Updated on: October 25, 2023
As【 Device Security SDK 】The provider of the product/service, Beijing Volcanic engine Technology Co., Ltd (hereinafter referred to as "Volcano Engine" or "We") attaches great importance to the protection of personal information. [Device Security SDK] For developers [Equipment risk identification capability]. When the end user (hereinafter referred to as "you") uses the website or application software (including APP, applet, web page, etc., hereinafter referred to as "developer application") developed and/or operated by the developer, if the developer integrates this service, we will provide you with relevant functions and services through the developer application, We are fully aware that your personal information should be handled in accordance with this privacy policy and laws and regulations to protect your personal information and privacy security.
Special statement:
This privacy policy cannot replace the privacy policy of the developer application. Developers should disclose their privacy policies to you about their applications, so as to declare to you how they collect, process and protect your personal information. If you seek access to data, or try to correct, modify or delete incorrect data, or you do not want to continue using the application integrated with the [Device Security SDK], please contact the corresponding developer (personal information processor) directly.
As the "personal information processor", the developer decides the purpose and method of user data processing. In the process of providing the developer with the Equipment Risk Identification Capability, we only collect data on behalf of the developer, and process the data according to the developer's entrustment and instructions.
The service you use through developer applications is configured by developers according to their application needs, and may vary depending on the version of developer applications you use. If some of our functions or services are not included in the developer's application version, the processing content of the above functions and services and related personal information in this privacy policy will not be applicable.
Before accessing and using this service, developers must carefully read this privacy policy, confirm that they have fully understood the content of this privacy policy, and make appropriate choices according to this privacy policy. At the same time, the developer shall provide this privacy policy to the end user so that the end user can understand the relevant content and obtain the consent of the end user. Unless otherwise specified, if the developer or end user disagrees with this statement or its update, the developer or end user shall immediately stop accessing and/or using the service.
This Privacy Policy will help you understand the following:
We hope that this Privacy Policy can clearly, accurately and completely explain to you how we collect, process and protect your personal information when you use the developer application integrated with the [Device Security SDK].
1. How we collect and use personal information
2. How we store personal information
3. Partners involved in data use
4. How do we protect the security of personal information
5. Personal information management
six Protection of minors clause
seven Revision and notice of privacy policy
eight . Contact us
How we collect and use personal information
1.1 Collection of personal information
[Introduction to Device Security SDK Functions]
- Basic functions:【 Device Security SDK 】The basic business functions of【 Equipment risk identification] 。
If you use a developer application integrated with the [Device Security SDK], [Device Security SDK] The following information will be collected through the developer application. We will not obtain sensitive personal information, and the developer is required not to transmit your sensitive personal information to us. Developers should inform you Device Security SDK Name, subject name, type and purpose of personal information processing, privacy policy and other contents can be used only after your consent is obtained Device Security SDK Carry out relevant business functions. Since there may be some differences between the information fields collected by different SDK versions and whether they are optional, the specific collection situation is subject to the SDK version accessed by the developer application you actually use.
(1) APP end [Required information] Device Security SDK Basic information required for cooperation
| Personal information collection types and fields | Purpose and purpose |
|---|
| Android side | Operator information | Equipment risk identification |
| MCC mobile country code |
| MNC mobile network code |
| Network access mode (WIFI status) |
| Android ID |
| CPU information |
| IOS side | IDFV | Equipment risk identification |
| Android, IOS | IP address | Equipment risk identification |
| Equipment brand |
| Equipment model |
| operating system |
| Operating system api version |
| System language |
| System time zone |
| Screen resolution |
| battery level |
| Application version |
| Application package name |
[Optional Info] Developers can choose whether to use Device Security SDK obtain
| Personal information collection types and fields | Purpose and purpose | remarks |
|---|
| Android side | Information of surrounding AP access points (WIFI list) | Equipment risk identification | Basic mode does not collect |
| Wifi SSID |
| BSSID |
| Hardware serial number |
| IMEI |
| MAC address |
| OAID |
| MSIN/IMSI |
| Sensor information |
| IOS side | Other device information (device name) | Equipment risk identification |
| Sensor information |
| IDFA |
(2) Web Platform
| Personal information collection types and fields | objective |
|---|
Web Platform | System platform, number of CPU cores, system memory, system language, user preference language list, screen resolution, available screen resolution
Screen height, screen width, kernel compilation date, touch screen information, time zone, video card model, font list, plug-in list, User Agent | Equipment risk identification |
Please note that we will not ask you to submit personal information on your own initiative. The information collected by us cannot identify the identity of a specific natural person alone, and based on the SDK The technical characteristics of, which can not objectively obtain any information that can independently identify the identity of a specific natural person in the operation process.
We may adjust and change the functions and services provided by the [Device Security SDK], but please be aware that we will not change the business functions and personal information configuration status set by the developer without the developer's active integration or consent. According to the integrated SDK Due to different versions, there are differences in the service functions and personal information processing. When you use a developer application integrated with this service, it is recommended that you carefully read and understand the privacy policy provided by the developer in order to make appropriate choices.
1.2 Permission list
[Optional Permission] Developers can choose whether to use the device security SDK to obtain relevant permissions
| type | Permission name | Usage scenario and purpose |
|---|
| Android side | READ_PHONE_STATE Read phone status (device IMSI/IMEI number) | Acquire IMSI/IMEI No |
| ACCESS_FINE_LOCATION | Geographic location permission will not collect the user's precise GPS information, but only WiFi related information for the algorithm to identify the risk of cheating |
1.3 Exceptions to obtaining authorization and consent
Please understand that under the following circumstances, according to laws, regulations and relevant national standards, we do not need to obtain your authorization in advance to collect and use your personal information:
a. Related to our performance of our obligations under laws and regulations;
b. Directly related to national security and national defense security;
c. Directly related to public safety, public health and major public interests;
d. Directly related to criminal investigation, prosecution, trial and judgment execution;
e. In order to protect your or others' life, property and other major legitimate rights and interests, but it is difficult to obtain my authorization;
f. Your personal information disclosed to the public;
g. Necessary for signing and performing the contract according to the requirements of the personal information subject;
h. Your personal information collected from legally disclosed information, such as legal news reports, government information disclosure and other channels;
i. It is necessary to maintain the safe and stable operation of software and related services, such as finding and handling software and related service failures;
j. Necessary for legal news reporting;
k. It is necessary for academic research institutions to carry out statistics or academic research based on the public interest, and to de identify the personal information contained in the results when providing the results of academic research or description;
l. Other circumstances stipulated by laws and regulations.
Special note: if the information cannot identify your personal identity alone or in combination with other information, it does not belong to your personal information in the legal sense.
How we store personal information
We attach great importance to information security, follow strict security standards, use security measures that meet industry standards to protect the information you provide, and adopt a variety of reasonable technical, operational and management security measures to protect the security of the information we collect. Protect information from unauthorized access, public disclosure, use, modification, damage or loss.
2.1 Location of information storage
In accordance with the provisions of laws and regulations, we store the personal information collected and generated in China in the People's Republic of China. At present, we will not transmit the above information overseas. If the developer transmits the above information overseas, the developer shall fulfill the relevant compliance obligations.
2.2 Storage life
We will only retain your information for the period necessary for the purpose of providing services to developers. After exceeding the storage period agreed with the developer or receiving the corresponding instructions from the developer, we will delete or anonymize your personal information, unless otherwise specified by laws and regulations.
Partners involved in data use, transfer and disclosure of personal information
(1) Partners involved in data use
3.1 Basic principle
a. Principle of legality: If data use activities are involved in the process of cooperation with partners, they must have a legitimate purpose and comply with the legal basis of legitimacy. If the partner's use of information no longer conforms to the principle of legality, it should not use your personal information, or use it after obtaining the corresponding legitimacy basis.
b. Principle of legitimacy and minimum necessity: The use of data must have a legitimate purpose and should be limited to the extent necessary to achieve the purpose.
c. Principle of safety and prudence: We will carefully evaluate the purpose of partners' use of data, comprehensively evaluate the security capabilities of these partners, and require them to comply with the cooperation legal agreement. We will strictly monitor the security of software tool development kits (SDKs) and application program interfaces (APIs) that partners obtain information to protect data security.
3.2 Entrusted processing
For the scenario of entrusted processing of personal information, we will sign relevant agreements with the entrusting party and agree on their respective rights and obligations in accordance with the legal provisions, so as to ensure that the use of relevant personal information complies with the relevant provisions of the law and protects data security. Without the developer's consent, we will not subcontract your information. We only process your personal information according to the entrustment and instructions of the developer, and accept the supervision of the developer and you on the use of personal information.
3.3 Co processing
For the scenario of jointly processing personal information, we will sign relevant agreements with our partners and agree on their respective rights and obligations in accordance with legal provisions, so as to ensure compliance with relevant legal provisions and protect data security in the process of using relevant personal information.
3.4 Scope of partners
If our related parties and third parties provide services in specific functions and scenarios, the scope of partners includes our related parties and third parties.
(2) Change of operation subject
With the continuous development of our business, we may carry out mergers, acquisitions and asset transfers, and your personal information may be transferred accordingly. In the event of the above changes, we will require the successor to protect your personal information in accordance with laws and regulations and security standards not lower than those set forth in this privacy policy. If the successor changes the original processing purpose and processing method, we will require the successor to obtain your authorization and consent again.
(3) Publicity
We will not actively disclose the information that you have not disclosed on your own, unless we comply with national laws and regulations or obtain your authorization and consent.
(4) Exemption from your authorization and consent
Please understand that under the following circumstances, according to laws, regulations and national standards, your authorization and consent are not required for partners to use or for us to transfer and disclose your personal information:
a) Necessary for entering into or performing the contract according to your requirements;
b) Necessary for performing legal duties or legal obligations, such as legal duties or legal obligations directly related to national security, national defense security, criminal investigation, prosecution, trial and judgment execution;
c) It is necessary to respond to public health emergencies or protect the life, health and property safety of natural persons in emergencies;
d) Implement news reporting, public opinion supervision and other behaviors for the public interest, and process personal information within a reasonable range;
e) Handle your personal information disclosed by yourself or other personal information that has been legally disclosed (such as legal personal information disclosed through legal news reports, government information disclosure and other channels) within a reasonable range;
f) Other circumstances stipulated by laws and regulations.
Personal information management
4.1 Exercise of user rights
We highly respect and value your personal information management rights. We will try our best to help you manage your personal information so that you can protect your privacy and information security.
As an end user, please know:
Since you are not our direct user and have no direct interactive dialogue interface with us, in order to ensure the realization of your rights, we have asked the developers who integrate our services to promise that they should provide user-friendly user rights realization methods for end users. Please be aware and understand that due to the cooperation relationship between us and developers, we cannot control or fully grasp the interactive interface design in developer applications and its response to personal information rights and interests.
Based on the relationship between the [Device Security SDK] and the developer, you can give priority to the developer ("personal information processor") to seek to exercise the right of personal information subject, and you can also contact us according to the contact information of this privacy policy. If you directly ask us to manage your personal information, in order to help you better manage your personal information, we may also need to send your demand for managing your personal information to the developers of the integrated service, and ask them to handle and respond to your request, or let us assist the developers to handle it for you.
As a developer who provides application services directly to end users【 Device Security SDK 】When providing services for end users later:
1. The developer shall provide and clarify the path of personal information management for the end user according to the functional settings provided by the developer platform used, and respond to the end user's personal information management request in a timely manner.
2. In the process of developers' integrated use of this service, if the end user puts forward a request to manage his personal information, and the developer has determined that such a request involves personal information processed by this SDK product and needs our assistance in processing, the developer should contact us in a timely manner through the contact method of this rule, and attach the necessary written supporting materials of the end user's request. We will verify relevant materials in a timely manner, and provide corresponding support and cooperation for the end user's exercise request in accordance with relevant laws and regulations and the Rules.
4.2 Stop operation and inform you
If we stop operation, we will stop collecting your personal information in a timely manner, notify you of the notice of stopping operation by announcement or other appropriate ways, and delete or anonymize your personal information held.
How we protect personal information
We attach great importance to the security of user information, and will strive to take reasonable security measures (including technical and management aspects) to protect your information and prevent the information you provide from being used improperly or accessed, disclosed publicly, used, modified, damaged, lost or leaked without authorization.
5.1 Safety technical measures
We will protect your information with reasonable and feasible means such as encryption technology and anonymization processing that are not lower than those commonly used in the industry, and use security protection mechanisms to prevent your information from being maliciously attacked.
5.2 Safety management system
We will establish a special security department, security management system and data security process to ensure your information security. We adopt a strict data use and access system to ensure that only authorized personnel can access your information, and conduct security audits of data and technology in due course.
We will develop an emergency response plan and immediately launch the emergency response plan when user information security incidents occur, so as to prevent the impact and consequences of such security incidents from expanding. In the event of user information security incidents (leakage, loss, etc.), we will promptly inform you of the basic situation and possible impact of security incidents, the disposal measures we have taken or will take, suggestions that you can independently prevent and reduce risks, and remedial measures for you in accordance with the requirements of laws and regulations.
We will timely inform you of the event in the form of push notification, email, letter, SMS, etc. When it is difficult to tell one by one, we will take a reasonable and effective way to publish an announcement. At the same time, we will also report the disposal of user information security incidents according to the requirements of relevant regulatory authorities.
5.3 Safety tips
Although the above reasonable and effective measures have been taken and the standards required by relevant laws and regulations have been complied with, please understand that in the Internet industry, even if we try our best to strengthen security measures, it is impossible to always guarantee 100% security of information due to technical restrictions and possible malicious means, We will try our best to ensure the security of the information you provide us. You know and understand that the system and communication network you use to access our services may have problems due to factors beyond our control. Therefore, we strongly recommend that you take positive measures to protect the security of user information, including but not limited to the use of complex passwords, regular password changes, and not revealing your account password and other information to others.
We would like to remind you that the user information protection measures provided in this privacy policy are only applicable to this service. Once you leave the relevant pages of this service, browse or use other websites, products, services and content resources, we have no ability and obligation to protect any information submitted by your software and websites outside of this service, no matter whether you log in, browse or use the above software and websites based on the links or guidance of this service.
Juvenile Protection Clause
If the developer's application involves the processing of personal information of minors under the age of 14, the developer shall inform the guardian of minors under the age of 14 in detail about the processing of personal information of minors, and obtain the authorization and consent of the guardian of minors for such processing, At the same time, developers should also formulate special personal information processing rules for minors under 14 years of age. In general, developers should take necessary measures to ensure that all personal information transmitted to us (or allowed to be collected by the SDK) has obtained the corresponding legitimacy basis.
If you are the guardian of minors under the age of 14, if you find that there is personal information of minors under the age of 14 collected without your authorization, or you want to view, copy, correct, supplement, delete, or withdraw the personal information of minors under the age of 14 handled with consent, you can contact the application developer accessed by the SDK, Or contact us through the contact information in this privacy policy, and we will deal with it in a timely manner according to legal provisions. If we find that the application developer accessed by the SDK transmits (or allows the SDK to collect) personal information of minors under 14 years of age to us without the authorization and consent of the minor's guardian, we will actively delete it according to law.
Amendment and notification of privacy policy
In order to provide better services to developers and you, this service will be updated and changed from time to time, and we will revise this privacy policy from time to time. Such revisions constitute a part of this privacy policy and have the same effect as this privacy policy.
After this privacy policy is updated, we will publish the updated version on the relevant pages of this service so that you can know the latest version of this privacy policy in a timely manner. If you continue to use this service, it is deemed that you agree to accept all the contents of the revised privacy policy. However, if the updated content needs to obtain your additional user information, we will still ask for your consent again in a significant way.
contact us
If you have any questions, opinions or suggestions about the protection of personal information and the content of this privacy policy, you can choose to contact us through the following ways: a) Login【 Volcano engine platform homepage - "Consultation feedback" 】
b) You can send questions to service@volcengine.cn 。
We will review your questions or suggestions as soon as possible and reply within 15 working days.