MoonFoxen SDK Privacy Policy

This Privacy Policy sets out the rules for the collection, use, storage, sharing and transfer of personal information of end-users (hereinafter referred to as "you") who enable the Moonfoxen SDK (hereinafter referred to as the "SDK") on your devices through our Partner Applications. It also clarifies your statutory data protection rights under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other applicable data protection laws and regulations in the European Union, the United States and Southeast Asia.

This version of the Privacy Policy is effective as of October 15, 2025. We reserve the right to amend this Policy unilaterally from time to time in accordance with applicable laws. Any amendments will take effect immediately upon publication on the relevant page of our official associated channels. For material changes to this Policy, we will notify you in a prominent manner, including but not limited to pop-up prompts in Partner Applications, email notifications, and announcements on our official contact channels.

If you have any questions, objections or requests regarding this Policy and your personal data processing, you may contact us through the official channels specified in Section 11 of this Policy at any time.

1. Scope of Application

This Policy applies to all end-users who enable and use the Moonfoxen SDK through authorized Partner Applications for the purpose of participating in the Moonfoxen traffic sharing service. It covers all personal information collected and processed by us in the process of your using the SDK, visiting our associated official web pages, and communicating with our customer service team.

The traffic sharing service provided by the Moonfoxen SDK means that you voluntarily share your device's legitimate internet traffic resources with us and our authorized partners, and we provide corresponding user rewards and withdrawal services in exchange for your shared resources. All data processing activities under this Policy are carried out for the normal operation of the above core services and in compliance with applicable data protection laws.

2. Personal Data We Collect and Collection Methods

We only collect a minimal set of personal data necessary for the provision of the SDK traffic sharing service, reward and withdrawal functions, and service optimization. All data is obtained directly from you or automatically collected through the SDK or associated official web pages with your explicit consent, and no irrelevant personal data will be collected without authorization.

2.1 Data Collected When Using the Moonfoxen SDK

When you enable and use the SDK through a Partner Application, we collect the following personal data through the SDK. Sensitive data is encrypted and stored.

  1. Registration Data: your user email address and encrypted login password for SDK account registration and identity verification.
  2. Reward & Withdrawal Related Data: your full name, registered email address, withdrawal amount, withdrawal request date, fund disbursement date, and transaction history, including earnings records and withdrawal records, used for accurate calculation of rewards and settlement of withdrawal disputes.
  3. Device Information: device IP address, operating system version, device model, last active timestamp, and approximate geographic location at city and country level only, with no precise positioning data.
  4. Network Information: only the on/off status of your device's Wi-Fi, used to verify the validity of the shared network resource.
  5. Partner Application Information: the name of the Partner Application through which you enabled the Moonfoxen SDK, used to ensure normal docking of SDK services with Partner Applications.
  6. Aggregated Statistical Data (Non-Personal Identifiable): crash and error reports of the SDK on your device, and aggregated SDK usage analytics, excluding any personal identifiable information, used for SDK function optimization and bug fixes.

2.2 Data Collected When Visiting Our Associated Official Web Pages

When you visit our official web pages associated with the SDK for inquiries, withdrawal help or similar purposes, we automatically collect the following non-identifiable or minimally identifiable data through the web page system:

  1. Your device IP address, approximate geographic location, browser type, device model and operating system version.
  2. Web page browsing behavior data, collected in aggregated form with no personal tracking.

We collect the above data through cookies and similar tracking technologies. See Section 9 for details.

2.3 Data Collected When Communicating with Customer Service

When you contact our customer service team for SDK service consultation, problem solving or data rights exercise through email, official web form, WhatsApp or similar channels, we collect data necessary for handling your inquiry: your full name if provided, registered email address, the subject and content of your inquiry, inquiry date, attachments if any, our reply content and communication records.

3. Purposes of Data Processing and Legal Bases for Processing

We process your personal data only for the specific, explicit and legitimate purposes stipulated in this Policy, and will not process your personal data for any unrelated purposes without your additional consent. The legal bases for data processing in accordance with GDPR and other applicable laws are as follows:

  1. Performance of a Contract: processing is necessary for the performance of the traffic sharing service contract between you and us, including providing SDK registration, traffic sharing, reward calculation, withdrawal and settlement services, and sending service necessary notifications.
  2. Legitimate Interests: processing is necessary for our legitimate business interests without overriding your fundamental rights and freedoms, including optimizing the SDK's function and stability, detecting and preventing fraudulent and abnormal account activities, ensuring the security of SDK services and data transmission, handling your customer service inquiries, and resolving service disputes.
  3. Your Explicit Consent: processing is based on your prior explicit consent, including sending you marketing and service update emails. You may withdraw your consent at any time.

3.1 Specific Purposes of Data Processing

  1. Provide and maintain the normal operation of the Moonfoxen SDK traffic sharing service, complete user identity verification, and issue corresponding rewards based on your shared network resources.
  2. Process your withdrawal requests, verify withdrawal information, complete fund settlement, and keep transaction records to resolve potential withdrawal discrepancies and disputes.
  3. Optimize the SDK's technical performance, fix bugs and errors, and improve the user experience of the SDK using only aggregated non-personal identifiable statistical data.
  4. Ensure the security of the SDK service and user accounts, detect and investigate fraudulent, illegal or abnormal activities, and protect the legitimate rights and interests of users and us.
  5. Comply with applicable legal and regulatory obligations, including tax reporting, responding to lawful inquiries from regulatory authorities, and resolving legal disputes related to the SDK service.
  6. Send you marketing information, such as new service updates and reward activities, through email or other channels only with your explicit consent. You may unsubscribe from such marketing information at any time.
  7. Handle your customer service inquiries and provide corresponding solutions and after-sales services.

4. Data Retention Periods

We adhere to the principle of minimal retention and will delete or anonymize your personal data immediately when it is no longer necessary for the processing purposes and there are no applicable legal obligations to retain it. The retention periods for personal data for different processing purposes are as follows, calculated from the date of your last SDK activity or the completion of the relevant processing purpose.

Purpose of Data Processing Data Retention Period
Provision of Moonfoxen SDK core services, including traffic sharing, reward and withdrawal 5 years after your last SDK activity or the end of the service contract
SDK optimization and service security protection, including abnormality detection and bug fixing 1 month
Handling of customer service inquiries and after-sales services 2 years after the resolution of your inquiry
Sending of marketing activities with user consent 2 years after your last consent, or immediately upon your unsubscribe request
Compliance with legal and regulatory obligations, including tax, dispute resolution and regulatory inquiries 10 years in accordance with applicable statutory retention periods

5. Data Sharing and Cross-Border Data Transfers

We will not sell, rent or disclose your personal data to any third party for commercial purposes without your explicit consent. We only share your personal data with authorized third parties when it is necessary for the provision of the SDK service, compliance with legal obligations, or protection of legitimate rights and interests. All third-party data recipients are required to comply with applicable data protection laws and sign strict data processing agreements to ensure the security of your personal data.

5.1 Categories of Authorized Third-Party Data Recipients

  1. Data Storage Service Providers: EU-based professional cloud storage service providers for encrypted storage of user personal data.
  2. Analytics & Technical Service Providers: EU and US-based service providers for SDK crash detection, error analysis and technical optimization, provided only with aggregated non-personal identifiable data.
  3. Email & Notification Service Providers: EU and Southeast Asia-based service providers for sending service necessary emails and withdrawal notifications, provided only with your registered email address and relevant service content.
  4. Payment Service Providers: authorized payment institutions in the EU, the US and Southeast Asia, provided only with your withdrawal-related data necessary for fund settlement.
  5. Authorized Business Partners: partners who cooperate with us in the traffic sharing service, provided only with your device's IP address and city/country level location data necessary for the traffic sharing service, in accordance with the contract performance obligation.
  6. Legal & Regulatory Authorities: state, governmental, law enforcement institutions and courts in the EU, the US and Southeast Asia, only when required by applicable laws or to exercise or defend our legitimate legal rights.

5.2 Cross-Border Data Transfers

Since the Moonfoxen SDK operates in the EU, the US and Southeast Asia, cross-border data transfers of personal data may be involved between these regions. For cross-border data transfers from the EU to third countries, including the US and Southeast Asia, we comply with GDPR requirements and adopt Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for cross-border transfers to ensure adequate protection of personal data. For cross-border data transfers in the US and Southeast Asia, we comply with the applicable data protection laws and regulations of the relevant regions, including CCPA.

6. Your Data Protection Rights (GDPR & CCPA Compliant)

In accordance with GDPR for EU users, CCPA for California users and other applicable data protection laws in the US and Southeast Asia, you have statutory data protection rights regarding your personal data processed by us. We will not discriminate against you in any way, such as denying SDK services or changing reward rules, for exercising your legitimate data rights.

6.1 Rights Under GDPR (for EU Users)

  1. Right of Access: request confirmation of whether we process your personal data and access the specific content of your personal data and relevant processing information.
  2. Right to Rectification: request us to rectify inaccurate or incomplete personal data about you.
  3. Right to Erasure: request deletion of your personal data in accordance with GDPR provisions.
  4. Right to Restriction of Processing: request restriction of processing in accordance with GDPR provisions.
  5. Right to Data Portability: request your personal data in a structured, commonly used and machine-readable form, or transmit the data to another authorized controller.
  6. Right to Object: object to processing based on our legitimate interests, unless we can prove compelling legitimate grounds that override your rights.
  7. Right to Withdraw Consent: withdraw your explicit consent at any time.
  8. Right to Lodge a Complaint: lodge a complaint with the relevant data protection supervisory authority.
  9. Right to Non-Discrimination: avoid discriminatory treatment for exercising your data rights.

6.2 Rights Under CCPA (for California Users)

  1. Right to Know: request disclosure of the categories and specific content of personal data we collect, use and share about you, and the sources of such data.
  2. Right to Delete: request deletion of your personal data collected from you, subject to applicable exceptions under CCPA.
  3. Right to Data Portability: request personal data in a portable format that is easy to transmit to another data controller.
  4. Right to Opt-Out of Sale of Personal Data: opt out of the sale of your personal data. We do not sell your personal data to any third party, so this right applies to any potential future relevant activities.
  5. Right to Non-Discrimination: avoid discriminatory treatment for exercising your data rights.

6.3 How to Exercise Your Data Rights

You may exercise the above data rights by contacting us through the official channels specified in Section 11 of this Policy. To ensure the security of your personal data, we will conduct reasonable identity verification based on your registered email address and other registration information before processing your request. We will respond to your valid request in accordance with applicable laws and regulations within the statutory time limit: GDPR within 1 month; CCPA within 45 days, which may be extended as permitted by law.

In most cases, you may also independently view, edit or update your basic personal data, such as email address and withdrawal information, through the relevant setting page of the Partner Application through which you enabled the SDK.

7. Automated Decision-Making and Profiling

We do not make any decisions based solely on automated processing, including profiling, that will produce legal effects or significantly affect your rights and interests in accordance with GDPR and CCPA.

For the purpose of SDK service security and anti-fraud, we use simple algorithms to detect abnormal activities in the user's SDK usage, such as abnormal traffic sharing or multiple account login on the same device. If the algorithm detects potential abnormalities, the relevant activities will be immediately submitted to our manual review team for verification. Any subsequent processing, such as temporary suspension of SDK services, will be based on the results of manual review and will not be decided by automated algorithms alone.

8. Minors' Data Protection

We strictly comply with the Children's Online Privacy Protection Act (COPPA) of the US, GDPR and the minor protection laws of Southeast Asian countries, and do not intend to collect any personal data of minors under the age of 13. The Moonfoxen SDK service is not intended for use by minors under the age of 13, and we will not provide SDK services to such minors.

If we accidentally collect personal data of a minor without the consent of the minor's legal guardian, we will delete or anonymize the relevant data immediately after becoming aware of it. If you are the legal guardian of a minor and find that the minor has provided personal data to us without your consent, you may contact us through the official channels specified in Section 11 to request deletion of the minor's personal data, and we will process your request immediately after identity verification.

9. Cookies and Similar Tracking Technologies

Our official web pages associated with the SDK, and the web view mode of the SDK, use cookies and similar tracking technologies such as web beacons to collect non-personal identifiable data for optimizing web page experience, analyzing web page usage and ensuring web page security. We do not use such technologies to collect or track your personal identifiable information without your consent.

Cookies are small text files stored on your device by your browser. They do not contain personal identifiable information by default, and the data stored in cookies will not be linked to your personal data unless you have registered and logged in to the relevant service. We classify cookies into the following categories in accordance with applicable laws:

  1. Necessary Cookies: enabled by default and necessary for the normal operation of our official web pages, such as maintaining web page session and ensuring the normal use of customer service forms. Such cookies cannot be disabled because they are prerequisites for the web page to function properly.
  2. Statistical Cookies: used to collect aggregated web page usage data, such as page visit volume and browsing duration, for web page optimization and technical analysis. Such cookies do not track individual users and the data collected is aggregated and anonymized.
  3. Marketing Cookies: used to send you personalized marketing information only with your explicit consent, such as SDK reward activities. You may disable such cookies at any time.

11. Contact Us

If you have any questions, objections, requests or complaints regarding this Privacy Policy, your personal data processing, or the exercise of your data protection rights, you may contact our customer service team through the following official channels at any time. We will reply to you and resolve your issues in accordance with applicable data protection laws and regulations:

  1. Official Email: support@moonfoxen.com
  2. Official Web Form: https://center.moonfoxen.com/TicketSubmission/Index
  3. Whatsapp: +852 4748 0080
  4. Telegram: @Moonfoxenhello

We will process your inquiry and request as soon as possible and provide a clear and specific response within the statutory time limit.