Privacy Policy

1 Introduction & Scope

Qingdao Zishenghao Network Technology Co., Ltd. (“the Company,” “we,” “us,” or “our”) is committed to protecting the privacy of all individuals who interact with our services. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal information when you access or use our websites, mobile applications, software platforms, and any other digital services we operate (collectively, “the Services”).

This policy applies to all users of our Services worldwide, including but not limited to visitors, registered account holders, customers, partners, and vendors. It covers personal data collected through our platforms as well as through offline interactions such as customer support inquiries, business meetings, and event participation.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you must discontinue use of our Services immediately.

This policy is governed by the applicable laws and regulations of the People’s Republic of China, including the Personal Information Protection Law (PIPL) and the Cybersecurity Law, as well as relevant international data protection frameworks where our Services extend to users in those jurisdictions.

2 Information We Collect

We collect various categories of personal information to provide, maintain, and improve our Services. The types of data we collect depend on how you interact with us and the specific features you use. Below is a comprehensive breakdown:

2.1 Information You Provide Directly

• Account Registration Data: When you create an account, we may collect your full name, username, email address, phone number, password (stored in hashed form), and profile picture.
• Contact Information: Billing address, shipping address, telephone number, and other contact details you provide during transactions or inquiries.
• Payment Information: Credit or debit card details, bank account numbers, payment processor account IDs, billing records, and transaction histories. Please note that full payment card numbers are processed and stored by our PCI-compliant third-party payment processors, not directly by us.
• Identity Verification Data: Government-issued identification documents (such as national ID, passport, or driver’s license numbers) where required for regulatory compliance or high-value transactions.
• Communications: Records of your correspondence with our customer support team, including emails, chat transcripts, call recordings (with your consent where required), and survey responses.
• User-Generated Content: Reviews, comments, forum posts, and any other content you submit to public or semi-public areas of our Services.

2.2 Information Collected Automatically

• Device Information: IP address, device type, operating system, browser type and version, screen resolution, language preferences, unique device identifiers (such as IDFA or Android Advertising ID), and mobile network information.
• Usage Data: Pages visited, time spent on each page, clickstream data, feature usage patterns, search queries, referring URLs, and navigation paths through our Services.
• Location Data: Approximate geographic location derived from your IP address or, with your explicit consent, precise GPS location data from your mobile device.
• Performance & Error Data: Application crash reports, performance metrics, diagnostic logs, and network quality data used to troubleshoot and improve our Services.

2.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

• Business Partners: Referral partners, resellers, and affiliates who share data in connection with co-marketing activities or joint service offerings.
• Social Media Platforms: When you sign in using a social media account (such as WeChat, QQ, or Google), we receive basic profile information from that platform as authorized by you.
• Public Databases & Credit Bureaus: Information used for identity verification, fraud prevention, and creditworthiness assessments, where permitted by law.
• Analytics & Advertising Providers: Aggregated or pseudonymized data from analytics and advertising networks that help us understand user behavior and improve our marketing effectiveness.

3 How We Collect Information

We employ a variety of lawful methods to collect personal information, always with transparency and, where required, your prior consent:

• Direct Collection: Through registration forms, order forms, subscription sign-ups, feedback forms, and customer support interactions.
• Automated Technologies: Using cookies, web beacons, pixel tags, local storage, SDKs, and similar tracking technologies embedded in our websites and applications. Please see Section 10 (Cookies & Tracking Technologies) for more detail.
• API & Integration Data: When you connect third-party services or applications to our platform through APIs, we receive data authorized by the connection.
• Publicly Available Sources: We may combine data you provide with information lawfully obtained from public registers, corporate websites, and other publicly accessible sources.

4 Purpose & Legal Basis for Processing

We process your personal information only when we have a valid legal basis to do so. The specific bases we rely on include:

4.1 Consent

We process your data based on your freely given, specific, informed, and unambiguous consent. This applies particularly to direct marketing communications, non-essential cookies, processing of sensitive personal information, and cross-border data transfers. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4.2 Contractual Necessity

We process your personal information when it is necessary to fulfill a contract with you or to take steps at your request before entering into a contract. This includes processing your data to deliver the Services you have requested, process payments, and provide customer support.

4.3 Legal Obligation

We process your data when required to comply with applicable laws and regulations, including but not limited to tax laws, anti-money laundering regulations, data protection laws (such as China’s PIPL), and lawful requests from government authorities or courts.

4.4 Legitimate Interests

We may process your personal information for our legitimate interests, provided that such processing does not override your fundamental rights and freedoms. Our legitimate interests include:

• Improving, optimizing, and personalizing our Services
• Preventing fraud, abuse, and security threats
• Analyzing usage patterns to enhance user experience
• Conducting business operations, internal reporting, and research

4.5 Vital Interests

In exceptional circumstances, we may process your personal information to protect your vital interests or those of another individual, such as in a medical emergency.

5 How We Use Your Information

We use the personal information we collect for the following purposes:

• Service Delivery & Operation: To create and manage your account, process transactions, fulfill orders, provide customer support, and operate the core functionality of our Services.
• Personalization: To customize your experience by recommending content, products, or features that may be of interest to you based on your preferences and usage history.
• Communication: To send you service-related notices (such as order confirmations, password resets, and policy updates), respond to your inquiries, and, with your consent, send marketing communications about our products, services, and promotions.
• Analytics & Improvement: To analyze usage trends, measure the effectiveness of our content and advertising, and improve the design, functionality, and performance of our Services.
• Security & Fraud Prevention: To detect, investigate, and prevent fraudulent activities, unauthorized access, security breaches, and other prohibited or illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, and to enforce our terms of service and other agreements.
• Research & Development: To conduct research and data analysis for product development, innovation, and business intelligence, typically using aggregated or de-identified data.

6 Information Sharing & Disclosure

We do not sell your personal information to third parties. We may share your personal information only in the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, such as cloud hosting, payment processing, email delivery, data analytics, customer support, fraud detection, and marketing assistance. These providers are contractually bound to process your data only on our instructions and in compliance with this Privacy Policy and applicable data protection laws. They are prohibited from using your data for any independent purpose.

6.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring or successor entity. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your data, as well as any choices you may have regarding your data.

6.3 Legal Requirements

We may disclose your personal information if required to do so by law, regulation, legal process, or governmental request. This includes responding to subpoenas, court orders, or lawful requests from public authorities, including to meet national security or law enforcement requirements.

6.4 Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users, employees, or others, including to enforce our terms of service and to investigate and defend against third-party claims.

6.5 With Your Consent

We may share your personal information with third parties when we have obtained your explicit consent to do so, such as when you opt in to share data with a specific partner for joint offerings.

6.6 Aggregated or De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with third parties for research, analytics, marketing, or other lawful purposes. Such data is not subject to this Privacy Policy.

7 International Data Transfers

As a global service provider, we may transfer your personal information to servers and facilities located in countries other than your own, including to jurisdictions that may have different data protection laws than those of your country of residence.

Our principal servers are located in the People’s Republic of China. When we transfer your personal information across borders, we implement appropriate safeguards to ensure that your data receives an adequate level of protection, including:

• Standard Contractual Clauses: We enter into data transfer agreements with our affiliates and service providers that contain contractual clauses approved by relevant data protection authorities to ensure adequate protection of personal data.
• Binding Corporate Rules: For intra-group transfers, we may rely on binding corporate rules that have been approved by competent supervisory authorities.
• Consent: Where required by applicable law (including under China’s PIPL), we will obtain your explicit consent before transferring your personal information outside of China. We will inform you of the name and contact information of the overseas recipient, the purpose and method of processing, the types of personal information involved, and the rights you have in relation to such transfers.
• Security Assessment: For transfers that may affect national security or the public interest, or where the volume of data transferred is significant, we will undergo a security assessment organized by the Cyberspace Administration of China as required by law.

If you have questions about the safeguards we use for international data transfers, please contact us.

8 Data Retention & Deletion

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

8.1 Retention Periods

• Account Data: For the duration of your account’s existence plus a reasonable period thereafter to allow for account reactivation and to comply with legal obligations (typically 1–3 years after account closure).
• Transaction Records: Retained for the period required by tax and commercial laws, typically 5–10 years depending on jurisdiction.
• Communications & Support Records: Retained for 2–3 years from the date of the last interaction to ensure continuity of support and for quality assurance purposes.
• Log Data & Analytics: Retained in identifiable form for a maximum of 12 months, after which it is anonymized or deleted.
• Marketing Preferences: Retained until you unsubscribe or withdraw your consent, plus a short period to ensure your opt-out is respected in all our systems.

8.2 Deletion & Anonymization

When the retention period expires, we will securely delete or anonymize your personal information so that it can no longer be linked to you. Secure deletion methods include permanent data erasure using industry-standard overwriting techniques and physical destruction of storage media where applicable.

8.3 Exceptions

We may retain your data beyond the standard retention periods if required by law, for the establishment, exercise, or defense of legal claims, or for legitimate business purposes such as fraud prevention and security monitoring.

9 Your Rights & Choices

Depending on your jurisdiction, you may have the following rights concerning your personal information. We will respond to all legitimate requests within the timeframes required by applicable law (typically within 15–30 days).

9.1 Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This Privacy Policy is our primary means of fulfilling this obligation.

9.2 Right of Access

You have the right to request access to the personal information we hold about you and to obtain a copy of that data in a commonly used, machine-readable format.

9.3 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal information we hold about you. You can also update much of your data directly through your account settings.

9.4 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information where: (a) the data is no longer necessary for the purposes for which it was collected; (b) you withdraw consent on which processing is based; (c) you object to processing and there are no overriding legitimate grounds; (d) the data has been unlawfully processed; or (e) deletion is required by law.

9.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you do not want the data deleted.

9.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to have that data transmitted directly to another controller where technically feasible.

9.7 Right to Object

You have the right to object to processing of your personal information based on our legitimate interests, including profiling for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

9.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

9.9 Right to Lodge a Complaint

If you believe that our processing of your personal information violates applicable data protection laws, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction. In China, the relevant authority is the Cyberspace Administration of China.

9.10 How to Exercise Your Rights

To exercise any of your rights, please contact us using the information in Section 15 (Contact Us). We may need to verify your identity before processing your request. We do not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive.

10 Cookies & Tracking Technologies

Our websites and applications use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver targeted advertising.

10.1 What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They allow the website to remember your actions and preferences over a period of time.

10.2 Types of Cookies We Use

• Essential/Strictly Necessary Cookies: Required for the basic functioning of our Services, such as session management, security, and load balancing. These cannot be disabled.
• Functional/Preference Cookies: Remember your preferences and choices (such as language, region, and login status) to provide a personalized experience.
• Analytics/Performance Cookies: Help us understand how users interact with our Services by collecting aggregated information about pages visited, time spent, and error messages encountered. We use tools such as Google Analytics and Baidu Tongji for this purpose.
• Advertising/Targeting Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of advertising campaigns. These cookies track your browsing habits across websites.
• Third-Party Cookies: Cookies set by domains other than ours, such as social media platforms (WeChat sharing, Facebook, Twitter) and embedded content providers (YouTube, Vimeo).

10.3 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You can also manage your cookie preferences at any time through your browser settings:

• Browser Controls: Most browsers allow you to block or delete cookies. Please consult your browser’s help documentation for instructions.
• Opt-Out Tools: You can opt out of certain advertising cookies through the Digital Advertising Alliance’s opt-out tool or your device’s advertising ID settings.

Please note that disabling certain cookies may affect the functionality and performance of our Services.

10.4 Do Not Track

Our Services do not currently respond to Do Not Track (DNT) signals. We await the development of a uniform industry standard for responding to such signals.

11 Data Security Measures

We implement a comprehensive set of technical, organizational, and administrative security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

11.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher, ensuring that data cannot be intercepted or read by unauthorized parties.
• Encryption at Rest: Personal information stored on our servers is encrypted using industry-standard AES-256 encryption algorithms.
• Access Controls: Strict role-based access controls (RBAC) are enforced across all systems. Employees and contractors are granted access to personal data only on a need-to-know basis.
• Firewalls & Intrusion Detection: We maintain enterprise-grade firewalls, intrusion detection and prevention systems (IDPS), and DDoS protection to safeguard our network infrastructure.
• Regular Security Assessments: We conduct periodic vulnerability scans, penetration tests, and security audits conducted by independent third-party security firms.
• Secure Development Lifecycle: We follow secure coding practices and perform code reviews, threat modeling, and security testing throughout the software development lifecycle.

11.2 Organizational Measures

• Data Protection Officer (DPO): We have appointed a Data Protection Officer responsible for overseeing compliance with data protection laws and this Privacy Policy.
• Staff Training: All employees and contractors who handle personal data undergo mandatory privacy and security training on a regular basis.
• Data Processing Agreements: We enter into written data processing agreements with all third parties who process personal data on our behalf, requiring them to implement equivalent security measures.
• Incident Response Plan: We maintain a documented incident response plan to quickly address any data security incidents, including breach notification procedures as required by law.

11.3 Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and within the timeframes required by applicable law (typically within 72 hours). Notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures we have taken or propose to take to address the breach.

12 Children’s Privacy

Our Services are not intended for individuals under the age of 14 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children without verified parental consent.

If we become aware that a child under the applicable age has provided us with personal information without verifiable parental consent, we will take steps to delete that information promptly and terminate the associated account. In China, the age threshold under the Personal Information Protection Law is 14 years old for the purposes of obtaining parental consent for processing personal information.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately so that we can investigate and take appropriate action.

13 Third-Party Services & Links

Our Services may contain links to third-party websites, applications, platforms, or services that are not owned or controlled by Qingdao Zishenghao Network Technology Co., Ltd. This includes, but is not limited to, payment gateways, social media widgets, embedded video players, advertising networks, and analytics providers.

We do not assume any responsibility for the privacy practices, data collection policies, or content of such third-party services. We encourage you to review the privacy policies and terms of service of any third party whose services you access through our platform before providing them with your personal information.

Examples of third-party services we currently integrate with include:

• Payment processors (e.g., Alipay, WeChat Pay, PayPal, Stripe)
• Analytics providers (e.g., Google Analytics, Baidu Tongji)
• Cloud infrastructure providers (e.g., Alibaba Cloud, Tencent Cloud, AWS)
• Communication platforms (e.g., WeChat, email delivery services)

Note that these third-party services may set their own cookies or tracking technologies. We do not control these technologies and recommend reviewing the privacy policies of each service.

14 Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or industry standards. When we make material changes, we will notify you through one or more of the following methods:

• Posting a prominent notice on our website and/or mobile application
• Sending an email notification to the email address associated with your account
• Displaying an in-app notification requiring your acknowledgement

We will indicate the date of the most recent revision at the top of this page. Changes become effective immediately upon posting the revised policy, except where a longer notice period is required by applicable law. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you do not agree with any changes to this policy, you must discontinue use of our Services and request deletion of your data as described in Section 9.

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights, please do not hesitate to contact us using the following channels:

We are committed to addressing your inquiries promptly. We will respond to your request within 15 business days for most inquiries. For matters relating to the exercise of your data protection rights, we will respond within the timeframe prescribed by applicable law (typically 15–30 days).

If you are dissatisfied with our response, you have the right to lodge a complaint with the Cyberspace Administration of China or the relevant data protection authority in your jurisdiction.