AI Shu Privacy Policy

Scope of Application

This AI Shu Privacy Policy (the "Policy") applies to CLOOPEN LIMITED, a company incorporated under the laws of Hong Kong, together with its affiliates (collectively, "AI Shu", "we", "us", or "our") in connection with the collection and processing of personal data arising from your use of the AI Shu mobile application (the "Product" or the "Software") and related products and services.

AI Shu attaches great importance to the security of your personal data, and we are grateful for your trust. We are committed to safeguarding your personal data in accordance with the principles of accountability, purpose limitation, informed consent, data minimization, security, data subject participation, transparency, and other principles recognized under applicable law.

This Policy explains how we collect and process your personal data when you visit and interact with the AI Shu Software, including when you submit information, register, log in, and perform related activities. It also details your rights and options regarding your personal data. You are strongly encouraged to read this Policy carefully to understand how we collect and use your data and how you can manage it.

We undertake to keep your personal data and other information strictly confidential and to process it strictly in accordance with this Policy. We collect, use, store, share, and transfer your personal data based on your consent or such other lawful basis, including but not limited to contractual necessity, compliance with legal obligations, protection of vital interests, or legitimate interests, as permitted under applicable data protection laws.

To enable you to register and use our products or services, we may collect personal data relevant to the provision of such services. You have the right to refuse or withdraw your consent.
You may access, rectify, and delete your personal data, change the scope of your consent, or request account deletion. We provide mechanisms for you to exercise such rights.
We adopt industry-standard technical and organizational measures to protect the security of your personal data.
Unless we obtain your renewed consent, we shall not use your personal data for any purposes not outlined in this Policy.
If you have any questions about this Policy, you may contact us for further consultation.
If you are under eighteen (18) years of age, you should read this Policy---particularly the section concerning minors' personal data---together with your parent or legal guardian, and you may only use the Software upon obtaining your guardian's consent.

1. Information We Collect and Use

We present below, in a tabular format, the categories of personal data that we may collect and process, the methods of collection, and the purposes for which they are used. The scenarios listed may not apply to every user, but they illustrate the circumstances under which your personal data may be collected and processed.

Categories of Personal Data Collected and Processed	Method of Collection	Purposes of Use and Processing Scenarios
Account Registration / Login Information: email address, password, mobile number, verification code; information authorized via third-party login platforms (including profile picture, nickname, and other authorized data).	Provided voluntarily when you register or log in to the Software. If you use a third-party login, your third-party account will be linked to your AI Shu account.	To provide registration, creation, login, and account management functions; to enable service provision, ensure secure operation, improve and optimize our services, and maintain account security; to provide communication channels for login and receipt of important notifications.
Basic Profile Information: name, gender, country of residence, education level, school, field of study, and other personal details.	Submitted voluntarily via information collection pages in the Software.	To comply with applicable laws requiring user identity verification; to ensure authenticity and legitimacy of identity; to generate invoice headers for issuance upon your request.
Device Information: device model, device identifier(s), operating system, telecom operator details, software version, Bluetooth and Wi-Fi information.	Collected when you connect locally via Bluetooth or through Wi-Fi to smart devices.	To enable data transmission, identify and bind smart devices, provide optimal display solutions, and conduct identity cross-verification to ensure account and financial security.
Network and Log Information: IP address, Internet Service Provider (ISP), browser type, URL parameters, access dates and times, service logs, clickstream, browsing, search, and query records.	Automatically generated when you use the Software, search, browse, or access functions (see Annex for details).	To ensure the normal operation of the Software; to protect your property from harm; to prevent phishing, fraud, vulnerabilities, viruses, cyberattacks, or unauthorized network intrusion.
Media Data: recordings, microphone use, photo album, camera, and storage functions.	Generated when you upload or set profile images/backgrounds, post images in chats, or use the microphone/camera to record audio or video.	To support video lesson reading, pronunciation feedback, and related learning functions; to allow users to upload images or save screenshots.
Payment and Transaction Data: financial status, account balance, recharge amounts, recharge method, monthly billing records, order details, invoice details (application date, amount, type, method of issuance, invoice number and status), consumption history.	Collected during use of payment functions (e.g., membership purchases, recharges) via third-party payment SDKs such as Alipay or Apple Pay.	To manage your financial records; to ensure transparency of balances, recharge, and consumption; to process recharge requests, generate invoices, record orders, and enable reconciliation and audits.
Customer Service Data: account details, complaint records, communications, and call content.	Provided when you contact our customer service team through online chat, phone, or email.	To verify identity; to provide effective support services; to respond to inquiries, resolve complaints, and improve service quality.
Sensitive Personal Data (if voluntarily provided): data relating to minors, biometric identifiers, or financial details.	Submitted voluntarily when using AI functionalities or related services.	To provide relevant functionalities; such data shall be processed subject to enhanced safeguards and with your express consent, in compliance with applicable law.

Please note that if you upload or publish information in public areas of the AI Shu Software visible to other users, or respond to information posted by others in such areas, your information may be collected and used by third parties. If you become aware that your information is being improperly collected or used by others, you may contact us using the feedback channels provided under the "How to Contact Us" section of this Policy.

Prior to providing AI Shu with any personal data that may qualify as Sensitive Personal Data, as defined under applicable data protection laws (including biometric data, health data, data relating to minors, financial information), it is advisable to thoughtfully evaluate whether such disclosure is appropriate and to explicitly consent to the processing of such data in accordance with the purposes and methods outlined in this Policy. We will only collect and use such Sensitive Personal Data upon obtaining your consent for the purpose of enabling specific Software functionalities, and you shall retain the right to determine the scope of such consent.

In accordance with applicable laws and regulations, we may collect and process certain necessary personal data without obtaining your prior consent in the following circumstances:

directly related to national security or defense;
directly related to public safety, public health, or significant public interests;
directly related to criminal investigation, prosecution, trial, or enforcement of judgments;
where necessary to protect your vital interests or those of another individual in circumstances where it is difficult to obtain consent;
where the personal data collected has been voluntarily disclosed by you to the public;
where the personal data is obtained from lawful public sources, such as legitimate news reports or government disclosures;
where necessary for the conclusion or performance of a contract at your request;
where necessary to ensure the safe and stable operation of AI-Shu's products and/or services, including the detection and resolution of malfunctions;
any other circumstances as permitted or required by applicable laws and regulations.

You acknowledge and agree that AI Shu endeavors to provide you with comprehensive products and services, and therefore, we may continuously improve and upgrade our offerings. This may result in the introduction of new services or features, or a reclassification of functionalities, which may necessitate the collection of new categories of personal data or the use of personal data for additional purposes. If we intend to use your personal data for purposes not outlined in this Policy, or to collect new categories of personal data not previously specified, we shall obtain your renewed consent through appropriate means, such as page prompts, interactive processes, website announcements, or other mechanisms. Upon your consent, such additional purposes or categories shall become part of this Policy and be governed accordingly. Should you have any questions in this regard, you may contact us using the feedback channels specified under "How to Contact Us."

2. How We Use Cookies

To ensure the proper functioning of the Software and to provide you with a more convenient access experience, we may store Cookies, Flash Cookies, or other local storage (collectively, "Cookies") provided by your browser (or associated applications) on your mobile device. Such storage typically contains identifiers, site names, and certain numbers and characters.

We shall not use Cookies for any purpose other than those described in this Privacy Policy. You may manage or delete Cookies at your own discretion. You can delete all Cookies stored on your device. While most web browsers automatically accept Cookies, you may usually modify your browser settings to reject Cookies as needed. You may also delete all Cookies saved within the Software. However, if you do so, you may need to manually change user settings each time you access the Software; previously recorded information may be erased; and the security of your use of the services may be adversely affected.

3. How We Share, Transfer, and Disclose Your Personal Data

3.1 Public Disclosure

We will disclose your personal data publicly where strictly necessary and permitted by applicable law, and subject to appropriate safeguards, including in the following circumstances:

upon obtaining your explicit consent; or
where we consider disclosure necessary under laws or regulations or on reasonable grounds, including but not limited to:
- to comply with applicable laws and regulations or valid legal processes (including but not limited to subpoenas, court orders, search warrants, or other legally effective governmental or judicial requirements), in which case we may disclose your information to competent authorities in accordance with the law. In most cases, legal processes may prohibit us from notifying you in advance of such disclosure. Where the government or authorities fail to provide a subpoena, court order, or search warrant that satisfies legal requirements, we may, to the extent permitted by law, seek your explicit consent;
- to enforce our User Agreement, this Privacy Policy, and other binding agreements, including investigating, discovering, or handling any conduct that may violate the foregoing;
- to detect, prevent, investigate, or otherwise address security incidents, fraud, technical issues, abuse, or other risks that may endanger systems, services, or users, in which case we may disclose relevant information as necessary;
- to the extent required or permitted by law, to protect the legitimate rights, property, or personal safety of us, our users, third parties, or the public; and, where reasonably necessary, to prevent fraud, reduce credit risk, or maintain network and data security, we may exchange necessary information with other companies, financial institutions, or relevant governmental law enforcement agencies.

3.2 Sharing

We will share your personal data only for lawful, legitimate, necessary, specific, and explicit purposes, including:

Sharing as required by law: We may share your personal data in accordance with laws and regulations, for litigation or dispute resolution needs, or pursuant to requests lawfully made by administrative or judicial authorities.
Sharing under entrusted processing:
- Our group companies may process your personal data to respond to your inquiries. All relevant group companies will use your personal data only in accordance with this Privacy Policy.
- To provide better and more complete products and services, certain service modules or features might be provided by our third-party authorized partners. We may share personal data needed for delivering these products or services with such partners. If you choose not to allow our partners to collect the necessary personal data, you may not be able to use the relevant third-party services within the Software.

Other than personal data required in full to achieve the processing purpose, we will adopt measures such as encryption and de-identification to protect your personal data. For partners entrusted to process personal data, we will enter into strict legal agreements; we will conduct rigorous security monitoring of information software development kits (SDKs) and application programming interfaces (APIs) obtained by partners to ensure data security; and we will require them to process personal data in accordance with our requirements, this Privacy Policy, and other relevant confidentiality and security measures. Please refer to the Annex "Third-Party Information Sharing List" for details of the Third-Party SDK Directory integrated by AI Shu and the types of personal data collected.

Special Note: Third-party social media platforms, payment service providers, and other external service providers may offer products or services through our Software, operated by the respective third parties. You may choose whether to use such third-party services and which third-party services to use. During your use, these third-party providers may collect, use, and store relevant data or information. The use of such third-party services, including any information you provide to such third parties) shall be governed by the terms of service and privacy policies of the respective third parties, rather than by this Privacy Policy). You should carefully read their terms. If you discover risks with such third-party services, you are advised to cease relevant operations to protect your lawful rights and interests and promptly contact us.

3.3 Transfer

As our business continues to develop, we and our affiliates may undergo business restructuring, mergers, acquisitions, asset transfers, or similar transactions, in which case your personal data may be transferred as part of such transactions. We will inform you of the relevant circumstances via notice or announcement, and we will continue to protect your personal data in accordance with applicable laws and regulations and standards no lower than those required under this Policy, or we will require the new personal data controller to do so; otherwise, we will require such company or organization to re-obtain your authorizations and consent.

3.4 Special Statement

Certain Artificial Intelligence (AI) functionalities of the Software are supplied and supported by third-party AI service providers (refer to Annex: Other Third-Party SDK Directory). When you use AI functionalities, the data you input---including text, voice, images, and other information---may be transmitted to our AI service providers for processing to generate results or enhance your learning experience.

You acknowledge and agree that all virtual content displayed to you when using AI services is primarily feedback and display generated by AI algorithms. AI-generated content may not always be accurate, complete, or up-to-date, and we do not guarantee the accuracy of such content. Such information is for educational and reference purposes only and should not be used as the sole basis for decision-making. Accordingly, you expressly agree and authorize AI-Shu, where reasonably appropriate, to collect, use, store, share, and analyze relevant personal data, and you agree to grant us a perpetual, worldwide, royalty-free, non-exclusive license to use, display, reproduce, modify, publish, and distribute usage data as training data for AI models for aggregation and analysis to optimize AI model performance. We will not use personally identifiable information for such AI model training. You may withdraw such consent at any time by contacting us, but doing so may affect your ability to use certain AI functionalities of the Software.

You acknowledge and explicitly agree that any information you provide to third-party AI service providers when using AI functionalities is subject to the service terms and privacy policies of those providers. AI Shu is not responsible for the content, accuracy, or availability of such third-party AI services and shall not be liable for any losses or damages resulting from your use of or reliance on links or resources provided by these third parties. You are advised to carefully read the terms of such third-party AI providers. If you discover risks with such AI services, it is recommended that you cease such operations to safeguard your lawful rights and interests.

4. How We Protect Your Personal Data

We attach great importance to the security of personal data and adopt industry-standard practices to protect your personal data from unauthorised access, disclosure, use, alteration, damage, or loss. To this end, we take the following measures in particular:

We take all reasonable and practicable measures to ensure data minimization, and we do not collect personal data unrelated to achieving the stated purposes. We will retain your personal data only for the period necessary to achieve the purposes described in this Policy, unless an extended retention period is required for service provision or permitted by law;
We adopt security safeguards that are compliant with industry standards and reasonably practicable to protect your information against unauthorized access, public disclosure, use, alteration, damage, or loss. We use encryption technologies to ensure the confidentiality of data transmission and storage. We deploy trusted protection mechanisms to prevent data and the servers storing data from being subject to malicious attacks.

Data Protection Management and Organisational Measures

We have established an advanced, data-centric security management system aligned with the data lifecycle, enhancing overall system security from multiple dimensions, including organisational structure, policy design, personnel management, and product technologies. We regularly conduct security and privacy protection training to strengthen employees' awareness of the importance of protecting personal data. We implement access control mechanisms to ensure that only authorised personnel may access personal data.

Response to Personal Data Security Incidents

We strive to protect your personal data. Nevertheless, no measure is infallible, and no product or service, website, data transmission, computer system, or network connection can be absolutely secure.

If our physical, technical, or managerial protection facilities are compromised, resulting in unauthorised access to, public disclosure, tampering with, or destruction of information that harms your lawful rights and interests, we will promptly activate our emergency response plan, take reasonable remedial measures, and notify the department(s) and persons responsible for personal data protection so as to reduce the impact on your personal data and other rights and interests to the greatest extent possible. In the event of a personal data security incident, we will, within [72] hours of discovering the incident, notify you of: the basic facts and possible impact of the incident, the measures we have taken or will take, recommendations for you to independently prevent and mitigate risks, and measures for remediation; and we will report to the relevant supervisory authorities as required by law. We will notify you of the incident by email, letter, telephone, push notification, or other means; where it is difficult to notify data subjects individually, we will adopt reasonable and effective methods to issue a public announcement. We will also report the handling of the personal data security incident to regulators as required.

Despite the above reasonable and effective measures and compliance with applicable legal standards, you understand that, due to technological limitations and the possible existence of various malicious means, it is impossible to guarantee 100% security of information in the Internet industry even with best efforts. We will endeavour to ensure the security of information you provide to us. You acknowledge and understand that the systems and communication networks you use to access our services may experience issues due to factors beyond our control. Therefore, we strongly recommend that you take proactive measures to protect user information security, including but not limited to setting complex passwords for devices, regularly changing passwords, and not disclosing your account credentials to others.

5. Storage of Your Personal Data

Your personal data will primarily be stored on servers located in Hong Kong, China. We use Alibaba Cloud and Volcano Engine to provide information storage services for the Software. We will take necessary technical and organisational measures to ensure the security and integrity of your personal data.

To ensure the normal operation and functional optimisation of the Software, in certain circumstances our operations and technical teams located within mainland China may need to remotely access certain personal data stored in Hong Kong. We will strictly comply with applicable laws and regulations and this Privacy Policy, adopt strict security protection measures, and follow the principle of minimisation. Access will be solely for necessary purposes related to software operation, such as resolving technical faults or providing operations and maintenance support. We will implement encrypted transmission, access permission controls, and log retention to ensure adequate protection of your personal data, and we will continuously assess the legal environment of the recipient country/region of personal data and, where necessary, adopt additional safeguards to prevent unauthorised access and disclosure.

If your country/region of residence is different from Hong Kong, where the Software's data centre is located, your continued use of the Software indicates that you expressly authorise and agree that we may, subject to appropriate safeguards as required under applicable cross-border transfer laws, collect, process, store, and transfer your personal data to Hong Kong for the purposes of this Policy. You further acknowledge that such transfer is necessary to realise the Software's functionalities. If you do not agree, you may withdraw or cancel such consent at any time by contacting us; however, withdrawal or cancellation may result in certain functions being discontinued or restricted.

Unless required by law, we will not retain personal data for longer than necessary. We will retain information as follows:

Information you provide when submitting inquiry forms or contacting us using the contact details specified in this Privacy Policy: retained until your inquiry is resolved.
In general, we retain your personal data only for the time necessary to achieve the purposes of this Software. We will take reasonable and practicable measures to avoid collecting irrelevant personal data. Unless compulsory retention is required by law, we will retain your personal data only for the period necessary to achieve the purposes described in this Policy. After the retention period expires, we will delete your personal data or anonymise it in accordance with applicable law.
Where it is necessary to retain your information beyond the retention period specified above (e.g., to comply with applicable law), we will store it separately from other types of personal data.
If our products or services cease operation, we will notify you by push notification, announcement, or other means, delete your personal data or anonymise it within a reasonable period, and immediately stop collecting personal data and close third-party application service interfaces to prevent third-party services from collecting or continuing to use personal data.

6. Your Rights in Relation to Personal Data

You have the statutory rights in respect of your personal data held by us (to the extent permitted by applicable laws and regulations). You may exercise these rights as follows:

6.1 Access, Rectification, and Modification

We encourage you to keep your personal data accurate and up to date. We will adopt appropriate technical measures or provide contact channels for submitting requests, to enable you, to the greatest extent possible, to access, update, and correct your personal data or other information you provided when using our services.

If you wish to query, modify, or delete certain information, please log in to the relevant functional pages of AI-Shu, where we provide relevant settings for you to operate by yourself. If you have any questions or difficulties during operation, you may contact us via the feedback channels listed in the "How to Contact Us" section, and we will respond as soon as possible. Unless otherwise provided by laws and regulations, when you correct or delete your personal data or request account cancellation, we may not immediately correct or delete the corresponding information from the backup system, but we will correct or delete such information when the backup is updated.

6.2 Account Cancellation

We provide a channel for account cancellation. You can cancel your account by clicking the "Confirm Cancellation" button on AI Shu under "Account Management" -- "Password Settings." Where consistent with our service terms and applicable laws and regulations, you may also contact us via the feedback channels listed in the "How to Contact Us" section, and we will respond as soon as possible.

After your account is cancelled, we will cease to provide some or all services to you and, at your request, delete or anonymise your personal data, except where otherwise required by laws and regulations.

6.3 Change to the Scope of Your Consent

You may always choose whether to disclose personal data to us. Some personal data is necessary for service provision; however, the provision of most other data is at your discretion. You may change the scope of your consent or withdraw your authorisation by deleting information, cancelling your account, etc.

Upon withdrawal of consent, we will be unable to continue to provide the services corresponding to the withdrawn consent and will cease processing the relevant data. Your decision to withdraw consent will not affect processing conducted prior to withdrawal based on your consent.

To exercise any of your personal data rights, please contact us at: dataprivacy@globalhanyu.ai.

Please note that any emails are sent solely in response to your submitted inquiries and constitute service messages only.

7. How We Process Personal Data of Minors

It is widely recognised that the privacy of minors requires additional protection. Accordingly, we do not proactively provide services to minors and do not proactively collect, use, process, or store personal data of minors without the consent of their legal guardians.

Therefore, if you are a guardian of a minor user, please carefully read this Policy and decide whether to consent. We ask that you work with us to protect minors' personal data, educate and guide minors to strengthen their awareness and capability for personal data protection, and instruct, remind, and require them not to provide any personal data to any online product or service provider without your consent. If you do not agree with this Policy, our products and services may be unable to function properly or achieve the intended service effect; you should require your child to immediately cease accessing/using our products/services. If you click online to agree to this Policy, or your child uses or continues to use our services and submits personal data, this indicates that you agree that we will collect, use, store, and protect your child's personal data in accordance with this Policy (including updated versions).

Special Note for Minors:

If you are under the age of 14, before using AI Shu products or services or providing any personal data, you must carefully read this section together with your guardian, and you may only use our products/services or provide information after obtaining your guardian's consent.

Once a user creates an AI Shu account, we will collect the user's age and compare it with the local standard for minors' online permission based on the registered country. Users below such age are referred to as "Minor Users." Minor Users may create a user account but must provide a parent's email address rather than their own. We will take reasonable steps to verify parental consent. We also do not allow Minor Users to provide their own names, because we do not require such information.

After registration, we will send an email to the parent, informing them about AI-Shu's actual practices regarding the Minor User's privacy and information, including what personal data is collected and how it is used, shared, and protected. The email will also inform parents how to request AI Shu to access, modify, or delete the child's personal data.

Please note that, in accordance with minors-related laws and regulations of the registered region, where we process personal data by taking technical and other necessary measures that make it impossible for the data recipient to re-identify a specific individual or to restore the data, or where we conduct de-identified research, statistical analysis, and predictions on the collected information to support business decisions and to improve our products and services (including using anonymous data for machine learning or model training), the use of such processed data does not require additional consent from the minor and their guardian.

Minor Users are subject to the following differentiated treatment:

Personal profile pages are hidden to prevent minors from disclosing their names, locations, or personal bios.
Uploading photos of the minor's own face as avatars is disabled.
Promotional emails and advertisements are disabled; minors' information is prohibited from being used for targeted advertising or commercial analytics.
Leaderboards are disabled.
Discussion forums are disabled.
Minors' personal profiles are private and hidden from other users' searches.
Other users cannot follow the minor.
Following other users or searching for other users is disabled.
Sending invitation emails is disabled.
Finding friends via Facebook is disabled.
Social logins via Facebook, Google, or Apple are disabled.
Social follow buttons for Twitter, Facebook, and Instagram are disabled.

In addition, all users under the age of 16 are subject to the following differentiated treatment:

Third-party behavioural tracking is disabled.
Third-party analytics is disabled.

The Internet environment is not absolutely secure. We will endeavour to ensure the security of minors' personal data. You acknowledge and understand that the systems and communication networks used to access our services may experience issues due to factors beyond our control. Accordingly, you should take proactive measures to protect minors' personal data security. We strongly recommend that you or the minor do not disclose personal data contained within the product to third parties (including other websites or products linked to this product) so as to avoid information leakage; please use complex passwords and do not disclose account passwords or related personal data to others, in order to help us maintain account security.

To prevent restricted users from modifying these functions, the relevant settings will be hidden or shown as greyed out. In the future, once it is determined that the user has reached a sufficient age, we will automatically remove restrictions, reset the settings to default, and make the settings visible for the user to configure.

Subject to current technology, it is difficult for us to proactively identify information about minors. If we have, without knowledge, collected, used, processed, and stored personal data of minors or collected such data without verifiable prior consent of the guardian, we will protect the confidentiality and security of Minor Users' information in accordance with the laws and regulations of the country/region of registration and this Policy, and we will endeavour to delete the relevant data as soon as possible. If you believe such circumstances exist, please contact us at dataprivacy@globalhanyu.ai.

8. Policy Updates

We may revise this Privacy Policy from time to time. When the terms of the Privacy Policy are changed, we will display the updated Policy through announcements, displays, or push notifications.

Where the terms of this Policy undergo material changes, we will inform you via the Software homepage by announcement, display, push notification, or other more prominent means and obtain your renewed consent. Material changes referred to herein include but are not limited to:

significant changes in our service model, such as changes to the purposes for processing personal data, types of personal data processed, or methods of using personal data;
significant changes in ownership structure or organisational structure, such as changes of ownership resulting from business adjustments, bankruptcy, or mergers and acquisitions;
changes to the main recipients of personal data sharing, transfer, or public disclosure;
significant changes to your rights to participate in personal data processing and the ways such rights are exercised;
changes to the department responsible for personal data security, contact details, or complaint channels;
personal data protection impact assessment reports indicating high risk.

9. How to Contact Us

We welcome questions, comments, and requests regarding this Privacy Policy. We have established a dedicated personal data protection team and appointed a personal data protection officer. If you have any questions, complaints, or suggestions regarding this Privacy Policy or personal data protection matters, you may, for the purpose of complying with applicable privacy laws, submit such feedback to the designated Data Protection Officer (personal data protection officer) at dataprivacy@globalhanyu.ai, or contact us at [FLAT/RM 2701 27/F CENTRAL PLAZA 18 HARBOUR ROAD WANCHAI]. Please note that we may not respond to issues that are unrelated to this Policy or your personal data rights.

If you wish to lodge a complaint regarding our handling of personal data, please first contact us at dataprivacy@globalhanyu.ai, and we will endeavour to handle your request as soon as possible. In general, we will respond within fifteen (15) days.

If the situation is complex and requires an extension, we will also inform you within 15 days. If you are not satisfied with our response, particularly if you believe our processing of your personal data has prejudiced your rights and interests, you have the right to complain to the relevant supervisory authorities or take other legal actions.

10. Definitions

The terms used in this Privacy Policy have the following meanings in their ordinary sense:

You or User: a natural person who registers through our Software, uses the services provided by the Software, and obtains the usage and management rights of the Software.
Personal Data: information recorded electronically or otherwise that alone or in combination with other information can identify a natural person, including but not limited to a natural person's name, date of birth, address, and telephone number.
Sensitive Personal Data: as defined under applicable data protection laws (including biometric data, health data, data relating to minors, financial information), will only be processed with your explicit consent and subject to enhanced safeguards personal data which, if leaked, illegally provided, or misused, may endanger personal or property security, or easily cause harm to personal reputation, physical or mental health, or lead to discriminatory treatment.
Device: any equipment that can be used to access the AI Shu product, such as a smartphone.
Unique Device Identifier: a string of characters embedded by the device manufacturer into the device (e.g., proprietary ID, IMEI, or UUID) that can uniquely identify the device.
IP Address: each device connected to the Internet is assigned a number known as an Internet Protocol (IP) address. These numbers are generally assigned based on geographical regions. IP addresses can usually be used to identify the location of a device when it connects to the Internet.
De-identification: the process of technically processing personal data so that the data subject cannot be identified without the aid of additional information.
Anonymisation: the process of technically processing personal data so that the data subject cannot be identified and the processed information cannot be restored.
Server Logs: as with most websites, our servers automatically record the requests you make when you access the App. These "server logs" typically include your network requests, IP address, browser type, browser language, and the date and time of your request.

Annex: Third-Party Information Sharing List

SDK Permission Description and Device Permission List

For the purpose of implementing the AI Shu mobile App customer support visitor-side SDK functionalities and ensuring secure and stable operation, we may integrate SDKs (software development kits) or similar applications provided by third parties. We may collect or use the following information; specific permission descriptions are as follows:

Permission(s)	Function Description	Usage Scenarios and Purpose	Applicable Platform (Android/iOS)
RECORD_AUDIO	Use microphone to record audio	Video/audio calls; when sending voice messages, this permission will be requested from you	Android/iOS
READ_EXTERNAL_STORAGE	Provide read access to external storage data	When sending selected images/files, this permission will be requested from you	Android/iOS
WRITE_EXTERNAL_STORAGE	Provide write access to external storage	When storing images, attachments, and other files, this permission will be requested from you	Android/iOS
CAMERA	Use device camera	When using video calls or taking photos, this permission will be requested from you	Android/iOS
VIBRATE	Use device vibration	Use device vibration functionality	Android/iOS
CALL_PHONE	Place phone calls	When clicking a number to place a call, this permission will be requested from you	Android/iOS
ACCESS_NETWORK_STATE	Obtain network status	Obtain network information status	Android/iOS
ACCESS_WIFI_STATE / Wi-Fi Status	Obtain current Wi-Fi access status	Obtain Wi-Fi status changes to maintain the stability of long-lived message connections	Android/iOS
Media Library	Use videos in the photo library	When using video, this permission will be requested from you	Android/iOS
Other third-party permissions	---	See "Third-Party SDK Directory"	---

Third-Party SDK Directory

To implement visitor-side functionalities of AI Shu and ensure secure operation, we may integrate SDKs or similar applications provided by third parties, which may collect your personal data. We assess the legality, legitimacy, and necessity of personal data collection by such third-party services, require them to adopt protective measures for your personal data, and strictly comply with relevant laws, regulations, and supervisory requirements. The third-party service providers we integrate are as follows:

SDK(s)	Purpose of Use	Data Type	Privacy Policy	Applicable Platform (Android/iOS)
iFLYTEK	Speech input, speech recognition, speech evaluation	audio processing	https://www.xfyun.cn/	Android/iOS
ZhugeIO	Used for user behavior statistics and product analysis, such as page visits, feature clicks, etc	Statistical Function	https://zhugeio.com	Android/iOS
Volcengine TOS	Cloud storage and access management for audio files	File upload	https://www.volcengine.com	Android/iOS
Google Sign-In	Used to support users to log in to the application through a Google account	Login authorization	https://console.cloud.google.com	Android/iOS

Partners

Partner Type / Company Name	Information Type	Purpose of Use	Usage Scenario	Provision Method	Privacy Policy or Website
Shanghai Xiyu Technology Co., Ltd	User audio generation	Audio generation, audio processing	Using software for Chinese learning, during conversations	Backend interface transmission	https://api.minimax.chat/
Beijing Volcano Engine Technology Co., Ltd	User storage, photo album	Text and image recognition	Using software for Chinese learning, during conversations	Backend interface transmission	https://www.volcengine.com/
IFlytek Co., Ltd	User storage, photo album	Text and image recognition	Using software for Chinese learning, during conversations	Backend interface transmission	https://www.xfyun.cn/

The above services are operated by third parties. Any information you provide to third parties is subject, in addition to this Policy, to the third parties' service terms and information protection policies and statements. You should carefully read the third parties' service terms. If you discover risks in such third-party services, you are advised to cease the relevant operations to protect your lawful rights and promptly contact us.

Software Permission Description and Device Permission List

For the purpose of implementing AI Shu App product functionalities and ensuring secure and stable operation, we may obtain or use the following information. Specific permission descriptions are as follows:

Permission(s)	Function Description	Usage Scenarios and Purpose	Applicable Platform (Android/iOS)
READ_CONTACTS	Read contacts stored on the device	When viewing the phone's contacts within call features, this permission will be requested from you	Android/iOS
RECORD_AUDIO	Use microphone to record audio	Video/audio calls; when sending voice messages, this permission will be requested from you	Android/iOS
READ_PHONE_STATE	Read device identifiers and related information	Log statistics and push notifications require access to device information	Android/iOS
READ_EXTERNAL_STORAGE	Provide read access to external storage data	When sending selected images/files, this permission will be requested from you	Android/iOS
WRITE_EXTERNAL_STORAGE	Provide write access to external storage	When storing images, attachments, and other files, this permission will be requested from you	Android/iOS
CAMERA	Use device camera	When using video calls or taking photos, this permission will be requested from you	Android/iOS
VIBRATE	Vibration	Upon receiving new messages, you can choose whether vibration alerts are needed	Android/iOS
CALL_PHONE	Use phone dial function	When placing a call within call features, this permission will be requested from you	Android/iOS
ACCESS_NETWORK_STATE	Obtain network information status	Obtain network status changes to maintain the stability of long-lived message connections	Android/iOS
ACCESS_WIFI_STATE	Obtain current Wi-Fi access status	Obtain Wi-Fi status changes to maintain the stability of long-lived message connections	Android/iOS
Media Library	Use videos in the photo library	When using video, this permission will be requested from you	Android/iOS
Push Notification	Use notification functionality	On first use of the App, notification permission will be requested from you	Android/iOS