PRIVACY POLICY

Last Updated: April 16, 2025

Introduction

Monirates Inc., a Delaware corporation with its principal place of business at 2055 Limestone Rd STE 200-C, Wilmington, DE 19808, USA ("Monirates," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").
By accessing or using our Services, you consent to the collection, use, disclosure, and storage of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

JURISDICTIONAL COVERAGE

This Privacy Policy is designed to comply with privacy laws in all jurisdictions where we operate, including but not limited to:

• Nigeria (Nigeria Data Protection Regulation)
• Ghana (Data Protection Act)
• Benin (applicable data protection laws)
• Cameroon (applicable data protection laws)
• Democratic Republic of Congo (applicable data protection laws)
• Kenya (Data Protection Act)
• Malawi (applicable data protection laws)
• Rwanda (Law on the Protection of Personal Data and Privacy)
• Senegal (applicable data protection laws)
• Tanzania (Data Protection regulations)
• Uganda (Data Protection and Privacy Act)
• Zambia (applicable data protection laws)
• United States (various federal and state laws including CCPA/CPRA, VCDPA, CPA, CTDPA, and UCPA)
• United Kingdom (UK GDPR and Data Protection Act)
• European Union (GDPR, where applicable to our operations)

We recognize that different jurisdictions may have varying requirements regarding data protection, and we are committed to meeting or exceeding the legal requirements in each jurisdiction where we operate.

INFORMATION WE COLLECT

We collect several types of information from and about users of our Services:

Personal Information

Information that identifies you as an individual or relates to an identifiable person, including:

• Full name
• Date of birth
• Home or other physical address
• Email address
• Phone number
• Government-issued identification (passport, national ID, driver's license)
• Biometric data (where permitted by law, such as fingerprints for authentication)
• Photographs (for identity verification)
• Nationality
• Tax identification information
• Employment information

Financial Information

Information related to your financial accounts and transactions, including:

• Bank account numbers
• Credit/debit card information
• Transaction history
• Account balances
• Payment history
• Mobile money account details
• Currency exchange transactions
• Transfer records

Identity Verification Information

To comply with anti-money laundering (AML) and know your customer (KYC) regulations across our operating jurisdictions, we collect information to verify your identity, such as:

• Copies of identification documents
• Proof of address documents
• Information about beneficial owners (for business accounts)
• Politically exposed person status
• Sanctions screening information

Device and Usage Information

Information about your device and how you use our Services, including:

• IP address
• Device type and model
• Operating system
• Browser type
• Mobile network information
• Device identifiers
• Location data (with your permission)
• App usage data
• Time and duration of service use
• Pages viewed
• Features used
• Login information
• Access times and dates

Communications Information

When you communicate with us or other users through our platform, we collect:

• Customer service interactions
• Survey responses
• User feedback
• In-app messages
• Communication preferences

HOW WE COLLECT INFORMATION

We collect information in the following ways:

Directly from You

• When you register for an account
• When you complete transactions
• When you upload verification documents
• When you contact customer service
• When you respond to surveys or promotions
• When you provide information through our app or website

Automatically

• Through cookies and similar technologies
• Through our mobile app when you use it
• Through your device when you visit our website
• Through server logs

From Third Parties

• Banks and financial institutions
• Payment processors
• Mobile money providers
• Identity verification services
• Credit bureaus (where permitted by law)
• Public databases
• Marketing partners
• Social media platforms (if you connect your social media accounts)
• Other users (such as when they send money to you)
• Business partners

HOW WE USE YOUR INFORMATION

We use your information for various purposes, including:

Provide Our Services

• Process currency exchange and transfer transactions
• Manage your account and provide customer service
• Verify your identity and prevent fraud
• Enable features such as international transfers, currency exchange, and payments
• Complete KYC and AML checks
• Facilitate communication between users of our platform

Improve Our Services

• Understand how users interact with our Services
• Develop new products and services
• Test and debug features
• Analyze usage patterns and trends
• Conduct research and analysis

Personalize Your Experience

• Remember your preferences
• Customize content and features
• Provide personalized recommendations
• Deliver targeted offers and promotions

Marketing and Communication

• Send promotional communications about products, services, and features
• Deliver updates about our Services
• Measure the effectiveness of our marketing campaigns
• Invite you to events or surveys

Security and Compliance

• Protect our Services against fraud and unauthorized access
• Comply with legal obligations in our countries of operation
• Enforce our terms and policies
• Resolve disputes
• Protect our legal rights and interests
• Respond to legal requests from authorities
• Conduct audits

LEGAL BASES FOR PROCESSING (WHERE APPLICABLE)

Where required by law (such as under GDPR, UK GDPR, or similar laws), we rely on the following legal bases to process your information:

• Contractual Necessity: To perform the contract we have with you, including to operate our Services, to provide customer support and to complete transactions.
• Legitimate Interests: For our legitimate interests, such as to improve our Services, prevent fraud, and for business operations.
• Compliance with Legal Obligations: To comply with laws, regulations, court orders, or other legal obligations.
• Consent: For specific purposes where we ask for your consent, such as for certain types of marketing communications or to collect specific types of sensitive information.

DATA SHARING AND DISCLOSURE

We may share your personal information with:

Service Providers

• Payment processors (such as banking partners in Nigeria, Ghana, Kenya, and other operating countries)
• Mobile money operators (such as MTN, Vodafone, Airtel, Orange, M-Pesa, and others across our markets)
• Identity verification services
• Cloud hosting providers
• Analytics providers
• Customer support tools
• Marketing and advertising partners
• Professional advisors (legal, accounting, etc.)

Financial Partners

• Banking institutions
• Mobile money providers
• Card networks
• Money transfer networks
• Currency exchange services

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction.

Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with laws, regulations, or legal processes
• Enforce our terms and agreements
• Protect our rights, property, or safety
• Prevent fraud or unauthorized activity
• Respond to government requests, including from regulatory authorities in Nigeria, other African countries, the US, UK, and EU

With Your Consent

We may share your information with third parties when you have given us your consent to do so

SALE OR SHARING OF PERSONAL INFORMATION

Monirates does not sell personal information for monetary consideration. However, under laws like the CCPA/CPRA, certain sharing of personal information may be considered a "sale" or "sharing" even without monetary exchange.

We may share certain information (such as device identifiers, browsing activity, and transaction patterns) with advertising partners and analytics providers who may use this information for targeted advertising or analytical purposes. This may constitute "sharing" under certain privacy laws

Your Right to Opt Out

You have the right to opt out of such sharing for cross-context behavioral advertising purposes. To exercise this right:

• Click on the "Do Not Sell or Share My Information" link in the footer of our website
• Adjust your privacy settings in your account preferences
• Contact us at privacy@monirates.com

INTERNATIONAL DATA TRANSFERS

Monirates operates in multiple countries, primarily across Africa, with connections to global financial systems. As a result, your information may be transferred to, stored, and processed in countries outside of your country of residence, including countries that may not have the same data protection laws as your jurisdiction.

When we transfer personal information from one jurisdiction to another, we implement appropriate safeguards in accordance with applicable laws, which may include:

• Data transfer agreements incorporating standard contractual clauses approved by relevant regulatory authorities
• Implementing appropriate technical and organizational measures to ensure an adequate level of protection
• Obtaining your explicit consent for certain transfers
• Relying on adequacy decisions where available (such as for transfers to and from the UK and EU)

For users in the European Economic Area (EEA), UK, and other jurisdictions with similar requirements: When we transfer your personal information outside of these regions, we ensure that appropriate safeguards are in place to provide an adequate level of data protection.

DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments and penetration testing
• Staff training on data protection and security
• Monitoring for suspicious activities
• Secure data centers and cloud infrastructure
• Compliance with industry security standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law, including:

• To provide our Services to you
• To comply with legal obligations (such as AML recordkeeping requirements, which may be 5-10 years depending on the jurisdiction)
• To resolve disputes
• To enforce our agreements
• For legitimate business purposes
• When personal information is no longer needed, we will securely delete or anonymize it.

When personal information is no longer needed, we will securely delete For All Users

YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal information:

For All Users

• Access: You can request access to the personal information we have about you.
• Correction: You can request that we correct inaccuracies in your personal information.
• Account Information: You can access and update certain information through your account settings.

For Users in Nigeria and African Countries with Similar Rights

Under the Nigeria Data Protection Regulation and similar laws in other African countries where we operate, you may have rights to:

• Request information about the processing of your personal data
• Request restriction of processing
• Object to processing in certain circumstances
• Request deletion of your data in certain circumstances

For Users in the United States

Depending on your state of residence, you may have rights to:

• Request deletion of your personal information
• Request disclosure of categories of personal information collected
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information
• Limit the use of sensitive personal information
• Data portability (receiving your data in a structured format)
• Non-discrimination for exercising your rights

For Users in the UK and EU

You may have rights to:

• Data portability (receiving your data in a structured, commonly used format)
• Restriction of processing
• Objection to processing
• Erasure (the "right to be forgotten")
• Withdrawal of consent
• Lodge a complaint with a supervisory authority

How to Exercise Your Rights

To exercise your privacy rights, you can:

• Use the privacy controls in your account settings
• Contact us at privacy@monirates.com
• Submit a request through our app or website
• For U.S. residents: Click on "Privacy Choices" or "Your Privacy Rights" in the footer of our website

We will respond to your request within the timeframe required by applicable law (generally 30-45 days, depending on jurisdiction).

Verification: We may need to verify your identity before fulfilling your request by asking for additional information.

AUTOMATED DECISION-MAKING

We use automated processes for purposes such as fraud detection, identity verification, and transaction risk scoring. These automated processes may include:

• Anti-fraud systems that analyze transaction patterns
• Identity verification systems that match submitted documents to verify authenticity
• Risk assessment systems that evaluate transaction risk
• Compliance screening systems that check against regulatory watchlists

Your Rights Regarding Automated Decisions

Where applicable law provides (such as under GDPR or similar laws), you have the right to:

• Obtain human intervention in the decision-making process
• Express your point of view about the decision
• Contest the decision

For U.S. residents, you may have rights under state privacy laws to opt out of certain profiling activities. Please contact us to exercise these rights

SENSITIVE PERSONAL INFORMATION

We collect sensitive personal information, such as government identification numbers, financial account details, and biometric data (where permitted by law), solely for legitimate business purposes, including identity verification, fraud prevention, and compliance with financial regulations.

For U.S. residents: Under applicable state privacy laws, you may have the right to limit the use and disclosure of sensitive personal information. You can exercise this right through your account settings or by contacting us

CHILDREN'S PRIVACY

Our Services are not directed at or intended for children. We do not knowingly collect personal information from children under 13 years of age. If you are under 13, please do not provide any personal information to us.

If we learn that we have collected personal information from a child under 13 without parental consent where required by law (such as under the Children's Online Privacy Protection Act in the U.S.), we will take steps to delete that information promptly.

For users between 13 and 18 years of age, we may collect limited information as permitted by applicable law, but certain features and services may be restricted.

COOKIES AND SIMILAR TECHNOLOGIES

We use cookies, web beacons, pixels, and similar technologies to collect information about how you use our Services.

Types of Cookies We Use

• Essential Cookies:Necessary for the operation of our Services.
• Analytical/Performance Cookies:Allow us to recognize and count visitors and analyze how
• users navigate our Services.
• Functionality Cookies:Enable us to personalize content and remember your preferences.
• Targeting Cookies:Record your visit, pages visited, and links followed to make advertisements more relevant

Cookie Consent and Choices

When you first visit our website, you will be presented with a cookie consent banner that allows you to:

• Accept all cookies
• Decline non-essential cookies
• Manage your cookie preferences
• Access our Cookie Policy for more detailed information

You can also control cookies through your browser settings and other tools. However, if you block certain cookies, you may not be able to use some features of our Services.
To change your cookie preferences at any time, click on "Cookie Settings" in the footer of our website.

THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, apps, or services that are not operated by us. If you click on these links, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

MARKETING COMMUNICATIONS

We may send you marketing communications about our products and services. You can opt out of receiving marketing communications from us by:

• Following the unsubscribe instructions in any marketing email
• Adjusting your communication preferences in your account settings
• Contacting customer support

Even if you opt out of marketing communications, we will still send you service-related communications, such as transaction confirmations and account notices.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email or in-app notification
• Providing notice through our Services

The date at the top of this Privacy Policy indicates when it was last updated. We encourage you to review this Privacy Policy periodically.

CONTACT US

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Privacy Team

Email: privacy@monirates.com Address: 2055 Limestone Rd STE 200-C, Wilmington, DE 19808, USA

Data Protection Officer

Email: dpo@monirates.com

For Users in Specific Regions:

• Nigeria: nigeria-privacy@monirates.com
• UK/EU: gdpr@monirates.com
• US: us-privacy@monirates.com

REGIONAL SUPPLEMENTS

NIGERIA SUPPLEMENT

In compliance with the Nigeria Data Protection Regulation (NDPR), we provide the following additional information:

• Data Controller: Monirates Nigeria Ltd., RC-1898944, A10, Mammy Market, Ibereko Army Barracks, Lagos, Lagos State, Nigeria
• Categories of Personal Data:As described in "Information We Collect"
• Purpose of Processing:As described in "How We Use Your Information"
• Technical Methods Used for Processing:Automated and manual processes with appropriate security controls
• Third-Country Transfer Safeguards:As described in "International Data Transfers"
• Retention Period:As described in "Data Retention"

You have the right to request access to, rectification, or deletion of your personal data, and to lodge a complaint with the National Information Technology Development Agency (NITDA) if you believe your rights have been violated.

GHANA SUPPLEMENT

In compliance with Ghana's Data Protection Act, we inform you that:

• Data Controller:Monirates Inc. (We provide services in Ghana but do not maintain a registered entity in the country)
• You have the right to request access to your personal data, object to processing, and request rectification or erasure in certain circumstances
• You may lodge a complaint with the Data Protection Commission of Ghana

UNITED STATES SUPPLEMENT

This U.S. Privacy Policy Supplement is provided pursuant to applicable U.S. state privacy laws including, but not limited to, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA).

Data Controller:Monirates Inc., a Delaware corporation with its principal place of business at 2055 Limestone Rd STE 200-C, Wilmington, DE 19808, USA

California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information:

• Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You can request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out: You can opt out of the sale or sharing of your personal information for crosscontext behavioral advertising by clicking on the "Do Not Sell or Share My Personal Information" link in the footer of our website.
• Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of certain sensitive personal information to purposes necessary to provide our services.

Virginia, Colorado, Connecticut, Utah, and Other State Residents

Residents of states with comprehensive consumer privacy laws may have similar rights to access, delete, correct, and opt out of the sale or processing of their personal information. Please contact us to exercise these rights.

UK AND EU SUPPLEMENT

In compliance with UK GDPR and EU GDPR (where applicable), we provide the following additional information:

• Data Controller: Monirates UK Ltd., Company No. 13982798, Building 3, City West Business Park, Gelderd Road, Leeds, England, LS12 6LX, United Kingdom
• Legal Bases for Processing: As described in "Legal Bases for Processing"
• Automated Decision-Making: We may use automated decision-making, including profiling, for fraud prevention, identity verification, and transaction risk assessment. You have the right to obtain human intervention, express your point of view, and contest the decision.
• Data Protection Officer: Our DPO can be contacted at dpo@monirates.com

To exercise your rights under GDPR or to lodge a complaint with a supervisory authority, please contact us using the information in the "Contact Us" section.