Privacy Policy (Global Compliance Upgraded Edition)

Agreement Relationship. This Privacy Policy forms an integral and inseparable part of the Application Privacy Policy and User Service Agreement between us (the “R&D Team”, “we”, “our”, or “us”) and you (the “user” or “you”). It applies to all behaviors related to downloading, installing, and using our mobile applications (collectively, the “App Products”) distributed through compliant channels including App Store, Google Play, and other lawful distribution platforms.

Commercial Model and Compliance Commitment. Our App Products may operate with both IAA (in-app advertising monetization) and IAP (in-app purchase) models. We comply with applicable global privacy laws, data security regulations, age protection requirements, app-store policies, and monetization partner requirements, and we aim to safeguard your lawful rights and data security at all times.

Effective Consent. By using any of our App Products, you confirm that you have fully read, understood, and voluntarily agreed to this Privacy Policy in full.

Policy Snapshot

Applicable scope: App Store, Google Play, and other compliant app distribution channels.
Monetization model: IAA + IAP with privacy-boundary controls and data minimization.
Age baseline: no intentional data collection from under-13 users where applicable by law.
Default architecture: local-storage-first with optional cloud backup based on user choice.
Core right channels: access, correction, deletion, withdrawal, and complaint pathways.

Compliance Coverage Matrix

This policy is designed to align with key privacy frameworks and regional requirements, including but not limited to GDPR, CCPA/CPRA, PIPL, LGPD, COPPA-linked obligations, and local cross-border data transfer constraints.

For ad monetization contexts, the policy also addresses mainstream ad platforms and ad formats such as app-open/splash, rewarded video, interstitial, banner, and native advertising under lawful processing boundaries.

Part I: Privacy Policy (Global Compliance Upgraded Edition)

1. Policy General Principles

1.1 Purpose and Legal Basis. This Privacy Policy clearly explains the specific scope, methods, and core purposes of our collection, use, storage, transmission, and disclosure of personal information. We strictly follow the principles of legality, legitimacy, necessity, and good faith, and we comply with, as applicable, the Personal Information Protection Law of the People’s Republic of China (PIPL), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Brazil’s Lei Geral de Protecao de Dados (LGPD), and other applicable regional laws and regulations. We also comply with app-store privacy review requirements and the requirements of relevant monetization platforms, including standards equivalent to GBT35273-2020 Personal Information Security Specification. We do not collect personal information unrelated to product functions, and we do not abuse or leak personal information.

1.2 Global User Coverage and Local Priority. This policy applies to all users globally. We include region-adapted clauses to meet policy differences in different jurisdictions. If your country or region imposes stricter data protection rules, those stricter local rules and corresponding platform requirements shall prevail.

1.3 User Rights and Explicit Consent. You have rights to access, correct, and delete personal information, withdraw consent, and request anonymization where legally applicable. We provide convenient and efficient operation paths. During consent popups and policy dialogs, consent options are presented as unchecked by default. We only proceed with personal information processing after your active confirmation.

2. Scope and Methods of Personal Information Collection

2.1 Core Necessary Information (required to deliver core functions).

Device-related information: including but not limited to device model, operating system version, device identifiers (such as IMEI, IDFA, Android ID, processed in anonymized form where required), MAC address, screen resolution, and network type (Wi-Fi / mobile data). Purpose: adaptation, stable operation, troubleshooting, and security protection. We follow minimal-necessity principles required by app stores and do not collect beyond functional necessity.
App usage information: including but not limited to modules used, duration, operation records, and feature preference signals. Purpose: product optimization, user experience improvement, optional personalized recommendations (which can be disabled), and monetization analytics. Collection follows strict data minimization.

2.2 Optional Information (you may choose to provide).

Identity information: such as name, email address, and phone number, only for account registration, password recovery, IAP order verification, and customer support. Anonymous use may be supported where feasible. We do not force collection.
Location information: only for scenario-based features requiring location context, and only after your manual authorization. You may revoke permission at any time in device settings. We do not proactively track real-time location beyond authorized use.
Photo/file access permissions: only for user-initiated save/upload/import features, and only after your manual authorization. You can revoke access anytime. We do not access content you have not actively selected.

2.3 Third-Party Collection Related to Monetization and Distribution Platforms. In IAA scenarios, our products may integrate compliant ad monetization networks. Such networks may collect device, app usage, and ad interaction data for ad delivery and optimization under their own privacy policies and legal obligations. In IAP scenarios, payment data is handled by app stores/payment processors. We generally receive transaction status verification and entitlement information, not your full payment credentials.

Examples of ad and mediation platforms that may be used, depending on product/region/version, include but are not limited to: Google AdMob, Google Ad Manager, Meta Audience Network, Unity Ads, AppLovin MAX, ironSource, Mintegral, Pangle, Liftoff (Vungle), Chartboost, InMobi, Smaato, Start.io, Moloco, Yahoo DSP integrations, and other compliant partners. Typical ad formats include App Open (splash/startup), Rewarded Video, Interstitial, Banner, and Native ads. We require third parties to process only data necessary for lawful ad services and prohibit collection unrelated to service purposes.

2.4 Collection Methods. Personal information is collected through your active authorization and manual operations (such as registration, upload, check-in, explicit settings) or automated collection of strictly necessary technical data. We do not collect by concealment, fraud, coercion, or deceptive patterns. Before collection, we provide notice of purpose, scope, usage, and retention period, and obtain explicit consent where required. We do not use pre-ticked boxes or forced consent mechanisms.

3. Purposes and Scope of Personal Information Use

3.1 Core Service Purpose. To provide all app features, ensure stable operation, troubleshoot issues, and continuously optimize functionality for daily utility and productivity scenarios. We do not use personal information for purposes unrelated to app functionality.

3.2 Monetization-Related Use. For IAA: ad delivery and ad-effect measurement in compliance with applicable policy frameworks (including Apple ATT and Android Privacy Sandbox principles where applicable), with controls to disable certain personalization settings where legally required. For IAP: purchase verification, order management, and transaction status checks. We do not conduct illegal monetization activities through personal information.

3.3 Optimization and Security. To improve UI layout and operational flow, identify abnormal logins, malicious operations, fraud, or abuse, and protect account and data security.

3.4 Compliance and Audit. To retain and process data as required by applicable laws, platform obligations, and compliance audits, and to cooperate with regulatory inspections where lawful and necessary.

3.5 Prohibited Uses. We do not sell, rent, or lend your personal information to third parties except lawful disclosures required for compliant monetization/distribution services or mandatory legal/regulatory obligations. We do not process personal information for irrelevant purposes or unlawful activities.

4. Personal Information Storage and Data Security

4.1 Storage Location. We follow the principle of local-storage priority and optional cloud backup. By default, data is stored on your device. If you opt in to cloud backup, data may be stored in compliant cloud infrastructure distributed across lawful data centers. For EU users, where applicable, data localization and transfer safeguards are implemented according to GDPR requirements. We also adapt to local storage rules, including LGPD-related principles and applicable cross-border data rules in China and other jurisdictions.

4.2 Retention Period. We retain personal information only for the reasonable period necessary to fulfill stated purposes. After expiration, data is anonymized or deleted. You may delete your information manually where supported. If you delete your account, we will delete your personal information within 15 working days, except where retention is required by law.

4.3 Security Measures. We adopt industry-standard controls including but not limited to encryption at rest (such as AES-256 in relevant data paths), encrypted transmission (HTTPS/TLS), access controls, and security auditing. We maintain management systems for data handling, conduct regular security checks and risk assessments, and bind employees and relevant service partners by confidentiality obligations. We target security and privacy governance standards equivalent to recognized frameworks (for example, ISO27001 and ISO27701 practices where applicable in our operational setup).

4.4 Data Breach Response. In case of personal information incidents, we activate emergency response plans immediately, implement remediation measures, and prevent expansion of impact. Where legally required, we notify affected users and competent regulators in required timelines (for example, within 72 hours under GDPR conditions), explain causes, remediation, and prevention actions, and cooperate with official investigations.

5. Transmission and Disclosure of Personal Information

5.1 Transmission Scope. We transmit personal information only as necessary among app clients, compliant cloud services (if enabled by user), monetization partners, and distribution/payment platforms such as App Store and Google Play. Encrypted channels are used, and data minimization is applied.

5.2 Disclosure Scenarios (lawful and limited).

With your explicit consent, such as third-party login authorization or content sharing actions you initiate.
To compliant ad monetization and app distribution/payment platforms, limited to data necessary for monetization fulfillment and distribution obligations (for example anonymized device signals and transaction verification fields).
To judicial, administrative, or regulatory authorities when legally required, following lawful procedures and maintaining disclosure records.
Within reasonable necessity to protect your rights, maintain service order, and prevent abuse (for example fraud, account theft, or malicious traffic behavior).

5.3 Cross-Border Transfer. Where cross-border transfer occurs, we follow applicable transfer mechanisms and legal requirements (such as adequacy decisions, standard contractual clauses, transfer impact assessments, security assessments, or certifications as required by region). We do not transfer personal information to jurisdictions lacking necessary compliance safeguards unless lawful transfer mechanisms are in place.

6. Regional Adaptation Clauses

6.1 European Union (GDPR). We support rights to information, access, rectification, erasure, withdrawal of consent, and data portability where applicable, establish breach notification mechanisms, and apply transfer restrictions/safeguards as required.

6.2 United States (CCPA/CPRA and child protections). Eligible users may request disclosure and deletion rights under applicable laws and may opt out of certain targeted advertising practices. We provide a clear “Do Not Sell or Share My Personal Information” path where legally required. We follow COPPA requirements and do not knowingly collect personal information from children under 13.

6.3 China (PIPL and related rules). We follow legality, legitimacy, necessity, and good faith principles; obtain informed consent before collection where required; support rights to access, correction, deletion, and withdrawal; and adapt to cross-border data transfer requirements and compliance audit obligations.

6.4 Brazil (LGPD). We obtain legal basis/consent as required, support rights of access, correction, and deletion, maintain data security controls, and satisfy local filing/reporting obligations where applicable.

6.5 Southeast Asia (localized requirements). We adapt to local registration/filing and privacy expectations in relevant jurisdictions (including examples such as Thailand and Singapore frameworks), and we align operations with local legal requirements.

6.6 Other Regions. We adapt to local privacy laws worldwide. Where local law provides stricter protection, stricter local rules prevail.

7. Age Policy Adaptation (Global Baseline + Local Supplement)

7.1 Global Baseline. Our products are designed for broad audiences but strictly follow child protection requirements:

We do not provide services to children under 13 in jurisdictions where this threshold applies (including COPPA-related contexts). If such use is identified, we terminate service and delete associated information.
For minors aged 13 to 18, guardian consent may be required by law. Guardians may request access/correction/deletion and may request suspension of minor usage rights as legally applicable.
Content and ad delivery are adapted for minors: no violent, pornographic, obscene, illegal, or otherwise age-inappropriate material. We use layered review controls for content safety.

7.2 Local Supplement. In regions where the minor threshold differs (for example 16 in certain contexts), local legal age definitions prevail.

8. User Privacy Rights and Operational Paths

8.1 Your Rights. You may have rights including information, access, correction, deletion, withdrawal of consent, portability (where legally applicable), and complaint/report channels.

8.2 Operational Paths in App.

Access / Correction / Deletion: Open App → “My” → “Privacy Settings” → “Personal Information Management”.
Permission Withdrawal: Open App → “My” → “Privacy Settings” → “Permission Management”, or revoke at operating-system permission settings.
Account Deletion: Open App → “My” → “Account Settings” → “Delete Account”. After deletion request confirmation, information is deleted according to this policy, except legal retention obligations.
Complaint / Report: Open App → “My” → “Customer Service Center” → “Privacy Complaint”. We aim to respond within 3 working days and provide a clear handling result within 7 working days. You may also contact us via the contact channels listed below.

9. Policy Updates and Notifications

9.1 Update Basis. We may update this policy based on legal changes, platform policy updates, product feature evolution, and regulatory requirements. Updated versions will not reduce our core privacy protection obligations.

9.2 User Notification. We notify updates via in-app popups, push notifications, or in-app announcements. Continued use after update effectiveness means acceptance of updated terms, unless prohibited by local law. If you disagree with updates, you may stop use and uninstall the app. We will stop further collection/use and delete relevant information where legally required, except data retention mandated by law.

10. Disclaimer Clauses

10.1 Force Majeure: We are not liable for losses caused by unforeseeable and unavoidable events such as earthquakes, floods, typhoons, network disruptions, or major infrastructure failures, but we will use reasonable efforts to mitigate impact and notify users where possible.
10.2 User-side Risks: You are responsible for losses resulting from your own improper actions, such as credential leakage, authorizing untrusted parties, or device loss. Please keep your account and device secure.
10.3 Third-Party Violations: If third-party monetization platforms, app stores, payment channels, or cloud service providers violate legal requirements and cause data misuse, such third parties bear corresponding legal liability. We will assist users in lawful rights protection and strengthen partner compliance review.
10.4 Lawful Disclosure: We are not liable for disclosures made under mandatory legal, judicial, or regulatory requirements, provided lawful procedures are followed.
10.5 Authenticity of Submitted Information: If you voluntarily provide inaccurate or incomplete information causing losses, you bear corresponding responsibility. Please provide truthful and complete information where required.

Contact Information

Customer Service Email: contact@smartdatacloudhub.com

Business Support: support@smartdatacloudhub.com

Contact Address: Hoa Lac High-Tech Park, Hanoi, Vietnam

Website: https://smartdatacloudhub.com/