Privacy Policy

Version Date: May 10, 2025 Update Date: May 10, 2025

HeartEcho (hereinafter referred to as "this software") always prioritizes the protection of users' personal privacy and attaches great importance to users' privacy security. In order for you to fully utilize our products and related services, we will use and disclose your personal information reasonably in accordance with the provisions of this Privacy Policy. We deeply understand the importance of personal information to each user, and therefore, we will make every effort to ensure the safety and reliability of your information during its use.

This Privacy Policy details how this software collects, stores, uses, and protects your personal information. By reading this policy, you can fully understand the specific measures we take when handling your data, and also better grasp your own rights. Before you start using our services, we strongly recommend that you carefully read and fully understand all the contents of this Privacy Policy. This will help you understand more clearly how your information will be managed, and what choices you have to control your personal information. In addition, if you have any questions or need further assistance, we also provide convenient contact information to answer your questions at any time. Please remember that protecting your privacy is our inescapable responsibility, and we promise to maintain the security of your information to the highest standards.

This policy will help you understand the following content:

1. How We Collect and Use Your Personal Information

2. How We Use Cookie Technology

3. How We Share, Transfer, and Publicly Disclose Your Personal Information

4. How We Store and Protect Your Personal Information

5. Your Rights (How to Manage Personal Information, Change Authorization Scope, Delete Account)

6. How We Protect Children's Personal Information

7. How Your Personal Information is Transferred Globally

8. Notifications and Amendments

9. Definitions

10. Contact Information

To uphold user-friendly principles, this policy combines hierarchical formatting with plain language to ensure you clearly understand key matters such as the scope of personal information collection, processing purposes, usage scenarios, storage duration, and sharing rules. For ease of reading and comprehension, we define specialized terms (see Section 10 of this Privacy Policy). We strive to present this policy in a clear and understandable manner to accurately convey our intended message. By using our software's products and services, you agree to the content outlined in this policy. We will seek your prior consent before using your information for purposes beyond the scope of this Privacy Policy.

This Privacy Policy fully applies to the following service portals: Heart Rate Manager client (all system versions), official WeChat service account platform, and third-party cooperative platforms integrated via API technology. All data processing activities initiated through any terminal interaction are subject to the terms of this policy.

1. How We Collect and Use Your Personal Information 1.1.1 Permissions You May Grant or Deny When Using Our Software

To identify account anomalies, assess product compatibility, and ensure network and operational security for service provision, we may collect the following:

1.1.2 Device Status Permissions

Required permissions: READ_PHONE_STATE and device information (IMSI, IMEI) for identity verification and usage analysis.

Refusal limits related features but does not affect other functions. You may revoke authorization or disable permissions at any time.

1.1.3 External Storage Read Permission

Required to scan media files (e.g., photos/videos with metadata like timestamps and geolocation) when importing to the app.

Refusal limits media import but does not affect text editing or filters. Adjust permissions via pop-ups or device settings after understanding their purpose.

1.1.4 External Storage Write Permission

Required to save creations to your photo gallery, accessing media files (including personal data).

Refusal limits saving but does not affect other operations. Revoke authorization in device settings anytime.

1.2 Directly Collected and Used Personal Information

We gather information you actively provide or automatically collect through service usage:

1.2.1 Ensuring Product/Service Functionality

Device Information: Manufacturer, model, name, battery level, OS, sensor data (accelerometer, gyroscope) for service adaptation and performance optimization.

Identifier Information: IMEI (unique device ID), OAID (privacy-protected ad ID), MAC (network ID), AndroidID, IDFA (ad analysis), OpenUDID, GUID (global unique ID), IMSI (user ID), ICCID (SIM number), SN (serial number), IP address (network location).

Network Information: Wi-Fi name/signal strength, carrier, network type (4G/5G/WiFi), and status for optimization. Other Data: Approximate location (regional), operation logs (usage behavior), and app/process details for scenario analysis.

All data is strictly managed to safeguard your privacy and used solely for service improvement and operational security.

1.3 Business functions that provide you with products and/or services. 1.3.1 Log in/Register

When logging in or signing up, we will access your nickname and profile picture to manage your works and favorites. When sharing app, the corresponding platform's nickname and profile picture will also be accessed. To provide one-click login services, our product integrates third-party tools such as Umeng SDK, which requires the collection of necessary information including IMEI, IDFA, and phone number. We have agreed with them on strict data confidentiality obligations and will not share other personal information without consent. You can visit https://www.umeng.com/policy to view the privacy policy, or exercise your right to opt out through https://outdip.umeng.com/opt_out.html.

1.3.2 To ensure network security and optimize service experience, we will systematically collect and properly store software usage data.

This includes: browsing content, access time (accurate to milliseconds), web page URLs and interaction records, device system type and version, software version, and network IP (including IPv4/IPv6). The data is used to analyze user behavior, fix vulnerabilities, upgrade features, and enhance security and personalized experience. All data is encrypted and stored in compliance with regulations and strictly controlled to effectively protect privacy rights and interests.

1.3.3 The application will collect device MAC information when it is in silent/background mode, which is used to analyze user habits and optimize product experience.

MAC information is an important identifier for recognizing devices. You can independently limit information collection through device settings, but this may affect service functionality. Services that rely on specific permissions may not be available as a result. Individual device information and service logs do not identify personal identity, but are considered personal information when combined with other data. Without authorization or legal provisions, we will anonymize the relevant data to reduce the risk of leakage.

1.4 Permissions

1.4.1 This software requires specific permissions to provide services, and the purposes will be clearly explained and consent obtained upon first installation or use. Granting permission authorizes us to collect relevant information to implement features. Device storage read/write permissions are used for importing photos or videos to create albums and are requested only when necessary. We strictly manage permissions and do not access files from other applications to ensure privacy and security. Device information permissions are used for account security, identity verification, crash logs, and optimizing displays, and are requested when needed. This permission helps ensure account security and optimize the experience.

1.4.2 Additionally, uploading images requires photo permissions, and taking photos for upload requires camera permissions, both of which serve core functions and enhance service efficiency. Permission requests are made through pop-up windows that explain the purposes and obtain consent. You can manage permissions at any time in the settings, independently decide on information collection, and fully safeguard your right to be informed and to choose.

2.Use of Cookies and Similar Technologies

2.1 In the digital age, cookies and device identifiers have become widely used network technologies. When you use this software service, we may send cookies or anonymous identifiers as needed to accurately record information such as your browsing content, operational behavior, and duration of stay.

2.2 We solemnly promise that we will only use cookies for the purposes stated in this privacy policy, and strictly safeguard information security and privacy. The use of these technologies aims to optimize services and provide you with a more convenient and efficient personalized experience.

2.3 Ensure the safe and efficient operation of products and services.

2.3.1 We may set up authentication and anonymous identifiers to ensure security, allowing us to confirm whether you are safely logged into the service or if you encounter theft, fraud, or other illegal activities. These technologies also help us improve service efficiency and enhance login and response speeds.

2.4 Help you get a more convenient access experience.

2.4.1 Using such technologies can help you skip the repetitive steps and processes of filling in personal information and entering search content (e.g., saving searches, form autofill).

2.5 Troubleshooting Service Anomalies

2.5.1 On the sharing page of the template content, we may use Cookie technology through the browser mechanism to record and analyze your browsing activities. Specifically, when you visit the page, the system will store anonymized data in an encrypted manner, including session identifiers, page dwell time, and interactive behaviors. This information will primarily serve three core purposes:

First, based on your browsing preferences and historical behaviors, we will build a personalized recommendation model. Through machine learning algorithms, we will accurately push information content that matches your usage scenarios.

Second, we will monitor the system's operational status in real-time. By analyzing user operation logs and page response data, we can quickly locate and troubleshoot potential technical anomalies such as program crashes or loading delays, ensuring service stability.

Third, we will continuously optimize the user experience. Through multidimensional data analysis, we will explore more efficient service interaction modes, such as improving navigation structures, enhancing multimedia display effects, or developing new functional modules.

All data processing strictly adheres to privacy protection policies, ensuring no association with personally identifiable information, and provides convenient Cookie management options for you to autonomously control the scope of data collection.

2.6 Clearing Cookies

2.6.1 Most devices provide users with the feature to clear cache data. You can perform the corresponding data clearing operation in the device's settings. If you do so, you may not be able to use the services or corresponding features provided by us that rely on cookies.

3.How We Share, Transfer, and Publicly Disclose Your Personal Information 3.1 Share 3.1.1 Sharing Principles

(1) Principle of Explicit Consent: We will not share your personal information without your explicit authorization. "Explicit authorization" refers to permission granted by you with full knowledge and initiative. Exception: De-identified information may be shared, but third parties are prohibited from re-identifying individuals through technical means. If a third party uses the information beyond the authorized scope, they must obtain your consent again.

(2) Principle of Legality, Legitimacy, and Data Minimization: Data sharing must serve lawful purposes and comply with legal and ethical standards. Only the minimum amount of data necessary to achieve the purpose shall be shared, eliminating excessive collection of irrelevant information.

(3) Principle of Security and Prudence: Thoroughly assess the third party's intended use and security capabilities, requiring compliance with agreements. Implement security monitoring for SDKs/APIs, proactively mitigate risks in real time, and ensure data security.

3.1.2 Shared information for implementing features or services

When you use features provided by our partners or third parties while using this software, or when software service providers, smart device providers, or system service providers jointly provide services with us, we will share the information necessary for business operations with these partners or third parties.

3.1.3 Shared information for security and analytical statistics

(1) Ensuring Usage Safety: We prioritize user rights and focus on account security, service stability, and content compliance. To prevent risks such as online fraud and malicious attacks, and to ensure compliant platform operation, we may establish limited data sharing with compliance partners under the framework of our privacy policy. This only involves necessary information such as device fingerprints and login monitoring, with full encryption protection throughout the process.

(2) Analyzing Product Usage: We optimize product experience and prevent technical risks through data analysis. When the system detects anomalies, we may share anonymized statistical data (such as error codes and device parameters) with partners. Personal identity information is strictly stripped away, and secure protocols are used for encrypted transmission.

(3) Academic Research and Scientific Studies: We collaborate with compliant institutions on scientific research. Data is de-identified and anonymized using techniques such as differential privacy. A Data Security Officer supervises the entire process, and ethical committee approval is obtained to ensure legality and compliance.

3.1.4 Help you participate in marketing promotion activities

When you participate in marketing activities initiated by this platform or its partners, you may need to submit sensitive information such as identification details (including name, mailing address, contact information), and financial account data based on the nature of the activity. This type of information falls under the category of personal sensitive data, and you have the right to decide whether to provide it. However, failure to provide such information may result in limited participation in the activity. This choice does not affect the use of basic service features. We will only share necessary data with activity collaborators after obtaining your explicit authorization, ensuring the effective implementation of cross-platform service integration and reward redemption mechanisms.

Currently, our partners include the following types:

Service Platform or Service Provider: This software product is integrated with a wide range of third-party services. When you choose to use such third-party services, you authorize us to share this information with the third-party service platform or provider so that they can offer you services based on the relevant information. When third parties access our products/services, your information will be obtained through their accounts. The actions of the third-party service platforms or providers are unrelated to our company, and they bear the corresponding responsibilities.

Software/Hardware/SystemServiceProvid：When third-party software/hardware/system products or services are combined with our software's products or services to provide you with service, with your authorization, we will provide the necessary personal information to the third-party software/hardware/system service provider to facilitate your use of the service or for us to analyze the usage of products and services in order to enhance your user experience. Advertising and Information Service Providers/Advertisers: We strictly adhere to the principle of minimal necessity: we will never share identifiable personal information without specific authorization. However, we may provide de-identified (irreversible and unassociated with any specific individual) behavioral preference analysis data to advertising partner networks for the construction of precise marketing models.

The embedded third-party website/application entry in this product is designed solely for user convenience. Its service content, privacy policy, and data security measures are independent of this platform. We recommend that you review the publicly disclosed privacy protection system before accessing it. Such third-party entities will independently assume data management obligations within the legal responsibility boundaries in accordance with the Personal Information Protection Law and the agreement between both parties. When you access links to such third-party websites, applications, products, and services, you should separately agree to the privacy policy or personal information protection terms provided to you. Within the scope of legal provisions and agreements between both parties, we and the providers of such third-party websites, applications, products, and services each bear independent personal information protection responsibilities towards you.

3.2 Transfer

3.2.1 We regard the protection of your personal information security as our primary responsibility. Without your authorization or legal provisions, we will never transfer, sell or share it with third parties. We have established strict internal control mechanisms to ensure that this principle is not violated in business scenarios. When data sharing is required for special businesses, we will clearly inform you of the purpose in advance and obtain your explicit consent.

3.2.2 The development of the company's business may lead to organizational adjustments, such as mergers and acquisitions. Your personal information may be transferred to a new entity with the business. We promise that the successor will comply with laws and regulations and implement the same protection standards. If the standards are not met, your authorization will be obtained again. We have established a compliance review mechanism to ensure that personal information is always properly protected.

3.3 Public Display

3.3.1 Without your authorization or as required by law, we will never disclose your personal information. When disclosure is legally mandated, only necessary information will be disclosed in strict compliance with procedures, and we will fully explain the purpose and impact before obtaining your consent.

3.3.2 For information that must be disclosed, we employ encrypted anonymization, tiered access controls, end-to-end monitoring, and regular security assessments to ensure multi-dimensional protection of your information.

3.3.3 When issuing penalty announcements for violating accounts and fraudulent activities, we will disclose the relevant account information.

3.4 Personally identifiable information that is exempt from obtaining consent for sharing, transferring, or publicly disclosing in accordance with the law.

Please understand that in the following circumstances, in accordance with laws, regulations and national standards, we do not need to obtain your authorization and consent to share, transfer or publicly disclose your personal information:

1. Directly related to national security and national defense security.

2. Directly related to public safety, public health and major public interests.

3. Directly related to crime investigation, prosecution, trial and judgment enforcement.

4. It is necessary to safeguard your or other individuals' major legitimate rights and interests in life and property but it is very difficult to obtain your consent.

5. The personal information that you have publicly disclosed to the general public by yourself.

6. Collecting personal information from legally publicly disclosed information, such as legal news reports and government information disclosure channels.

7. Necessary for signing or performing a contract according to your request.

8. Necessary for maintaining the safe and stable operation of software and related services, such as discovering and handling faults in software and related services.

9. Necessary for legal news reporting.

10. Necessary for academic research institutions to carry out statistics or academic research based on public interests, and when providing the results of academic research or description to the outside world, de-identifying the personal information contained in the results.

11. Other circumstances stipulated by laws and regulations.

4. How We Store and Protect Your Personal Information 4.1 Shelf life

4.1.1 This software strictly protects your personal information in accordance with the law, including registration data, behavioral data, etc. You can apply to cancel your account or delete your information at any time. After identity verification, we will completely delete or anonymize the data; if the law prohibits immediate deletion, we will properly store the data within the legal time limit and process it as soon as possible.

4.1.2 When the product is discontinued, we will promptly inform you of the reasons, time, and data processing plan through the reserved contact information and product announcements. Personal information processing will be completed within the legal time limit, with priority given to irreversible deletion technologies; if anonymization is required, we will use industry-leading technology to ensure anonymization effectiveness. Throughout the process, we strictly comply with regulations to safeguard information security.

4.2 Protected areas

4.2.1 We strictly comply with the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. We implement full-process technical protection and standardized management for users' personal information collected in domestic operations, which is fully stored in dedicated domestic facilities with third-level security certification. These facilities are equipped with multiple encryption measures, access control systems, and real-time audit systems.

4.2.2 Based on current business needs, we commit to not transferring personal data containing sensitive information overseas. If cross-border data transfer becomes necessary due to business expansion or other essential circumstances, we will strictly follow regulations by completing security assessments and obtaining approval from the national cyberspace administration. Only after providing clear notifications through prominent means and obtaining explicit user authorization can such transfers be executed. Additionally, we will establish dynamic monitoring mechanisms to ensure data security.

4.3 Protective measures

4.3.1 The technical measures we take to protect your personal informationWe have established a security system that covers the entire lifecycle of data: strict control of data collection based on the principle of minimum necessity, multi-dimensional authentication+intelligent monitoring to ensure source security; The storage adopts AES256 encryption and distributed redundant backup, with hierarchical permission control for physical contact; Enable TLS1.3 encryption channel and digital watermark tracking for transmission; Processing sensitive operations through HSM module and conducting full audit; Display the implementation of dynamic desensitization and pixelation protection; Destruction strictly follows NIST standard double validation. Classified protection based on sensitivity: basic level full encryption, enhanced dynamic desensitization, specialized control level quantum encryption+physical isolation, military level triple key+real-time monitoring, all certified by ISO 27001 and GDPR.

4.3.2 When personal information is leaked, the emergency system will activate Level 3 response within 5 minutes: the AI platform will locate the source, the blockchain will store and fix the evidence, and the joint team will handle it. Notify users within 72 hours through encrypted push notifications, official announcements, and other channels, provide repair assistance, and accept third-party supervision, fully complying with the requirements of Article 55 of the Personal Insurance Law.

4.3.3 Our management measures to protect your personal information We strictly manage employees who may have access to your information, monitor their operations, and establish an approval mechanism for data access, transmission, desensitization, and decryption. All employees are required to sign confidentiality agreements, and background checks are conducted for those handling sensitive information. At the same time, we regularly conduct information security training to strengthen employees' awareness of data protection and standardize their operational habits.

4.3.4 Please understand

A firewall, intrusion detection, and data encryption system have been established. However, the network environment is complex and ever-changing, and the system cannot achieve absolute security. We will continue to upgrade the technical architecture, use an AI threat perception system to monitor risks in real time, adopt blockchain to ensure data immutability, and establish a remote disaster recovery center for redundant storage. Regular penetration tests and security audits will be carried out, emergency response plans will be improved, and the risks of information leakage, data damage, and loss will be strictly controlled. We will strictly comply with national network security regulations, continuously invest in research and development resources, and fully guarantee the safety and integrity of users' information assets.

4.4 Personal Account Information Self-Protection

4.4.1 Your account is equipped with security protection features. Please keep your account and password information safe and do not disclose your password to others. If you find that your personal information has been leaked, especially your account and password, please contact our customer service immediately so that we can take corresponding measures.

4.4.2 Please save or back up your text, images, and other information in a timely manner. You need to understand and accept that the systems and communication networks you use to access our services may encounter issues due to factors beyond our control.

5. Your Rights (How to Manage Information, Change Authorization Scope, and Close Your Account) 5.1 Access your personal information

5.1.1 You have the right to access your personal information, except as otherwise provided by laws and regulations. After logging in, click "My" to view the authorized information, including registration details, account records, etc. If you encounter any issues with inquiries, you can submit an electronic ticket through the APP by navigating to "Settings - Help Center - Online Customer Service", or mail a written application stamped with the official seal to the registered email address, attaching your identity proof and a detailed description of your needs. We will respond within 15 days to inform you of the retrieval method and security verification instructions.

5.1.2 Derivative data (such as consumption preference analysis, device statistics, etc.) will be made available for limited download with desensitization processing and provided through a secure blockchain-certified channel. When third-party data is involved, compliant confirmation must be obtained before batched provision, with the entire process utilizing privacy-preserving computation technologies to ensure security and traceability.

5.2 Correct or supplement your personal information

5.2.1 When you discover that the personal information we process about you contains errors, you have the right to request us to make corrections or supplements. You can submit a correction or supplement request through the methods listed in " (I) Access to Your Personal Information".

5.3 Delete your personal information

5.3.1 In the following circumstances, you may submit a request to us for the deletion of your personal information:

1. If our processing of personal information violates laws and regulations;

2. If we collect or use your personal information without obtaining your explicit consent;

3. If our processing of personal information seriously violates the agreements with you;

4. If you no longer use our products or services, or you actively cancel your account;

5. If we will permanently no longer provide products or services to you.

5.3.2 In the digital age, the protection of personal information is of utmost importance. With a highly responsible attitude, we provide convenient and reliable personal information management channels. You can apply for the deletion of personal information at any time through the privacy section on the official website, the customer service hotline, or email. A professional team will handle it efficiently. After review and confirmation, we will comprehensively notify partners and related parties who have legally obtained your information and require them to delete the relevant data. In special circumstances, if otherwise stipulated by laws and regulations or authorized by you, the relevant parties may continue to retain and use it.

5.3.3 Due to the technical backup mechanism, the deleted information may be temporarily stored in the backup system. This system is used to ensure service stability and data security. We will thoroughly clear the deleted information during the regular system updates to ensure that your privacy is fully protected.

5.4 Change the scope of your authorized consent

5.4.1 Digital services rely on users' basic information to operate and ensure efficient processes. When additional information is required in specific scenarios, we respect users' right to choose. You may contact customer service to authorize or revoke authorization, and we will handle it in accordance with regulations. After revocation, no new information will be processed, but this does not affect the processing of information previously authorized. We uphold both privacy protection and service quality.

5.5 Cancel account

5.5.1 You are legally entitled to cancel your account for this software. If you wish to cancel your current account, you must first complete the account login process. Then, you can perform the following online operations: On the main interface of the App, select the "Settings" feature module from the bottom menu bar. In the expanded secondary menu, accurately locate the "Account Security Center" section and click on the dedicated "Account Cancellation" channel. The entire operation process must strictly follow the system prompts to complete identity verification and secondary confirmation procedures.

5.5.2 Special Reminder: Once you actively initiate the account cancellation instruction, the platform will immediately terminate all platform services provided to you in accordance with the service agreement, including but not limited to content subscription, membership benefits, data storage, and other value-added services. It is hereby solemnly declared that account cancellation is legally irreversible. After you confirm and submit the cancellation request, the system will initiate a data management procedure: For basic data that needs to be retained due to business characteristics, it will be anonymized and desensitized in accordance with the principle of minimum necessity, except in cases where judicial authorities lawfully request or regulatory departments conduct compliance reviews.

5.5.3 Special Risk Warning: When your account is in the review stage of the cancellation application, if any of the following situations occur, the platform has the right to unilaterally suspend the cancellation process without the need for prior user consent: First, there are unresolved consumer disputes or after-sales service requests; Second, there are intellectual property infringement complaints or third-party rights claims; Third, there are investigation notices from market supervision departments, public security organs, or other competent authorities; Fourth, transactions associated with the account are still within the settlement period. After the above situations are resolved, you may re-initiate the cancellation request.

5.5.4 It should be specifically noted that once the software account is successfully cancelled, it will be permanently invalidated, and the system will simultaneously close all recovery channels. Therefore, it is earnestly recommended that before formal operation, you should completely export all data materials in the account, including but not limited to chat records, transaction vouchers, creative content, etc.; properly keep the identity authentication materials bound to the account (special information such as facial recognition feature values and biometric templates cannot be backed up); comprehensively sort out the rights and interests associated with the account, timely redeem virtual currency, transfer subscription services, or complete asset disposal. After cancellation, you will permanently lose all usage rights of the account, including but not limited to login privileges, data access rights, and content disposal rights, and the platform shall not bear any responsibility for information tracing arising therefrom.

5.6 Responding to your above request

5.6.1 To ensure security, you are required to provide proof of identity. We will process your request as soon as possible after verification. If you are not satisfied, you may call customer service to file a complaint. Reasonable requests are generally free of charge; however, repeated or excessive requests beyond reasonable limits will incur a cost. Unreasonable repeated requests, those requiring significant technical adjustments, those that infringe on the rights and interests of others, or those that are highly unrealistic will be denied. Under the following circumstances, in accordance with legal and regulatory requirements, we will be unable to respond to your request:

1. Related to national security and defense security;

2. Related to public safety, public health, and major public interests;

3. Related to criminal investigation, prosecution, trial, and execution of judgments;

4. There is sufficient evidence indicating that the personal information subject has subjective malice or abuses rights;

5. Responding to your request will cause serious harm to your or other individuals' or organizations' legal rights and interests;

6. Involving trade secrets

We design products and services exclusively for adults, prohibiting children under the age of 14 from registering accounts without guardian authorization. If collecting children's information is necessary for legal reasons, it is limited to cases permitted by law, with explicit guardian consent, or when necessary to protect the child, and must strictly comply with regulations.

Different regions may have varying definitions of a child, but we uniformly set the age limit at 14. If any unauthorized collection of children's data is discovered, it will be deleted immediately.If the guardian has any questions, please contact us through the privacy policy disclosure channels. We will handle it properly and ensure information security.

7. How Your Personal Information is Transferred Globally

7.1 The personal information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China, without involving cross-border data transfers, except in the following circumstances:

7.1.1 Where expressly required by applicable law;

7.1.2 With your explicit authorization;

7.1.3 For your active personal actions such as cross-border transactions conducted via the internet.

For the above scenarios, we will ensure adequate protection of your personal information in accordance with this Privacy Policy.

When this product requires cross-border data processing and it becomes necessary to transfer domestic personal information abroad, we will strictly comply with the Cybersecurity Law, Data Security Law, Personal Information Protection Law, and related regulations, fulfilling procedures such as security assessments and certifications. Prior to each transfer, we will notify you via interface and written communication, specifying the identity of the overseas recipient, purpose, and scope, and obtain your authorization. The Privacy Policy will prominently indicate the regions, types, and purposes of data transfers abroad (e.g., "Cross-border Payment Settlement") and be updated regularly. We employ AES-256 encryption, differential privacy technologies, deploy SSL/TLS protocols, and establish audit and monitoring mechanisms to ensure full compliance and data security throughout the process.

8. Notifications and Amendments

8.1 We reserve the right to make necessary revisions to this policy in accordance with business development and compliance requirements, but your core rights under the current policy will not be unilaterally diminished.

8.2 All revised content will be publicly displayed on the original publication page of this policy, without retroactive effect on prior authorization scopes. Before the updated policy takes effect, we will notify you through compliant channels such as system message

8.3 push notifications and in-app version pop-ups, while simultaneously updating the effective policy text within the application. We encourage you to regularly check the policy announcement section to promptly access the latest legally binding version.

8.4 The significant changes referred to in this policy include, but are not limited to:

8.4.1 Major changes in our service model, such as the purpose of processing personal information, the types of personal information processed, and the methods of using personal information;

8.4.2 Major changes in our ownership structure or organizational framework, such as changes in ownership due to business adjustments, bankruptcy mergers, etc.;

8.4.3 Changes in the main entities with whom personal information is shared, transferred, or publicly disclosed;

8.4.4 Significant changes in your rights regarding the processing of personal information and the ways to exercise those rights;

8.4.5 Changes in the department responsible for handling personal information security, contact methods, or complaint channels;

8.4.6 When the personal information security impact assessment report indicates high risks.

We will also archive previous versions of this policy for your review.

9. Definition

Personal Information: A collection of information recorded in electronic or physical form that can identify the identity of a natural person or reflect their activities, including name, identification number, biometric features, address, contact information, property, credit, whereabouts, health, transactions, etc.

Personal Sensitive Information: Information that, if leaked, may endanger personal and property safety, damage reputation, or lead to discrimination, including unique identification numbers, biometric recognition information, bank account numbers, communication records, property details, credit reports, whereabouts, accommodation, health data, information of minors, etc. De-identification: After legally collecting personal information, adopt encryption, desensitization, and other technical measures as well as permission management measures to isolate and store identifiable information and ensure irreversible association. Establish full-process control to block identity recognition in subsequent processing and protect rights and interests.

10. Contact Information

Email: panpan@kuanghong.cc