personal information such as your name, email address, and any other details necessary for account creation. We use this information to authenticate your account and provide you with the requested Services.
• Communication: When you contact us via our website, email, or other channels, we collect your name, email address, and any other details you choose to provide (including the content of your communications). We use this information to respond to your inquiries and improve our support.
• Transaction Facilitation: Facilitating user-initiated blockchain transactions via third-party providers, including payment providers. Moneda itself is not regulated and does not provide regulated financial services.
• Personalization: Allowing users to configure preferences, goals, risk tolerance, and view general suggestions based on those inputs. No investment advice is provided.
• Security & Fraud Prevention: Monitoring blockchain addresses to prevent you from interacting with known fraudulent accounts. We also process biometric data (e.g. Face ID or fingerprint information) to facilitate secure sign-ins and transaction approvals related to your self-custodial wallet. This biometric data is processed locally on your device and is not stored or accessible by Moneda.
• Use of Third-Party Services: To provide our services efficiently and securely, we rely on various external service providers. These include providers of hosting, analytics, authentication, app distribution, transaction infrastructure, and regulated financial services.
• Analytics and App Usage: Understanding app usage through Google Firebase. Firebase collects pseudonymized technical data (e.g., screen views, session duration, device type) to help improve app performance and usability. No identifiable personal data such as name or email is collected. Users may opt out by disabling analytics in the app settings.
• Legal Compliance: Fulfilling our regulatory duties and record-keeping obligations. This includes complying with financial regulations and other legal requirements (for example, anti-money laundering verification checks). Certain processing may also occur at the instruction of regulated service partners (e.g. when we assist our partners in meeting their compliance obligations).
• Identity Verification (KYC & AML Compliance): If you choose to access features of Moneda that involve fiat currency or other regulated financial services. for example, linking a bank account, topping up your Moneda account with EUR or USD, withdrawing funds to a bank, or opening a virtual IBAN account, we will ask you to complete an identity verification process as required by law (Know Your Customer or “KYC”). This one-time verification involves collecting certain information and documents (such as a government-issued photo ID, a live selfie for liveness verification, and a recent proof of address) to confirm your identity. We use this information only ****to verify your identity, comply with anti-money laundering (”AML”) regulations, and enable the requested financial services for you.
• Mandatory Service Notifications: Sending essential information about account activity, security alerts, system updates, or transaction confirmations. These are service-related and not promotional in nature.
• Newsletters: Sending optional newsletters, marketing updates, or educational content, if you have subscribed to receive them. You can unsubscribe at any time, and we will only send these with your consent.

2. Your Rights under GDPR

• Right of access (Art. 15 GDPR): You may request confirmation as to whether personal data concerning you is being processed and receive a copy of such data, along with details about its purpose, origin, and recipients.
• Right to rectification (Art. 16 GDPR): You may request that inaccurate or incomplete personal data be corrected or completed.
• Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data if the processing is no longer necessary, you have withdrawn your consent, or the data was unlawfully processed. Exceptions may apply (e.g. legal retention obligations).