TalkingData SDK Privacy Policy

Updated: November 30, 2023
<span>Beijing Tengyun Tianxia Technology Co., Ltd. and its affiliated companies (hereinafter collectively referred to as "We" or "TalkingData"), as a company focusing on Internet integrated data services, have always attached great importance to the protection of personal information and privacy in data services. TalkingData understands the importance of personal information to you and will do its utmost to protect your personal information safely and reliably. We are committed to maintaining your trust in us and strictly abide by the following principles to protect your personal information: the principle of consistent rights and responsibilities, the principle of clear purpose, the principle of consent by choice, the principle of minimum sufficiency, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. When you visit the TalkingData website or register to use any products and services of TalkingData, we will take appropriate security measures to protect your personal information according to the industry's mature security standards. If you have any questions, comments or suggestions, please contact us through the following contact information:
E-mail: support@tendcloud.com
Tel: 400-870-1230 Special tips: TalkingData privacy policy is only applicable to various products and services provided by TalkingData, including but not limited to: websites, SDKs, APIs, codes, tools, product documents, etc. provided by us, not applicable to products and services provided by third parties through TalkingData, or products and services pointed to by third-party links on TalkingData website. In this case, it is recommended that you carefully read and understand the privacy policy of the third party. This privacy policy is closely related to the products and services provided by TalkingData. Please read the following privacy policy carefully to understand how we collect, use, save and transfer information from or about you and your end users. We try to explain to you in a clear, understandable and appropriate way so that you can know your rights and make your choice after reading. Please note that by visiting the TalkingData website or using our services, you have read, understood and agreed to accept this privacy policy. This policy is effective throughout your use of websites and services. If you do not agree with this policy, you should immediately stop using the host application or exercise the right to refuse or withdraw your consent through the exercise of the personal information subject published in this privacy policy. Please ensure that TalkingDataSDK services are used legally and in compliance with relevant laws, regulations, national standards and requirements of competent authorities. The specific process is as follows: 1. Please upgrade the TalkingDataSDK to the latest version. The specific download link is as follows: https://doc.talkingdata.com/posts/catalogue/1075 2. Please complete the SDK usage configuration according to the SDK Integration Document. The TalkingDataSDK only prepares for the application runtime in the initialization phase, and does not collect any data. You should ensure that after the end user agrees to your Privacy Policy, you can start the analysis capability based on reasonable business scenarios, and use the TalkingDataSDK function in compliance and necessity. For the configuration description of the latest version of initialization configuration and startup analysis capability, see the link: Android: https://doc.talkingdata.com/posts/1025
iOS: https://doc.talkingdata.com/posts/1024 This privacy policy will help you understand the following: 1. How we collect and use your personal information
2. How do we share, transfer and publicly disclose your personal information
3. How we protect your personal information
4. Your rights
5. How we deal with children's personal information
6. How your personal information is transferred globally
7. How to update this policy
8. How to contact us

1、 How we collect and use your personal information

Personal information refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. TalkingDataSDK will only collect and use your personal information for the following purposes described in this policy. This service is only available to users in the mainland of the People's Republic of China, except for specially specified overseas/international websites or products. If you are located outside the mainland of the People's Republic of China, you may be involved in different regulatory requirements for the collection, storage, use and sharing of data and personal information in other jurisdictions. If applicable, you should also comply with the relevant provisions of the Commitment on Compliance of Overseas Personal Information Protection; When we want to use the information for other purposes not specified in this policy, we will ask for your consent in advance. When we want to use the information collected for a specific purpose for other purposes, we will ask for your consent in advance.
The TalkingData SDK provides data statistics tools and analysis services for host applications, including but not limited to application statistics and analysis, mobile advertising monitoring and other services. We will only collect your relevant data by technical means based on the following needs and purposes of the host application development operator you use to entrust us to provide TalkingDataSDK products and services, and on the premise that the aforementioned development operator guarantees that you have obtained your full authorization and consent, as follows:

Product Functions data type Specific fields Processing purpose Application statistical analysis Mandatory Basic personal information Unique device identifier (OAID and Android ID), IP address, IDFV, IDFA It is used to generate the unique identification of the desensitized end user for basic analysis. Other basic data related to applications, devices and networks SDK or API version, platform, timestamp, creation time of system file, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, application's NFC permission (yes or no), whether the device supports NFC function (yes or no), whether the device supports Bluetooth function (yes or no), device model, terminal manufacturer Terminal device operating system version, session start/stop time, language location, mobile network/country code, time zone, hard disk, CPU and battery usage, network information (connection status of WiFi network or base station, BSSID or SSID information connected to WiFi, SystemID information connected to base station) It is used for rough multidimensional analysis, and provides data reports by region and application version number. Optional Optional personal information MEID, IMEI, Mac information It is used to identify users more accurately and identify cheating traffic. App List It is used to identify, analyze and eliminate cheating traffic. position information It is used to generate more accurate location distribution reports and identify cheating traffic. Mobile advertising monitoring Mandatory Basic personal information Unique device identifier (OAID and Android ID), IP address, IDFV, IDFA It is used to generate the unique identification of the desensitized end user for basic analysis. Other basic data related to applications, devices and networks SDK or API version, platform, timestamp, creation time of system file, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, application's NFC permission (yes or no), whether the device supports NFC function (yes or no), whether the device supports Bluetooth function (yes or no), device model, terminal manufacturer Terminal device operating system version, session start/stop time, language location, mobile network/country code, time zone, hard disk, CPU and battery usage, network information (connection status of WiFi network or base station, BSSID or SSID information connected to WiFi, SystemID information connected to base station) It is used for rough multidimensional analysis, evaluation of advertising effect, and identification, analysis and elimination of cheating traffic. Optional Optional personal information MEID, IMEI, Mac information It is used to identify users more accurately and identify cheating traffic. App List It is used to identify, analyze and eliminate cheating traffic. position information It is used to generate more accurate location distribution reports and identify cheating traffic. If you do not want your above personal information to be collected, you can exercise your withdrawal right through TalkingDataopt out. Once you exercise your withdrawal right, your personal information will not be collected and processed in any form, and your consent will not be frequently sought. The link of TalkingDataopt out is: http://www.talkingdata.com/optout.jsp?languagetype=zh_cn You can also request the host application developer to exercise the rights of the personal information subject. We will actively cooperate with the host application developer to respond to your corresponding requirements after receiving the notification from the host application developer and verifying the authenticity and legitimacy of the request.
1. Rights related to collecting personal information

Due to different system requirements, the host application may also need to obtain relevant permissions to collect personal information using the TalkingDataSDK service.

Android system permissions: Permission name Purpose of authority INTERNET Used to allow applications to network and send statistics. ACCESS_NETWORK_STATE It is used to allow applications to detect network connection status and suspend data transmission in case of abnormal network status. READ_PHONE_STATE It is used to generate the unique identification of the desensitized end user. ACCESS_WIFI_STATE It is used to generate the unique identification of desensitized end users and identify cheating traffic. WRITE_EXTERNAL_STORAGE It is used to store device information and record logs. ACCESS_FINE_LOCATION (optional) It is used to correct the geographical distribution data of end users, make report data more accurate, and identify cheating traffic. ACCESS_COARSE_LOCATION (optional) Used to identify cheating traffic. GET_TASKS (optional) It is used for more accurate statistics of end-user activity.
IOS system permissions: Permission name Purpose of authority network Used to allow applications to network and send data. IDFA It is used to generate the unique identification of the desensitized end user. Location information (optional) It is used to correct the geographical distribution data of end users, make report data more accurate, and identify cheating traffic. WIFI information (optional) Used to identify cheating traffic.
You should understand and confirm that we will collect only after the host application commitment has obtained your authorization and consent. If you do not want to collect the above information, you can refuse or withdraw your consent by closing the corresponding permissions.

2. Exceptions to personal information collection and use authorization

According to relevant laws and regulations, your authorization is not required to collect your personal information under the following circumstances:

1) Directly related to national security and national defense security;

2) Directly related to public safety, public health and major public interests;

3) Directly related to criminal investigation, prosecution, trial and judgment execution;

4) It is difficult to obtain my consent for the purpose of protecting the life, property and other major legitimate rights and interests of the personal information subject or other individuals;

5) Based on the necessity of academic research, and the results of academic research or description have been de identified;

6) The personal information collected is disclosed to the public by yourself;

7) Collect personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels;

8) Necessary for the performance of the contract you signed;

9) It is necessary for maintaining the safe and stable operation of products or services provided by TalkingData, such as finding and handling product or service failures;

10) Other circumstances stipulated by laws and regulations.

2、 How do we share, transfer and publicly disclose your personal information

1. Share

We will not share your personal information with any other company, organization or individual, except for the following circumstances:

1) After obtaining your explicit consent, we will share your personal information with other parties.

2) We may share your personal information according to laws and regulations or mandatory requirements of the competent government departments.

3) Share with our affiliates: Your personal information may be shared with TalkingData affiliates. We will only share necessary personal information and are bound by the purpose stated in this privacy policy. If the subsidiary wants to change the purpose of processing personal information, it will ask for your authorization again.

Our subsidiaries include: Suzhou Tengyuntianxia Data Technology Co., Ltd

4) Sharing with advertisers, advertising alliances or other operators (collectively referred to as "business partners"): we will cooperate with such authorized partners to use the processed and processed de identification data in the TalkingData database for commercial use in various forms, such as using the data to optimize advertising and improve marketing effects. Unless we get your permission, we will not share personal identity information (refers to information that can identify personal identity, such as name or e-mail, through which we can contact individuals or identify individuals) with business partners. We will provide these partners with information about their advertising coverage and effectiveness, instead of providing personally identifiable information, or we will summarize this information so that it will not identify individuals. For example, only after advertisers agree to abide by our advertising guidelines can we tell advertisers how effective their ads are, or how many people have seen their ads or installed apps after seeing them, or provide these partners with demographic information that cannot identify themselves (for example, "25 year old men in Beijing like software development" )To help them understand their audience or customers. This kind of information cannot identify your personal identity alone or in combination with other information, and it does not belong to your personal information in the legal sense. For companies, organizations and individuals with whom we share personal information after obtaining the authorization and consent of the personal information subject, we will sign a strict confidentiality agreement, requiring them to handle personal information in accordance with our instructions, this privacy policy and any other relevant confidentiality and security measures.

2. Assignment

We will not transfer your personal information to any company, organization or individual, except for the following circumstances:

1) Transfer with explicit consent: after obtaining your explicit consent, we will transfer your personal information to other parties;

2) In case of merger, acquisition or bankruptcy liquidation, if personal information transfer is involved, we will require the new company or organization holding your personal information to continue to be bound by this privacy policy, otherwise we will require the company or organization to ask for your authorization consent again.

3. Public disclosure

We will only publicly disclose your personal information under the following circumstances:

1) After obtaining your explicit consent;

2) Law based disclosure: We may publicly disclose your personal information in the case of mandatory requirements of laws, legal procedures, lawsuits or government authorities.

3) In case of emergency, it is reasonably judged to protect the legal rights and security of us, our agents, customers, end users or others.

4) We file a lawsuit or arbitration against users to safeguard our own or other users' legitimate rights and interests.

3、 How we protect your personal information

1. Data confidentiality measures taken by us

There is no transmission method on the Internet, or the electronic storage method is 100% secure. Although we have made reasonable efforts, it may still be stolen, illegally owned or abused, which may cause personal, property and reputation losses to you and your users. You have understood the above risks and are willing to take them.

We will adopt the prevailing and reasonable standards in the industry to protect the security and confidentiality of the information we store. Including but not limited to: firewall and data backup measures; Access permission restrictions of the data center; Encrypt the identification information of the mobile terminal.

We have established and improved the data security management system, including the establishment of the network and information asset list and asset responsibility system, the classification, encryption and storage of user information, the division of data access rights, the development of internal data management systems and operating procedures, the acquisition, use and destruction of data have strict process requirements, to avoid the illegal use of user privacy data.

We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will only retain your personal information for the period necessary to achieve the purpose described in this privacy policy, unless the retention period needs to be extended or permitted by law.

We have established an information security working group, which is responsible for organizing information security related exchanges, coordinating the processing of information security related issues and the decision-making of data life cycle security construction, and actively communicating and cooperating with other relevant organizations.

TalkingData requires that every staff member should sign a data security confidentiality agreement before joining the company. We have also established a training mechanism for regularly holding security and privacy protection training to improve employees' awareness of personal information protection. We will review, update and disclose TalkingData security risk and personal information security impact assessment report from time to time.

At present, we have obtained many certifications to improve our security compliance capabilities, which are as follows: (1) Level III network security protection; (2) Privacy Information Management System Certification ISO/IEC27701:2019; (3) Information Security Management System Certification ISO/IEC27001:2013; (4) Quality management system certification ISO9001:2015; (5) Information technology service management system certification ISO/IEC20000-1:2018; (6) The SDK security evaluation certificate of China Information Security Evaluation Center shows that the security meets the EAL1 level; (7) Zhuoxin big data plan big data platform security certification; (8) Evaluation of China Academy of Information and Communications SDK Security Special Action; (9) Theil test certificate for security capability evaluation of data circulation platform; (10) Data security and personal information protection social responsibility evaluation is two stars. In addition, TalkingData also led and participated in a number of data compliance projects of the regulatory authorities, and became a member of the working group related to data security and personal information protection, as follows: (1) Pilot unit for application and promotion of Personal Information Security Specification of Information Security Technology; (2) Pilot unit for application and promotion of Information Security Technology Data Security Capability Maturity Model; (3) Pilot unit for application and promotion of Information Security Technology Personal Information Security Impact Assessment Guide; (4) Jointly released the White Paper on Security and Compliance of Software Development Kit (SDK) with China Academy of Information and Communications; (5) Member of TC260 Big Data Security Standards Task Force of National Information Security Standardization Technical Committee; (6) Member of Privacy Computing Alliance Group of China Academy of Information and Communications; (7) Member unit of "Zhuoxin Big Data Plan" of China Academy of Information and Communications; (8) Member unit of CCIA Data Security Working Committee of China Network Security Industry Alliance; (9) The first group members of the Personal Information Protection Compliance Audit Promotion Team; (10) The first member of the "Data Security Community Program (DSC)" of the China Academy of Information and Communications; (11) The first batch of enterprises participating in the green SDK industrial ecological co construction action.

2. Emergency disposal and early warning

In case of an unfortunate personal information security incident, we will timely inform you of the basic situation and possible impact of the security incident, the emergency response we have taken or will take, other relevant disposal measures, and remedial measures for you through the letter in the host application site/your reserved contact information, etc. according to the requirements of laws and regulations. If it is difficult to inform individual information subjects one by one, we will take a reasonable and effective way to issue an announcement and will take the initiative to report the disposal of personal information security incidents to the relevant regulatory authorities.

If you find that your personal information is leaked, please contact us immediately through the contact information agreed in this privacy policy so that we can take appropriate measures in a timely manner.

4、 Your rights

In accordance with the relevant laws, regulations and standards of China, as well as the common practices of other countries and regions, you can directly send the request related to your personal information to the host application development operator for processing and help according to the host application's privacy policy, After receiving the relevant request from you notified by the host application developer and operator and verifying the authenticity and legitimacy of the request, we will actively cooperate with the host application developer to respond to your corresponding request. You can also exercise the following rights on your personal information through the following ways provided by us:

1. Access your personal information

If you want to exercise data access, please send an email to【 support@tendcloud.com 】。

2. Correct or supplement your personal information

When you find that there are errors in the personal information we collect about you, or your personal information needs to be updated and supplemented, you can contact us through this privacy policy or various contact methods published on the TalkingData website. To ensure the security of your account, we may require you to verify your identity.

3. Delete your personal information

You can click TalkingDataOPT-OUT: http://www.talkingdata.com/optout.jsp?languagetype=zh_cn Privacy settings to cancel your authorization for us to collect and use your personal information, we will stop using and delete your personal information. Please note that we may not delete the corresponding information from the backup system immediately, but will delete it when the backup is updated.

In the following cases, you can request TalkingData to delete your personal information:

1) If we deal with personal information in violation of laws and regulations;

2) If we collect and use your personal information without your consent;

3) If our handling of personal information violates the agreement with you;

4) If you no longer use the hosting application.

If we decide to respond to your request for deletion, we will also notify the third party sharing your personal information to us as far as possible, and require such third party to delete your personal information in a timely manner, unless otherwise provided by laws and regulations, or such third party has obtained your independent authorization.

If you cannot access, update or delete such personal information through the above path, you can contact us at any time through TalkingData customer service. We will reply to your request within 15 days.

Despite the above provisions, in order to resolve disputes, implement user agreements, and comply with technical requirements related to safe operation, we may still retain some data for a reasonable time to the extent permitted by law.

4. Change the scope of your authorization and consent

Each business function requires some basic personal information to complete (see "Part I" of this policy). For the collection and use of additional collected personal information, you can give or withdraw your authorization consent in specific services at any time. When you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the previous personal information processing based on your authorization.

You can refuse commercial advertisements through OPT-OUT channel: http://www.talkingdata.com/optout.jsp?languagetype=zh_cn

5. Get a copy of your personal information

You have the right to obtain copies of your personal basic data, personal identity information, personal health and physiological information, and personal education information by sending a request to TalkingData contacts.

On the premise of technical feasibility, such as data interface matching, we can also directly transfer your copy of personal information to the third party designated by you according to your requirements.

6. Automatic decision of constraint information system

TalkingData makes automatic decisions (such as commercial information push) based on the authorized and legally collected personal information through the information system, algorithm and other non manual automatic decision-making technologies to achieve labeling or portrait processing. This behavior constitutes the unrecognizability of data and does not share, transfer or disclose any of your personal information to any third party. If these decisions significantly affect your legitimate rights and interests, you have the right to ask us for an explanation, and we will also provide appropriate remedies. If you do not want to participate in such targeted advertising information push, please cancel it through the following OPT-OUT channels: http://www.talkingdata.com/optout.jsp?languagetype=zh_cn

7. Respond to your request above

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request. We will reply within 15 days. If you are not satisfied, you can also complain through Part VIII.

For your reasonable request, we do not charge a fee in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost as appropriate. We may refuse those requests that are unprovoked and repetitive, require too many technical means (for example, need to develop new systems or fundamentally change the current practices), bring risks to the legitimate rights and interests of others, or are very impractical (for example, involving information stored on backup tapes).

Under the following circumstances, we will not be able to respond to your request according to the requirements of laws and regulations:

1) Directly related to national security and national defense security;

2) Directly related to public safety, public health and major public interests;

3) Directly related to criminal investigation, prosecution, trial and judgment execution;

4) There is sufficient evidence to show that you have subjective malice or abuse of rights;

5) Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations.

6) Involving trade secrets.

5、 How we deal with children's personal information

Informed, we will not collect and use data on children.

If the host application is designed and developed for children, we have asked the host application development operator to ensure that necessary technical means have been taken to ensure that the registration and use of the host application user are carried out by the child's guardian. At the same time, the host application development operator has formulated sufficient user agreements and privacy policies to fulfill the obligation of notification. For the collection of children's personal information with the consent of parents, we will only use or publicly disclose this information when it is permitted by law, explicitly agreed by parents or guardians, or necessary to protect children.

Although local laws and customs have different definitions of children, we regard anyone under the age of 14 as a child.

If we find that we have collected children's personal information without the prior consent of verifiable parents, we will try to delete relevant data as soon as possible.

6、 How your personal information is transferred globally

In principle, the personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China.

In the process of providing services, we may transfer the data collected from you to our affiliated entities or other third parties outside your jurisdiction. Such transfer will be within the scope of laws and regulations, and will process and provide adequate protection for your personal information according to this policy. If you are located outside the jurisdiction of the People's Republic of China, or if you or your product end users are located within the jurisdiction of the People's Republic of China, but we need to transfer to outside the jurisdiction of the People's Republic of China, you should agree or obtain the consent of the end users about this international transfer.

We strongly recommend that you consult local professionals to ensure that this transfer in or transfer out meets local data protection requirements. In particular, when the international transfer involves the European Union or the United States, please pay attention to the legal provisions of these countries and regions on personal information data protection.

7、 How to update this policy

We have the right to adjust this privacy policy at any time according to changes in services, adjustments in applicable laws and policies, and other affected factors. Without your explicit consent, we will not reduce your rights under this privacy policy. Any update of this privacy policy will be published on this website by marking the update time, Therefore, please check and understand your privacy policy at any time. If you do not agree to accept this privacy policy, please stop accessing and using our services.

For major changes to this privacy policy, we will notify them in a more significant way (such as pop-up prompts on the first level page or messages on the site).

Major changes referred to in this policy include but are not limited to:

1. Our service model has undergone significant changes. For example, the purpose of processing personal information, the type of personal information processed, and the use mode of personal information;

2. Significant changes have taken place in our ownership structure and organizational structure. Such as business adjustment, bankruptcy M&A, etc;

3. The main objects of personal information sharing, transfer or public disclosure have changed;

4. Your right to participate in personal information processing and the way you exercise it have changed significantly;

5. When the responsible department, contact information and complaint channel for handling personal information security change;

6. When the personal information security impact assessment report indicates that there is a high risk.

8、 How to contact us

If you have any questions, suggestions or complaints about our privacy policy, please contact【 support@tendcloud.com 】。

We have set up a special department for personal information protection (or personal information protection specialist), and you can contact it through the following ways:【 td_legal@tendcloud.com 】Generally, we will reply within 15 days.

If you are not satisfied with our reply, especially if you think that our personal information processing has damaged your legitimate rights and interests, you can also complain or report to regulatory authorities such as Netcom, Telecom, public security and industry and commerce, or You have the right to submit the dispute to the Beijing Arbitration Commission for arbitration in Beijing in accordance with its then effective arbitration rules.

support@tendcloud.com
Data report Developer Support Compliance Guidelines
two thousand and twenty-four © TalkingData.com Jing ICP Bei No. 12005794 |Jing ICP Certificate No. 130311| Beijing Public Network Security 11010502050041