Privacy Agreement

Quick Navigation

• Sections 1-5: scope, data categories, legal basis, app-store compliance, and ad monetization controls.
• Sections 6-10: regional rights, child protection, sharing controls, international transfers, and retention.
• Sections 11-15: security, user choices, technology usage, policy changes, and contact channels.

1. Scope and Applicability

This Privacy Agreement applies to all services, websites, software, mobile management applications, and mobile applications published or operated by Yangzhou Ximao Technology Co., Ltd, including applications distributed through Google Play, Apple App Store, and other lawful digital distribution channels.

This Agreement applies to users located in Europe, the United Kingdom, North America, and other jurisdictions where our services are made available.

2. Data Categories We Process

• Identity and account data: name, email address, account identifiers, and role details for business operations.
• Device and technical data: operating system, app version, device model, language settings, timezone, IP-derived region, crash diagnostics, and performance logs.
• Usage data: app interaction events, feature usage, campaign response, and content access timestamps.
• Transaction and operational data: order workflows, supply-chain process records, inventory interactions, and support interaction logs.
• Advertising and consent data: ad request signals, advertising identifiers where permitted, consent strings, ad impression events, and anti-fraud markers.
• Communications data: support requests, key account correspondence, and compliance inquiries.

3. Legal Bases for Processing

• Contractual necessity: service delivery, account maintenance, app operations, and support response.
• Legitimate interests: fraud prevention, service reliability, security monitoring, and product improvement.
• Consent: personalized advertising, analytics in consent-based jurisdictions, and optional communication settings.
• Legal obligation: compliance with tax, accounting, law enforcement, sanctions, export control, and statutory data-retention obligations.

4. App Store and Platform Compliance

• Google Play: processing and disclosures align with Google Play Developer Program Policies, Google Play User Data policy, Families policy when relevant, and Data safety disclosure requirements.
• Apple App Store: processing and disclosures align with Apple Developer Program License Agreement, App Store Review Guidelines, and App Privacy transparency requirements.
• Where app store rules impose stricter requirements than this document, the stricter requirement applies.

5. Advertising and Monetization Compliance

Our applications may integrate ad monetization technologies, including launch ads (app open), rewarded video ads, interstitial ads, and banner ads. Ad delivery is controlled through consent and policy gating based on jurisdiction, platform rules, and age classification.

• Potential ad and mediation platforms include: Google AdMob, Google Ad Manager, AppLovin MAX, Unity Ads, ironSource, Meta Audience Network, Mintegral, Pangle, Chartboost, Liftoff Monetize (Vungle), InMobi, Smaato, Ogury, Start.io, Yahoo DSP, Amazon Publisher Services, AdColony, and other compliant providers added in future updates.
• Personalized advertising is disabled by default where consent is required and not granted.
• Non-personalized ads or limited ads may be shown where legally permitted.
• Consent signals may be transmitted through recognized frameworks, including IAB Europe TCF where applicable.
• Ad partners may process limited device and contextual data to deliver ads, cap frequency, prevent fraud, and measure aggregate campaign outcomes.
• Users can withdraw advertising consent through in-app settings, system privacy controls, or direct support requests.

6. International and Regional Privacy Rights

We implement a jurisdiction-aware compliance model. Rights availability depends on applicable law and verified user location.

• European Economic Area: GDPR rights including access, rectification, erasure, restriction, portability, objection, and complaint rights.
• United Kingdom: UK GDPR and Data Protection Act rights equivalent to EEA protections.
• Switzerland: Federal Act on Data Protection rights and transparency obligations.
• United States: compliance approach for CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), and other state privacy laws where applicable.
• Canada: compliance approach under PIPEDA and relevant provincial frameworks.
• Brazil: LGPD-aligned handling where Brazil residents use our services.
• Australia: Privacy Act and Australian Privacy Principles alignment where applicable.
• New Zealand: Privacy Act alignment where applicable.

Users may request rights execution by emailing support@yzximao.com with sufficient identity verification information.

7. Age and Child Protection

• Our business applications are generally intended for adults and business users.
• Where a product is not directed to children, we do not knowingly collect personal data from children below the minimum age defined by local law.
• In child-sensitive jurisdictions, age thresholds may include under 13, under 16, or higher if required by local law.
• When child-directed processing rules apply (including COPPA, GDPR-K, or platform families programs), we use stricter data minimization, disable personalized ads, and enforce age-appropriate controls.
• Parents or guardians can request review or deletion of child-related data by contacting support@yzximao.com.

8. Data Sharing and Processors

• We share data with infrastructure, analytics, security, customer support, app-distribution, and advertising service providers as needed for service performance and legal compliance.
• Processing partners are engaged under contractual safeguards including confidentiality and security commitments.
• We may disclose information to authorities when required by law, legal process, or to protect rights, safety, and fraud prevention interests.
• We do not sell personal data in the conventional exchange-for-money sense; where required by law, users can submit opt-out requests for targeted advertising or data sharing considered sale/share under local definitions.

9. Cross-Border Transfers

• Data may be transferred across borders for app operation and support. We apply legal transfer mechanisms as required, including standard contractual clauses or equivalent safeguards where necessary.
• Transfer assessments and technical controls are applied based on legal risk and service architecture.

10. Data Retention

• Data is retained for the shortest period necessary for contract performance, legal compliance, dispute handling, accounting, security, and audit requirements.
• Retention periods vary by data class, legal obligation, and risk context.
• When retention is no longer required, data is deleted or irreversibly anonymized.

11. Security Controls

• Encryption in transit and, where appropriate, at rest.
• Role-based access controls, authentication controls, and least-privilege access design.
• Security monitoring, logging, and incident response workflows.
• Vendor risk controls and periodic policy reviews.

No method of transmission or storage is fully risk-free, but we maintain commercially reasonable safeguards and continuous security improvement.

12. User Choices and Requests

• Account and profile updates through service interfaces where available.
• Advertising preferences through app settings, platform-level privacy settings, and support channel requests.
• Cookie or tracking choices through consent interfaces where required.
• Rights requests, objections, and complaints via support@yzximao.com.

12A. Privacy Request Handling Process

• Submission: user sends a request to support@yzximao.com with identity and jurisdiction details.
• Verification: we verify request ownership and legal eligibility before processing personal data actions.
• Evaluation: our compliance team maps legal requirements and technical feasibility.
• Execution: we provide access, correction, deletion, restriction, objection, or portability support where required by law.
• Response: request updates are communicated through the original contact channel unless otherwise required.

13. Cookies, SDKs, and Similar Technologies

• Web and app environments may use cookies, local storage, SDKs, and equivalent technologies for authentication, preference memory, analytics, fraud prevention, ad delivery, and performance diagnostics.
• SDK providers may include analytics, crash reporting, ad serving, attribution, and anti-fraud vendors.
• Where consent is legally required, non-essential technologies are activated only after consent is captured.

14. Changes to This Privacy Agreement

We may update this document when products, laws, partner requirements, or platform rules change. Material updates will be communicated through website notices, in-app notices, or other legally appropriate channels.

15. Contact for Privacy Matters

Yangzhou Ximao Technology Co., Ltd

Office Address: 409, Building A2, No. 198 Wuzhou East Road, Development Zone, Yangzhou, 225000, CN

Business Support: support@yzximao.com

Key Account: fengzexin@yzximao.com

Website: yzximao.com

16. Additional Transparency Notes

• Ad-related and analytics-related technology settings may vary by app version, region, and legal requirement updates.
• Where platform controls provide stricter privacy defaults, those defaults are respected by our app behavior.
• In case of conflict between this agreement and mandatory local law, mandatory local law governs relevant processing activities.