Munay: Privacy Policy and Terms of Service

Data Collection

Munay collects the essential information needed to provide our services—focusing on personal safety, energy forecasting, and health monitoring.

Data Protection & Security

We are committed to building a foundation of trust:

• We implement industry-leading security measures, including end-to-end encryption for all personal communications and alert data transfer.
• All sensitive data is stored in secure cloud environments with regular security audits.
• We use strong access controls to ensure that only essential personnel can access anonymized data for system maintenance.
• We have a strict policy against selling personal data to third parties.

Enterprise Data Processing & Lone Worker Platform

When Munay is deployed by an organization through the Lone Worker Platform, data processing operates under a dual-controller model:

• Organization as Data Controller: Your employer or brokerage determines the scope of monitoring, including which agents are enrolled, what supervisor visibility is enabled, and how audit logs are used for E&O compliance.
• Agent Consent: Agents must explicitly accept enterprise enrollment and monitoring terms before the organization can access any location or activity data. Consent is separate from standard app consent.
• Supervisor Access: Designated supervisors can view real-time location, battery level, showing status, and initiate audio calls to enrolled agents during active work sessions only. Access is scoped to active sessions and does not extend to personal app usage outside of work journeys.
• Audit Trail Logs: Showing check-ins, supervisor call records, and session events are retained as part of the brokerage's audit trail for E&O insurance and compliance purposes. Retention is governed by the organization's data processing agreement.
• Data Separation: Enterprise monitoring data is logically separated from personal consumer app data. Supervisors cannot access personal health data, emergency contacts, or non-work journey data.
• Offboarding: Upon an agent's removal from an organization, all enterprise-linked monitoring data access is revoked. Historical audit logs may be retained by the organization per their agreement.
• Welfare Check Monitoring: The platform automatically sends push notifications to lone workers at configurable intervals during active sessions. If a worker does not acknowledge within the response window, their last-known GPS location is forwarded to a designated supervisor. Workers receive explicit notification that the Welfare Check feature is active when enabled by their organization.
• AI Safety Insights: Anonymised and aggregated session, route, and alert data may be transmitted to Groq, Inc. (an external AI inference provider using the llama-3.3-70b-versatile model) to generate safety briefings, SOS triage assessments, and heatmap insights for supervisors. No personally identifiable information — including member names, emails, or raw coordinates — is included in AI requests. Groq processes data under its own privacy policy. Organizations may contact Munay to disable AI features.

WebRTC SDK Data Practices

The Munay WebRTC SDK enables third-party Android applications to integrate peer-to-peer audio and video calling. The following data practices apply:

• No Media Storage: Audio and video streams are transmitted directly peer-to-peer (P2P) using WebRTC. Munay does not record, store, or process the content of calls.
• Signaling Metadata: Connection signaling data (session negotiation, ICE candidates) passes through Munay's signaling infrastructure transiently and is not persisted.
• Call Event Telemetry: SDK integrators receive call event callbacks (connected, disconnected, failed). Munay may collect anonymized, aggregated telemetry for SDK reliability and performance monitoring.
• Developer Responsibility: Third-party developers integrating the SDK are independently responsible for their own privacy policies, user consent, and compliance with applicable laws in their applications.
• API Key Security: SDK API keys are issued per application and must be kept confidential. Munay may revoke keys for abuse or terms violations.

Health & Fitness Data Integration

Our health and wellness features are entirely opt-in and privacy-focused. Munay integrates with platform health APIs and Bluetooth Low Energy (BLE) wearable sensors on both iOS and Android to provide wellness monitoring during safety journeys.

iOS — Apple Health

• Birth Date Data: Used solely to calculate the Physical, Emotional, and Intellectual Biorhythm cycles for your energy forecast.
• Health Data: HRV, Resting Heart Rate, and Stress Score are read from Apple Health with your explicit permission, anonymized, and used to calculate personalized wellness insights and safety recommendations.
• No specific health values are shared with other users; only aggregated wellness indicators are used for personalized features.
• You can revoke Apple Health data access at any time through the in-app Permissions Hub or iOS Settings.
• Upon account deletion, all associated health and profile data is purged from our active systems.

Android — Google Health Connect

• Data Read (Read-Only): Heart Rate, Resting Heart Rate, Heart Rate Variability (HRV/RMSSD), and Steps are read from Google Health Connect with your explicit permission.
• On-Device Processing: All Health Connect data is processed entirely on your device. It is never uploaded to Munay servers or shared with any third party.
• Baseline Personalisation: First-recorded HRV and Resting Heart Rate values are saved locally on your device as personal baselines to improve the accuracy of your Stress and Readiness Scores over time.
• You can revoke Health Connect access at any time in the Health Connect app or in your Android device settings.
• Access is requested only after a clear explanation of what data is used and why. You may decline without affecting core safety features.

Android — BLE Wearable Heart Rate Sensor

• Supported Devices: Munay connects to Bluetooth Low Energy (BLE) heart rate sensors compatible with the standard Heart Rate GATT profile (e.g., Polar heart rate sensors). BLE hardware is not required to use Munay.
• Data Collected: Real-time Heart Rate (BPM) and RR-interval (PPI) data. On Polar devices, RR-interval data is streamed via the Polar Measurement Data (PMD) proprietary protocol to improve HRV accuracy.
• Journey-Only Activation: Bluetooth scanning and sensor connection are active only during an active safety journey via a foreground service. Bluetooth is automatically stopped when a journey ends.
• Derived Metrics: HRV (RMSSD), Stress Score (1–100), and Readiness Score (1–100) are computed on-device from BLE RR-interval data using standard RMSSD calculations. These scores are personalised using a slow exponential moving average of your baseline HRV over time.
• Data Priority: If Health Connect data is available, it takes precedence over BLE sensor data for display purposes. BLE fills in gaps when Health Connect data is unavailable or stale.
• Permissions: Requires BLUETOOTH_SCAN and BLUETOOTH_CONNECT permissions on Android 12 and above. These permissions are never used for location determination (neverForLocation flag set).
• No raw BLE sensor data is transmitted to Munay servers. Only journey biometric snapshots (BPM, HRV) may be transmitted as part of an active lone worker session if the enterprise Lone Worker Platform feature is enabled and you are enrolled in an organization.

Age Requirement and Eligibility

This age requirement applies to all Munay features including journey protection, Silent Alert, and wellness monitoring. We reserve the right to verify age through appropriate means and to suspend or terminate accounts that do not meet this requirement.

Acceptance and Service Scope

By using Munay, you agree to these Terms. Munay provides a Personal Safety & Journey Protection Platform designed to protect you during vulnerable moments through real-time location sharing, Silent Alert, and guardian coordination features.

Health Device & Biometric Data Disclaimer

• Informational Only: Heart Rate, Resting Heart Rate, HRV (Heart Rate Variability), Stress Score, and Readiness Score displayed in Munay are informational indicators derived from consumer-grade wearable sensors and/or health platform APIs. They are not clinical measurements.
• No Medical Advice: Nothing in Munay constitutes medical advice, diagnosis, or treatment. You should not make health or safety decisions — including decisions about physical exertion, medication, or emergency response — based solely on data displayed in the App.
• Accuracy Limitations: BLE sensor accuracy varies by device, skin contact quality, movement, and environmental conditions. Derived scores (Stress, Readiness) are algorithmic estimates based on personal baseline data and may not reflect your actual physiological state.
• Consult a Professional: If you have concerns about your heart health, stress levels, or overall well-being, consult a qualified healthcare provider.
• Emergency Situations: In a medical emergency, call your local emergency services (e.g., 911) immediately. Do not rely on Munay features as a substitute for emergency medical services.
• No Liability for Health Decisions: Munay LLC expressly disclaims any liability for decisions made based on health metric data or derived scores displayed in the App.

Safety Features

Our safety tools are designed to enhance your personal security during vulnerable moments (e.g., first dates, solo travel, late-night commutes, solo adventures):

• Silent Alert System: Activated via your iPhone Action Button or the in-app emergency button, this feature instantly sends your precise location to emergency contacts. No unlock required, no typing needed.
• Journey Protection: Time-bound location sharing with chosen guardians during specific activities, with automatic privacy restoration when journeys end.
• Personal Responsibility: Safety features supplement, but do not replace, your personal judgment, discretion, or local emergency services (e.g., 911).
• Munay is not liable for the outcomes of real-world incidents. Users are solely responsible for their own safety decisions and precautions.

Acceptable Use and Community Standards

Munay is built to foster responsible use of safety and journey protection features:

• Honest Representation: Provide accurate information in your profile (especially birth date for Biorhythms).
• Respectful Communication: No harassment, discrimination, or hate speech against any user.
• Lawful Use: Compliance with all local laws and regulations.
• Misuse of Safety: The emergency alert system must not be used for false reports or non-emergency testing.

Account Responsibilities

By using Munay, you agree to:

• Maintain the security of your login credentials.
• Immediately report any suspicious activity, technical vulnerabilities, or inappropriate content to the Munay Team.
• Ensure your Location and Notification permissions are correctly set up to guarantee the reliability of the Silent Emergency System.

Munay Trademark and Intellectual Property Rights

The Munay name, logo, design elements, and all proprietary content are owned by Munay LLC. You may not use, copy, reproduce, or distribute our trademark, logo, or proprietary materials without written permission. Unauthorized use may result in legal action and account termination.

User Content and Intellectual Property

You retain ownership of content you upload (photos, profile information, messages), but grant Munay a license to use this content to provide our services. You represent that:

• You own or have permission to use all content you upload
• Your content does not infringe on third-party rights
• You will not upload inappropriate, misleading, or copyrighted material
• Profile photos must accurately represent your current appearance

Prohibited Content and Behavior

The following are strictly prohibited on Munay:

• Fake profiles, impersonation, or misrepresentation of identity
• Spam, commercial solicitation, or promotional content
• Nudity, sexually explicit content, or inappropriate images
• Harassment, stalking, or threatening behavior
• Content promoting illegal activities, violence, or discrimination
• Attempts to circumvent safety features or app security

Termination and Account Deletion

Either you or Munay may terminate your account at any time:

• Your Rights: You may delete your account at any time through app settings. Upon deletion, your profile and personal data will be permanently removed within 30 days.
• Our Rights: We may suspend or terminate accounts that violate these terms, engage in prohibited behavior, or for safety reasons.
• Data Retention: Some data may be retained for legal compliance, safety investigations, or technical requirements as outlined in our Privacy Policy.
• Effect of Termination: Upon termination, your access to Munay services will cease, but these terms will continue to apply to prior use.

Enterprise Services & Lone Worker Platform Terms

Use of the Munay Lone Worker Platform by organizations is subject to the following additional terms:

• Organizational Agreement: Organizations must execute a separate Enterprise Data Processing Agreement (DPA) with Munay LLC before deploying the Lone Worker Platform to employees or agents.
• Employer Responsibility: Organizations are responsible for obtaining valid legal consent from their agents prior to enabling supervisor monitoring features, in compliance with applicable employment and wiretapping laws.
• Permitted Use: Supervisor monitoring is limited to legitimate workplace safety purposes during active work sessions. Use for personal surveillance, off-hours monitoring, or discriminatory purposes is strictly prohibited and will result in immediate account termination.
• Audit Log Integrity: Organizations may not alter, delete, or tamper with Munay-generated audit logs that have been designated for E&O or legal compliance purposes.
• Admin Credentials: Organization administrators are responsible for maintaining the security of admin credentials. Access must be revoked promptly for departing supervisors.
• Limitation of Liability: Munay's Lone Worker Platform is a safety monitoring tool and does not guarantee agent safety or incident prevention. Organizations retain ultimate responsibility for agent safety programs and compliance with OSHA or equivalent regulations.

WebRTC SDK License & Developer Terms

• License Grant: Munay grants a limited, non-exclusive, non-transferable license to integrate the Munay WebRTC SDK into your Android application for the purpose specified in your SDK License Agreement.
• Permitted Use: The SDK may only be used in applications that have a legitimate safety, field-worker, or enterprise communication purpose consistent with Munay's mission.
• No Sublicensing: You may not sublicense, resell, or redistribute the SDK or its components to third parties without written consent from Munay LLC.
• Attribution: Applications using the Munay WebRTC SDK must clearly disclose this in their own privacy policy and terms of service.
• Prohibited Uses: The SDK may not be used for surveillance, unauthorized recording, harassment, stalking, or any unlawful purpose.
• Revocation: Munay reserves the right to revoke SDK access immediately for violations of these terms or the SDK License Agreement, without notice.
• No Warranty: The SDK is provided "as is" for enterprise integrators. Production use requires an active support agreement.

Third-Party Services

Munay integrates with third-party services to enhance functionality:

• Apple Health: Optional integration subject to Apple's terms and your device permissions
• Android Health Connect (Google): Optional read-only integration for Heart Rate, Resting Heart Rate, HRV, and Steps. Data is processed on-device only and governed by Google's Health Connect Privacy Policy and your device permissions.
• Apple App Store: iOS app distribution subject to Apple's App Store Review Guidelines
• Google Play Store: Android app distribution subject to Google Play's Developer Program Policies
• Location Services: Used for emergency features and live supervisor tracking (Lone Worker Platform)
• WebRTC Signaling Servers: Used transiently for peer-to-peer call negotiation; no media content is stored
• Payment Processors: Future premium features may use third-party payment systems
• We are not responsible for third-party service failures, privacy practices, or terms changes

Limitation of Liability and Disclaimers

Maximum Liability: Our total liability to you is limited to the amount paid for Munay services (currently $0 for free users). We disclaim liability for indirect, incidental, or consequential damages including personal injury, property damage, or emotional distress.

Indemnification

You agree to indemnify and hold harmless Munay LLC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses arising from:

• Your use of Munay services
• Your violation of these terms
• Your interactions with other users
• Content you upload or share
• Any misuse of safety or emergency features

Governing Law and Dispute Resolution

These terms are governed by the laws of the State of Colorado, United States, without regard to conflict of law principles. Any disputes will be resolved through binding arbitration in Colorado, except for claims involving intellectual property or injunctive relief.

• Arbitration: Disputes must be resolved individually through arbitration, not class action lawsuits
• Jurisdiction: Colorado state and federal courts have exclusive jurisdiction for non-arbitrable matters
• Time Limit: Claims must be brought within one year of when they arise

Changes to Terms

We may update these terms as Munay evolves and new safety features are introduced. We will:

• Notify you of material changes via email and in-app notifications
• Provide 30 days notice before changes take effect
• Allow you to review changes before they become binding
• Give you the option to delete your account if you disagree with new terms

Continued use of Munay after changes take effect constitutes acceptance of the updated terms.

European Union - GDPR Compliance

California - CCPA Compliance

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (We do not sell personal data)
• Right to Non-Discrimination: Equal treatment regardless of privacy choices

To exercise CCPA rights, contact us at info@munay.life with "CCPA Request" in the subject line.

Other International Jurisdictions

We respect privacy rights in all jurisdictions where Munay operates:

• Canada (PIPEDA): Privacy rights and data breach notification requirements
• Australia (Privacy Act): Australian Privacy Principles compliance
• Brazil (LGPD): Data protection rights similar to GDPR
• Other Countries: Local privacy laws are respected where applicable

Data Retention Periods

International Age Requirements

Age requirements may vary by jurisdiction:

• Global Minimum: 18 years (as specified in Terms of Service)
• EU/UK: 18 years (above GDPR consent age of 16)
• Higher Local Requirements: We comply with stricter local age requirements where applicable

Cross-Border Data Processing

Munay operates globally with servers primarily in the United States. When you use our services from outside the US:

• Your data may be transferred to and processed in the United States
• We implement appropriate safeguards for international transfers
• Standard Contractual Clauses (SCCs) protect EU data transfers
• We comply with applicable data localization requirements