Munay: Privacy Policy and Terms of Service

Data Collection

Munay collects the essential information needed to provide our services—focusing on personal safety, energy forecasting, and health monitoring.

Data Protection & Security

We are committed to building a foundation of trust:

• We implement industry-leading security measures, including end-to-end encryption for all personal communications and alert data transfer.
• All sensitive data is stored in secure cloud environments with regular security audits.
• We use strong access controls to ensure that only essential personnel can access anonymized data for system maintenance.
• We have a strict policy against selling personal data to third parties.

Enterprise Data Processing & Lone Worker Platform

When Munay is deployed by an organization through the Lone Worker Platform, data processing operates under a dual-controller model:

• Organization as Data Controller: Your employer or brokerage determines the scope of monitoring, including which agents are enrolled, what supervisor visibility is enabled, and how audit logs are used for E&O compliance.
• Agent Consent: Agents must explicitly accept enterprise enrollment and monitoring terms before the organization can access any location or activity data. Consent is separate from standard app consent.
• Supervisor Access: Designated supervisors can view real-time location, battery level, showing status, and initiate audio calls to enrolled agents during active work sessions only. Access is scoped to active sessions and does not extend to personal app usage outside of work journeys.
• Audit Trail Logs: Showing check-ins, supervisor call records, and session events are retained as part of the brokerage's audit trail for E&O insurance and compliance purposes. Retention is governed by the organization's data processing agreement.
• Data Separation: Enterprise monitoring data is logically separated from personal consumer app data. Supervisors cannot access personal health data, emergency contacts, or non-work journey data.
• Offboarding: Upon an agent's removal from an organization, all enterprise-linked monitoring data access is revoked. Historical audit logs may be retained by the organization per their agreement.

WebRTC SDK Data Practices

The Munay WebRTC SDK enables third-party Android applications to integrate peer-to-peer audio and video calling. The following data practices apply:

• No Media Storage: Audio and video streams are transmitted directly peer-to-peer (P2P) using WebRTC. Munay does not record, store, or process the content of calls.
• Signaling Metadata: Connection signaling data (session negotiation, ICE candidates) passes through Munay's signaling infrastructure transiently and is not persisted.
• Call Event Telemetry: SDK integrators receive call event callbacks (connected, disconnected, failed). Munay may collect anonymized, aggregated telemetry for SDK reliability and performance monitoring.
• Developer Responsibility: Third-party developers integrating the SDK are independently responsible for their own privacy policies, user consent, and compliance with applicable laws in their applications.
• API Key Security: SDK API keys are issued per application and must be kept confidential. Munay may revoke keys for abuse or terms violations.

Apple Health Integration & Wellness Data

Our health and wellness features are entirely opt-in and privacy-focused:

• Birth Date Data: Used solely to calculate the Physical, Emotional, and Intellectual Biorhythm cycles for your energy forecast.
• Health Data: Is anonymized and separated from your profile name/photo before being used to calculate personalized wellness insights and safety recommendations.
• No specific health values are shared with other users; only aggregated wellness indicators are used for personalized features.
• You can revoke Apple Health data access at any time through the in-app Permissions Hub.
• Upon account deletion, all associated health and profile data is purged from our active systems.

Age Requirement and Eligibility

This age requirement applies to all Munay features including journey protection, Silent Alert, and wellness monitoring. We reserve the right to verify age through appropriate means and to suspend or terminate accounts that do not meet this requirement.

Acceptance and Service Scope

By using Munay, you agree to these Terms. Munay provides a Personal Safety & Journey Protection Platform designed to protect you during vulnerable moments through real-time location sharing, Silent Alert, and guardian coordination features.

Safety Features

Our safety tools are designed to enhance your personal security during vulnerable moments (e.g., first dates, solo travel, late-night commutes, solo adventures):

• Silent Alert System: Activated via your iPhone Action Button or the in-app emergency button, this feature instantly sends your precise location to emergency contacts. No unlock required, no typing needed.
• Journey Protection: Time-bound location sharing with chosen guardians during specific activities, with automatic privacy restoration when journeys end.
• Personal Responsibility: Safety features supplement, but do not replace, your personal judgment, discretion, or local emergency services (e.g., 911).
• Munay is not liable for the outcomes of real-world incidents. Users are solely responsible for their own safety decisions and precautions.

Acceptable Use and Community Standards

Munay is built to foster responsible use of safety and journey protection features:

• Honest Representation: Provide accurate information in your profile (especially birth date for Biorhythms).
• Respectful Communication: No harassment, discrimination, or hate speech against any user.
• Lawful Use: Compliance with all local laws and regulations.
• Misuse of Safety: The emergency alert system must not be used for false reports or non-emergency testing.

Account Responsibilities

By using Munay, you agree to:

• Maintain the security of your login credentials.
• Immediately report any suspicious activity, technical vulnerabilities, or inappropriate content to the Munay Team.
• Ensure your Location and Notification permissions are correctly set up to guarantee the reliability of the Silent Emergency System.

Munay Trademark and Intellectual Property Rights

The Munay name, logo, design elements, and all proprietary content are owned by Munay LLC. You may not use, copy, reproduce, or distribute our trademark, logo, or proprietary materials without written permission. Unauthorized use may result in legal action and account termination.

User Content and Intellectual Property

You retain ownership of content you upload (photos, profile information, messages), but grant Munay a license to use this content to provide our services. You represent that:

• You own or have permission to use all content you upload
• Your content does not infringe on third-party rights
• You will not upload inappropriate, misleading, or copyrighted material
• Profile photos must accurately represent your current appearance

Prohibited Content and Behavior

The following are strictly prohibited on Munay:

• Fake profiles, impersonation, or misrepresentation of identity
• Spam, commercial solicitation, or promotional content
• Nudity, sexually explicit content, or inappropriate images
• Harassment, stalking, or threatening behavior
• Content promoting illegal activities, violence, or discrimination
• Attempts to circumvent safety features or app security

Termination and Account Deletion

Either you or Munay may terminate your account at any time:

• Your Rights: You may delete your account at any time through app settings. Upon deletion, your profile and personal data will be permanently removed within 30 days.
• Our Rights: We may suspend or terminate accounts that violate these terms, engage in prohibited behavior, or for safety reasons.
• Data Retention: Some data may be retained for legal compliance, safety investigations, or technical requirements as outlined in our Privacy Policy.
• Effect of Termination: Upon termination, your access to Munay services will cease, but these terms will continue to apply to prior use.

Enterprise Services & Lone Worker Platform Terms

Use of the Munay Lone Worker Platform by organizations is subject to the following additional terms:

• Organizational Agreement: Organizations must execute a separate Enterprise Data Processing Agreement (DPA) with Munay LLC before deploying the Lone Worker Platform to employees or agents.
• Employer Responsibility: Organizations are responsible for obtaining valid legal consent from their agents prior to enabling supervisor monitoring features, in compliance with applicable employment and wiretapping laws.
• Permitted Use: Supervisor monitoring is limited to legitimate workplace safety purposes during active work sessions. Use for personal surveillance, off-hours monitoring, or discriminatory purposes is strictly prohibited and will result in immediate account termination.
• Audit Log Integrity: Organizations may not alter, delete, or tamper with Munay-generated audit logs that have been designated for E&O or legal compliance purposes.
• Admin Credentials: Organization administrators are responsible for maintaining the security of admin credentials. Access must be revoked promptly for departing supervisors.
• Limitation of Liability: Munay's Lone Worker Platform is a safety monitoring tool and does not guarantee agent safety or incident prevention. Organizations retain ultimate responsibility for agent safety programs and compliance with OSHA or equivalent regulations.

WebRTC SDK License & Developer Terms

• License Grant: Munay grants a limited, non-exclusive, non-transferable license to integrate the Munay WebRTC SDK into your Android application for the purpose specified in your SDK License Agreement.
• Permitted Use: The SDK may only be used in applications that have a legitimate safety, field-worker, or enterprise communication purpose consistent with Munay's mission.
• No Sublicensing: You may not sublicense, resell, or redistribute the SDK or its components to third parties without written consent from Munay LLC.
• Attribution: Applications using the Munay WebRTC SDK must clearly disclose this in their own privacy policy and terms of service.
• Prohibited Uses: The SDK may not be used for surveillance, unauthorized recording, harassment, stalking, or any unlawful purpose.
• Revocation: Munay reserves the right to revoke SDK access immediately for violations of these terms or the SDK License Agreement, without notice.
• No Warranty: The SDK is provided "as is" for enterprise integrators. Production use requires an active support agreement.

Third-Party Services

Munay integrates with third-party services to enhance functionality:

• Apple Health: Optional integration subject to Apple's terms and your device permissions
• Apple App Store: iOS app distribution subject to Apple's App Store Review Guidelines
• Google Play Store: Android app distribution subject to Google Play's Developer Program Policies
• Location Services: Used for emergency features and live supervisor tracking (Lone Worker Platform)
• WebRTC Signaling Servers: Used transiently for peer-to-peer call negotiation; no media content is stored
• Payment Processors: Future premium features may use third-party payment systems
• We are not responsible for third-party service failures, privacy practices, or terms changes

Limitation of Liability and Disclaimers

Maximum Liability: Our total liability to you is limited to the amount paid for Munay services (currently $0 for free users). We disclaim liability for indirect, incidental, or consequential damages including personal injury, property damage, or emotional distress.

Indemnification

You agree to indemnify and hold harmless Munay LLC, its officers, directors, employees, and agents from any claims, damages, losses, or expenses arising from:

• Your use of Munay services
• Your violation of these terms
• Your interactions with other users
• Content you upload or share
• Any misuse of safety or emergency features

Governing Law and Dispute Resolution

These terms are governed by the laws of the State of Colorado, United States, without regard to conflict of law principles. Any disputes will be resolved through binding arbitration in Colorado, except for claims involving intellectual property or injunctive relief.

• Arbitration: Disputes must be resolved individually through arbitration, not class action lawsuits
• Jurisdiction: Colorado state and federal courts have exclusive jurisdiction for non-arbitrable matters
• Time Limit: Claims must be brought within one year of when they arise

Changes to Terms

We may update these terms as Munay evolves and new safety features are introduced. We will:

• Notify you of material changes via email and in-app notifications
• Provide 30 days notice before changes take effect
• Allow you to review changes before they become binding
• Give you the option to delete your account if you disagree with new terms

Continued use of Munay after changes take effect constitutes acceptance of the updated terms.

European Union - GDPR Compliance

California - CCPA Compliance

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (We do not sell personal data)
• Right to Non-Discrimination: Equal treatment regardless of privacy choices

To exercise CCPA rights, contact us at info@munay.life with "CCPA Request" in the subject line.

Other International Jurisdictions

We respect privacy rights in all jurisdictions where Munay operates:

• Canada (PIPEDA): Privacy rights and data breach notification requirements
• Australia (Privacy Act): Australian Privacy Principles compliance
• Brazil (LGPD): Data protection rights similar to GDPR
• Other Countries: Local privacy laws are respected where applicable

Data Retention Periods

International Age Requirements

Age requirements may vary by jurisdiction:

• Global Minimum: 18 years (as specified in Terms of Service)
• EU/UK: 18 years (above GDPR consent age of 16)
• Higher Local Requirements: We comply with stricter local age requirements where applicable

Cross-Border Data Processing

Munay operates globally with servers primarily in the United States. When you use our services from outside the US:

• Your data may be transferred to and processed in the United States
• We implement appropriate safeguards for international transfers
• Standard Contractual Clauses (SCCs) protect EU data transfers
• We comply with applicable data localization requirements