Page 1 | General Provisions and Privacy Commitment
1.1 Purpose of the Terms
This Privacy Policy (hereinafter referred to as “this Policy”) aims to explain the platform’s basic principles and responsibilities regarding data collection, use, processing, storage, and protection. This Policy helps users understand how their data is used within the platform system and establishes reasonable expectations regarding data transparency and security by clarifying the platform’s regulations on information processing.
The purpose of this Policy is not to expand the scope of data use, but to ensure that all data processing activities are based on clear purposes, reasonable necessity, and compliance requirements, thereby reducing the risk of data misuse and enhancing the overall credibility and sustainability of the system.
1.2 Scope of Application
This Policy applies to all individuals, legal persons, or other organizations (collectively, “Users”) who access, browse, register, use, or otherwise connect to the platform’s services.
This Policy covers the online systems, websites, tools, interfaces, and related technical services provided by the platform. Users are bound by this Policy regardless of whether they create an account, continuously use the service, or access the platform through any device, network, or technology.
1.3 Privacy Protection Commitment
The platform commits to processing user-related data only to the extent reasonable, compliant, and necessary to achieve the purpose of the service.
Data protection is not an additional requirement, but one of the fundamental principles of the platform’s system design, engineering architecture, and operational logic.
To the extent technically feasible and legally permissible, the platform continuously takes appropriate measures to protect the security, integrity, and controllability of data, and avoids unauthorized access, use, or disclosure.
Page 2 | Information Definitions
2.1 Information Type Description
In this policy, the types of information that the platform may involve include, but are not limited to, the following categories:
Personal Information: Information related to a specific individual or that can be used to identify an individual;
Technical Information: Information related to equipment, systems, networks, or technical environments;
Usage Behavior Information: Operation records, access trajectories, or interactive behaviors generated by users during access to or use of the platform’s services;
System Operation Data: Internal data generated by the platform during system operation, maintenance, and security management.
2.2 Non-Personal Information Description
The platform may collect, use, or generate information that is not directly linked to any specific individual’s identity, including but not limited to:
Aggregated data: Statistical information formed by summarizing data from multiple users or data sets;
Anonymous or de-identified data: Data that, after processing, cannot reasonably identify a specific individual.
This type of information is typically used for system analysis, performance optimization, risk management, or research purposes and is not used to identify individuals.
2.3 Definition Interpretation Principles
Technical terms used in this policy should be interpreted in conjunction with the platform’s system architecture, engineering implementation methods, and generally accepted industry understanding.
Unless otherwise expressly stated, the definitions in this policy should not be interpreted expansively, presumably, or beyond their reasonable context to avoid creating unreasonable presumptions of obligation for the platform or users.
Page 3 | Information Collection Methods and Scope
3.1 User-Provided Information
During the use of platform services, users may proactively provide information to the platform, including but not limited to:
Data submitted during registration, login, or use of specific functions;
Information entered during system interaction, settings, or operation.
Users understand and acknowledge that the information they proactively provide will be used to achieve relevant service functions or system operation purposes.
3.2 Automatically Collected Information
To ensure stable system operation and service quality, the platform may automatically collect certain information through technical means, including but not limited to:
Device information such as device type, operating system, and browser type;
Operational records such as system logs, access time, and access paths;
Behavioral data related to service usage.
The above information is mainly used for system maintenance, security protection, and performance optimization.
3.3 Information from Third-Party Sources
In some cases, the platform may receive supplementary information from third-party technical service or data providers through legal channels to support system operation or function implementation.
The platform cannot fully control the generation and processing of third-party data, and therefore does not guarantee the completeness, accuracy, or continued availability of information provided by third parties. Users should understand and accept reasonable limitations in the use of such information.
Page 4 | Use of Information
4.1 Core Use Purpose
The core purpose of the platform’s collection and processing of information is to support the normal operation of the system and the realization of related functions. The relevant information is used to ensure the availability, continuity, and consistency of services, and to ensure that users can use the technical services provided by the platform as reasonably expected.
Simultaneously, the platform continuously improves the stability and security of the system through the reasonable use of information, including identifying potential anomalies, optimizing system responsiveness, and reducing operational risks.
4.2 Model and System Optimization
The platform may use relevant information within reasonable limits for algorithm improvement, model validation, system tuning, and performance evaluation to improve the efficiency and reliability of the overall technical architecture.
Such use is limited to supporting the platform’s own technological development and system optimization, and will not be used for any unauthorized commercial purpose, nor will it be used for personal profiling, individual analysis, or in a manner beyond the purpose of the service.
4.3 Compliance and Risk Management
Where applicable laws and regulations, regulatory requirements, or system security needs dictate, the platform may use relevant information to fulfill compliance obligations, cooperate with legitimate reviews, or respond to regulatory requirements.
Furthermore, the relevant information may also be used to prevent abuse, fraudulent activities, or risk events that may affect system security and stability, to ensure the controllability and reliability of the platform’s overall operating environment.
Page 5 | Data Processing Principles
5.1 Minimum Necessity Principle
The platform adheres to the minimum necessity principle in data processing, collecting and using data only to the extent necessary to achieve service objectives, system operation, or compliance requirements.
The platform does not aim to expand the scope of data collection, nor does it increase unnecessary data processing activities due to data availability.
5.2 Engineered Processing Approach
The platform employs engineered data processing approaches, including but not limited to the following principles:
Structured Processing: Data is formatted and logically organized to improve manageability and consistency;
Systematic Processing: Data flows smoothly between different modules through system workflows;
Automated Processing: Data processing is completed through automated mechanisms within reasonable limits to reduce human intervention.
These approaches aim to improve system efficiency, reduce human error, and enhance the controllability of the data processing process.
5.3 Data Lifecycle Management
The platform manages data throughout its entire lifecycle, including data generation, storage, use, maintenance, and cleanup.
The processing of data at different stages will be managed internally based on its intended use, risk level, and compliance requirements.
When data is no longer necessary to achieve its intended purpose, or meets internally defined processing conditions, the platform will delete, anonymize, or de-identify it according to established rules.
Page 6 | Data Sharing and Third Parties
6.1 Data Sharing Principles
The platform adheres to the principle of “no sharing unless absolutely necessary” and will not share user-related data without a clear purpose or legal basis.
When data sharing is indeed necessary, the platform will conduct it based on legality, compliance, and controllability, and will limit the scope and purpose of sharing as much as possible.
6.2 Third-Party Service Description
To support the platform’s technical operation and service delivery, the platform may use technical services, infrastructure, or system support provided by third parties, including but not limited to cloud computing, network services, or security protection-related support.
Relevant third parties will only access data to the extent necessary to achieve the service purpose, and their use of data is subject to their own privacy policies and applicable laws.
6.3 Third-Party Liability Statement
Users understand and acknowledge that the operation and data processing of third-party services are not entirely under the platform’s control.
Different third parties may be subject to different data protection standards and privacy rules, and the platform cannot provide comprehensive guarantees regarding the independent actions of third parties.
To the extent permitted by law, the platform is not liable for the data processing results caused by third parties due to their own reasons.
Page 7 | Data Security and Protection Measures
7.1 Technical Security Measures
Within reasonable technical capabilities and resources, the platform employs multi-layered technical security measures to protect the security and integrity of data, including but not limited to:
Access Control: Restricting access to data and systems through authentication, permission verification, etc.;
Encrypted Transmission: Employing encryption technology during data transmission to reduce the risk of unauthorized data access;
Hierarchical Permissions: Setting hierarchical permissions based on different roles and functions to reduce unnecessary data exposure.
The above technical measures aim to reduce risks, not to constitute an absolute guarantee of data security.
7.2 Organizational and Process Security
In addition to technical measures, the platform also strengthens data protection through internal management and process design, including but not limited to:
Reasonably restricting data access for internal personnel, authorizing only those necessary;
Recording critical operations and maintaining audit mechanisms in internal processes to improve the traceability of data processing behavior.
Relevant organizational and process measures support the platform’s overall security framework and work in conjunction with technical measures.
7.3 Risk Statement
Users understand and acknowledge that no technical system can provide an absolutely secure data environment. The platform will continuously optimize security measures within a reasonable scope to reduce potential risks, but does not provide absolute guarantees regarding data security incidents caused by uncontrollable factors, external attacks, or technical limitations.
Page 8 | User Rights
8.1 Right to Know
Users have the right to understand, within a reasonable scope, how the platform collects, uses, and processes their data, including the basic purpose and methods of data processing.
The platform provides necessary information disclosure to users through this privacy policy to support users in forming a reasonable understanding.
8.2 Right to Control
Users may manage or restrict the use of their data within a reasonable scope, without affecting system operation, compliance obligations, or the legitimate rights and interests of others.
The specific scope of possibility may be limited by technical conditions, the nature of the service, or legal requirements.
8.3 Explanation of Restrictions
Users’ exercise of related rights may be restricted for the following reasons:
System operation and security needs;
Legal and regulatory compliance requirements;
Reasonable measures taken by the platform to prevent risks or abuse.
The above restrictions do not constitute a denial of user rights, but are necessary arrangements based on the overall system stability and compliance.
Page 9 | Data Retention and Cross-Border Processing
9.1 Retention Period Principles
The platform will only retain relevant data for the period necessary to achieve the purposes described in this Privacy Policy.
When data is no longer necessary for system operation, service provision, or compliance purposes, the platform will process it in accordance with internal rules.
9.2 Cross-Regional Data Processing
The platform employs a multi-regional system architecture to support system stability, business continuity, and service availability.
During this process, some data may be processed or transferred between different regions.
Cross-border data processing will be conducted to a reasonable and necessary extent and in accordance with applicable data protection principles.
9.3 Data Deletion and De-identification
When the relevant purpose has been achieved or the data retention period expires, the platform will take measures such as deletion, anonymization, or de-identification of the data based on its nature and risk level.
These processes aim to reduce the risk of data being identified or misused, while meeting system and compliance requirements.
Page 10 | Policy Changes, Applicable Law, and Others (Miscellaneous)
10.1 Privacy Policy Updates
The platform may update or revise this Privacy Policy based on changes in system functions, technological upgrades, or adjustments to laws and regulations.
The updated terms will be displayed in the relevant locations on the platform and will take effect from the date of publication.
10.2 Applicable Law Principles
The interpretation and application of this Privacy Policy shall follow neutral, reasonable, and internationally accepted data protection and privacy principles, without relying on the single rules of any particular jurisdiction.
10.3 Independence of Terms
If any provision of this Privacy Policy is held to be invalid, unenforceable, or partially invalid, such provision shall not affect the validity of the remaining provisions, which shall continue to apply.
10.4 Explanation of Interpretation Rights
To the extent permitted by law, the platform reserves the right of final interpretation of this Privacy Policy. Matters not clearly stated in this clause should be understood in conjunction with the purpose, structure, and reasonableness principles of the clauses.
