Privacy Policy

How Monway Portal collects, uses, and protects your information

Table of Contents

1. Who We Are2. Scope3. Key Definitions4. Information We Collect5. How We Use Information6. Legal Bases7. How We Disclose Information8. "Sale"/"Share" and Targeted Advertising Opt-Out9. Sensitive Personal Information10. Cookies / Tracking Technologies11. Data Retention12. Security13. Your Rights and Choices14. Children's Privacy15. International Transfers16. Third-Party Links17. Changes to This PolicyPersonal Information ConsentWashington Consumer Health Data PolicyContact

Effective Date: December 28, 2025

Last Updated: December 28, 2025

Version: v1.0

This Privacy Policy explains how Monway Portal ("Monway Portal," "we," "us," "our") collects, uses, discloses, retains, and protects information when you access or use our websites, mobile applications, and related services (collectively, the "Service").

This Privacy Policy is intended to be clear and transparent. It is not legal advice. You should have counsel review it before launch, especially if you offer sweepstakes/prizes, financial features, or target multiple states/countries.

1. Who We Are

Controller / Business: Monway Portal Inc. ("Monway Portal")

Contact: privacy.monwayportal@gmail.com

Address: 2933 Sunstone St, Las Vegas, NV, 89128, USA

Support: support.monwayportal@gmail.com

If we appoint a data protection officer or EU/UK representative, we will list contact details here.

2. Scope

This Privacy Policy applies to information collected:

  • through the Service (app and website),
  • through communications with support,
  • through participation in offers, rewards, missions, leaderboards, referrals, and (if applicable) prize programs,
  • from partners you choose to interact with via the Service.

It does not apply to third-party websites/apps that you may access via links in the Service. Their privacy practices govern their own services.

3. Key Definitions

"Personal Information" / "Personal Data": information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you or your household/device.

"Sensitive Personal Information": certain categories that may receive special protections under some laws (e.g., precise geolocation, login credentials, government IDs).

"Consumer Health Data": as defined under Washington's My Health My Data Act (MHMDA), which can be broad and may include health-related purchase context from receipts. (Washington State Legislative Information)

"Service Providers/Processors": vendors who process information on our behalf under contract.

"Targeted Advertising" / "Cross-Context Behavioral Advertising": advertising based on activity across non-affiliated services over time (terms used in some U.S. privacy laws). (California DOJ)

NOTICE AT COLLECTION

(What we collect, why we collect it, and what we share)

4. Information We Collect

A) Information You Provide Directly

1. Account & Profile

  • Name, username, email, phone number
  • Password (stored as a secure hash, not plaintext)
  • Profile photo (optional)
  • Language, preferences, notification settings

2. Eligibility / Age

  • Date of birth or age confirmation (where required for eligibility, safety, or legal compliance)

3. Communications

  • Support tickets, chat messages, emails, feedback, survey responses

4. Rewards / Program Activity

  • Missions completed, points/tickets earned, redemptions, leaderboard participation, referral relationships, and related metadata

5. Receipt / Proof-of-Activity Submissions (if enabled)

  • Receipt images you upload or capture
  • Receipt-derived fields: merchant/store identifier, timestamp, totals, items, transaction references, and any other visible fields on the receipt
  • Submission metadata (submission time, device/app context to prevent fraud)

6. Prize / Sweepstakes Fulfillment (if applicable)

  • Shipping address, contact information
  • Tax forms and identity verification info only if legally required for prize fulfillment (collected at time of award, not by default)

7. Business Accounts (if you offer a merchant/owner portal)

  • Business name, address, contact details
  • Store locations
  • Authorized users, roles, and permissions
  • Billing and service configuration

B) Information Collected Automatically

1. Device & App Technical Data

  • Device type/model, OS version, app version
  • IP address
  • Device identifiers (including advertising ID if enabled by device settings)
  • Crash logs, performance metrics, diagnostics

2. Usage & Interaction Data

  • Screens viewed, features used, clicks/taps
  • Session timestamps and duration
  • Referral link interactions, offer views, and conversion events
  • Security events (e.g., suspicious login attempts)

3. Approximate Location

  • Derived from IP address for security, localization, and fraud prevention

4. Precise Location (Optional)

  • Collected only with your permission (e.g., to show nearby participating businesses)
  • You can revoke permission at any time in device settings

C) Camera, Photos, and Media (Optional Features)

If you use features that require it (e.g., receipt capture):

  • We process images you submit to provide the feature and prevent fraud.
  • We do not access your photo library unless you choose to upload from it and grant permission.

D) Payments / Transactions / Wallets (If Enabled)

Depending on the features you enable:

  • Subscription status and billing metadata
  • Transaction data (amount, timestamp, status, transaction ID)
  • Wallet addresses (for blockchain-based features)
  • Payment processor tokens/receipts

We do not store full payment card numbers. Card processing is handled by payment processors.

E) Information from Third Parties

  • Authentication providers (e.g., Google sign-in): basic profile info depending on your settings
  • Analytics, fraud, and security providers: aggregated and event-level telemetry
  • Partners/merchants: limited validation data needed to confirm eligibility for an offer you choose to join

F) Information We Do Not Intentionally Collect

We do not intentionally request:

  • your private crypto keys/seed phrases (if you ever see a screen asking for that, assume it's a scam),
  • content of unrelated personal files,
  • sensitive health records (unless a specific feature requires it, in which case we will disclose clearly and obtain consent where required).

5. How We Use Information (Purposes)

We use information for the following purposes:

Core Service Operations

  • Create and manage accounts
  • Provide features (offers, missions, rewards, tickets, leaderboards, referrals)
  • Provide customer support and respond to requests
  • Communicate service-related messages (security alerts, policy updates, critical notices)

Verification, Integrity, and Fraud Prevention

  • Validate receipt submissions and activity claims
  • Detect fraud, abuse, bot activity, and suspicious behavior
  • Enforce program rules and our Terms

Personalization and Engagement (where enabled)

  • Recommend participating businesses, offers, missions, and rewards
  • Customize the experience based on your preferences and activity

Analytics and Product Improvement

  • Debug, monitor performance, improve reliability
  • Understand feature usage and improve design and offerings

Legal and Compliance

  • Comply with law and lawful requests
  • Maintain records required for tax, accounting, auditing, prize fulfillment, and dispute resolution

Marketing (where permitted)

  • Send marketing communications if you opt in or where allowed by law
  • Provide promotions and updates (with opt-out options)

Targeted Advertising (Only if you enable it)

  • If we run targeted advertising, we may use certain identifiers and activity data for measurement and targeted ad delivery, subject to opt-out rights.

7. How We Disclose (Share) Information

We disclose personal information only as described below:

A) Service Providers / Processors

We share information with vendors that help us operate the Service, such as:

  • cloud hosting and storage,
  • database and infrastructure providers,
  • analytics and crash reporting,
  • messaging/email/SMS providers,
  • fraud detection and security vendors,
  • customer support tools,
  • payment processors (if enabled).

They are contractually required to protect information and use it only to provide services to us.

B) Participating Businesses / Partners (Offer-Connected Sharing)

If you choose to participate in an offer, promotion, or rewards program connected to a participating business, we may disclose limited information necessary to:

  • verify eligibility and validate an activity/receipt,
  • award benefits/tickets/rewards,
  • prevent abuse,
  • resolve disputes.

We disclose the minimum necessary for the selected feature.

C) Advertising & Measurement Partners (If Enabled)

If we use advertising measurement or targeted advertising, we may disclose limited information such as:

  • device identifiers (e.g., advertising ID),
  • IP address,
  • event-level engagement data (ad views/clicks, conversions),
  • app usage signals.

You may have the right to opt out of "sale/share" or targeted advertising under certain laws. (California DOJ)

D) Payment / Financial / Blockchain Infrastructure (If Applicable)

We may disclose transaction data to:

  • payment processors,
  • financial partners,
  • blockchain infrastructure providers,

to complete and secure transactions and comply with law.

E) Legal, Safety, and Enforcement

We may disclose information to comply with law or protect rights, including:

  • responding to subpoenas/court orders,
  • investigating fraud and security incidents,
  • enforcing our Terms,
  • protecting users or the public.

F) Corporate Transactions

If we undergo a merger, acquisition, financing, reorganization, or sale, information may be transferred as part of the transaction, subject to safeguards.

G) Aggregated / De-Identified Information

We may create and share aggregated or de-identified information that cannot reasonably identify you, for analytics and business insights.

8. "Sale" / "Share" and Targeted Advertising Opt-Out

Some U.S. laws treat certain disclosures for targeted advertising as "selling" or "sharing" personal information. California provides an opt-out right and limits re-prompting for opt-in for at least 12 months in some circumstances. (California DOJ)

Opt-Out (if applicable):

  • Web: Privacy Choices
  • In-app: Settings → Privacy → "Do Not Sell or Share / Opt Out of Targeted Advertising"

If we receive a valid opt-out signal (including certain browser-based signals such as Global Privacy Control where applicable), we will process it according to law.

9. Sensitive Personal Information

We do not use sensitive personal information to infer characteristics about you. We collect or use it only as needed for the Service, for security, or with consent where required.

Examples (depending on features used):

  • login credentials (secured)
  • precise geolocation (optional, permission-based)
  • identity/tax data for prize fulfillment (only if required)
  • receipt content that may incidentally reflect sensitive context

10. Cookies / Tracking Technologies (Web)

We may use cookies, SDKs, pixels, and similar technologies to:

  • keep you signed in,
  • remember preferences,
  • analyze performance and usage,
  • prevent fraud,
  • measure ads (if enabled).

You can control cookies via browser settings and certain in-app settings (where available). "Do Not Track" signals are not uniformly supported across services.

11. Data Retention (Very Explicit)

We retain personal information only as long as reasonably necessary for the purposes described, then delete or de-identify it unless we must keep it for legal/security reasons.

Typical retention examples:

Account data: while your account is active; then deletion/archival within 30–180 days after deletion request, subject to exceptions.

Support communications: 2–3 years for training, dispute handling, and quality control.

Security logs: 6–24 months depending on risk and operational need.

Receipt verification records: 12–36 months to prevent repeat fraud and resolve disputes.

Financial/prize records: as required by law (often multiple years).

Advertising logs (if used): 3–18 months depending on provider defaults and needs.

Exceptions: We may retain data longer if required to comply with law, detect/prevent fraud, enforce agreements, or resolve disputes.

12. Security

We use reasonable safeguards such as:

  • encryption in transit (TLS),
  • access controls and least-privilege,
  • secure credential storage (hashed passwords),
  • logging and monitoring,
  • vendor security reviews where feasible.

No system is 100% secure. You're responsible for keeping your credentials confidential and using strong passwords.

13. Your Rights and Choices

A) Account Controls

You can typically:

  • update profile info,
  • manage notification preferences,
  • revoke app permissions (location/camera) via device settings,
  • request account deletion.

B) Deletion Requests

You may request deletion via:

We will verify your request and process it subject to legal/security exceptions.

C) U.S. State Privacy Rights (Including California)

Depending on your state, you may have rights to:

  • know/access the personal information we collected,
  • delete personal information (subject to exceptions),
  • correct inaccurate information,
  • opt out of sale/share and targeted advertising,
  • limit certain uses (in some jurisdictions),
  • non-discrimination for exercising rights.

California specifically provides opt-out rights for sale/sharing. (California DOJ)

How to submit a request:

Email: privacy.monwayportal@gmail.com

Web form: Privacy Request Form

We may need to verify your identity. You may designate an authorized agent where allowed by law.

D) EU/UK Rights (If Applicable)

You may have rights to:

  • access, correct, delete,
  • restrict or object to processing,
  • data portability,
  • withdraw consent (where consent is the basis),
  • lodge a complaint with a supervisory authority.

GDPR requires disclosure of key controller details, purposes, and retention. (GDPR)

14. Children's Privacy (Under 13)

Monway Portal is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If we learn we did, we will delete it.

If you plan to allow under-13 use, you need verifiable parental consent mechanisms and policy changes. (Google also flags this in Play Console.)

15. International Transfers

If you access the Service from outside the United States, your information may be processed in the U.S. and other countries where we or our providers operate. We take steps designed to provide appropriate safeguards where required by law (such as contractual clauses).

16. Third-Party Links and Partner Services

The Service may link to third-party services. We are not responsible for their practices. Review their policies before using them.

17. Changes to This Privacy Policy

We may update this Privacy Policy. We will revise the "Last Updated" date and, where required, provide additional notice in the Service.

WASHINGTON CONSUMER HEALTH DATA PRIVACY POLICY

Last Updated: December 28, 2025

This Washington Consumer Health Data Privacy Policy ("WA CHD Policy") supplements the Monway Portal Privacy Policy and applies to the extent Monway Portal collects "consumer health data" as defined by Washington's My Health My Data Act ("MHMDA"). The MHMDA can apply broadly to data that may reveal health-related context. (Washington State Legislative Information)

A) Consumer Health Data We May Collect

Depending on how you use the Service, consumer health data may include:

  • receipt content that reveals health-related product purchases,
  • location data that could reasonably indicate visits to health-related locations,
  • other information you provide that relates to health conditions or care (if any feature requests it).

B) Purposes

To the extent we collect consumer health data, we use it only to:

  • provide features you request (receipt validation, rewards issuance),
  • prevent fraud and abuse,
  • secure and maintain the Service,
  • comply with law.

C) Disclosure

We may disclose consumer health data only to:

  • service providers/processors,
  • partners only if necessary to provide the feature you requested (minimum necessary),
  • legal/safety disclosures as required,
  • successors in corporate transactions.

D) Sale of Consumer Health Data

Washington law restricts the "sale" of consumer health data and requires valid authorization in specific form if any sale were to occur. We do not sell consumer health data. (Washington State Legislative Information)

E) Your Rights (Washington)

Washington residents may have rights to confirm, access, delete, and withdraw consent regarding consumer health data, subject to exceptions.

Submit requests:

privacy.monwayportal@gmail.com

Privacy Request Form

CONTACT

Email: privacy.monwayportal@gmail.com

Mail: 2933 Sunstone St, Las Vegas, NV, 89128, USA

Back to Top