Privacy Policy

Purpose and scope

This Privacy Policy explains how RONX collects, uses, discloses and safeguards personal data in the course of providing its services. It applies to all users, prospective users and visitors of our websites and apps. It covers data about natural persons and, where applicable, directors and beneficial owners of legal entities. for Australian users, the Privacy Act 1988 (Cth) and Australian Privacy Principles.

What information we collect

We collect information:

• Identification & Verification - Name, alias, date of birth, nationality, government identification numbers (passport, national ID, driving licence), photographs or selfies, biometric data (where permitted), proof of address, utility bills and any other documents used for KYC or enhanced due diligence.
• Contact details - Physical and mailing addresses, email addresses, phone numbers, user names and emergency contacts.
• Financial and transaction data - Bank and payment-card information, wallet balances, transaction amounts, frequency and destination, currency, FX rates, account funding methods, payment instruments, beneficiary details and cash pickup instructions.
• Device and usage data - Device identifiers, IP addresses, log files, browser type, operating system, geolocation data (subject to user consent and law), access times, pages viewed, clicks, referral URLs and cookies.
• Compliance data - Information from sanctions lists, politically exposed person (PEP) screening, adverse media checks, source-of-funds documentation, occupation and industry classification, risk scores and notes from our compliance team.
• Communications - Emails, chat messages, phone recordings (where legally permissible), support tickets, feedback and survey responses.

We may collect information directly from you, from your devices, from transactions you conduct, from public sources, and from third parties such as identity-verification services, credit bureaus, banks, payment processors, analytics providers and government agencies.

Why we process your data

• To provide services – to create and administer accounts, perform KYC, process transactions, facilitate cash pickups, issue cards, display balances and allow you to manage recipients.
• Compliance with laws – to comply with anti-money laundering, counter-terrorism financing, sanctions, tax and financial-services regulations. This includes verifying identity, conducting risk assessments, monitoring transactions, maintaining records and reporting suspicious matters.
• Fraud prevention and security – to protect our services, users and partners from fraudulent, unauthorised or illegal activities; to monitor for cyber threats and to verify payment instruments.
• Customer support and communications – to respond to inquiries, provide transaction confirmations, send security alerts and deliver customer-service messages. We may record calls or chats for training and quality assurance where permitted by law.
• Product improvement and analytics – to analyse usage patterns, troubleshoot problems, test features, perform research and improve our services. We may aggregate and anonymise data for statistical purposes.
• Marketing – to send marketing and promotional materials about our services or those of selected partners when permitted by law. You may opt out of marketing at any time.
• Legal claims and protection – to establish, exercise or defend legal claims; to enforce our terms; to investigate potential violations; to comply with law-enforcement requests.

Legal bases for processing

• Performance of contract – processing is necessary to enter into or perform our contractual obligations to you, such as executing a transfer or maintaining your wallet.
• Compliance with legal obligations – we process data to comply with AML/CTF laws, financial-services regulations, tax reporting and other legal requirements.
• Legitimate interests – we process data to protect the security of our services, prevent fraud, conduct analytics and improve our products, provided our interests do not override your rights and freedoms.
• Consent – where required (e.g., to send marketing communications, use optional cookies or process sensitive data), we will obtain your consent. You may withdraw your consent at any time.

Sharing and disclosure

We may disclose personal data to the following categories of recipients:

• Service providers – identity-verification vendors, fraud-prevention services, sanction-screening providers, cloud-hosting platforms, analytics services, payment processors, card issuers and communications providers, under binding contracts requiring confidentiality and appropriate safeguards.
• Financial institutions and agent partners – correspondent banks, and card issuers who facilitate the delivery of funds and other services. They may use information only as necessary to perform services and to comply with their own legal obligations.
• Group Companies & Affiliates – For technology and administrative support, under strict confidentiality controls.
• Regulators and law enforcement – AUSTRAC, tax authorities, supervisory authorities, courts or police when we believe disclosure is required by law or necessary to protect the safety, rights or property of RONX, our customers or others.
• Professional advisers – auditors, lawyers and consultants, under confidentiality obligations, for compliance, auditing and business purposes.
• Business transfers – potential buyers or investors in connection with a merger, acquisition or asset sale. In such cases, we will require the transferee to honour this privacy policy.

We do not sell or rent your personal data to third parties.

International transfers

RONX is headquartered in Australia but operates globally. Your data may be transferred to countries outside of your country of residence, including to the European Union, United Kingdom, Middle East, and United States. When we transfer personal data internationally, we implement appropriate safeguards such as standard contractual clauses or rely on adequacy decisions or other mechanisms permitted by law to ensure your data remains protected.

Retention of records

Regulatory obligations require that we retain certain records for set periods. Under our Document Retention Policy, the AML/CTF Compliance Officer ensures that customer information, KYC documents and transaction records are retained for at least seven (7) years after the end of your relationship with us, or longer where required by law. Records related to our AML/CTF Program are kept while the policy is in effect and for seven years thereafter. When records are no longer required, we securely destroy or anonymise them.

Data security

We employ technical and organisational measures to protect personal data, including encryption, firewalls, access controls, secure facilities, employee training and vendor audits. Customer documents are stored in secure locations and destroyed before disposal. Despite our efforts, no system is completely secure; you should also take steps to protect your account credentials and devices.

Your rights and choices

Depending on your location, you have rights regarding your personal data, subject to legal limitations:

• Access and data portability – you may request a copy of the personal data we hold about you. For AUST users, you may request your data in a portable format.
• Correction – you may request correction of inaccurate or incomplete data.
• Deletion – you may request deletion of personal data. We may refuse if we must retain data to comply with law, perform a contract, defend legal claims or for legitimate interests.
• Restriction and objection – you may ask us to restrict processing or object to processing based on legitimate interests. We will consider your request but may continue processing if required by law or to exercise legal claims.
• Marketing opt-out – you may opt out of receiving marketing emails or SMS by following the unsubscribe instructions or contacting us. We may still send transactional or account-related communications.
• Withdraw consent – where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, email contact@ronx.app. We may ask you to verify your identity. For EU/UK users, you have the right to lodge a complaint with your data-protection authority (e.g., OAIC in Australia, the UK Information Commissioner’s Office or the relevant authority in your country).

Cookies and tracking technologies

We use cookies, device identifiers, web beacons and similar technologies to:

• Remember your preferences and keep you logged in;
• Enable security features and facilitate transactions;
• Measure the performance of our site and app;
• Deliver targeted advertising (where lawful and subject to your consent).

You can manage cookie preferences through your browser settings or in-app controls. Blocking cookies may affect functionality.

Children and vulnerable persons

RONX is not intended for individuals under 18 years old. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us.

Updates to the Privacy Policy

We may revise this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website, sending an email or providing an in-app notice. The date of the latest update will appear at the top of the policy. Continued use of the services after the effective date constitutes your acceptance of the revised policy.

How to contact us

If you have questions, concerns or complaints about how we handle personal data, please contact our Data Protection Officer:

Email: contact@ronx.app

Postal: R.N.ALRAWI PTY LTD, Shop 11/225 Illawarra Cres S, Ballajura WA 6066, Australia.

If you are unsatisfied with our response, you may lodge a complaint with your local data-protection authority or the Office of the Australian Information Commissioner (OAIC).