Privacy Policy

How Monway Portal collects, uses, and protects your information

Effective Date: January 1, 2026

Last Updated: July 2, 2026

Version: v1.02

This Privacy Policy explains how Monway Portal, Inc. ("Monway," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you access or use our websites, mobile applications, business tools, merchant dashboard, promotional features, support services, and related services (collectively, the "Service").

By using the Service, you understand that we collect, use, disclose, and retain information as described in this Privacy Policy.

1. Who We Are

Business / Controller: Monway Portal, Inc.
Address: 2933 Sunstone St, Las Vegas, NV 89128, USA
Privacy Contact: privacy@monwayportal.com
Support: support@monwayportal.com
Legal Notices: legal@monwayportal.com

2. Scope

This Privacy Policy applies to information collected through:

  • the Monway website and mobile application;
  • consumer accounts and user features;
  • business, merchant, and store accounts;
  • receipt submission and proof-of-activity features;
  • offers, rewards, promotional entries, missions, referrals, leaderboards, and promotional drawings;
  • customer support and communications;
  • privacy requests and preference settings;
  • interactions with participating businesses, partners, vendors, and service providers through the Service.

This Privacy Policy does not apply to third-party websites, apps, stores, payment processors, or services that we do not control. Those third parties are responsible for their own privacy practices.

3. Key Definitions

"Personal Information" or "Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a person, household, device, account, or business contact.

"Sensitive Personal Information" means categories of information that may receive special protection under applicable law, such as precise location, account login information, government identification, tax information, and certain data that may reveal protected or sensitive characteristics.

"Consumer Health Data" means personal information that may be treated as consumer health data under applicable consumer health privacy laws, including Washington and Nevada laws, to the extent those laws apply.

"Service Provider" or "Processor" means a vendor or contractor that processes information on our behalf under contractual restrictions.

"Participating Business" or "Merchant" means a business, store, merchant, owner, manager, or authorized business user that participates in Monway or uses Monway business tools.

4. Notice at Collection

The table below summarizes the main categories of information Monway may collect, why we collect it, whether we sell or share it for targeted advertising, and how long we generally retain it. We do not collect every category from every user. The information we collect depends on how you use the Service.

CategoryMain PurposeSold/Shared for Targeted AdvertisingRetention
Account and contact informationAccount creation, login, support, communications, security, and Service operationNoWhile the account is active, then deleted or archived according to our retention practices
Eligibility and verification informationAge or residency checks, promotion eligibility, fraud prevention, prize or commission compliance where requiredNoAs needed for eligibility, legal compliance, fraud prevention, disputes, and tax records
Receipt and proof-of-activity informationReceipt validation, promotional entries, rewards, fraud prevention, audits, and dispute handlingNoGenerally 12–36 months, unless a longer period is required for legal, tax, fraud, audit, or dispute reasons
Promotion, reward, and referral activityOperating promotions, entries, rewards, referrals, winner verification, rule enforcement, and supportNoAs needed to operate promotions, comply with rules, resolve disputes, and maintain legal records
Device, app, usage, and security informationApp functionality, debugging, analytics, security, fraud prevention, and service improvementNoGenerally 3–24 months depending on the type of data and operational need
Location informationApproximate location for security and localization; precise location only with permission for location-based featuresNoOnly as long as needed for the feature, security, fraud prevention, or legal compliance
Communications and support informationCustomer support, dispute resolution, quality control, legal compliance, and safetyNoGenerally 2–3 years, unless longer retention is needed for legal or dispute reasons
Business and merchant account informationMerchant onboarding, business tools, billing, support, fraud prevention, and complianceNoAs needed for the business relationship, accounting, tax, legal, collections, and dispute purposes
Aggregated or de-identified informationAnalytics, reporting, product improvement, business insights, and Service performanceNoMay be retained as allowed by law because it does not reasonably identify a person

We do not sell personal information and do not share personal information for cross-context behavioral advertising in the current version of the Service. If our practices change, we will update this Privacy Policy and provide any required choices or opt-out controls.

5. Information You Provide Directly

We may collect information you provide directly, including:

  1. Account and profile information: name, username, email, phone number, profile photo, preferences, notification settings, and account settings.
  2. Authentication information: one-time passcode verification records, login sessions, authentication tokens, and security records. We use passwordless login and do not require a traditional account password.
  3. Eligibility information: date of birth, age confirmation, residency information, and related eligibility details.
  4. Receipt and proof-of-activity submissions: receipt images, receipt details, uploaded files, visible receipt fields, and submission details.
  5. Promotions and rewards information: promotional entries, mission activity, referral activity, reward status, leaderboard participation, prize claim details, and related records.
  6. Prize or commission fulfillment information: contact information, tax forms, identity verification, affidavits, releases, payment details, and other information required to verify and fulfill prizes or commissions.
  7. Business account information: business name, legal entity name, address, business contacts, store locations, authorized users, roles, permissions, billing configuration, service settings, and merchant support communications.
  8. Communications: support tickets, emails, chat messages, feedback, surveys, forms, requests, and other messages you send to us.

6. Information Collected Automatically

When you use the Service, we may automatically collect:

  1. Device and app technical data: device type, operating system, app version, browser type, IP address, device identifiers, crash logs, diagnostics, and performance data.
  2. Usage and interaction data: screens viewed, features used, session timestamps, clicks/taps, offer views, referral link interactions, and conversion events.
  3. Security and fraud signals: suspicious login attempts, device/session patterns, repeated submissions, abnormal activity, bot signals, and abuse-prevention data.
  4. Approximate location: location inferred from IP address for security, localization, fraud prevention, and general service functionality.
  5. Precise location: only if you grant permission through your device or browser settings, for features such as nearby participating businesses. You may revoke permission at any time through your device settings.

7. Camera, Photos, Media, Audio, and Optional Device Permissions

If you use features that require camera, photos, media, audio, microphone, or similar device access, such as receipt capture, media upload, voice-enabled support, voice notes, or future audio features:

  • we process only the images, files, audio, or media you choose to submit or authorize;
  • we use them to provide the selected feature, validate activity, prevent fraud, resolve disputes, provide support, improve reliability, and comply with law;
  • we do not access your camera, photo library, media files, microphone, or audio input unless you grant permission through your device, browser, app settings, or the applicable feature flow;
  • we do not review unrelated photos, files, audio, or media unless you choose to upload or submit them;
  • you may revoke optional device permissions through your device or browser settings, but some features may not work correctly without those permissions.

8. Payments and Transactions

Monway does not sell promotional entries to users. Users do not pay Monway for entries.

In the current version of the Service, Monway does not process end-user purchases inside the consumer app. Purchases from participating businesses occur directly between the user and the business.

Participating businesses may pay Monway for business services, merchant tools, campaign participation, advertising, analytics, push notifications, AI assistant tools, and related services. Merchant payments may be processed by third-party payment processors under their own terms and privacy practices.

If prizes, commissions, or other payments are issued through the Service, we may collect and disclose information necessary for payment processing, tax reporting, fraud prevention, accounting, and legal compliance.

9. Information from Third Parties

We may receive information from:

  • authentication providers, such as Google or Apple sign-in, depending on your settings;
  • analytics, crash-reporting, fraud-prevention, security, hosting, messaging, email, SMS, and support providers;
  • participating businesses or partners, limited to information needed to validate activity, receipts, offers, disputes, or selected features;
  • payment processors and financial service providers for merchant billing or prize/commission fulfillment;
  • public sources, business directories, or business verification providers for merchant onboarding and business listings.

10. Information We Do Not Intentionally Collect

We do not intentionally request or collect:

  • the content of unrelated personal files;
  • sensitive health records;
  • biometric templates for identification;
  • Social Security numbers except where legally required for tax, prize, or payment compliance;
  • precise location unless you grant permission;
  • information from children under 18.

Receipt images may incidentally include sensitive information, such as health-related purchases or other personal details. We use receipt data only for the purposes described in this Privacy Policy.

11. How We Use Information

We use information for the following purposes:

Core Service Operations

  • create, manage, and secure accounts;
  • provide app, website, and business-dashboard features;
  • process receipt submissions and proof-of-activity submissions;
  • operate offers, missions, rewards, promotional entries, referrals, leaderboards, and promotional drawings;
  • provide support and respond to requests;
  • send service-related communications.

Verification, Integrity, and Fraud Prevention

  • validate receipts and activity claims;
  • detect fake, altered, duplicate, refunded, reversed, disputed, or fraudulent submissions;
  • prevent bot activity, duplicate accounts, self-referral abuse, referral manipulation, and other misuse;
  • enforce Terms, Official Rules, AMOE requirements, merchant rules, and platform policies;
  • investigate suspicious activity and security incidents.

Personalization and Engagement

  • recommend nearby or relevant participating businesses, offers, missions, and rewards;
  • customize app content based on preferences, settings, and activity within Monway;
  • provide location-based features if you enable location permissions.

Promotions, Prizes, and Compliance

  • administer promotional drawings and sweepstakes;
  • issue and verify entries;
  • notify potential winners;
  • verify eligibility;
  • fulfill prizes and commissions;
  • collect tax forms or identity verification where required;
  • maintain records for audits, disputes, tax, and legal compliance.

Business and Merchant Services

  • onboard and verify participating businesses;
  • provide merchant dashboard access;
  • manage business listings, offers, campaigns, analytics, receipt review, support, billing, and service configuration;
  • prevent merchant fraud, billing abuse, and misuse of customer data.

Analytics and Product Improvement

  • debug, monitor, and improve the Service;
  • understand feature performance;
  • improve reliability, design, and user experience;
  • measure campaign and offer performance inside Monway.

Marketing

  • send marketing communications where permitted by law or with consent where consent is required;
  • provide opt-out tools for marketing communications;
  • send transactional, security, legal, and service-related messages even if you opt out of marketing.

Legal, Safety, and Enforcement

  • comply with applicable law, legal process, and lawful requests;
  • protect rights, safety, security, and property;
  • enforce agreements;
  • prevent fraud or harm;
  • manage corporate transactions, audits, accounting, and legal claims.

12. Advertising and Tracking

In the current version of the Monway app:

  • we do not use third-party targeted advertising networks;
  • we do not track users across third-party apps or websites for advertising;
  • we do not sell or share personal information with advertising networks for cross-context behavioral advertising;
  • in-app promotional content is based on activity within Monway and participating-business features, not third-party advertising identifiers.

If our advertising or tracking practices change, we will update this Privacy Policy and provide required choices or opt-out controls.

13. Cookies, SDKs, and Tracking Technologies

We may use cookies, SDKs, pixels, local storage, and similar technologies to:

  • keep you signed in;
  • remember preferences;
  • secure the Service;
  • prevent fraud;
  • analyze performance and usage;
  • debug and improve features;
  • support business and campaign analytics;
  • measure Monway-controlled promotional activity.

You can control cookies through your browser settings. Some features may not work correctly if cookies or similar technologies are disabled.

We do not currently use cookies or SDKs for third-party targeted advertising.

14. How We Disclose Information

We may disclose information as described below.

Service Providers and Processors

We disclose information to vendors and contractors that help us operate the Service, including hosting, storage, database infrastructure, analytics, crash reporting, messaging, email, SMS, fraud prevention, security, customer support, payment processing, tax reporting, identity verification, and business operations.

These providers are authorized to use information only to provide services to us, subject to contractual restrictions.

Participating Businesses and Partners

If you choose to participate in an offer, reward, promotional feature, receipt-based feature, or program connected to a participating business, we may disclose the minimum information reasonably necessary to:

  • verify eligibility;
  • validate receipts or activity;
  • issue benefits, rewards, or entries;
  • prevent fraud and abuse;
  • resolve disputes;
  • provide customer support;
  • operate the selected feature.

Participating businesses may not use Monway-provided user information for independent marketing, resale, sharing, scraping, profiling, or unrelated purposes unless they have separate lawful permission.

Payment, Tax, and Financial Providers

We may disclose information to payment processors, banks, financial partners, tax providers, and accounting providers to process merchant payments, prizes, commissions, refunds, tax forms, reporting, and compliance obligations.

Legal, Safety, and Enforcement

We may disclose information to comply with law or protect rights, including responding to subpoenas, court orders, lawful government requests, fraud investigations, security incidents, Terms enforcement, Official Rules enforcement, and protection of users, businesses, Monway, or the public.

Corporate Transactions

If Monway is involved in a merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.

Aggregated or De-Identified Information

We may create, use, disclose, or publish aggregated or de-identified information that cannot reasonably identify you, including analytics, trends, business insights, performance metrics, and general reports.

15. No Sale or Sharing for Targeted Advertising

In the current version of the Service, we do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are used under applicable privacy laws.

We also do not sell consumer health data.

If this changes in the future, we will update this Privacy Policy and provide any required opt-out rights or consent mechanisms.

We honor Global Privacy Control (GPC) and similar browser-based opt-out preference signals where required by applicable law and technically feasible.

You can manage privacy preferences through our Privacy Choices page.

16. Sensitive Personal Information

We do not use sensitive personal information to infer characteristics about you.

Depending on how you use the Service, we may collect or process sensitive personal information only as reasonably necessary to provide the Service, secure the Service, prevent fraud, fulfill prizes or commissions, comply with law, or with consent where required.

Examples may include:

  • login and authentication information;
  • precise geolocation if you grant permission;
  • government identification or tax information if required for prize, commission, or payment compliance;
  • receipt content that may incidentally reveal sensitive context;
  • payment or billing information for participating businesses.

17. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Typical retention examples include:

Data TypeTypical Retention
Account and profile dataWhile your account is active, then deletion or archival within 30–180 days after a verified deletion request, subject to exceptions
Support communications2–3 years for dispute handling, quality control, and legal protection
Security and fraud logs6–24 months depending on risk and operational need
Receipt verification records12–36 months to prevent fraud, enforce rules, and resolve disputes
Promotion, prize, and tax recordsAs required by law, tax rules, audit requirements, and dispute needs
Merchant billing and business recordsAs required for accounting, tax, collections, contracts, and legal compliance
Analytics logs3–18 months depending on service-improvement and security needs

We may retain information longer where necessary to comply with law, prevent fraud, enforce agreements, resolve disputes, protect rights, maintain security, complete tax/accounting requirements, or preserve evidence.

When information is no longer needed, we delete, de-identify, aggregate, or archive it according to our retention practices.

18. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information, including:

  • encryption in transit;
  • access controls;
  • least-privilege permissions;
  • secure authentication token handling;
  • logging and monitoring;
  • fraud-prevention systems;
  • vendor security review where feasible;
  • internal access limitations;
  • incident-response processes.

No system is completely secure. You are responsible for keeping your device, email, phone, and account access secure.

19. Your Rights and Choices

Depending on where you live and how you use the Service, you may have rights to:

  • access or know the personal information we collect;
  • receive a copy of certain personal information;
  • delete personal information, subject to exceptions;
  • correct inaccurate personal information;
  • opt out of sale or sharing where applicable;
  • limit certain uses of sensitive personal information where applicable;
  • withdraw consent for optional processing;
  • appeal certain privacy request decisions where applicable;
  • avoid discrimination for exercising privacy rights.

To submit a request, use our Privacy Request Form or email privacy@monwayportal.com.

We may need to verify your identity before processing a request. You may designate an authorized agent where allowed by law. We may deny or limit requests where permitted by law, including where information must be retained for security, fraud prevention, legal compliance, tax records, dispute resolution, or transaction completion.

20. California Privacy Rights

California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and non-discrimination for exercising privacy rights.

In the current version of the Service:

  • we do not sell personal information;
  • we do not share personal information for cross-context behavioral advertising;
  • we do not use sensitive personal information to infer characteristics;
  • we honor Global Privacy Control where required and technically feasible.

California residents may submit requests through our Privacy Request Form or by emailing privacy@monwayportal.com.

21. Nevada Privacy Rights

Nevada residents may have rights under Nevada privacy laws, including rights relating to the sale of certain covered information and rights relating to consumer health data where applicable.

In the current version of the Service, we do not sell personal information and do not sell consumer health data.

Nevada residents may submit privacy requests through our Privacy Request Form or by emailing privacy@monwayportal.com.

22. Consumer Health Data Supplement

This Consumer Health Data Supplement applies only to the extent Monway collects information that is considered consumer health data under applicable state consumer health privacy laws, including Washington and Nevada laws.

Monway is not a healthcare provider, health plan, or healthcare clearinghouse. Monway does not intentionally collect medical records or provide medical services. However, certain receipt details, location details, or user-submitted information may incidentally reveal health-related context.

Consumer Health Data We May Collect

Depending on how you use the Service, consumer health data may include:

  • receipt content that reveals health-related products or services;
  • precise location information if you grant permission and if it is used in a way covered by applicable consumer health data laws;
  • information you voluntarily submit that relates to health-related products, services, locations, or purchases;
  • derived or inferred information only if we use it in a way covered by applicable law.

How We Use Consumer Health Data

To the extent we collect consumer health data, we use it only to:

  • provide features you request;
  • validate receipts or proof-of-activity submissions;
  • issue rewards, entries, or benefits;
  • prevent fraud and abuse;
  • secure and maintain the Service;
  • comply with law;
  • resolve disputes;
  • enforce Terms, Official Rules, AMOE rules, and merchant rules.

How We Disclose Consumer Health Data

We may disclose consumer health data only as reasonably necessary to:

  • service providers or processors helping us operate the Service;
  • participating businesses or partners when necessary for a feature you requested, such as validating a receipt or resolving a dispute;
  • legal, safety, security, compliance, or enforcement recipients where permitted or required;
  • successors in a corporate transaction, subject to appropriate safeguards.

No Sale of Consumer Health Data

We do not sell consumer health data.

No Health-Facility Geofencing for Advertising

We do not knowingly create geofences around healthcare facilities to identify, track, collect consumer health data from, or send health-related advertising or messages to users based on visits to healthcare locations.

Consumer Health Data Rights

Where applicable, you may have rights to confirm, access, delete, withdraw consent, or request review of certain decisions involving consumer health data.

Submit requests through our Privacy Request Form or by emailing privacy@monwayportal.com.

23. Marketing Communications

We may send marketing communications where permitted by law or with consent where consent is required.

You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. We will honor valid marketing email opt-out requests within ten (10) business days.

You may opt out of eligible SMS marketing by replying STOP or following instructions in the message. Standard message and data rates may apply.

Even if you opt out of marketing, we may still send transactional, legal, security, receipt-status, account, prize, business, and service-related communications.

24. Account Controls and Device Permissions

You can control certain privacy settings through your account, app settings, browser settings, and device settings.

Depending on your device and app version, you may be able to:

  • update account information;
  • manage notification preferences;
  • revoke camera access;
  • revoke photo or media access;
  • revoke precise location access;
  • control cookies through your browser;
  • request account deletion;
  • manage privacy preferences through our Privacy Choices page.

Some features may not work correctly if you disable certain permissions.

25. Children's Privacy

The Service is intended for individuals who are at least 18 years old, or the age of majority in their jurisdiction, whichever is higher.

We do not knowingly collect personal information from anyone under 18. If we learn that we collected information from a person under 18, we will take reasonable steps to delete it.

26. International Transfers

Monway is based in the United States. If you access the Service from outside the United States, your information may be processed in the United States and other countries where we or our providers operate.

Where required by applicable law, we use safeguards designed to protect international transfers, such as contractual protections.

29. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above.

If we make material changes, we will provide additional notice where required by law, such as through the app, website, email, or other reasonable method.

Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

30. Contact

For privacy questions or requests:

Email: privacy@monwayportal.com
Privacy Request Form: /privacy/request
Privacy Choices: /privacy/choices

Mail:
Monway Portal, Inc.
2933 Sunstone St
Las Vegas, NV 89128
USA