Moonfoxen SDK Privacy Policy

This Privacy Policy sets out the rules for the collection, use, storage, sharing and transfer of personal information of end-users (hereinafter referred to as "you") who enable the Moonfoxen SDK (hereinafter referred to as the "SDK") on your devices through our Partner Applications. It also clarifies your statutory data protection rights under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other applicable data protection laws and regulations in the European Union, the United States and Southeast Asia.

This version of the Privacy Policy is effective as of October 15, 2025. We reserve the right to amend this Policy unilaterally from time to time in accordance with applicable laws. Any amendments will take effect immediately upon publication on the relevant page of our official associated channels. For material changes to this Policy, we will notify you in a prominent manner (including but not limited to pop-up prompts in Partner Applications, email notifications, and announcements on our official contact channels) in advance to ensure you are aware of the revised content.

If you have any questions, objections or requests regarding this Policy and your personal data processing, you may contact us through the official channels specified in Section 11 of this Policy at any time.

1. Scope of Application

This Policy applies to all end-users who enable and use the Moonfoxen SDK through authorized Partner Applications for the purpose of participating in the Moonfoxen traffic sharing service. It covers all personal information collected and processed by us in the process of your using the SDK, visiting our associated official web pages, and communicating with our customer service team.

The traffic sharing service provided by the Moonfoxen SDK means that you voluntarily share your device's legitimate internet traffic resources with us and our authorized partners, and we provide corresponding user rewards and withdrawal services in exchange for your shared resources. All data processing activities under this Policy are carried out for the normal operation of the above core services and in compliance with applicable data protection laws.

2. Personal Data We Collect and Collection Methods

We only collect a minimal set of personal data necessary for the provision of the SDK traffic sharing service, reward and withdrawal functions, and service optimization. All data is obtained directly from you or automatically collected through the SDK/associated official web pages with your explicit consent, and no irrelevant personal data will be collected without authorization.

2.1 Data Collected When Using the Moonfoxen SDK

When you enable and use the SDK through a Partner Application, we collect the following personal data through the SDK (all sensitive data is encrypted and stored):

  1. Registration Data: Your user email address and encrypted login password (for SDK account registration and identity verification).
  2. Reward & Withdrawal Related Data: Your full name, registered email address, withdrawal amount, withdrawal request date, fund disbursement date, and transaction history (including earnings records and withdrawal records, used for accurate calculation of rewards and settlement of withdrawal disputes).
  3. Device Information: Device IP address, operating system version, device model, last active timestamp, and approximate geographic location (only city and country level, no precise positioning data).
  4. Network Information: Only the on/off status of your device's Wi-Fi (used to verify the validity of the shared network resource).
  5. Partner Application Information: The name of the Partner Application through which you enabled the Moonfoxen SDK (used to ensure the normal docking of SDK services with Partner Applications).
  6. Aggregated Statistical Data (Non-Personal Identifiable): Crash and error reports of the SDK on your device, and aggregated SDK usage analytics (excluding any personal identifiable information, used for SDK function optimization and bug fixes).

2.2 Data Collected When Visiting Our Associated Official Web Pages

When you visit our official web pages associated with the SDK (for inquiries, withdrawal help, etc.), we automatically collect the following non-identifiable or minimally identifiable data through the web page system:

  1. Your device IP address, approximate geographic location, browser type, device model and operating system version.
  2. Web page browsing behavior data (aggregated, no personal tracking).

We collect the above data through cookies and similar tracking technologies (see Section 9 for details).

2.3 Data Collected When Communicating with Customer Service

When you contact our customer service team for SDK service consultation, problem solving or data rights exercise (through email, official web form, WhatsApp, etc.), we collect the following data necessary for handling your inquiry:Your full name (if provided), registered email address, the subject and content of your inquiry, inquiry date, attachments (if any) associated with the inquiry, and our reply content and communication records.

3. Purposes of Data Processing and Legal Bases for Processing

We process your personal data only for the specific, explicit and legitimate purposes stipulated in this Policy, and will not process your personal data for any unrelated purposes without your additional consent. The legal bases for data processing in accordance with GDPR and other applicable laws are as follows:

  1. Performance of a Contract: Processing is necessary for the performance of the traffic sharing service contract between you and us, including providing SDK registration, traffic sharing, reward calculation, withdrawal and settlement services, and sending service necessary notifications.
  2. Legitimate Interests: Processing is necessary for our legitimate business interests (without overriding your fundamental rights and freedoms), including optimizing the SDK's function and stability, detecting and preventing fraudulent and abnormal account activities, ensuring the security of SDK services and data transmission, handling your customer service inquiries, and resolving service disputes.
  3. Your Explicit Consent: Processing is based on your prior explicit consent, including sending you marketing and service update emails (you may withdraw your consent at any time).

3.1 Specific Purposes of Data Processing

  1. Provide and maintain the normal operation of the Moonfoxen SDK traffic sharing service, complete user identity verification, and issue corresponding rewards based on your shared network resources.
  2. Process your withdrawal requests, verify withdrawal information, complete fund settlement, and keep transaction records to resolve potential withdrawal discrepancies and disputes.
  3. Optimize the SDK's technical performance, fix bugs and errors, and improve the user experience of the SDK (using only aggregated non-personal identifiable statistical data).
  4. Ensure the security of the SDK service and user accounts, detect and investigate fraudulent, illegal or abnormal activities, and protect the legitimate rights and interests of users and us.
  5. Comply with applicable legal and regulatory obligations, including tax reporting, responding to lawful inquiries from regulatory authorities, and resolving legal disputes related to the SDK service.
  6. Send you marketing information (such as new service updates, reward activities) through email or other channels only with your explicit consent; you may unsubscribe from such marketing information at any time.
  7. Handle your customer service inquiries and provide corresponding solutions and after-sales services.

4. Data Retention Periods

We adhere to the principle of minimal retention and will delete or anonymize your personal data immediately when it is no longer necessary for the processing purposes and there are no applicable legal obligations to retain it. The retention periods for personal data for different processing purposes are as follows (calculated from the date of your last SDK activity or the completion of the relevant processing purpose):

Purpose of Data Processing

Data Retention Period

Provision of Moonfoxen SDK core services (traffic sharing, reward, withdrawal)

5 years after your last SDK activity or the end of the service contract

SDK optimization and service security protection (abnormality detection, bug fixing)

1 month

Handling of customer service inquiries and after-sales services

2 years after the resolution of your inquiry

Sending of marketing activities (with user consent)

2 years after your last consent, or immediately upon your unsubscribe request

Compliance with legal and regulatory obligations (tax, dispute resolution, regulatory inquiries)

10 years in accordance with applicable statutory retention periods

5. Data Sharing and Cross-Border Data Transfers

We will not sell, rent or disclose your personal data to any third party for commercial purposes without your explicit consent. We only share your personal data with authorized third parties when it is necessary for the provision of the SDK service, compliance with legal obligations, or protection of legitimate rights and interests, and all third-party data recipients are required to comply with applicable data protection laws and sign strict data processing agreements to ensure the security of your personal data.

5.1 Categories of Authorized Third-Party Data Recipients

  1. Data Storage Service Providers: EU-based professional cloud storage service providers (for encrypted storage of user personal data).
  2. Analytics & Technical Service Providers: EU and US-based service providers for SDK crash detection, error analysis and technical optimization (only provided with aggregated non-personal identifiable data).
  3. Email & Notification Service Providers: EU and Southeast Asia-based service providers for sending service necessary emails and withdrawal notifications (only provided with your registered email address and relevant service content).
  4. Payment Service Providers: Authorized payment institutions in the EU, the US and Southeast Asia (only provided with your withdrawal-related data necessary for fund settlement).
  5. Authorized Business Partners: Partners who cooperate with us in the traffic sharing service (only provided with your device's IP address and city/country level location data necessary for the traffic sharing service, in accordance with the contract performance obligation).
  6. Legal & Regulatory Authorities: State, governmental, law enforcement institutions and courts in the EU, the US and Southeast Asia (only disclose your personal data when required by applicable laws or to exercise/defend our legitimate legal rights).

5.2 Cross-Border Data Transfers

Since the Moonfoxen SDK operates in the EU, the US and Southeast Asia, cross-border data transfers of personal data may be involved between these regions. For cross-border data transfers from the EU to third countries (including the US and Southeast Asia), we comply with GDPR requirements and adopt Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for cross-border transfers to ensure the adequate protection of personal data. For cross-border data transfers in the US and Southeast Asia, we comply with the applicable data protection laws and regulations of the relevant regions (including CCPA).

6. Your Data Protection Rights (GDPR & CCPA Compliant)

In accordance with GDPR (applicable to EU users), CCPA (applicable to California users) and other applicable data protection laws in the US and Southeast Asia, you have the following statutory data protection rights regarding your personal data processed by us. We will not discriminate against you in any way (e.g., deny SDK services, change reward rules) for exercising your legitimate data rights.

6.1 Rights Under GDPR (for EU Users)

  1. Right of Access: You may request confirmation of whether we process your personal data and access the specific content of your personal data and relevant processing information.
  2. Right to Rectification: You may request us to rectify inaccurate or incomplete personal data about you.
  3. Right to Erasure (Right to be Forgotten): You may request us to delete your personal data in accordance with GDPR provisions (e.g., when the data is no longer necessary for processing purposes, you withdraw your consent, the processing is unlawful, etc.).
  4. Right to Restriction of Processing: You may request us to restrict the processing of your personal data in accordance with GDPR provisions (e.g., when you contest the accuracy of the data, the processing is unlawful, etc.).
  5. Right to Data Portability: You may request us to provide your personal data provided by you in a structured, commonly used and machine-readable form, or transmit the data to another authorized data controller.
  6. Right to Object: You may object to the processing of your personal data based on our legitimate interests (we will stop processing unless we can prove compelling legitimate grounds for the processing that override your rights).
  7. Right to Withdraw Consent: You may withdraw your explicit consent to data processing at any time (the withdrawal will not affect the validity of data processing based on the consent before withdrawal).
  8. Right to Lodge a Complaint: You may lodge a complaint with the relevant data protection supervisory authority in the EU member state of your habitual residence, place of work or where the alleged infringement occurred.
  9. Right to Non-Discrimination: You have the right to not be subjected to any discriminatory treatment for exercising your above data rights.

6.2 Rights Under CCPA (for California Users)

  1. Right to Know: You may request us to disclose the categories and specific content of personal data we collect, use and share about you, and the sources of such data.
  2. Right to Delete: You may request us to delete your personal data collected from you (subject to applicable exceptions under CCPA).
  3. Right to Data Portability: You may request us to provide your personal data in a portable format that is easy to transmit to another data controller.
  4. Right to Opt-Out of Sale of Personal Data: You have the right to opt out of the sale of your personal data (we do not sell your personal data to any third party, so this right applies to any potential future relevant activities).
  5. Right to Non-Discrimination: You have the right to not be subjected to any discriminatory treatment for exercising your above data rights.

6.3 How to Exercise Your Data Rights

You may exercise the above data rights by contacting us through the official channels specified in Section 11 of this Policy. To ensure the security of your personal data, we will conduct a reasonable identity verification (based on your registered email address and other registration information) before processing your request. We will respond to your valid request in accordance with applicable laws and regulations within the statutory time limit (GDPR: 1 month; CCPA: 45 days, may be extended as permitted by law).

In most cases, you may also independently view, edit or update your basic personal data (e.g., email address, withdrawal information) through the relevant setting page of the Partner Application through which you enabled the SDK.

7. Automated Decision-Making and Profiling

We do not make any decisions based solely on automated processing (including profiling) that will produce legal effects or significantly affect your rights and interests in accordance with GDPR and CCPA.

For the purpose of SDK service security and anti-fraud, we use simple algorithms to detect abnormal activities in the user's SDK usage (e.g., abnormal traffic sharing, multiple account login on the same device). If the algorithm detects potential abnormalities, the relevant activities will be immediately submitted to our manual review team for verification. Any subsequent processing (e.g., temporary suspension of SDK services) will be based on the results of manual review and will not be decided by automated algorithms alone.

8. Minors' Data Protection

We strictly comply with the Children's Online Privacy Protection Act (COPPA) of the US, GDPR and the minor protection laws of Southeast Asian countries, and do not intend to collect any personal data of minors under the age of 13. The Moonfoxen SDK service is not intended for use by minors under the age of 13, and we will not provide SDK services to such minors.

If we accidentally collect personal data of a minor without the consent of the minor's legal guardian, we will delete or anonymize the relevant data immediately after becoming aware of it. If you are the legal guardian of a minor and find that the minor has provided personal data to us without your consent, you may contact us through the official channels specified in Section 11 to request the deletion of the minor's personal data, and we will process your request immediately after identity verification.

9. Cookies and Similar Tracking Technologies

Our official web pages associated with the SDK (and the web view mode of the SDK) use cookies and similar tracking technologies (e.g., web beacons) to collect non-personal identifiable data for the purpose of optimizing web page experience, analyzing web page usage and ensuring web page security. We do not use such technologies to collect or track your personal identifiable information without your consent.

Cookies are small text files stored on your device by your browser, which do not contain personal identifiable information by default, and the data stored in cookies will not be linked to your personal data unless you have registered and logged in to the relevant service. We classify cookies into the following categories in accordance with applicable laws:

  1. Necessary Cookies: Enabled by default, necessary for the normal operation of our official web pages (e.g., maintaining web page session, ensuring the normal use of customer service forms). Such cookies cannot be disabled as they are the prerequisite for the web page to function properly.
  2. Statistical Cookies: Used to collect aggregated web page usage data (e.g., page visit volume, browsing duration) for web page optimization and technical analysis. Such cookies do not track individual users and the data collected is aggregated and anonymized.
  3. Marketing Cookies: Used to send you personalized marketing information only with your explicit consent (e.g., SDK reward activities). You may disable such cookies at any time.

10. Management of Cookies and Similar Tracking Technologies

10.1 Consent for Non-Necessary Cookies

When you visit our official web pages for the first time, a cookie consent prompt will pop up on the page. You may choose to accept or reject statistical cookies and marketing cookies (non-necessary cookies); necessary cookies are enabled by default and cannot be rejected. Your consent choice will be stored on your device and will take effect immediately.

10.2 How to Manage/Disable Cookies

You may manage, enable or disable cookies at any time through the following two ways:

  1. Web Page Consent Setting: Re-adjust your cookie consent choice through the cookie setting button on our official web pages (prominent position on the homepage).
  2. Browser Setting: Configure your browser to decline some or all non-necessary cookies, or ask for your permission before accepting cookies. The specific operation methods for mainstream browsers are as follows:
    1. Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
    2. Google Chrome: https://support.google.com/chrome/answer/95647
    3. Opera: https://www.opera.com/help/tutorials/security/privacy
    4. Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
    5. Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-information-sfri11471/mac

Note: If you delete or disable non-necessary cookies, some functions of our official web pages may be limited (e.g., aggregated usage data analysis), but this will not affect the normal operation of the core traffic sharing, reward and withdrawal functions of the Moonfoxen SDK.

11. Contact Us

If you have any questions, objections, requests or complaints regarding this Privacy Policy, your personal data processing, or the exercise of your data protection rights, you may contact our customer service team through the following official channels at any time. We will reply to you and resolve your issues in accordance with applicable data protection laws and regulations:

  1. Official Email: support@moonfoxen.com
  2. Official Web Form: moonfoxen.com/excel
  3. WhatsApp: moonfoxenwhats

We will process your inquiry and request as soon as possible and provide a clear and specific response within the statutory time limit.