Frequently Asked Questions (FAQ)

Quick help hub for common questions about accounts, earning, rewards, privacy, security & support.

Getting Started

Create an account (email/password or supported social login).
Verify your email (link expires quickly; request another if needed).
(Optional) Enable Multi‑Factor Authentication (MFA) for added security.
Complete an introductory offer or tutorial to learn earning basics.
Personalize preferences (language, device, consent choices).

Quick start: earning in 60 seconds

Verify your email.
Open the Offers / Earn tab.
Pick an offer → read & follow all listed conditions.
Watch status: Pending → Cleared (minutes to a few hours for most; some longer).
Reach minimum redemption threshold → choose reward → checkout.

What platforms / devices are supported?

Modern desktop & mobile browsers (latest Chrome, Edge, Firefox, Safari). JavaScript, cookies (at least essential), and secure connections (HTTPS) required. Avoid aggressive content blockers that can break tracking. Future native app support may be announced in release notes.

Account

Who can use Rewardly?

You must:

Be at least 13 years old or the higher local minimum age.
Between local minimum and age of majority: have required parental/guardian consent where law demands.
Not be under 13 where COPPA‑like or equivalent protections apply.
Agree to Terms of Service and Privacy Policy.

See current Minimum Age Requirements by Country . Misrepresenting age can lead to restriction or closure.

Do I need to verify my email?

Yes. Until verified, core features (earning, withdrawals, support cases) are limited. Unverified accounts inactive for 2 days may auto‑expire (data minimization & security).

How do I change my email or password?

Account → Security Settings:

Change password: requires current password + new strong password.
Change email: verification link sent to new address (old email may receive notice). Some changes may be rate‑limited for security.

Can I delete my account?

Yes via Account → Privacy Settings or by contacting support.

Process:

30‑day grace period (account locked; log in to cancel deletion).
After grace: irreversible purge except legally required records (e.g., fraud logs ≤ 1 year, tax / financial records 5–10 years).
Residual data minimized then securely disposed once obligations lapse.

Forgotten password?

Use Forgot Password. We email a single‑use, time‑limited reset link. MFA users may also need a second factor.

Lost MFA device?

Try backup codes (if previously saved).
Open a support ticket tagged "Account Access".
Provide: account email, approximate last login, country, recent legitimate offer IDs (ownership proof).
We may request short ID verification (government ID + selfie) depending on risk signals.

Typical resolution: 1–3 business days (complex/high‑risk cases can extend).

Account locked or suspected compromise?

Immediate:

Reset password (unique; not reused elsewhere).
Contact support ("Account Access" category).

We may require identity evidence (photo ID, recent activity proof). Initial triage target: within 1 business day; full restoration depends on investigation scope.

Privacy & Data

What data do you collect?

Operational minimum: account identifiers, offer / reward events, device & security telemetry, consent preferences, payout + tax info (when required), and user‑supplied content (support tickets, profile). See Privacy Policy for comprehensive lists & legal bases.

Do you sell my personal information?

No. We do not “sell” personal information as defined in applicable laws (e.g., CCPA/CPRA) nor act as a data broker. Revenue derives from optional advertising & affiliate partnerships.

How can I control tracking technologies like cookies?

See Technologies plus Cookies & Ads. Each category lists purpose, retention & opt‑out options.

How do I opt out of analytics or advertising tracking?

Consent banner on first visit lets you decline or granularly toggle non‑essential categories (analytics, advertising).

Your choices:

Stored locally and (after sign‑in) server‑side for cross‑device sync.
Reapplied after clearing local storage once you sign back in.
Reopen anytime via “Privacy Choices” (footer / settings).

Declining non‑essential categories may reduce personalization; core functionality remains.

Automated decision making?

Automated risk scoring (fraud & abuse detection) assists review. High‑impact decisions (permanent suspension, large payout holds) allow request for human review.

Where is my data stored and how is it transferred?

Primary + failover data centers: EU. Limited transfers (e.g., CDN logs, anti‑fraud telemetry, email delivery) may involve subprocessors. For transfers outside EEA/UK we use Standard Contractual Clauses or equivalent safeguards.

We partner with established offer providers and advertising/marketing companies to bring you earning opportunities. These include offerwall providers (like Revlum, Torox, MyChips, Adscend Media, Lootably, ayeT-Studios, KiwiWall, and TheoremReach) that provide the tasks and surveys you complete to earn rewards.

We share minimal data with partners—typically just a unique identifier (not your real name or email), offer completion status, basic device information for fraud prevention, and timestamps. We never share your full personal profile, earning history beyond the specific offer, or platform communications with offer partners.

For complete transparency about our partners, what each does, and exactly what information is shared, see our Third-Party Partners page.

Can I opt out of working with specific partners?

Offer partners are integral to how our platform works—they provide the earning opportunities. While you can't opt out of specific partners and still use those offers, you always have full control over which offers you choose to complete. Each offer clearly displays its provider, so you can make informed decisions.

For social authentication providers (Google, Microsoft, Facebook, X), these are entirely optional. You can always create an account using just email and password without using any third-party authentication.

Rewards & Redemptions

How do I earn?

Complete verified offers, surveys, in‑app activities, referrals & promotions. Each lists criteria + reward value before you begin.

Why is a reward pending?

Partner validation (fraud checks, completion confirmation) causes Pending. Typical: minutes → few hours; some surveys/offers up to 7 days. After 7 days unresolved items auto‑flag for internal review. You may open a ticket after 72 hours if urgent.

My offer did not credit—what now?

Re‑check offer conditions (time on page, required actions, unique email, no VPN/proxy, within deadline).
Collect evidence:

Offer / campaign name or ID
Timestamps (start & completion)
Screenshots (confirmation page, receipts)
Device + browser / app version

Submit a support ticket with evidence. Duplicate submissions or falsified evidence (edited images, staged screenshots) can trigger sanctions.
Most valid disputes resolve in 3–7 business days; complex third‑party reviews can exceed that.

What if a cleared reward gets reversed?

Rarely, a partner may retroactively invalidate (fraud, chargeback, unmet conditions). We deduct equivalent balance (not below zero without notice). You’ll see a reversal entry with reason code. Repeated reversals can trigger extra verification.

How long do redemptions take?

Standard processing: typically 0–1 business day. Anti‑fraud review, provider queue (e.g., gift card issuer, game item trade rules) can add delay.

What are common redemption edge cases?

Rejected payout: incorrect details or failed fraud checks → fix & resubmit.
Expired gift card claim link: request reissue (if unclaimed) within validity window.
Chargebacks / reversed transactions: equivalent points deducted; repeated issues → verification.
Stale payout method: update before next request to avoid delays.

Do rewards or points expire?

Points/balances currently don’t expire solely due to time. Accounts inactive (no login + no earning) for 12 consecutive months may be flagged; we email notices before potential closure (where allowed) with reasonable attempt to process eligible withdrawals first.

What counts as a valid referral?

New user (no prior account / device fingerprint).
Completes minimum qualifying activity (e.g., first order completion).
Not self‑referral (same person, household abuse patterns) or bulk / automated signups.

What limits and anti‑abuse measures exist?

Dynamic per‑day & lifetime referral caps.
Prohibited: automated scripts, incentivized installs outside permitted channels, misleading ads, mass account creation.
Violations can void referral rewards & trigger sanctions.

What affects offer availability?

Geography (IP + verified country)
Device / OS requirements
Already completed (single completion rule)
Inventory / pacing exhaustion
Ad blocker / VPN / proxy / privacy extensions
Age or risk tier restrictions
Maintenance / partner outage

How do I appeal a declined or reversed reward?

Open a ticket with: reward/offer ID, timestamps, evidence (screenshots, receipts). Appeals must be filed within 14 days of decline/reversal notification unless stated otherwise. Final escalated decision is binding.

Compliance

Are rewards taxable?

Possibly. Many jurisdictions treat certain reward earnings as taxable income or promotional value. You’re responsible for determining & meeting obligations. We do not provide tax advice.

When are tax forms requested?

Identity or tax forms may be requested once cumulative payouts reach thresholds (e.g., U.S. W‑9 for potential 1099 reporting; non‑U.S. W‑8BEN; EU VAT/withholding equivalents). Threshold progress may display in‑app. Missing required documentation can pause withdrawals.

Safety & Security

What behavior is prohibited?

See Community Guidelines. Examples: harassment, hate, exploitation, spam, automation abuse, fraud, circumvention attempts, falsifying evidence, deceptive multi‑accounting.

How are violations enforced?

Automated detection + human review. Sanctions range: warning → feature limits → reward reversals → temporary suspension → permanent ban (context & severity based).

Can I appeal a moderation action?

Yes. Provide context + user ID or case ID. Target: initial review within 5 business days. You may request one final escalated review if you disagree; escalated decision is final.

How is my data protected?

Summary controls:

Transport encryption: HTTPS (modern TLS 1.2+ / TLS 1.3 preferred; AEAD cipher suites).
At‑rest encryption: sensitive fields (selective field + disk encryption).
Credential hashing: strong algorithm with per‑user salts; never plaintext.
Monitoring: anomaly & intrusion detection, log aggregation, alerting.
Patching: routine dependency & platform updates.

How does Multi‑Factor Authentication (MFA) work?

Currently SMS‑based. Planned: TOTP (authenticator app). Certain high‑risk actions (e.g., large redemptions, payout changes) may require MFA.

Have you ever had a breach?

No material security breach to date. If a notifiable incident occurs we'll follow legal obligations & notify affected users (email + in‑app notice) promptly.

What is KYC / verification and when is it required?

Triggered by legal/regulatory, risk, or payout partner requirements: payout thresholds, unusual patterns, tax reporting, AML screening.

Data requested can include: full name, address, DOB, government ID scan, selfie (liveness), tax identification (W‑9 / W‑8BEN), and occasionally proof of address. Data encrypted; retained only as long as needed.

What are examples of anti-cheat or abuse?

Non‑exhaustive:

Multiple accounts to bypass limits or re‑earn one‑time offers
Emulators / VMs to simulate devices (unless expressly allowed)
Bot / automation scripts
Falsified or edited screenshots / receipts
VPN / proxy to spoof geography (when restricted)
Click spamming / manipulating tracking parameters
Account sharing / selling
Self‑referrals / referral rings

What rate limits might I encounter?

We may throttle excessive API calls, offer submissions, login attempts, payout requests. Normal usage rarely hits limits. Continued triggering can prompt verification.

Support & Other Info

What is your support SLA?

Targets (not guarantees):

First response: 1–2 business days (standard); < 1 business day (account access / security).
Resolution: varies; simple account issues usually < 5 business days.
Escalation: available for unresolved high‑impact issues; escalated triage within 2 business days.

How do you support accessibility?

Aim: WCAG 2.1 AA

Semantic markup for screen readers.
Keyboard navigable interactive elements.
Color contrast meeting AA.
Respects reduced‑motion where feasible. Feedback: [email protected] or support ticket (“Accessibility”).

What do key terms mean? (Glossary)

Pending: Reward recorded; awaiting partner validation & fraud checks; not spendable.
Cleared: Reward validated & available.
Grace period: Window before irreversible action (e.g., deletion) finalizes.
Material update: Policy change materially impacting rights/obligations/features (may prompt acceptance).
Non‑essential cookies: Technologies not strictly required for core service (analytics, advertising, personalization).
KYC: Know Your Customer identity verification triggered by risk or regulatory thresholds.

Is earning guaranteed or like employment?

No. Rewardly is a rewards & engagement platform—not employment, investment, or guaranteed income. Offer availability, values, and approval times vary & can change. Participate responsibly.

What is your vulnerability disclosure safe harbor?

Good‑faith security research following responsible disclosure (no privacy violations, no disruption, reasonable remediation time) is protected from legal action. Report via [email protected] .

How are policies versioned and updated?

Each core policy (Terms, Privacy, Community Guidelines) shows version + effective date. Acceptance logging: user ID, version, timestamp. Material updates: in‑app prompt. Non‑material clarifications may not prompt. Archives: Terms Archive, Privacy Archive, Guidelines Archive.

How can I contact support?

Use in‑app live chat widget or email [email protected] . Include: subject line (concise), user ID / account email, relevant offer or reward IDs, timestamps, screenshots if applicable. For account access issues choose the dedicated category for priority.

How do I report a vulnerability?

Email [email protected] with: summary, impact, reproduction steps, affected endpoints/scope, optional PoC. Avoid automated high‑volume scanning or exploiting data. We appreciate responsible disclosure.

Disclaimer: Timeframes are targets, not guarantees. Security parameters & technical details evolve. This FAQ is informational and doesn’t override the Terms or Privacy Policy. Not tax, legal, or financial advice.