ISSUED BY [Moon Lab Limited]
Last updated: 9 May 2025
These terms apply to the use of the [Moon Lab Limited] (“Moon Lab” / “we” / “us”) services and as further detailed below. Our registered office is at [FLAT/RM 59, ENTERPRENEURSHIP CENTRE, LEVEL 5, CYBERPORT 3 (CORE F), 00 CYBERPORT ROAD, HK]. We are a company registered in Hong Kong, with company number [73125803].
This privacy and data policy (“Privacy Policy”) applies and has effect in respect of [our website, mobile application and related content and our related services, activities and features] (the “Services”, each a “Service”).
If you have any questions or comments about this Privacy Policy, or if you want to exercise your right to object to the processing of your Personal Data, you can contact us at [*]
We are committed to protecting and respecting your privacy. This Privacy Policy explains the basis on which Personal Data we collect from you will be processed by us or on our behalf. Where we decide the purpose and means for which Personal Data you supply through this Service is processed, we handle your Personal Data in compliance with the applicable laws and regulations in relation to data protection.
Please read this Privacy Policy carefully as it contains important information about the following:
What information we may collect about you;
How we will use information we collect about you;
Whether we will disclose your details to anyone else; and
Your choices and rights regarding the Personal Data we hold about you.
This Privacy Policy should be read in conjunction with our Terms and Conditions as may be applicable in respect of the Service. Where Terms and Conditions are applicable, they will be made available via the Service.
The Service may contain hyperlinks to services owned and operated by third parties. These third party services may have their own privacy policies and we recommend that you review them. They will govern the use of Personal Data that you submit or which is collected by cookies and other tracking technologies whilst using these services. We do not accept any responsibility or liability for the privacy practices of such third party services and your use of these is at your own risk.
We may make changes to this Privacy Policy in our sole discretion at any time in the future, which will be made available here. You should check here from time to time to ensure you are aware of any changes. Where appropriate, we may notify you of changes by email or through the Service. The effective date of this version of Privacy Policy appears at the beginning of the Privacy Policy.
By using our Services or providing Personal Data to us, you consent to the collection, use and disclosure of your Personal Data in accordance with this Privacy Policy, and your continued use of our Services after we have made any changes or updates will be deemed to constitute acceptance of our Privacy Policy as updated and amended.
We may from time to time collect, process, and store certain personally identifiable information that can be used to contact or identify you and your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantee/security providers and other natural persons related to you (“Relevant Persons”) via your use of the Services or where you have given your consent (“Personal Data”). Such Personal Data may include contact details, information and data generated in the ordinary course of your relationship with us, information and data collected when you or a Relevant Person participates in events organized by us and information from cookies or the use of any information technology applications. The Personal Data that you may provide to us during your use of the Services may also include, without limitation:
Full legal name (including former name, and names in English and other languages, if applicable)
Identification document type (e.g. Passport)
Identification document number (e.g. Passport No.)
Gender
Date of birth
Place of birth
Nationality
Residential address
Country/state of residence
Total net wealth (approximately in USD)
Purpose of account opening
Initial and ongoing sources of wealth or income
Nature and details of the business/occupation/employment
Level of activity anticipated
Source of funds/digital assets to be used in the relationship
Credit history and score
Contact phone number
Email address
Your transaction history and spending pattern
Bank account information
Blockchain address
Your location data
Wallet related information, including your wallet address which is temporarily processed as part of API requests (in URL parameters or bodies) when making API calls required to support the user experience, but excluding your private keys, financial payment information (however, when you use our on- or off-ramp features these services may necessitate you submitting this information to third-party providers)
Device and Usage Information, including information such as date/time stamps, usage information and statistics, your internet protocol (IP) address, location (e.g., city or state), hardware and software information (including operating system version and type), browser type, device identifiers, device event information, crash data, cookie data, and your interactions with the Services
Additional Personal Data or documentation at the discretion of our compliance team
We may use the collected Personal Data for the following purposes:
To make decisions relating to the provision or continued provision of the Services to you.
To administer, operate, deliver, improve, and personalize the Services.
To process your payments and transactions, and to provide you with statements, invoices, receipts and other related information in relation to the Services.
To monitor and record the usage of the Services and communications with you and/or the Relevant Persons (including for investigation and fraud prevention purposes).
To detect, prevent and address technical issues.
For risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and to carry out internal/external audits.
To communicate with you, your affiliates and/or your representatives in relation to events, our Services and other products or services offered by Moon Lab or its affiliates, unless you have opted not to receive such information.
To conduct market research, surveys, promotions and contests, and to analyze your preferences, interests and behavior in relation to the Services.
To fulfil any applicable legal, regulatory and compliance requirements (including anti-money laundering and tax obligations applicable to us).
To enforce or defend the rights or property of Moon Lab, its affiliates and other users.
For safety, security and integrity focused on investigating in good faith alleged violations of our Terms and Conditions, including unauthorized access and use. In order to protect the Services, and ensure your continued access to the Services, your Personal Data is collected to prevent malicious actors from attacking and disrupting the Services.
To carry out any other purpose(s) described to you at the time the data was collected.
A cookie is a text file placed onto your device when you access our Services. We use cookies and other similar or equivalent online tracking devices such as web beacons, standard development kits (for mobile) and flash object storage to deliver, improve and monitor our websites, applications and other Services, including in the following ways:
Authentication
To log you into our Service and keep you logged in.
Service delivery
To deliver our services and third-party services which may be embedded into our own Services (such as social media network connectivity).
Preferences
To remember information about your preferences such as your preferred language and configuration.
Analytics
To help us understand how you use our Services, such as how often, so we can improve Services and deliver a better experience and also for us to carry out research and statistical analysis to help us develop new products and services
Advertising
To help us deliver in-Service advertising to you (which may be served by, or facilitated by, third parties). These are also used to help us and our partners measure the effectiveness of advertising and whether it was actually served to you.
The information we obtain from our use of cookies will not usually contain your Personal Data. Although we may obtain information about your device such as your advertiser ID, IP address, your browser and/or other internet log information, this will not usually identify you personally.
Please note that if you choose to disable cookies, or similar technologies, on your device you may be unable to make full use of our Services or may not have the same quality of experience.
We may work with third parties who may also set cookies and equivalent technologies on our Services, for example: Google Analytics, Google AdWords, YouTube, Facebook, Twitter and LinkedIn, which we use to display video content, enable social networking functionality and sharing, and to monitor how visitors use our Services.
We may share your Personal Data with the following persons for the purposes stated above:
Our third party service providers who help us provide, operate, maintain, secure and improve the Services (including but not limited to any “Know Your Client” or other blockchain analytics service providers, credit card networks, banks or financial institutions, payment processors, merchants, loyalty programs partners, and service providers that provide website hosting, data analysis, information technology, mailing, telecommunications, human resource, data processing, payments, credit references or other services).
Any person or entity that is part of Moon Lab and its affiliates who is under a duty of confidentiality to the disclosing entity.
Professional advisers of Moon Lab and its affiliates.
Any person or entity that we engage or participate in for the purposes of marketing, advertising, or promoting our Services, such as social media platforms, online platforms, or third party websites.
Any person to whom we are under an obligation or otherwise to make disclosure pursuant to legal process or pursuant to any foreign or domestic legal, tax, and/or regulatory obligation or request.
Any person or entity that you authorize or consent to receive your Personal Data, such as your authorized representatives, agents, advisors, or beneficiaries.
Any actual or proposed assignee or business transferee of Moon Lab and/or its affiliates.
We may also share aggregated or anonymized Personal Data with the above persons to help administer, operate, deliver and improve the Services.
We may use automated decision-making methods which do not involve human involvement to process your information and shall do so only in the ways that are described in this Privacy Policy.
In the event we wish to process your Personal Data for marketing purposes and where not otherwise detailed in this Privacy Policy, we will obtain your prior consent to process your Personal Data before doing that where we are required to do so by law. In each relevant instance, if you prefer that we do not process your Personal Data in that way, you can let us know by simply using the relevant consent options, buttons or similar choices we provide to you at the relevant time. You can also withdraw your consent (or, if applicable, ‘opt-out’) at any time by letting us know by email to [*].
You have the following rights over the way we process Personal Data relating to you, as set out in the table below. We aim to comply with requests without undue delay and within one month at the latest. In accordance with applicable laws and regulations, we reserve the right to charge you a reasonable fee for the relevant data access request. Please note that we may need to verify your identity in order to process your request.
Ask for a copy of Personal Data we are processing about you and have inaccuracies corrected or request erasure
You have the right to request a copy of the Personal Data we hold about you and to have any inaccuracies corrected. You can request a copy by emailing [*].
We will use reasonable efforts, to the extent required by law, to comply with requests to supply, correct or delete Personal Data held about you on our files (and request that any third parties to whom it has been disclosed to do the same).
Object to us processing Personal Data about you
You can ask us to restrict, stop processing or delete your Personal Data if:
you consented to our processing the Personal Data and have withdrawn that consent;
we no longer need to process that Personal Data for the reason it was collected;
we are processing that Personal Data because it is in the public interest or it is in order to pursue our legitimate interest or the legitimate interest of a third party, you don’t agree with that processing and there is no overriding legitimate interest for us to continue processing it;
the Personal Data was unlawfully processed;
you need the Personal Data to be deleted in order to comply with legal obligations; and/or
the Personal Data is processed in relation to the offer of a service to a child.
You can request account deletion by sending an email to [*]. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary.
We take the protection of the Personal Data of children very seriously. In the event that we learn that we have collected Personal Data from a child other than as intended in accordance with this Privacy Policy, we will delete that information as quickly as possible.
We will take commercially reasonable, appropriate technical and organizational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Service, taking into account the likelihood and severity those risks might pose to your rights and freedoms.
In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorized disclosure of or access to the Personal Data transmitted, stored or otherwise processed by us.
Please be aware that, while we make the security of our Service and your Personal Data a high priority, no security system can prevent all security breaches.
Unfortunately, the transmission of information via the internet is not completely secure. We do our best to protect your Personal Data, but we cannot always guarantee the complete security of your data transmitted through our Service; subject to applicable law, the sharing of your Personal Data with us and any transmission of the data is at your own risk.
The data we collect from you may be transferred to, and stored at, a destination outside Indonesia. It may also be processed by staff that operate outside Indonesia and work for us or our suppliers. These staff may be engaged in the fulfilment of your orders, the processing of your payment details, the maintenance of the Service, and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the provisions of applicable laws and regulations.
Where your Personal Data is transferred outside of Indonesia to a territory which has laws that do not provide the same level of data protection as Indonesia law, we will ensure that relevant safeguards are in place to afford adequate protection for Personal Data, and we will comply with applicable data protection laws. If you require more information about these safeguards, you can contact us at [*].
All questions, comments or enquiries should be directed to us at [*]. We will endeavor to respond to any query or questions within a reasonable amount of time.
