Cybersecurity and Data Privacy Policy

Effective Date: 2024-12-31

Last Updated: 2024-12-31

1. Introduction and Purpose

Monetty is committed to protecting personal data, financial data, and digital infrastructure in accordance with applicable data protection laws, including the Brazilian General Data Protection Law (LGPD), and industry best practices. This Cybersecurity and Data Privacy Policy establishes our framework for maintaining the security, confidentiality, and integrity of information systems and data entrusted to us by customers, partners, and stakeholders.

As a financial technology company operating in a regulated environment, Monetty recognizes the critical importance of cybersecurity and data protection. This policy reflects our commitment to meeting the expectations of banking partners, regulatory authorities, and our customers while maintaining the highest standards of information security.

---

2. Scope of Application

This policy applies to:

• All information systems, networks, and technology infrastructure operated by or on behalf of Monetty
• All employees, contractors, consultants, and temporary staff who have access to Monetty systems or data
• Technology and infrastructure partners, including cloud service providers, payment processors, and other third-party vendors
• All customer data, business data, and personal information collected, processed, stored, or transmitted by Monetty
• All products, services, and applications developed, maintained, or operated by Monetty

---

3. Governance and Responsibilities

Monetty maintains a structured governance framework for cybersecurity and data protection:

• Management Responsibility: Senior management is responsible for establishing and maintaining the overall cybersecurity and data protection strategy, allocating necessary resources, and ensuring compliance with applicable laws and regulations.
• Compliance and Risk Management: The compliance function oversees adherence to legal and regulatory requirements, conducts risk assessments, and ensures that security controls align with industry standards.
• Technology and Security Operations: The technology team is responsible for implementing, maintaining, and monitoring security controls, managing security incidents, and ensuring the secure operation of information systems.
• Employee Accountability: All personnel are required to understand and comply with this policy and related security procedures. Training and awareness programs are provided to ensure staff are equipped to protect sensitive information.

---

4. Cybersecurity Controls

Monetty implements comprehensive cybersecurity controls designed to protect against unauthorized access, data breaches, and other security threats:

4.1 Access Control and Authentication

Monetty employs robust access control mechanisms to ensure that only authorized individuals can access systems and data. This includes multi-factor authentication, role-based access controls, regular access reviews, and the principle of least privilege, ensuring users have access only to the information necessary for their job functions.

4.2 Encryption of Data at Rest and in Transit

All sensitive data, including personal information and financial data, is encrypted using industry-standard encryption algorithms. Data in transit is protected through secure communication protocols, and data at rest is encrypted using strong encryption methods to prevent unauthorized access even in the event of a security breach.

4.3 Secure Cloud Infrastructure

Monetty utilizes secure cloud infrastructure that complies with industry security standards. Our cloud environments are configured with appropriate security controls, including network segmentation, firewall rules, and intrusion detection systems. Regular security assessments and audits are conducted to ensure the ongoing security of our infrastructure.

4.4 Monitoring, Logging, and Threat Detection

Monetty maintains continuous monitoring of information systems to detect potential security threats and anomalies. Comprehensive logging mechanisms capture security-relevant events, and automated threat detection systems analyze patterns to identify potential security incidents. Security logs are retained in accordance with legal and regulatory requirements.

4.5 Secure Software Development Practices

Monetty follows secure software development lifecycle practices, including security requirements analysis, secure coding standards, code reviews, and security testing. Applications undergo security assessments before deployment, and regular updates and patches are applied to address identified vulnerabilities.

---

5. Personal Data Protection and Privacy

Monetty is committed to protecting personal data in accordance with applicable data protection laws, including the Brazilian General Data Protection Law (LGPD). Our data protection practices are aligned with the following principles:

• Lawfulness, fairness, and transparency in data processing
• Purpose limitation and data minimization
• Accuracy and data quality
• Storage limitation and retention policies
• Integrity and confidentiality
• Accountability and demonstration of compliance

For detailed information about how Monetty collects, uses, and protects personal data, please refer to our Privacy Policy:

https://monetty.com/privacy

---

6. Security Incident Management

Monetty maintains a formal security incident management process to ensure timely detection, response, and resolution of security incidents:

• Incident Detection: Security incidents are identified through automated monitoring systems, security alerts, employee reporting, and external notifications.
• Incident Response: Upon detection, incidents are immediately assessed and classified according to severity. A dedicated response team takes appropriate containment and remediation actions to minimize impact.
• Escalation: Significant security incidents are escalated to senior management and, when required by law or regulation, to relevant regulatory authorities and affected parties.
• Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, Monetty will notify affected data subjects and relevant regulatory authorities in accordance with applicable legal requirements, including LGPD notification obligations.
• Post-Incident Review: Following the resolution of security incidents, post-incident reviews are conducted to identify lessons learned and implement improvements to prevent similar incidents.

---

7. Third-Party and Vendor Security

Monetty works with various technology partners, service providers, and vendors to deliver our services. All third parties that have access to Monetty systems or data are required to:

• Comply with confidentiality and security requirements consistent with this policy
• Implement appropriate security controls to protect data and systems
• Undergo security assessments and due diligence before engagement
• Maintain security certifications and compliance with relevant standards where applicable
• Report security incidents that may affect Monetty systems or data
• Comply with data protection requirements and contractual obligations

Monetty conducts regular reviews of third-party security practices and requires vendors to demonstrate ongoing compliance with security requirements.

---

8. Data Subject Rights

Monetty recognizes and respects the rights of data subjects under applicable data protection laws, including the LGPD. Data subjects have the right to:

• Access their personal data
• Correct inaccurate or incomplete data
• Request deletion of personal data, subject to legal retention requirements
• Request information about data processing
• Object to certain types of data processing
• Request data portability where applicable

To exercise your data subject rights, including the right to request data deletion, please visit:

https://monetty.com/data-deletion/

You may also contact us directly at privacy@monetty.com to exercise your rights or for any questions regarding data protection.

---

9. Policy Review and Updates

This Cybersecurity and Data Privacy Policy is reviewed periodically to ensure it remains current with evolving threats, regulatory requirements, and industry best practices. Updates may be made to reflect changes in:

• Applicable laws and regulations
• Industry standards and best practices
• Technology and security landscape
• Business operations and service offerings
• Partner and regulatory expectations

When significant changes are made to this policy, we will update the 'Last Updated' date at the top of this document. Material changes that affect data processing practices or user rights will be communicated through appropriate channels.

---

10. Contact Us

For questions, concerns, or requests related to this Cybersecurity and Data Privacy Policy, please contact us:

Monetty
Privacy and Data Protection: privacy@monetty.com
Compliance: compliance@monetty.com
https://monetty.com

---

By using Monetty's services, you acknowledge that you have read and understood this Cybersecurity and Data Privacy Policy.