Legal

Privacy Policy

How MonamiPay collects, uses and protects your personal data.

Document
MonamiPay Privacy Policy
Version
1.0
Effective date
June 30, 2026
Last reviewed
June 30, 2026
Data Controller
MonamiPay Limited (company number: 14156299)
ICO Registration
[INSERT ICO REGISTRATION NUMBER]
DPO / Data Contact
privacy@monamipay.com
Governing law
UK GDPR and the Data Protection Act 2018

1. Who We Are

MonamiPay Limited ("MonamiPay", "we", "us", "our") is a company registered in England and Wales (company number: 14156299). Our registered office is at [REGISTERED ADDRESS]. MonamiPay operates a mobile-first remittance platform enabling customers to send money internationally.

MonamiPay is registered with the Information Commissioner's Office (ICO) as a data controller under registration number [INSERT]. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For any questions about this Privacy Policy or how we handle your personal data, please contact us at: privacy@monamipay.com

2. What Personal Data We Collect

2.1 Data You Provide Directly

Data CategoryExamplesWhen Collected
Identity dataFull legal name; date of birth; nationality; country of birthRegistration; KYC verification
Contact dataEmail address; UK mobile number; residential addressRegistration; address verification
Identity document dataPassport or national ID number; document expiry date; document imagesKYC verification
Biometric dataFacial image (selfie); liveness check dataKYC biometric verification — Sumsub platform
Financial dataBank account details (for sending); transfer amount; transfer historyWhen making a transfer
Source of fundsEmployment details; income source; purpose of transferEDD (enhanced due diligence) cases
Recipient dataRecipient name; recipient bank account number; recipient bank name; recipient countryWhen adding a recipient
Communication dataMessages sent to customer support; WhatsApp messages; email correspondenceCustomer support interactions
Waitlist dataEmail address; name (if provided)Joining the pre-launch waitlist

2.2 Data Collected Automatically

Data CategoryExamplesPurpose
Device dataDevice type; operating system; app version; device identifierFraud prevention (SEON); security
Usage dataPages visited; features used; transfer flow interactionsService improvement; analytics
Technical dataIP address; browser type; time zoneFraud prevention; security monitoring
Location dataCountry of access (derived from IP)Compliance screening; fraud prevention
Cookies and similar technologiesSession cookies; analytics cookiesSee Cookie Policy section below

3. Lawful Basis for Processing

Processing ActivityLawful BasisRelevant Law
Identity verification (KYC)Legal obligation — we are required by the Money Laundering Regulations 2017 to verify your identityMLR 2017; UK GDPR Art. 6(1)(c)
Processing your money transferContract performance — necessary to provide the service you have requestedUK GDPR Art. 6(1)(b)
AML/sanctions screeningLegal obligation — required by MLR 2017; FCA requirementsMLR 2017; UK GDPR Art. 6(1)(c)
Transaction monitoringLegal obligation and legitimate interests — detecting and preventing financial crimeMLR 2017; UK GDPR Art. 6(1)(c) and (f)
Fraud prevention (SEON)Legitimate interests — protecting customers and MonamiPay from fraud and financial crimeUK GDPR Art. 6(1)(f)
Customer supportContract performance — necessary to respond to your requestsUK GDPR Art. 6(1)(b)
Marketing communications (where opted in)ConsentUK GDPR Art. 6(1)(a)
Analytics and service improvementLegitimate interests — improving our product and customer experienceUK GDPR Art. 6(1)(f)
Biometric processing (liveness check)Explicit consent — you consent when completing the liveness check in the appUK GDPR Art. 9(2)(a)

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Verifying your identity and eligibility to use our services
  • Processing your money transfer instructions
  • Complying with our legal obligations under the Money Laundering Regulations 2017, FCA requirements, and HMRC MSB obligations
  • Screening your identity, transactions, and recipients against sanctions lists, PEP databases, and adverse media sources
  • Detecting, preventing, and investigating fraud and financial crime
  • Providing customer support
  • Sending you service notifications about your transfers (SMS, email, push notification)
  • Sending you marketing communications about MonamiPay products and services (where you have consented or where permitted under UK PECR)
  • Improving and developing our platform and services
  • Complying with legal and regulatory requirements and responding to requests from regulators

5. Sharing Your Personal Data

5.1 Sub-Processors and Service Providers

We share your personal data with the following categories of third-party service providers who process data on our behalf under Data Processing Agreements (DPAs):

Service ProviderPurposeLocation
SumsubIdentity verification (KYC): document AI verification; biometric liveness; risk scoringEU / Global — SCCs in place
ComplyAdvantageAML/sanctions screening; PEP and adverse media checks; transaction monitoringUK/EU — UK GDPR compliant
SEON TechnologiesFraud prevention: device intelligence; velocity rules; fraud scoringEU — UK GDPR compliant
Currencycloud (Visa)Payment infrastructure: GBP collections; FX conversion; SWIFT paymentsUK — FCA authorised
Amazon Web Services (AWS)Cloud infrastructure: data hosting, storage, processing (eu-west-2, London)UK — ISO 27001; UK GDPR compliant
TwilioSMS notifications for transfer status updatesUS — SCCs and UK addendum in place
SendGrid (Twilio)Email notifications for transfer status and account communicationsUS — SCCs and UK addendum in place
Intercom/ZendeskCustomer support platform — in-app chat and support ticket managementUS — SCCs and UK addendum in place

5.2 Other Sharing

  • Nigeria payout partner (CBN-licensed): recipient bank account details and transfer instruction are shared with our payout partner to deliver funds to your recipient
  • Regulatory authorities: we may share data with the FCA, HMRC, the National Crime Agency (NCA — for Suspicious Activity Reports), or other regulators where required by law
  • Law enforcement: we will share data with law enforcement agencies where required by a valid court order or legal obligation
  • Business transfers: if MonamiPay is acquired, merged, or undergoes a restructuring, your data may be transferred to the successor entity

We do not sell your personal data to third parties for marketing purposes.

6. International Transfers

Some of our service providers are located outside the UK. Where we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the ICO — for transfers to countries without an adequacy decision
  • The UK International Data Transfer Agreement (IDTA) — for transfers to the US and other non-adequate countries
  • Adequacy decisions — where the UK has recognised the recipient country as providing adequate protection

A full list of safeguards for each international transfer is available on request from privacy@monamipay.com

7. Data Retention

Data CategoryRetention PeriodLegal Basis for Retention
KYC / identity verification records5 years from the date our business relationship endsMLR 2017 Regulation 40
Transaction records5 years from the date of the transactionMLR 2017 Regulation 40
SAR-related records5 years from the date of the reportMLR 2017 Regulation 40; POCA 2002
Customer support communications3 years from the last interactionLegitimate interests; contract
Marketing consent recordsUntil consent is withdrawn + 1 yearUK GDPR Art. 7; ICO guidance
Fraud prevention dataUp to 6 years where fraud is suspectedLegitimate interests; legal claims
Waitlist dataUntil the service launches or you unsubscribe, whichever is soonerConsent
Technical/log data (analytics)Up to 2 yearsLegitimate interests

Where we are legally required to retain data (particularly under the Money Laundering Regulations 2017), we cannot delete it earlier even if you request erasure.

8. Your Rights

Under UK GDPR you have the following rights. To exercise any of these rights, contact us at privacy@monamipay.com. We will respond within 30 days.

RightWhat It MeansLimitations
Access (Art. 15)Request a copy of all personal data we hold about you (Subject Access Request / DSAR)We may redact third-party data
Rectification (Art. 16)Request correction of inaccurate or incomplete data
Erasure (Art. 17)Request deletion of your personal data ('right to be forgotten')Cannot apply where we have a legal obligation to retain (e.g. MLR 2017 — 5-year retention)
Restriction (Art. 18)Request that we restrict processing while a dispute is resolved
Portability (Art. 20)Request your data in a structured, machine-readable formatApplies to data processed by automated means under consent or contract
Object (Art. 21)Object to processing based on legitimate interestsWe can override if we have compelling legitimate grounds
Withdraw consentWithdraw consent at any time where processing is based on consentDoes not affect lawfulness of prior processing
Lodge a complaintComplain to the ICO (ico.org.uk) if you believe we have breached UK GDPRICO helpline: 0303 123 1113

9. Automated Decision-Making

MonamiPay uses automated processing for the following purposes:

  • KYC risk scoring (Sumsub): your identity documents and biometric data are assessed automatically to determine a risk score. Low-risk applicants are approved automatically. Medium and high-risk cases are reviewed by our MLRO.
  • Sanctions screening (ComplyAdvantage): your name and date of birth are automatically screened against sanctions lists. Any match is reviewed by our MLRO before a decision is made.
  • Fraud scoring (SEON): your device and digital footprint are automatically scored for fraud risk. High-risk scores are reviewed by our compliance team before a decision is made.

No purely automated decision that produces a legal or similarly significant effect on you is made without human review. Our MLRO reviews all cases escalated by automated systems. If you wish to contest an automated decision or request human review, contact us at privacy@monamipay.com

10. Cookies

Our website (monamipay.com) uses the following types of cookies:

Cookie TypePurposeLegal Basis
Strictly necessaryEssential for the website to function (e.g. session management; security)No consent required — necessary for service
AnalyticsUnderstanding how visitors use the website (e.g. Google Analytics — anonymised)Consent — you can opt out via our cookie banner
MarketingTracking effectiveness of paid advertising (e.g. Meta Pixel, Google Ads)Consent — you can opt out via our cookie banner

You can manage your cookie preferences at any time via the cookie settings link in our website footer. See our full Cookie Policy for the full details. Withdrawing consent for non-essential cookies will not affect your ability to use the website.

11. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • AES-256 encryption for all personal data stored on our systems
  • TLS 1.3 encryption for all data transmitted between your device and our platform
  • Multi-factor authentication (MFA) for all staff accounts
  • Role-based access control — staff can only access data necessary for their role
  • Annual penetration testing by CREST-accredited external security firms
  • Continuous security monitoring via Datadog

If you believe your account has been compromised or you have discovered a security vulnerability, please contact us immediately at security@monamipay.com

12. Children's Privacy

MonamiPay's services are not intended for and should not be used by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@monamipay.com and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account with us) and by updating the 'Last reviewed' date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

ContactDetail
Data ControllerMonamiPay Limited
Registered address[INSERT REGISTERED ADDRESS]
Data protection enquiriesprivacy@monamipay.com
Security concernssecurity@monamipay.com
ICO Registration[INSERT ICO NUMBER]
ICO (supervisory authority)ico.org.uk | 0303 123 1113