Privacy policy

Operating model

MonaxPay keeps the data needed for dashboard access, receipts, risk controls, and audit evidence while delegating card and provider identity data to approved providers.

Ready

Policy version2026-06-07

Last updated2026-06-07

MonaxPay roleSoftware, orchestration, risk controls, receipts, reporting, and audit evidence.

Minimal application data

Ready

The app stores account, role, wallet, link, receipt, audit, and reconciliation records. Raw card data and provider-hosted identity documents are not stored in the app database by default.

Provider checks

Provider required

Approved KYC/KYB, onramp, wallet-screening, and payment providers may process identity, payment, sanctions, fraud, and route data under their own approved controls.

Customer receipt access

Ready

Customers access receipts through email and access-code verification. Merchant operations and unrelated customer records are not exposed in the receipt vault.

Security controls

Required before live

Production access requires signed sessions, TOTP step-up, CSRF protection, scoped API credentials, replay protection, audit logs, backup evidence, and readiness checks.

Operating model

Applies toMerchants, personal recipients, API partners, and team operators.

Merchant roleOwns customer relationship, truthfulness of offer, refunds, support, tax, and settlement wallet.

Provider roleOnramp, payment-method checks, provider KYC where required, card authorization, and provider disputes.