MIND FINANCE S.A.R.L.U ("Mind Finance", "we", "our" or "us") operates the crypto-asset exchange service available at www.mindfinancemoney.com, which allows you to buy and sell crypto-assets. We are committed to protecting the personal information of our customers and website visitors. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, how we protect it, and the rights available to you.

This Policy should be read together with our Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Policy and our Terms of Service. Because we are a regulated financial business, several of our data practices are required by law and cannot be waived.

Mind Finance is a company registered in the Democratic Republic of the Congo (RCCM CD/MAT/RCCM/23-B-0322), with its registered office at 02, Avenue Inga, Quartier Ville Basse, Commune de Matadi, Province du Kongo Central, Democratic Republic of the Congo. Our activities are subject to the supervision of the Central Bank of Congo (Banque Centrale du Congo, "BCC") and the National Financial Intelligence Unit (Cellule Nationale des Renseignements Financiers, "CENAREF").

1. Information We Collect

When you create an account, complete identity verification, or place an order, we collect:

• Identity and contact information: Full name, username, email address, telephone number, and the country or region you operate from.
• Identity verification (KYC) documents: A valid government-issued photo ID (national identity card, passport, or CEMAC ID card). For legal entities (companies), we also collect registration documents (RCCM) and statutes, and information identifying the ultimate beneficial owner(s).
• Source-of-funds information: For any transaction equal to or above USD 10,000 (or its equivalent in Congolese francs), or for any transaction that appears unusual, we collect and record information and documents evidencing the legitimate origin of the funds.
• Order and transaction information: Amounts paid and received, payment method, transaction history, and the crypto-asset wallet addresses involved in your purchases and sales.
• Technical information: IP address, browser type, device information, and usage logs.

We collect this information directly from you. We may also obtain information from payment partners and from public or regulatory sources (for example, sanctions and politically-exposed-person screening lists) where required to meet our legal obligations.

2. Why We Use Your Information and Our Legal Basis

We process your personal data in order to:

• Provide our service — create and administer your account, and process and complete your exchange orders. (Basis: performance of our contract with you.)
• Meet our legal and regulatory obligations — carry out Know Your Customer (KYC) and Customer Due Diligence (CDD), verify your identity, screen against sanctions and politically exposed persons (PEP) lists, monitor transactions, and detect, report and prevent money laundering and terrorist financing in accordance with DRC Law No. 04/016 and the instructions of the BCC and CENAREF. (Basis: compliance with a legal obligation.)
• Protect against fraud and secure our service — verify transactions, prevent fraud and abuse, and maintain the security of our systems. (Basis: our legitimate interest in operating a safe and lawful service.)
• Communicate with you — send order-status notifications, respond to your enquiries, resolve disputes, and provide customer support.
• Improve our service — understand how our service is used, and maintain and improve it.

3. How We Share Your Information

We do not sell your personal data. We share it only as described below:

• Payment and settlement partners: We share the data needed to complete your purchase or sale with our payment partners, including Binance (crypto-asset payments), M-Pesa (mobile money), and our banking partners.
• Competent authorities: We disclose information to the BCC, CENAREF, courts, and law-enforcement and tax authorities where required by law, including the filing of suspicious-transaction reports. Where the law prohibits us from doing so (the prohibition on "tipping off"), we may be unable to inform you that such a report has been made or that an investigation is taking place.
• Service providers: We use trusted infrastructure, hosting, and technical-support providers who process data on our behalf under confidentiality obligations and only on our instructions.

We do not share your data with third parties for their own marketing purposes.

4. Where We Store and Process Your Data

Your personal data is stored and processed on secure systems operated by Mind Finance and by trusted third-party hosting and infrastructure providers acting on our behalf. Some of these providers may operate servers located outside your country of residence. Wherever your data is handled, we require appropriate technical and contractual safeguards, including confidentiality obligations, to keep it protected in line with this Policy.

5. How Long We Keep Your Data

Because we are a regulated financial business, we are required to keep KYC documents, transaction records, receipts, and related correspondence for a minimum of ten (10) years after the end of our relationship with you, in accordance with DRC AML/CTF law. We may keep certain records longer where an investigation, dispute, or legal requirement makes it necessary.

Data that we are not required by law to retain will be deleted or anonymised when it is no longer needed for the purposes described in this Policy. You may ask us to delete non-regulatory data by contacting us.

6. Data Security

We use industry-standard encryption (TLS/HTTPS) to protect data in transit. Passwords and other sensitive credentials are hashed and are never stored in plain text. Access to personal data is restricted to authorised personnel only. No system can be guaranteed to be completely secure; if you believe your account has been compromised or accessed without authorisation, please contact us immediately.

7. Your Rights

Subject to the legal obligations that apply to us as a regulated financial business, you may:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data — except where we are legally required to keep it (for example, KYC and transaction records subject to the 10-year retention rule)
• Object to or request restriction of certain processing
• Request a copy of the data you provided to us in a structured, commonly used, machine-readable format

Please note that some of these rights are limited by our legal obligations. For example, we cannot delete records we are required to keep, and we cannot always confirm or provide information that would amount to "tipping off" under anti-money-laundering law. To exercise any right, contact us using the details in Section 11. We may need to verify your identity before acting on your request.

8. Cookies

We use only session cookies that are strictly necessary for authentication and security. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but you will not be able to log in to your account if you do.

9. Children's Privacy

Our service is intended only for individuals aged 18 or older. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately and we will take appropriate steps.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the "Last updated" date above, and we will notify you of significant changes by email or through a notice on our website. Your continued use of our service after an update takes effect constitutes acceptance of the revised Policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, or if you wish to exercise your rights, contact us: