| Privacy Statement | |
| (Version: 1.1, Release Date: July 2025) | |
| We fully respect your privacy. We have formulated this Privacy Statement (hereinafter referred to as “this Statement”) to inform you of how we collect, use, disclose, protect, store, and transfer your personal data. Please read this Statement carefully. If you have any questions, please contact us via the following methods: | |
| ● | Data Controller: Zhuhai Glory Technology Co., Ltd. |
| Address: 8F, Building 7, No. 178 Dingxing Road, Tangjiawan Town, Zhuhai, Guangdong, 519085 | |
| Email: info@theglorytech.com | |
| ChinaPhone: +86-756-8858780 | |
| ● | Data Protection Officer (DPO): |
| Name: Marco | |
| Email: marco@theglorytech.com | |
| Phone: +86-756-8858780 | |
| Authorized to handle GDPR matters on our behalf: Yes Responsibilities: Supervising the company’s data protection strategy, ensuring compliance, and responding to data subject requests. |
|
| We act as the Data Controller for the personal information collected through our products and services. In accordance with applicable data protection laws (such as Article 4 of the GDPR), we are responsible for determining which personal data is collected and processed, for what purposes, and how it is handled. | |
| This Statement applies only to our NVR series products and related video surveillance services. | |
| This Statement will help you understand the following: | |
| I. How We Collect and Use Your Personal Information | |
| 1. Personal Information We Collect | |
| When you use NVR products or services, you may be required to provide personal information. We will collect and use your personal data only for the purposes described in this Statement. Below are examples of the personal information we may collect: | |
| 1.1 Information obtained during your use of the services | |
| We may collect information related to your device and how you interact with our products and services, including: | |
| A. | Device and application information, such as device name, device identifier, hardware model, app version, software ID, device and app settings (e.g., region/language/time zone/font), etc. |
| B. | Internet Protocol (IP) address. |
| C. | Log information. When you use our services or view content provided by us, we may automatically collect certain data and store it in logs, such as access time, frequency, IP address, and event information (e.g., errors, crashes, reboots, upgrades). |
| D. | Historical video recordings stored on the NVR or real-time audio and video streams from cameras connected to the NVR. When used with a mobile app, this may include access to historical or real-time video/audio data, enabling remote viewing and playback through the mobile application.This access is established directly between the mobile app and your NVR/camera; the cloud do es not store any audio or video. |
|
Important Notice: Our cloud servers do not collect or store any camera audio or video. All recordings remain on your local NVR.Remote live view/playback is provided via P2P or, where necessary, a transient relay with no se rver side persistence . For security and troubleshooting, we retain only minimal connection metadata (e.g., timestamps, IP addresses, error codes) and delete it within the retention periods defined below. |
|
| 1.2 How We Use Your Personal Information | |
| We will use your personal information for the following purposes: | |
| A. | To provide, activate, or verify the products and services you requested, or to modify them based on your request, and to provide technical support and after-sales service; |
| B. | To send you notifications regarding app updates and installations; |
| C. | To send you video alert messages or provide remote access to NVR video surveillance records or real-time video services; |
| D. | To provide services for remotely configuring or modifying NVR devices and their associated cameras; |
| E. | To conduct internal audits, data analysis and research, evaluate business operation efficiency, and improve our products and services; |
| F. | To assist you in troubleshooting when you choose to send us error details; |
| G. | To synchronize and store the data you upload or download and perform upload and download operations; |
| H. | To improve our security and anti-fraud procedures; I. For other purposes with your consent. |
| I. | For other purposes with your consent. |
| II. Facial Recognition Algorithm Agreement | |
| Thank you for choosing to use our products, including machine vision and intelligent video devices, related software platforms, and API components (collectively referred to as "products"), based on your (hereinafter referred to as "you") specific needs. As some products include facial recognition algorithms and involve the processing of biometric and other sensitive personal data, we have formulated this Facial Recognition Algorithm Usage Agreement (hereinafter referred to as "this Agreement") to clarify the features and usage specifications of the product. | |
| You may voluntarily choose whether to activate, call, or deploy (collectively referred to as "use") the facial recognition algorithm feature. Please carefully read this Agreement before confirming usage, especially the terms marked in bold. Once you actually choose to "use" it, it is deemed that you have read, understood, and agreed to be legally bound by this Agreement. | |
| 2.1 You understand and confirm that facial recognition may involve recording real persons and activities within specific time and space. You acknowledge and agree that you will use this feature in accordance with applicable laws, abide by local and international regulations, respect social ethics and public order and good customs, and avoid infringing upon others' legal rights, including but not limited to privacy, image rights, and personal data rights. | |
| 2.2 You understand and confirm that when using this product feature, any personal data (including biometric data) processed must comply with applicable legal requirements, and must not be used for illegal purposes. This includes but is not limited to: obtaining clear and informed consent, avoiding use by unauthorized third parties, public disclosure, or misuse of such data; and not processing data without a lawful basis or data subject's consent (including consent obtained through deception). | |
| 2.3 You understand and confirm that unless you delegate or entrust us to process data in accordance with the law, we will not access, collect, store, or use facial videos, images, or personal information. | |
| 2.4 Before enabling facial recognition, please fully evaluate whether it meets your actual business needs, its value, and potential risks. You shall be responsible for ensuring that use of this feature complies with local legal and regulatory requirements. You confirm that if facial recognition data is stored locally or transmitted via networks, you must take necessary and lawful measures to verify network security, protect data from leaks, and prevent unauthorized access or improper use. | |
| 2.5 You understand and confirm that the use of the product is independently determined by you. As the manufacturer of the product, we cannot control who uses the product or how it is used, nor can we guarantee the legality, appropriateness, accuracy, authenticity, or quality of your usage methods or objectives. Therefore, you shall bear sole responsibility for the legality of your actions. We make no warranties, guarantees, or promises of convenience or benefit for any of your actions, nor shall any clause in this Agreement be interpreted as such. | |
| 2.6 You understand and confirm that our products are provided in accordance with current legal, technical, and regulatory conditions. If applicable laws or regulations affect the legality of the products, (1) we may partially or fully suspend the provision of certain product features, or (2) we may, based on the law, immediately and unilaterally terminate the provision of relevant algorithms, features, or products. In such cases, we will notify users via our official website, software interfaces, or user manuals. This shall not be deemed a breach of contract, and we will not be held liable. | |
| 2.7 You understand and confirm that if your use of the product results in any complaints, investigations, fines, penalties, lawsuits, or other disputes, you shall be fully responsible for handling and bearing all related liabilities. You also agree to indemnify us against any damages or losses incurred due to such events. If we are required to assume responsibility on your behalf, you shall reimburse us in full. | |
| 2.8 You understand and confirm that we reserve the right to update or modify this Agreement at any time. If you do not accept such updates, you must immediately stop using the product. Otherwise, you will be deemed to have accepted the updated terms. | |
| Applicable Version (Facial Recognition Agreement): FRA-1.0 Update Frequency: Every 12 months, or adjusted as needed based on legal, regulatory, or technical requirements. | |
|
Last Revised Date: July 9, 2025 |
|
| III. How We Entrust, Share, Transfer, and Disclose Your Personal Information | |
|
1. Entrustment
2. Sharing
|
|
| IV. How We Protect Your Personal Information | |
| We take the security of your personal information seriously. We adopt industry-standard practices to ensure your personal data is protected from unauthorized access, disclosure, use, modification, or damage. To this end, we have implemented the following measures: | |
| 1. | We take all reasonable and practicable steps to ensure data minimization, ensuring that personal information collected is relevant and limited to what is necessary in relation to the purposes for which it is processed. Unless otherwise required by law, we retain your personal data only for the period necessary to achieve the purposes described in this Statement; |
| 2. | We use encryption technologies to ensure the confidentiality of data during transmission and storage. We implement reliable protection mechanisms to prevent data leakage, damage, or loss from malicious attacks; |
| 3. | We implement access control mechanisms to ensure that only authorized personnel can access your personal information, and only to the extent necessary to fulfill their job responsibilities. We manage the number and scope of access permissions based on business needs and employee roles. Access logs are regularly recorded; |
| 4. | We require our business partners and service providers to comply with strict data protection and confidentiality obligations. We also perform evaluations and assessments of their data protection practices and activities. |
| 5. | We organize security and privacy protection training courses, tests, and promotional activities to enhance employees’ awareness of the importance of protecting personal information. |
| In summary, we will make every effort to protect your personal information. However, no security measure is perfect, and no product or service, website, data transmission, computing system, or network connection is absolutely secure. To address the risks of personal information leakage, damage, or loss, we have established various systems and control measures. We have set up a clear classification and grading system for security incidents and vulnerabilities, along with corresponding handling procedures, and created a dedicated security notification and alert page. | |
| We have also formed a dedicated security incident response team. Based on regulatory requirements for handling security incidents, we will initiate appropriate security plans for different types of incidents, including mitigation, analysis, locating, remediation, follow-up investigations, and coordination with relevant departments for response. | |
| In the event of a personal information security incident, we will notify you of the basic details and possible impact of the incident in accordance with legal requirements, along with the measures we have taken or will take, and suggestions for you to prevent and reduce risks and remedies you may adopt. We will notify you through email, text message, push notification, or other reasonable and effective means. If it is difficult to notify individuals one by one, we will issue a public notice in a reasonable and effective manner. In addition, we will report the handling of the personal information security incident to the regulatory authorities as required. | |
| V. How We Store and Transfer Your Personal Information | |
| 1. Retention Period | |
| Supplementary Data Handling Matrix | |
| The following table provides a detailed overview of key categories of personal information processed by our devices and applications. | |
| It outlines the purposes, enabling conditions, types of data involved, and storage/retention practices for each. | |
| [Insert the table content from the DOCX here — translated/converted to English if needed.] | |
| Note: All data is stored locally unless otherwise stated. Transient relays used for real-time viewing do not involve server-side storage. | |
| Local Device | Local Device | Cloud Server | Purpose |
Justification of the need |
Retention Period |
| Device Name | ✔ | ✘ | Device identification and management | Required to distinguishuser devices and to enable remote access,push notifications and personalizedconfigurations. |
Stored on the device; retained until the user deletes or resets the device or deactivates the account. |
| Cloud ID / P2P ID | ✔ | ✔ | Uniquedevice identification and binding to account |
Critical field used to prevent duplicate registrations, bind video data and perform device authentication. |
Stored on the device; retained for the entire lifetime of the device. |
| Hardware Version | ✔ | ✘ | Device compatibility management and version adaptation |
Used to determine device capabilities and to select appropriate video encoding parameters and supported features |
Stored on the device; retained for the entire lifetime of the device. |
| Software Version | ✔ | ✘ | Version control and upgrade notification push |
Used to determine whether a software update is required to guarantee security and new functionality. |
Determines whether a software update is required to ensure security and new features. |
| Upgrade Prefix | ✔ | ✘ | Software authorization verification and unique identification |
Used internally by the system during upgrades to uniquely identify and verify the legitimacy of the application. |
Stored on the device; retained for the entire lifetime of the device. |
| Device / App Settings (region / language / time zone) |
✔ | ✘ | Provision of localized services, time synchronizati on and interface language setting |
Supports local timestamps, log analysis and correct display of language and time zone. |
Stored on the device; retained until the user manually changes the settings. |
| IP Address | ✔ | ✔ | Device geolocation, security protection and anomaly detection |
Facilitates access control, login tracking and prevention of abnormal attack behaviour. |
Stored on the device; retained until the user manually changes it or the DHCP server assigns a new IP to the IP camera |
|
Log Information |
✔ | ✔ | Trouble shooting, security analysis and performance monitoring |
Records critical system actions for locating the causes of faults and improving system stability. |
Stored on the device; retained until overwritten. Logs stored on the hard disk can be deleted by formatting the disk; logs stored in flash memory can only be overwritten. |
| Historical Audio /Video Recordings |
✔ | ✘ | Video surveillance and security playback |
Primarily used for security purposes; recorded only after the user has voluntarily installed and enabled the feature. |
Stored on the device; determined by user settings. The default is overwrite mode; retained until overwritten. Users can set the storage duration for recordings, with a minimum of one day and a maximum of 90 days. |
| Real time Audio /Video |
✔ | ✔ | Remote real time viewing and listening |
Required to enable mobile remote access to video; transmitted in real time on demand. |
Not retained; transmitted only during live view sessions. |
| Face Template | ✔ | ✘ | Face recognition | Used for face matching and recognition; each image records the personal information of the corresponding face. |
Stored on the device; retained until the user deletes it or formats the hard disk. |
| Captured Face Images | ✔ | ✘ | Face search and playback | Used for face based retrieval and playback of recordings, return customer analysis and face statistics applications. |
Stored on the device; retained until overwritten or the hard disk is formatted. |
| Captured Images Containing Human or Vehicles |
✔ | ✘ | Human / vehicle attribute search | Used for searching and replaying recordings based on human or vehicle attributes. |
Stored on the device; retained until overwritten or the hard disk is formatted. |
| General Snapshots | ✔ | ✘ | Capture of alarm scene images | Used by the customer to retrieve and replay recordings of various alarms (line crossing statistics, I/O alarms, motion alarms, etc.). |
Stored on the device; retained until overwritten or the hard disk is formatted. |
| License Plate Library | ✔ | ✘ | License plate recognition | Used for license plate matching and recognition; each entry records the personal information associated with the plate. |
Stored on the device; retained until the user deletes it or formats the hard disk. |
| Captured License Plate Images |
✔ | ✘ | License plate search and playback | Used for license plate based retrieval and playback of recordings. |
Stored on the device; retained until overwritten or the hard disk is formatted. |
| Email (APP Registration) |
✘ | ✔ | User account registration |
Required for identity authentication and login |
Stored on cloud server; retained until account deletion |
| Password (APP Registration) |
✘ | ✔ | Account authentication | Prevent unauthorized access |
Stored on cloud server (encrypted); retained un til account deletion |
| Supplementary Processing Details (Device-Side Features) | ||
| In addition to the platform-side data categories listed above, our devices may process certain types of visual data locally for core functionality. These include: | ||
| Face Detection & Recognition | ||
| ● | Purpose: Used for unlocking, visitor records, snapshot capture, and AI-based face recognition. | |
| ● | Processing Scope: May involve storing facial snapshots, recognition logs, or event-triggered image records (e.g., stranger detection, doorbell presses). | |
| ● | User Controls: These features are disabled by default and require user consent before activation. When enabled, users are clearly notified and may opt out at any time. | |
| ● | Storage: Data is stored on the device; it may be overwritten or deleted via circular storage rules or user action. | |
| ● | Retention: Typically no more than 90 days unless otherwise specified by the user. | |
| License Plate Detection | ||
| ● | Purpose: Used for recognizing vehicle entries and triggering access control actions (e.g., gate opening, vehicle logs). | |
| ● | Processing Scope: Plate snapshots or recognition events may be captured and stored on the device. | |
| ● | User Controls: This feature is optional and must be explicitly enabled by the user. Vehicles captured without consent are anonymized or deleted. | |
| ● | Storage: Local device storage only. | |
| ● | Retention: Similar to facial data — stored until manually cleared or automatically overwritten (max 90 days by default). | |
| Real-Time Audio/Video | ||
| ● | Purpose: Enables users to view live camera streams via mobile app or client software. | |
| ● | Data Flow: Real-time streams may pass through encrypted P2P or transient relay services but are not stored on servers. | |
| ● | Retention: None; these data are ephemeral and discarded immediately after viewing. | |
| Historical Video/Audio Recordings | ||
| ● | Purpose: Continuous or event-based video/audio recordings stored for security monitoring or review. | |
| ● | User Controls: Recording must be manually enabled by the user on the device. | |
| ● | Storage: Local storage only (e.g., SD card or HDD). | |
| ● | Retention: Configurable by the user; maximum duration capped at 90 days for overwrite protection. | |
|
We will retain your personal data only for the shortest time necessary to achieve the purposes described in this statement, unless a longer retention period is required by: Legal obligations, dispute resolution, enforcement of agreements, safeguarding security, or fraud prevention. If the law does not specify a data retention period, we will refer to the following criteria: |
||
| ● | The duration of your interactions and product/service lifecycle; | |
| ● | The nature and sensitivity of the data; | |
| ● | Relevant legal requirements for minimum or maximum retention periods; | |
| ● | Whether there are unresolved complaints or disputes; | |
| ● | Whether retention is necessary to protect our legitimate rights and interests. | |
| 2. Transfer and Flow of Personal Information | ||
| Your personal information may be transmitted between your local device and our servers to support features such as system configuration, audio and video uploads, and remote management. This includes but is not limited to: | ||
| ● | Uploading configuration data and event logs from NVR devices to the server for synchronization and troubleshooting; relaying camera audio/video for remote access via P2P or, where necessary, a transient relay without server-side storage; only minimal connection metadata is retained; | |
| ● | Server issuing configurations, authorization information, and software upgrade commands to the device; | |
| ● | Mobile or cloud applications accessing and managing audio/video data for playback or control(without server-side storage of the audio/video content); | |
| ● | Synchronizing login status across platforms to achieve unified identity authentication. | |
| To ensure the security of data during transmission, we adopt the following measures: | ||
| ● | Use of transport layer encryption (e.g., HTTPS, TLS) to encrypt data transmitted between devices and servers; | |
| ● | Limiting data transmission to business-essential scopes, and applying the principle of minimization to control scope and frequency; | |
| ● | Implementing multi-level access control and identity authentication to restrict data access rights. | |
| When data needs to be transferred across borders (e.g., stored in locations outside mainland China), we comply with applicable laws and regulations and ensure that: | ||
| ● | The recipient has data protection capabilities equivalent to those in your jurisdiction; | |
| ● | Legal assessments and compliance reviews are conducted prior to cross-border transmission; | |
| ● | Data transfer agreements or Standard Contractual Clauses (SCCs) are signed when necessary. | |
|
If we transfer your personal information to a third country or region outside the European Union/European Economic Area (EEA) (e.g., China), we will adopt appropriate safeguards to meet the legal and regulatory requirements for cross-border data transfers, including: |
||
| ● | The data recipient signs the Standard Contractual Clauses (SCCs) approved by the European Commission; | |
| ● | Or the data recipient country has received an “Adequacy Decision” from the EU; | |
| ● | Or other legal bases apply (e.g., your explicit consent under Art.49). | |
| Currently, our data center is located in: | ||
| ● | Europe | |
| All data transmissions adopt TLS encryption, access control restrictions, and are subject to logging and audit mechanisms. | ||
| VI. Background Operation and Data Collection | ||
| To ensure continuous service, the application may perform the following actions while running in the background: | ||
| ● | Maintain network connection: to receive push notifications and remote device event alerts. | |
| ● | Types of data collected: may include device identifiers, operation logs, and connection status; if you have explicitly enabled location or sensor features, location data or sensor data may also be collected in the background. | |
| ● | Purpose of collection: to ensure timely message delivery, maintain remote access functionality, and optimize user experience. | |
| ● | User control methods: you may disable background operation permissions in your system settings or revoke location/sensor permissions in the app settings. Please note that disabling these may affect certain features (such as remote alarm push and real-time notifications). | |
| We provide clear notifications (such as pop-ups or system prompts) during installation or activation to inform users about background operation and related data collection. If you do not see such notification during use, please contact our Data Protection Officer (DPO) for verification and improvement. | ||
| VII. How You Can Manage Your Personal Information | ||
| According to applicable privacy protection laws (including but not limited to the Personal Information Protection Law of the People’s Republic of China and the EU General Data Protection Regulati on (GDPR)), you, as a data subject, have the following rights: | ||
| 1. | Right to Know and Access | |
| You have the right to know whether we are processing your personal data and to access the data and the way it is processed. | ||
| 2. | Right to Rectification | |
| You have the right to request correction of any inaccurate or incomplete personal data. | ||
| 3. | Right to Erasure / Right to be Forgotten | |
| Under conditions set by law, you have the right to request deletion of your personal data, including when consent is withdrawn or when our further processing is no longer legally justified. | ||
| 4. | Right to Restrict Processing | |
| In certain circumstances (e.g., where the accuracy of the data is contested), you have the right to request that we restrict how your data is processed. | ||
| 5. | Right to Data Portability ☑ ← newly placed here | |
| Where applicable, you have the right to request your personal data in a structured, commonly used, and machine-readable format (such as CSV, XML, or JSON), and, where technically feasible, to request that we transfer this data directly to another data controller. | ||
| 6. | Right to Object | |
| You have the right to object to our processing of your data based on legitimate interests or public interest, in particular where the processing is for direct marketing purposes. | ||
| 7. | Right to Withdraw Consent | |
| Where processing is based on your consent, you have the right to withdraw your consent at any time, and such withdrawal will not affect any processing already carried out based on your prior consent. | ||
| 8. | Right not to be Subject to Automated Decision-Making | |
| You have the right not to be subject to decisions based solely on automated processing (including profiling), unless such decisions have no significant impact on you, are required by law, or are based on your explicit consent. | ||
| 9. | Right to Lodge a Complaint | |
| You have the right to lodge a complaint with us or with the competent data protection supervisory authority. | ||
| 1.5. Special Reminders | ||
| A. Unless authorized or acting as a guardian, no individual is permitted to access another person’s personal information. | ||
| B. Most laws clearly state that, in certain circumstances, organizations must not provide data subjects with their data. These circumstances may include cases where the provision of data would undermine efforts to combat terrorism, where the data subject submits multiple repetitive requests, or where the cost of retrieving and providing the data would be disproportionately high. | ||
| C. In principle, we will not provide the following information: | ||
| a. Information about other individuals If the data subject's access request may involve personal data of individuals other than the data subject, we will not provide such information unless we have obtained their consent. |
||
| b. Repetitive requests When the requester raises identical or similar requests regarding the same data subject and the data has not changed within a certain period, and we have already provided the data, we generally will not provide duplicate copies. We are also not obligated to re-provide previously given information. |
||
| c. Information provided under confidential circumstances If the data we hold was provided to us under conditions of confidentiality, we are not obligated to disclose it. | ||
| d. Special documents Certain special types of information we hold should not be disclosed to the data subject upon request. Typically, such information includes privileged communications (such as direct communication between clients and lawyers) and information obtained through legal procedures that is not required to be disclosed (whether the requester is a party in the litigation or not). | ||
| Below are additional rights you may have as a data subject: | ||
| (1) User Rights | ||
| According to applicable privacy protection laws (including but not limited to the Personal Information Protection Law of the People's Republic of China, the General Data Protection Regulation (GDPR), etc.), you have the following rights as a data subject: | ||
| ● | Right to know and access: You have the right to know whether we are processing your personal data and the right to access the data and the way it is processed; |
|
| ● | Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data in a timely manner; |
|
| ● | Right to erasure (right to be forgotten): Under the conditions set by law, you have the right to request the deletion of your personal data, including withdrawing consent or ceasing to use our products or services when further processing is no longer justified under legal grounds; |
|
| ● | Right to restrict processing: In certain circumstances (e.g., where the accuracy of the data is contested), you have the right to request restrictions on how we process your data. |
|
| ● | Right to data portability: Where applicable,, you have the right to obtain a copy of your data that you provided to us and, where technically feasible, to request its transfer to a third party; |
|
| ● | Right to object: You have the right to object to our processing of your data based on legitimate interests or public interest, particularly where the processing is for direct marketing purposes; |
|
| ● | Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw your consent at any time, and such withdrawal will not affect any processing already carried out based on your prior consent. |
|
| ● | Right not to be subject to automated
decision-making: You have the right not to be subject to decisions based solely on automated processing (including user profiling), unless such decisions have no significant impact on you or are otherwise legally required and based on your explicit consent; |
|
| ● | Right to lodge a complaint: You have the right to lodge a complaint with us or with the competent data protection supervisory authority. |
|
|
You may exercise your rights through the contact methods specified in this statement. We will verify your identity and respond within the period required by law.
|
||
| ● | Submit to: info@theglorytech.com | |
| ● | Subject format: GDPR Data Subject Request – [Name] | |
| ● | Note: Please provide valid identification and describe the request content, including product/service details and the data processing time range involved. | |
|
We will respond within 30 days of receiving your request. If the request is complex, the period may be extended to a maximum of 60 days with explanation.
|
||
| ● | DPO Email: info@theglorytech.com | |
| ● | Supervisory Authority: Cyberspace Administration of China | |
| ● | Complaint Hotline: +86-12377 | |
| (2) Data Authorization Records | ||
| These records include clear timestamps to track specific user operations and ensure compliance with audit requirements. We have established a user authorization logging mechanism to retain records of when users first used the product or service and the scope of authorization, specific terms, and effective version numbers. These records include: | ||
| ● | The time when the user clicked “Agree” or “Authorize”; | |
| ● | The version number of the privacy policy viewed during access and the corresponding content of that version. | |
| ● | Whether the user has granted specific permissions (such as audio/video recording, geolocation, or remote access); | |
| These records will be securely stored on the server in a compliant log system to support audits, regulatory inquiries, user complaints, or legal proceedings, serving as traceable evidence. | ||
| (3) Special Statement on Children’s Data | ||
| Our products and services are not intended for children under the age of 13, nor will we knowingly target this demographic. If our system or personnel discover that personal data of children under 13 has been collected, we will immediately suspend the processing and take the following actions: | ||
| ● | Temporarily suspend the use and processing of such data; | |
| ● | Prioritize automatic deletion of this data to avoid long-term storage in backend or device identity systems; | |
| ● | If children’s data is mistakenly tagged as adult data, we will manually correct it upon user request; | |
| ● | All processing involving children's data will prioritize unconditional deletion. We do not accept data transfers or third-party sharing of such data. | |
| If you, as a guardian, discover that we may have collected information about your child, please contact our DPO. We will respond immediately to verify and delete the data. | ||
| (4) Remote Data Deletion Feature Description | ||
| To help you protect your data when your device is lost, stolen, or exposed to potential security threats, we offer a remote data deletion function. Specifically: | ||
| ● | Users must pre-enable the "Remote Wipe" feature and bind a designated authentication method (such as 2FA); | |
| ● | Once the device is securely connected to the cloud, users can initiate deletion commands via the app or web portal; | |
| ● | Upon execution, all user data stored locally on the device will be deleted, including audio/video recordings, system settings, user configurations, and cannot be recovered. | |
| ● | The cloud server will also clear any temporary caches linked to the device to ensure no data is retained on the server. | |
| If users do not enable this feature in advance, we will be unable to provide remote deletion capabilities. Please evaluate your risk level and enable this function as appropriate. | ||
| (5) AI Function: Children's Data Exclusion Mechanism | ||
| We commit not to analyze or model behavioral data of children under the age of 13. Our AI-based image or behavior recognition: | ||
| ● | Incorporates an embedded default exclusion mechanism for children under 13 at the algorithm design stage, specifically: | |
| o | The video processing module automatically skips low-age feature samples (e.g., child-like faces, body proportions, or movement patterns); | |
| o | All user profiling, behavior modeling, and statistical analysis exclude low-age feature samples; | |
| o | If the system detects ambiguous or age-uncertain child-like samples, these are flagged for manual review and excluded from re-training mechanisms; | |
| o | The algorithm will be reviewed every six months to ensure it does not recognize or profile children, thus minimizing the risk of inference or archival. | |
| We commit not to use AI features to profile or track children for commercial purposes. | ||
| (6) Automated Decision-Making Based on User Images | ||
| We will not subject you to decisions based solely on automated processing (including user imagery), unless: | ||
| ● | Such decisions are legally authorized and you have given explicit consent; or | |
| ● | The processing is necessary for fulfilling a contract between you and us. | |
| ● | or we are legally required to perform such processing. | |
| Under the above circumstances, we will inform you of the logic involved in the processing, the potential impact, and provide a means for you to raise objections through human intervention. | ||
| (7) Backend Data Deletion Notification Mechanism | ||
| When you or the system initiate a deletion request for a specific data record (including but not limited to account data, audio/video records, access logs, etc.), the backend will automatically trigger a synchronous notification mechanism upon deletion: | ||
| ● | The system will automatically check whether the data has been shared with any third party (e.g., API integrations, data processors, etc.); | |
| ● | If shared, the system will immediately send a data deletion notification to all known recipients; | |
| ● | The recipients must complete the deletion and provide confirmation within 15 business days after receiving the notification; | |
| ● | If any third party fails to complete deletion, we will log the case and mark it as a potential data security risk for further follow-up and accountability. | |
| This mechanism ensures full lifecycle data management, in accordance with principles of data minimization and limited retention/use. | ||
| VIII. Post-mortem Data Handling | ||
| We respect the privacy rights of our users. In the event of a user’s death, we will handle the personal data in accordance with the user’s prior instructions or applicable legal requirements. | ||
| ● | Users may, during their lifetime, specify how their data should be handled after death (including deletion or retention) through account settings or other available means; | |
| ● | Personal data will be processed in accordance with the data retention periods defined in this Privacy Statement; | |
| ● | Where permitted by law, family members or legal representatives may request access, modification, or deletion of the user’s data, provided that valid legal documentation is submitted; | |
| ● | We will take appropriate security measures to ensure the security and confidentiality of post-mortem data, and to prevent unauthorized access. | |
| IX. Updates to This Statement | ||
| The version control information for this Privacy Statement is as follows: | ||
| ● | Current Version: 1.1 | |
| ● | Most Recent Update Date: July 9, 2025 | |
| ● | Update Frequency: Regular review every 12 months, or updated in real time based on legal, regulatory, or business changes | |
| If we make significant changes to our privacy policy (including but not limited to changes in data processing purposes, addition of new data types, or changes in data sharing recipients), we will proactively notify you through the follo | ||
| wing means: | ||
| ● | In-system pop-up notifications; | |
| ● | Notifications via App/Web interface; | |
| ● | Email or SMS push (if you have provided contact details); | |
| ● | And where necessary, request your renewed explicit consent. | |
| The changes in this update include: | ||
| 1. | Addition of organizational and DPO contact information; | |
| 2. | Clarification of data storage limits and data flow paths; | |
| 3. | Enrichment of user rights and supervisory complaint channels; | |
| 4. | Addition of AI analysis, remote deletion, and child data protection content; | |
| 5. | Introduction of backend data deletion synchronization mechanisms and data consent logging mechanisms. | |
| If this Statement undergoes significant changes, we will notify users via official website announcements, product interface push notifications, pop-ups, etc., and display update highlights or request renewed confirmation from users on the relevant interface. | ||
| Please check this policy periodically to understand our data protection practices. | ||