- Non-open source: the SDK modules we collect information cannot be re-edited and released according to the open source agreement, which can effectively prevent malicious attacks and guarantee the security of information collection technically.
- Terminate but no stay: the SDK module that we collect information only runs when the cooperative App is authorized and the user opens the App for the first time. After the collection is completed, it will shut down and automatically quit, which technically preclude the possibility of collecting the behavioral information of the user using the App.
- Personal information(PI): any information that is recorded, electronically or otherwise, that can be used alone or in combination with other information to identify a natural person or reflect the activity of a natural person. Such as your name, date of birth, ID number, personal biometric information, residential address, contact information, communication records and content, username and password and property information. An individual can be identified through this information, or when know specific individuals can use this information to identify their activities.
- Sensitive PI: PI that once leaked, illegally provided or abused, could endanger personal and property safety, or easily lead to damages to personal reputation, mental & physical health, or discriminatory treatment, etc. It is sensitive and private in personal information, such as medical confidential information, financial property information and personal biometric information, etc.
- Anonymization: irreversible technical process that makes PI Subjects unidentifiable or unassociated. Anonymized PI is no longer deemed PI.
- De-identification: technical process that makes PI Subjects unidentifiable or unassociated without the help of additional information
This Policy will help you better understand the following
1. Strictly abide by relevant laws, regulations and standards.
We have been committed to strictly abide by the laws and regulations, strictly in accordance with Civil Code of the People's Republic of China, Network Security Law, Information Security Technology Personal Information Security Specification (GB/T35273-2020), Basic Requirements for Classified Protection of Information Security Technology Information System, and General Data Protection Regulation (GDPR) of EU and other relevant laws, norms and standards to established our information collection and use specifications and information security guarantee mechanism.
2. Certification of safety compliance standards
We collect and use information in a responsible manner when providing products and services. The safety compliance of our products and services has been certified by multiple third party certification bodies. We take the initiative to apply to a third party to review the security control measures of our products and services in accordance with relevant domestic and international standards. You can rest assured that independent third parties will review the effectiveness of these control measures at least every two years, and we will continue to improve technical, operational and management measures to ensure safety and compliance. We have passed the relevant standards certification as follows:
(1) National Information system security three-level protection evaluation and filing
It is formulated by the Information Security Classified Protection Evaluation Center of the Ministry of Public Security of China and reviewed by the National Information Security Standardization Technical Committee. Under a unified security policy, we can protect the system from malicious attacks by outside organized groups which possess a rich resource of threats , or from more serious natural disasters and other threats of equal magnitude, can find security vulnerabilities and security events, after the system damage, can quickly restore the vast majority of function, based on this, we have passed it in 2019.
(2) ISO 27001 Information Security Management Standards (ISMS)
ISO It is established by the International Organization for Standardization (ISO), it prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures. Certification to ISO 27001 helps organizations comply with numerous regulatory and legal requirements that relate to the security of information.It is one of the international standards of Information security certification widely recognized in the industry. We have a sound information security management system (ISMS), which is certified to ISO 27001 in 2019, for the management of product-service related systems, applications, personnel, technologies, processes and data centers.
(3) ISO 27701 Privacy Information Management System (PIMS)
It is a certification standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard outlines a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR.Our information security and privacy management processes, system design and control protection measures meet the requirements of this standard. As one of the few enterprises in China to carry out this certification service and pass the certification, our information security protection and privacy management system passed the ISO 27701 certification in September 2020
The European Union's General Data Protection Regulation (GDPR) came into force on May 25, 2018. According to the relevant requirements of the regulations, we constantly improve our information security protection measures. We collect the basic information of the device under the authorization of the cooperating App. We are committed to implementing sound technical, operational and management standards to collect, use, store, share and transfer the information in a compliant, independent, effective and secure manner to ensure data security. Other than the basic information of the device, there is no inflow of any other data. We output the results of security analysis through the statistical reporting mode, and do not output the collected raw device information in any way. Data users cannot associate data or identify any specific natural person through the data provided by us.
We strictly follow the ‘principles of consistency between rights and responsibilities, principle of clear purpose, principle of optional consent, principle of minimum necessity, principle of openness and transparency, principle of security assurance, and principle of subject participation’ in the collection and use of information.
We provide third-party independent plug-ins to the App party, and embed the basic information of the device in the App with the SDK module that is not open source and does not reside. The collection scope of basic information of the device is controlled by the authorization of App Party. After the App is launched, the SDK module starts and quickly completes the collection of authorization information. After the collection is completed, it will automatically shut down and exit. There will be no background automatic startup and associated startup. The whole process lasts for a few seconds, eradicate the root of the SDK module on subsequent user behavior directly or indirectly to obtain information. (Special statement: based on the SDK module technology features, in the operation process cannot obtain any can alone or combined with other information, identify a specific natural person or reflect individual behavior of personal information and privacy information, such as your name, ID number, personal biometric information, residential address, contact information, communication records and content, username and password and account passwords. In addition, it is also impossible to obtain any user behavior information, operation log information and any communication content within the application, such as user Internet access records, SMS and call records, etc)
We provide security technical analysis services. The information listed in the following table will be collected, stored and used based on the system differences between mobile devices. If you do not agree to provide relevant information, you will not be able to obtain the security protection services provided by us.
We will only use a separate equipment information collection, this kind of single equipment information is unable to identify a specific natural person or reflect individual behavior. For the collection of unique equipment identifier, we use technical means to convert the original unchangeable identifier into a changeable state, and we don't retaining any unchangeable identifier information.
|Mobile system||Application scenario description||Details of the information collected||Information type||Purpose||Encryption||Necessary or not|
|iOS||Detect equipment fraud and cheating, feedback equipment uniqueness and authenticity||Information describing the general conditions of the equipment, such as equipment manufacturer, equipment type, equipment system, application version, IDFA (Kids Category apps are not included), IDFV, equipment network status information, and other physical environment information of the equipment||Information of equipment||Safety and risk control||
Anonymize and de-identificate the content
TLS and SSL is adopted for transmission
|Android||Information describing the general conditions of the equipment , such as equipment manufacturer, equipment type, equipment system, application version list of software, MAC, unique equipment identifier, equipment network status information, and other physical environment information of the equipment|
The equipment basic information we collect is used to identify the authenticity and the safety of equipment, used to implement safety technical analysis services to provide, through the study of the technology of equipment basic information identification, analysis and algorithm of equipment model, manufacturer and equipment such as the status of the network information is analyzed to determine whether a device to a fraud to cheat false equipment, to assess the validity of the equipment and safety, help partners effectively identify real equipment, prevent cheating and fraud, and achieve operational security, protect the lawful rights and interests of you from the infringement, to ensure the safety of the mobile Internet.
We will collect the information in the SDK for local anonymous, through technical processing of the collected information, the subject of personal information cannot be identified or associated, and the processed information cannot be recovered. On the basis of anonymization, algorithm analysis is carried out on the data to determine whether the device is a real device, through the statistical report output the results of safety analysis, no one can be used to identify the data correlation or data provided by our to locate any specific natural person, therefore, when such statistics used for other purposes we will no longer ask for your permission again.
If you request us to cease the provision of the service, we will promptly stop the collection of information, and in accordance with the applicable laws to delete the relevant information.
We attach great importance to information security and follow strict security standards. We use industry-leading technologies and measures to protect the information you provide in accordance with widely adopted standards in the industry. We adopt various reasonable technical, operational and management security mechanisms to protect the security of the information we collect. Prevent unauthorized access, public disclosure, use, modification, damage or loss of information.
- (1) We use secure Transport Layer Security (TLS) and Secure Sockets Layer (SSL) and other secure encryption technologies to ensure the privacy and security of information in the transmission process;
- (2) We use highly encrypted, highly stable cloud servers to store information data and store data on third-party server platforms;
- (3) We put in place a trusted protection mechanism and strive to take reasonable technical, operational and managerial security measures to protect the information we collect. Prevent information from being subjected to malicious attacks such as unauthorized access, public disclosure, use, modification and damage;
- (4) We deploy the access control mechanism to ensure that only authorized personnel can access information. Any person with this authority is required to abide by the strict confidentiality obligations stipulated. If he/she violates the regulations, he/she will be punished or dismissed;
- (5) We hold a series of training courses on information security and compliance protection to enhance employees' awareness of the importance of personal information security protection and compliance;
- (6) We have established an information security review group to regularly review our information technology systems, operational specifications and related security management mechanisms;
- (7) We take reasonable and feasible measures to retain information only for the period required to achieve the purpose stated in the cost policy. Unless the retention period needs to be extended or permitted by law, we will delete or anonymize the information beyond the above retention period;
- (8) We understand and inform you that with the continuous development of Internet information technology, all security technologies, measures and mechanisms can not completely guarantee absolute security, but we will do our best to protect your information security. In case of malicious illegal access to information unfortunately, we will effectively inform you, take effective measures to remedy the situation, and report the relevant situation in accordance with relevant laws, regulations and regulatory requirements.
Our relevant safety measures and compliance guarantee mechanism have passed the audit of relevant third-party institutions and obtained a number of professional certifications. You can trust us to handle the equipment information. Relevant certifications are as follows:
- (1) National Information system security three-level protection evaluation and
- (2) ISO 27001 Information Security Management Standards (ISMS)
- (3) ISO 27701 Privacy Information Management System (PIMS)
We will not share your PI with any company, organization or individual other than our Company except under the following circumstances:
We might provide the information we collect as stipulated by laws, regulations or the mandatory requirements of government agencies.
We will not transfer the information collected to any company, organization or individual, except as follows: When the transfer of information is involved in a(n) merger, acquisition or bankruptcy liquidation, we will require the new company or organization to which information is transferred to continue to be bound by this Private Policy, otherwise we will require the new company or organization to seek your consent again.
3. Publicly disclosure
We will only publicly disclose the information we collect under the following circumstances:
- (1) After we obtain your explicit consent or based on your active choices;
- (2) To protect the personal and property safety of the public, we may disclose the information we collect in accordance with applicable laws and rules
4. Exceptions to prior authorization for sharing, transferring, or publicly disclosing information
In accordance with applicable laws and regulations, no prior authorization is required to share, transfer, or publicly disclose your information under the following circumstances:
- (1) Related to national security or national defense;
- (2) Related to public security, public health or major public interests;
- (3) Related to criminal investigations, prosecutions, trials or execution of court decisions;
- (4) The information is collected from legally and publicly disclosed information, such as legal news reports and government information disclosure;
- (5) Essential to maintaining safe and stable operation of the product or service provided, such as the discovery and handling of product or service failures;
- (6) Other circumstances prescribed by applicable laws and regulations.
According to the relevant laws, regulations and standards, as well as the common practices of other countries and regions, we guarantee you to exercise the following rights on your own information:
- (1) Access: You have the right to access your PI, unless laws and regulations specify otherwise.
- (2) rectify: When you find a mistake in your information that we are processing, you have the right to ask us to rectify it.
- (3) Delete: If we deal with your information in violation of laws and regulations, without your consent, in violation of the agreement with you, or you no longer use our products and services, you have the right to ask us to delete your information collected by us;
- (4) Deny or restrict access: for additional information collection use, you can refuse or restrict our use at any time.
Please note that decisions to modify, delete, and limit use do not affect previous information processing activities based on valid authorization, but do affect subsequent information processing activities.
To ensure information safety you may need to make a written request, or make a request in other ways that can prove the user's identity, we may verify your user's identity before processing your request. Please contact us through the "How to Contact us" section of this policy and we will respond to your request through the valid contact information provided by you within 15 days of receipt of the request.
- (1) TEL: 400-671-8228
- (2) Online customer service
We have set up a dedicated department for information protection that you can contact via:
Generally, we will accept and handle within 15 working days.
If you are not satisfied with our reply, or if you believe that our information processing has harmed your legitimate rights and interests, you can seek a solution by taking a lawsuit to a court with jurisdiction.