As the developer and operator of the TalkingData SDK, Beijing Tendcloud Tianxia Technology Co. Ltd. and its affiliates (collectively referred to as "we/us" or "TalkingData") have always attached great importance to the protection of personal information and privacy rights. We recognize the importance of personal information to you and will do our utmost to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us, abiding by principles such as the principle of balancing rights with responsibilities, the principle of clear purpose, the principle of consent, the principle of minimum necessary, the principle of security, the principle of participation of personal information subjects, and the principle of openness and transparency. When you use products/services that use the TalkingData SDK (referred to as "host applications" below), we will adopt security protection measures in accordance with industry standards to protect your personal information. If you have any questions, comments, or suggestions, please reach out to us using one of the following contact methods:
E-Mail:support@tendcloud.com
Phone:400-870-1230Important Notice:The TalkingData SDK Privacy Policy only applies to the products and services we provide to host applications through the TalkingData SDK-Android, TalkingData SDK-iOS, and other versions of the SDK that we may provide or update from time to time (collectively referred to as "TalkingData SDK"), and does not apply to products and services provided by third parties through us or the TalkingData SDK. In such cases, we recommend that you carefully read and understand the third party's privacy policy.Please read the following privacy policy carefully to understand how we collect, use, store, and transfer information from or about you, especially the terms marked in bold. We strive to provide you with clear, understandable, and appropriate explanations so that you know your rights and can make informed choices after reading. Please note that if you do not agree to this privacy policy, you should immediately stop using the host application or exercise your right to refuse or withdraw consent through the approach disclosed in this privacy policy.Please ensure that you utilize the TalkingData SDK service in a legal and compliant manner, adhering to relevant laws, regulations, national standards, and regulatory requirements. The specific procedure is as follows:1.Please upgrade the TalkingData SDK to the latest version, and you can find the download link here:https://doc.talkingdata.com/posts/catalogue/10752.Please complete the SDK integration according to the "SDK Integration Document." TalkingData SDK performs preparatory work only during the initialization phase of the application, without collecting any data. You should ensure that you initiate the analytics capabilities of the TalkingData SDK based on reasonable business scenarios and in compliance with privacy policies, only after obtaining consent from end-users. For instructions on the latest version's initialization configuration and enabling analytics capabilities, please refer to the following links: Android:https://doc.talkingdata.com/posts/1025
iOS:https://doc.talkingdata.com/posts/1024
Harmony:https://doc.talkingdata.com/posts/1156 This privacy policy will help you understand the following:I. How we collect and use your personal information
II. How we share, transfer, and publicly disclose your personal information
III. How we protect your personal information
IV. Your rights
V. How we handle children's personal information
VI. How your personal information is stored or transferred internationally
VII. Updates to this policy
VIII. How to contact usI. How we collect and use your personal information
Personal information refers to information recorded in electronic or other forms that is capable of, either by itself or in combination with other information, to identify the identity of a specific person or that specific person's activities. TalkingData SDK will only collect and use your personal information for the purposes described in this policy. Unless specifically stated, this service is only available to users in the mainland of the People's Republic of China (referred to as "PRC" below). If you are located outside of the mainland of the PRC, there may be different regulatory requirements for the collection, storage, use, sharing, and other processing of data and personal information in other jurisdictions. If applicable, you should also comply with relevant provisions of the "Overseas Personal Information Protection Compliance Commitment." When we use data for purposes not covered by this policy, we will ask for your consent in advance.When we use information collected for a specific purpose in a different way, we will also ask for your consent in advance.TalkingData SDKprovides data statistics and analysis services for host applications, including but not limited to applicationstatistics analysis and mobile advertisements monitoring. We will only collect your relevant data through technicalmeans, based on the following needs and purposes of providing TalkingData SDK products and services commissioned by thedeveloper or operator of the host application that you use. This is subject to the prerequisite that the afore mentioneddeveloper or operator has obtained your full authorization and consent. The specifics are as follows:
| Product Functionality | Types of Data | Specific Data Fields | Processing Purposes |
| App Analysis | Mandatory | Fundamental personal information | Unique device identifiers (OAID,ODID and Android ID), IP address, IDFV, and IDFA | To generate de-identified unique identifiers for end-users, facilitating fundamental analysis. |
| Basic data concerning other aspects of applications, devices, and networks | SDK or API version, platform, timestamp, system file creation time, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, sensor information, application's NFC permission status (yes or no), device's NFC capability (yes or no), device's Bluetooth capability (yes or no), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language locale, mobile network/country code, time zone, hard disk, CPU, and battery usage information, network information (connectivity status of WiFi network or mobile network, connected WiFi BSSID or SSID information) | To conduct coarse-grained multidimensional analysis and provide data reports categorized by region and application version number. |
| Optional | Optional personal information | MEID, IMEI, or Mac information | To enhance the precision of end-user identification and identify fraudulent traffic. |
| Application list | To identify, analyze, and purge fraudulent traffic. |
| Location information (latitude and longitude, SystemID, NetworkID, and BasestationID) | To generate more precise location distribution reports and identify fraudulent traffic. |
| Ad Tracking | Mandatory | Fundamental personal information | Unique device identifiers (OAID,ODID and Android ID), IP address, IDFV, and IDFA | To generate de-identified unique identifiers for end-users, facilitating fundamental analysis. |
| Basic data concerning other aspects of applications, devices, and networks | SDK or API version, platform, timestamp, system file creation time, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, sensor information, application's NFC permission status (yes or no), device's NFC capability (yes or no), device's Bluetooth capability (yes or no), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language locale, mobile network/country code, time zone, hard disk, CPU, and battery usage information, network information (connectivity status of WiFi network or mobile network, connected WiFi BSSID or SSID information) | To conduct a coarse-grained multidimensional analysis, assess the effectiveness of advertising placements, identify, analyze, and purge fraudulent traffic. |
| Optional | Optional personal information | MEID, IMEI, or Mac information | To enhance the precision of user identification and identify fraudulent traffic. |
| Application list | To identify, analyze, and purge fraudulent traffic. |
| Location information (latitude and longitude, SystemID, NetworkID, and BasestationID) | To generate more precise location distribution reports and identify fraudulent traffic. |
If you do not wish for your above personal information to be collected, you can exercise your opt-out right through TalkingData's opt-out process. Once you exercise opt-out right, your personal information will not be collected or processed in any form, and we will not frequently require your consent. The Opt-Out link for TalkingData:http://www.talkingdata.com/optout.jsp?languagetype=en.You can also request to exercise your personal information rights to the host application developer. Upon receipt of the notification from the host application developer and verification of the legitimacy of the request, we will actively cooperate with the host application developer to respond to your request accordingly.1. Permissionrelated to the collection of personal information
Due to different system requirements, the host applicationmay need to obtain the following related permissions when using TalkingData SDK service to collect personalinformation.
Android: | Name of the Permission | Purpose of the Permission |
| INTERNET | To permit applications to establish online connectivity and transmit data. |
| ACCESS_NETWORK_STATE | To permit applications to check the connectivity status, and suspend data transmission in instances of network irregularities. |
| READ_PHONE_STATE | To generate de-identified unique identifiers for end-users. |
| ACCESS_WIFI_STATE | To generate de-identified unique identifiers for end-users. |
| WRITE_EXTERNAL_STORAGE | To store device information, and document logs. |
| ACCESS_FINE_LOCATION (optional) | To rectify end-user geographic distribution data, enhancing the precision of report data, and identify fraudulent traffic. |
| ACCESS_COARSE_LOCATION (optional) | To identify fraudulent traffic. |
| GET_TASKS (optional) | To enhance the precision in evaluating end-user engagement levels. |
iOS: | Name of the Permission | Purpose of the Permission |
| INTERNET | To permit applications to establish online connectivity and transmit data. |
| IDFA | To generate de-identified unique identifiers for end-users. |
| Location (optional) | To rectify end-user geographic distribution data, enhancing the precision of report data, and identify fraudulent traffic. |
| WIFI(optional) | To identify fraudulent traffic. |
Harmony: | Name of the Permission | Purpose of the Permission |
| ohos.permission.INTERNET | To permit applications to establish online connectivity and transmit data. |
| ohos.permission.APP_TRACKING_CONSENT(optional) | To generate de-identified unique identifiers for end-users. |
| ohos.permission.GET_NETWORK_INFO | To permit applications to check the connectivity status, and suspend data transmission in instances of network irregularities. |
| ohos.permission.GET_WIFI_INFO(optional) | To identify fraudulent traffic. |
You should be aware and confirm that we will only collect the above information if the host applicationhas obtained your authorized consent.
If you do not wish to have the above information collected, you can refuse or withdraw your consent by turning off the corresponding permissions.2.Exceptions
Pursuant to relevant laws and regulations, it is not necessary to obtain your authorization tocollect your personal information in the following cases:
1) Directly related to national security andnational defense safety;
2) Directly related to public safety, public health, and major publicinterest;
3) Directly related to criminal investigation, prosecution, trial, and enforcement ofjudgments;
4) To protect material legal rights such as the lives and property of individuals or otherindividuals but fail to obtain the consent in time;
5) For the necessity of academic research, provided thatthe personal information contained in the results is de-identified when it makes the academic research or thedescriptive results available;
6) The information collected is already made public by yourself;
7)The information collected is publicly and legally disclosed, such as legitimate news reports, government informationdisclosure or others;
8) To fulfill the contract you have signed;
9) To maintain stable operation ofthe products or services provided by TalkingData, such as discovering and disposing malfunction of productsorservices;
10) Other circumstances as prescribed by laws and regulations.
II. How we share,transfer, and publicly disclose your personal information
1. Sharing
We do not share your personalinformation with any other company, organization,or individual except in the following cases:
1) We may shareyour personal information with other parties after obtaining your explicit consent;
2) We may share yourpersonal information externally in accordance with laws and regulations, or as required by governmentauthorities;
3) Sharing with our affiliates: Your personal information may be shared withTalkingDataaffiliates. We only share the necessary personal information and arebound by our Privacy Policy. If an affiliate wantsto use your personal information in a different way, we will request your explicit consent;
Our affiliatesinclude Suzhou Tendcloud Tianxia Technology Co. Ltd
4) Sharing with advertisers, ad networks, or otheroperators: We will cooperate with such authorized partners to use processed data from the TalkingData DMP platform forcommercial use in various ways, such as using data to optimize addelivery and increase marketing effectiveness. We willnot use personally identifiable information (including name, e-mail, or any contact information through which one canconnect or identify an individual) or provide advertising and analysis unless we receive your permission. We willprovide our partners with information about advertising coverage and effectiveness without providing personallyidentifiable information. We may aggregate this information so that it does not identify individuals. For example, wemay only inform advertisers about the effectiveness of their ads or how many people have viewed or installed theirapplications or provide these partners with non-identifiable demographic information (such as "25-year-old male inBeijing who likes software development") after the advertisers have agreed to comply with our advertising guidelines tohelp them understand their audience or customers. This type of information, whether individually or in combination withother information,cannot identify your personal identity and does not constitute your personal information in a legalsense.
2. Transfer
We will not transfer your personal information to any company, organization,orindividual except in the following cases:
1) Transfer with explicit consent: We will transfer your personalinformation to other parties only with your explicit consent;
2) When it comes to mergers and acquisitions orbankruptcy, if it requires atransfer of personal information, we will require the new company or organization to eithercontinue following this privacy policy or ask for your consent.
3. Public disclosure
We will onlypublicly disclose your personal information in the following circumstances:
1) After obtaining your explicitconsent;
2) Legal disclosures: We may disclose your personal information publicly, if required to do so bylaw, legal procedures, litigation or mandatory requirements from government authorities;
3) In emergencysituations, we may disclose your information based on reasonable judgment to protect our and our agents', customers',end-users', or any other person's legitimate rights, interests, and safety;
4) Bringing forward lawsuits orarbitration in order to safeguard our legitimate rights or those of our users.
III. How we protect yourpersonal information
1. Measures we have taken to ensure data confidentiality
There is no methodof transmission on the Internet or method of electronic storage that is 100% secure. Even though we have safeguardedpersonal information to the highest level, it is still possible for there to be stolen,illegally obtained, or misuseddata that brings risk to you, your property, and your reputation. You have understood the above risks and agree tocontinue.
We will use industry-accepted and reasonable standards to protect the security and confidentialityof the information we store, including but not limited to firewall and data backup measures, data center accessrestrictions, encryptionof identifiable information of mobile device.
We have established a sound datasecurity management system, which include screating an inventory of network and information assets and an assetresponsibility system, classifying user information, encrypting data, dividing data access permissions, establishinginternal data management systems and operating procedures, and imposing strict requirements on the acquisition, use,anddestruction of data to prevent illegal use of user privacy data.
We will take all reasonable and feasiblemeasures to ensure that no unnecessary personal information is collected. We will only keep your personal informationforthe period required to achieve our purposes, as described in this policy,unless we need to extend the retention periodfor reasons required by law.
We have established an information security working group, which is responsiblefor organizing information security-related exchanges, coordinating the handling of information security-related issuesand the decision-making of security construction throughout the data lifecycle, and actively communicating andcollaborating with other related organizations.
TalkingData requires that every employee sign a datasecurity confidentiality agreement before joining the company. We have also established a training mechanism forregularly conducting security and privacy protection training to enhance employees' awareness of personal informationprotection. We will periodically review, update, and publicly disclose TalkingData's security riskand personalinformation security impact assessment reports.
We have obtained numerous certifications to enhance oursecurity and compliance capabilities, including the following:
1) The third level of cybersecurity classifiedprotection system;
2) Privacy information management system certification ISO/IEC 27701:2019;
3)Information security management system certification ISO/IEC 27001:2022;
4) Quality management systemcertification ISO 9001:2015;
5) Information technology service management system certification ISO/IEC20000-1:2018;
6) The data platform security certification by excellent security surpass trustedprogram;
7) The China Academy of Information and Communications Technology SDK security specialassessment;
8) The certificate of Data flow platform security capability assessment;
9) Two starrating for social responsibility in data security and personal information protection.
Furthermore, TalkingDatahas taken the lead in and participated in multiple data compliance projects with regulatory authorities, and has becomea member of working groups on data security and personal information protection.Specifically, we have accomplished thefollowing:
1) The company of launching the Information Security Technology Personal Information SecuritySpecification pilot program;
2) The company of launching the Information Security TechnologyData SecurityMaturity Model pilot program;
3) The company of launching the Information Security Technology PersonalInformation Security Impact Assessment pilot program;
4) Jointly releasing the "Security and Compliance WhitePaper for Software Development Kit (SDK)" with China Academy of Information and Communications Technology;
5)The National Information Security Standardization Technical Committee-The member of the TC260 big data security standardspecific working group;
6) The memberof data security working Committee of the China Cybersecurity IndustryAlliance;
7) The first group of members of the promotion of personal information protection compliance andaudit team;
8) One of the first group of members ofthe Data Security Community (DSC) Program of the ChinaAcademy of Informationand Communications Technology;
9) One of the first group of participating companies inthe Green SDK industry ecological co-construction initiative.
2. Emergency situations and earlywarning
In the unfortunate event that there is a personal information security incident,we will promptlynotify you of the basic situation and possible impact, as well as the emergency response we have undertaken or plan totake, in accordance with relevant laws and regulations. We will also notify you of any related data disposal measures,remedial measures, etc. If it is too difficult or impossible to notify individuals one by one, we will issue notices ina reasonable and effective manner and proactively report to relevant regulatory authorities on the handling of personalinformation security incidents.
If you discover that any of your personal information is leaking out, pleasecontact us immediately using the contact information outlined in this privacy policy.
IV. Yourrights
In accordance with relevant laws, regulations, and standards in China, as well as common practices inother countries and regions, we guarantee your rights to exercise the following with respect to your personalinformation:
1. Access your personal information
If you want to access your information, pleasesend an email to【support@tendcloud.com】.
2. Rectify/Supplement your personalinformation
When you discover any inaccuracies in the personal information we have processed about you, orwhen you need to update and supplement your personal information,please contact us through various means indicated inthis privacy policy or on the TalkingData website. To ensure the security of your account, we may request that youundergo identity verification.
3. Delete your personal information
You may revoke yourauthorization for us to collect and use your personal information by accessing the TalkingData Opt-Out:
http://www.talkingdata.com/optout.jsp?languagetype=en_us.Wewill cease using and delete your personal information. Please note that wemay not immediately delete such informationfrom our backup systems, but it willbe deleted upon the next update of the backup.
You can request forTalkingData to delete your personal information in the following cases:
1) If we use your personalinformation in a way that violates laws or regulations;
2) If we collect and use your personal informationwithout your consent;
3) If we deal with personal information in violation of agreement withyou;
4) If you no longer use the host application.
If we decide to respond to your request fordeletion, we will also make reasonable efforts to notify any third parties with whom we have shared your personalinformation, and request that they delete it as well, unless required by law or if such third parties have obtainedindependent authorization from you.
If you are unable to access, update, or delete your personalinformation, you may contact us through TalkingData customer service at any time. We will respondto your request within15 working days.
Notwithstanding the above provisions, we may keep certain data for a reasonable period oftime within the limit allowed by law for dispute settlement, users'agreement performance and compliance with technicalrequirements related to safe operation.
4. Change the scope of your consent
Each business functionrequires some basic personal information to be completed(see Part | of this policy). For any additional collection anduse of personal information, you may give or withdraw your consent at any time. When you withdraw your consent, we willno longer process the corresponding personal information. However, your decision to withdraw your consent will notaffect the processing of personal information from your previous authorization.
You can cancel by rejectingcommercial advertisements through the Opt-Out channel:
http://www.talkingdata.com/optout.jsp?languagetype=en_us5.Acquisition of a copy of your personal information
You have the right to obtain a copy of your basic personalinformation, personal identification information, personal health information, and personal educationor work informationby sending a request to TalkingData.
If technically feasible, such as through data interface matching, atyour request, we can also directly transfer a copy of your personal information to athird party designated byyou.
6. Automatic decision-making information system
Based on the personal information that islegally collected, automatic decision-making (such as commercial information push) is implemented through tagging orprofile processing through non-manual automatic decision-making techniques, such as information systems and algorithms.The above behaviors make your personal information unidentifiable, and cannot be considered as sharing,transferring, ordisclosing any of your personal information to any third party.If these decisions significantly affect your legalrights, you have the right toask us for an explanation and we will provide appropriate remedies to the situation. If youdo not wish to participate in this type of targeted advertising, please cancel through the following Opt-Outchannel:
http://www.talkingdata.com/optout.jsp?languagetype=en_us7.Responding to your request
For security, you may need to provide a written request or prove your identityinsome other way. We may ask you to verify your identity before processing your request. We will respond within 15 workingdays. If you are not satisfied, you can read Part VIII about how to file a complaint.
We generally do notcharge a fee for your reasonable requests, but for multipleand excessively repeated requests beyond reasonable limits,we reserve the right to charge a certain cost fee. We may refuse requests that are groundlessly repeated, requireexcessive technological means (such as the need to develop new systems or fundamentally change existing practices), poserisks to the legitimate rights and interests of others, or are highly impractical (such as requests involvinginformation stored on backup tapes).
In the following cases, we will not be able to respond to your request,as required by laws and regulations, if it relates to the following:
1) Directly related to national securityand national defense security;
2) Directly related to public safety, public health, and the publicinterest;
3) Directly related to a criminal investigation, prosecution, trial, orexecution ofjudgment;
4) There is sufficient evidence that you have abused your rights;
5) Responding to yourrequest may result in serious damage to your or other individuals' or organizations' legitimate rights andinterests;
6) Related to trade secrets.
V. How we handle children's personalinformation
We will not collect and use children's data with knowledge.
If the host application isdesigned and developed for children, we have requested that the host application's developer and operator ensure thatnecessary technical means are taken to ensure that registration and use of the host application are carried out by theguardians of children. Meanwhile, the host application's developer and operator have formulated sufficient useragreements and privacy policies to fulfill their notification obligations, and for the collection of children's personalinformation with parental consent, we will only use or publicly disclose this information when permitted by law, withexplicit consent from parents or guardians, or when it is necessary to protect children.
Although local lawsand customs may have different definitions for children, we consider anyone below the age of 14 to be a child.
If we find ourselves inadvertently collecting personal information from children without first obtainingparental consent, we will try to delete the data as soon as possible.
VI. How your personal information isstored or transferred internationally
1.Storage location
In principle, personal information collectedand generated within the PRC will be stored within the territory of the PRC.
During the process of providingservices, we may transfer the data obtained from you or your product end users to an affiliated entity or other thirdparty outside your jurisdiction, and such transfer will be handled to the extent permitted by applicable laws andregulations and provide adequate protection of your personal information in accordance with this policy. If you or yourproductend user is located beyond the jurisdiction of the PRC, or when you and your product terminal user is in thejurisdiction of the PRC while we need to transfer it to the place outside the jurisdiction of the PRC, you shallconsentor obtain consent from the end user for this international transfer.
We highly advise you to consultlocal professionals to ensure that this transfer complies with local data protection requirements. Especially, when theinternational transfer involves the European Union or the United States, pleasepay attention to the legal regulationsfor data protection and protection of personal information in these places.
2.Storage time
We retainyour personal information solely for the purposes outlined in this privacy policy and for the minimum storage timemandated by legal regulations.Following the expiration of the stipulated storage period, we commit to deleting oranonymizing your personal information in accordance with the requirements of applicable laws and regulations. However,if specific legal provisions or your explicit consent necessitate otherwise, we may extend the storage duration of yourpersonal information.
VII. Updates to this policy
We have the right to adjust the privacy policy at anytime in accordance with change of service, adjustment of applicable laws and policies, as well as otherfactors. We willnot diminish your rights guaranteed under this Privacy Policy without your explicit consent. Any update to this privacypolicy will be published on this webpage marked with the updated time.
Therefore, please check the privacy policy regularly so that you are always in compliance. If you do not agree with this privacy policy, please terminate visiting and using our service.If there are material changes to this Privacy Policy, such aschanges in the content of your personal information, changes in the controller of your personal information, changes inthe sharing/transfer/disclosure of personal information,or changes in your rights related to the protection of personalinformation, we will notify you in a more significant way, such as through pop-up alerts ormessages.
Material changes to this policy include, but are not limited to:
1) If there have beenmajor changes in our service model, such as in the purpose of processing personal information, the types of personalinformation handled, how we use personal information, etc.;
2) If we have undergone major changes inownership and organizational structure,such as business adjustment, bankruptcy, mergers, or other suchchanges;
3) If there have been changes in personal information sharing, transfer, or publicdisclosure;
4) If there are significant changes to your rights and exercise methods in participating inpersonal information processing;
5) If there are changes to our department responsible for personalinformation security, contact information, and complaint channels;
6) If the personal information securityimpact assessment report indicates that there is high risk.
VIII. How to contact us
If you haveany question, advice, or complaint related to our privacy policy, please contact 【support@tendcloud.com】.
We have set up a Personal Information Protection Department. You can contact usthrough【td_legal@tendcloud.com】. In general, we will reply within 15 working days.
If you areunsatisfied with our response, especially if you believe that our personal information processing practices are in anyway detrimental to your legitimate rights and interests, you have the right to file a complaint or report withregulatory authorities, such as the Cyberspace Administration, the Telecommunications Administration, Public Security,and Industry and Commerce. Additionally,
you may also submit the dispute to the Beijing Arbitration Commission for arbitration in Beijing in accordance with its then-effective rules.
