Shence Data SDK Privacy Statement

Version No.: 5

Version update date: April 11, 2024

Version effective date: March 5, 2022

Tel: 400-650-9827

Email: mkt@sensorsdata. com

Registered address: Room 501, Floor 5, No. M18, Middle Information Road, Shangdi Information Industry Base, Haidian District, Beijing

Common office address: Room 501, Floor 5, No. M18, Middle Information Road, Shangdi Information Industry Base, Haidian District, Beijing

We updated the Shence Data SDK Privacy Statement based on business adjustment in accordance with relevant laws, regulations and technical specifications, which mainly includes the following contents: basic functions and extended functions are distinguished according to the SDK product functions, and necessary personal information and optional personal information are distinguished; The description of the end user SDK information collection list is canceled.

In order to better protect your personal information, we recommend that you carefully read the updated privacy policy, especially the terms marked in bold/italic/underlined. If you have any objection or question to the terms of this privacy policy, you can communicate with us through the contact information published in Article 10 "How to Contact Us" of this privacy policy.

introduction

As the developers and operators of Shence SDK, Shence Network Technology (Beijing) Co., Ltd. and its affiliated companies (hereinafter referred to as "Shence" and "we") are well aware of the importance of user information and respect and protect the security of user personal information. In accordance with the Cyber Security Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China and the laws and regulations of the Internet industry on information protection, and with reference to the Information Security Technology Personal Information Security Specification (GB/T 35273-2020) And other recommended national standards to protect your and/or your end users' personal information. In order to help developers and operators of products and/or services integrating Shence SDK (hereinafter referred to as "developers") carry out third-party SDK integration business in compliance with relevant laws, regulations, policies and standards, and better implement the requirements related to user personal information protection, At the same time, help the end users (hereinafter referred to as "end users") who use the products and/or services of the integrated Shence SDK fully understand the purpose, method, scope and information security protection measures of the developers who use the Shence SDK to "collect, use, save, share and transfer" the end user's personal information, and we provide you with access, correction Delete and other rights and methods to control personal information. Shence SDK Privacy Statement (hereinafter referred to as "the Statement") is hereby formulated. In order to facilitate your reading and understanding, we try our best to express in simple and understandable sentences and define key terms. Please refer to Article 11 "Explanation of Terms" of this statement.

This statement applies to the products and services we provide to you through the Android version of the Shence SDK, the iOS version of the Shence SDK and other versions we provide or update from time to time. If a version has special functions or personal information processing activities inconsistent with this statement, we will explain. If our products and/or services have a separate privacy policy/privacy agreement, the separate privacy policy/privacy agreement takes precedence over this statement; This statement applies to the contents not mentioned in the separate privacy policy/privacy agreement.

Developers (hereinafter referred to as "you") must carefully read this statement to access and use Shence, and confirm that you have read and fully understand all the contents of this statement, especially the important terms related to the protection of personal information rights and interests identified by us in "bold/italic/underline", to ensure that you fully understand and agree before starting access Use the products and/or services provided by Shence SDK. If you do not understand some or all of the contents of this statement, we recommend you to contact us at 400-650-9827 for relevant consultation. If you still disagree with the terms of this statement on the basis of your full understanding of this statement, it is recommended that you immediately stop accessing and using the products and/or services provided by Shence SDK.

Please read and understand the details of specific products in this policy carefully before using our products or services. We hope that when you use Shence products (and/or services), you will make a wise decision to provide you and/or your end users' personal information. We added Compliance instructions To help you use Shence products or services in a more intelligent and private way. If you do not agree with this policy, you should immediately stop using the products and/or services provided by us

Special tips, When you use our products and services, we will process two categories of personal information:

  1. Your personal information as a Shence developer customer;
  2. Personal information of your end user, including device identifier information, device hardware information, operating system information, network information, application information, location information and sensor.


The way we deal with these categories of personal information will be different, because we have a direct contractual relationship with you, which is different from our indirect relationship with your end users. As our customer, if you use our products or services to provide services for your end users You should separately agree with your end users on a privacy policy according to applicable laws and regulations, timely disclose the Shence SDK directory and data processing, and ensure that your end users have agreed to Shence's privacy policy; If you do not require your end users to agree to the contents of this privacy policy, you should stop using Shence's products and/or services. Examples of disclosure are as follows:

SDK name : Shence Analysis SDK

Name of the third party: Shence Network Technology (Beijing) Co., Ltd

Purpose: basic data collection and modeling, driving business decision analysis (please fill in according to specific purpose)

Collect personal information: device information (including Android ID, IDFA, IDFV, OAID, UUID, etc.), location information, and unique application number. The collected device information will be different based on different devices and systems (Android/iOS) and system versions, as well as the permissions determined by developers when integrating and using Shence SDK products. Therefore, developers should explain the actually collected personal information to users.

Privacy Policy: https://manual.sensorsdata.cn/sa/latest/zh_cn/sdk-22255999.html

This statement will help you understand the following:

  1. How we collect and use personal information of end users
  2. How we use cookies and similar technologies
  3. How do we share, transfer and publicly disclose the personal information of end users
  4. How do we save personal information of end users
  5. How do we ensure the security of end users' personal information
  6. How do we enable end users to have the right to manage personal information
  7. How do we deal with minors' personal information
  8. How we update and revise this statement
  9. other
  10. How to contact us
  11. Terminology

one How we collect and use personal information of end users

When you use the integrated Shence SDK products and/or services, we strictly comply with the provisions of the laws and regulations mentioned in the introduction, and collect and use the information provided by you on your own initiative or generated by your use of the services in the manner described below in this statement to provide you with services. No matter how the personal information of the end user is collected and used, we usually require developers to collect personal information with the consent of the end user, unless in some cases, personal information is collected based on legal obligations or may need to protect the important interests of the end user or others.

1.1. Your personal information as a Shence developer customer (or potential developer)

Shence SDK will collect information about developers' applications calling SDK interfaces, including device attribute information (Android ID/OAID/IDFA/IDFV/UUID), location information (GPS location information), network information (network information), device hardware information (device model, screen resolution, hardware manufacturer, product name) Operating system information (system name, system version, system language), application information (time zone, application app_id, application name, application version number), sensor (screen direction).

1.2. Personal information of your end user

1.2.1. Function introduction

1.2.1.1. Foundation buried point function

This Shence SDK provides the user behavior analysis function, to achieve the statistics of user behavior, and to achieve refined behavior data analysis, to help developers achieve refined operation. In the above basic data analysis function, you need to use your end-user device identifier (Android ID/IDFA/IDFV/UUID), network information (network type, operator name, IP address), device hardware information (device model, device screen resolution, device hardware manufacturer, device product name) Operating system information (system name, system version, system language), application information (time zone, application app_id, application name, application version number) are used to ensure the stability of the service.

1.2.1.2. Extended functions

In order to activate the statistical function and improve the analysis accuracy, developers need to enable the terminal user to collect position information (GPS position information) and sensors (screen direction) through the interface.

1.2.2. Based on the needs of the above basic analysis functions and extended functions, we will collect and use your end user's personal information and its specific functions as follows:

1.2.2.1. Required personal information

  • Device identifier (Android ID/IDFA/IDFV/UUID): used for user identification to ensure accurate statistics;
  • Network information (network type, operator name, IP address): used to determine the network connection status between the SDK and the server, ensure the stability and continuity of the service, and conduct user behavior analysis;
  • Device hardware information (device model, device screen resolution, device hardware manufacturer, device product name): used to ensure the compatibility of services on different devices, and to provide statistical reports according to the dimension of device conditions, so as to achieve refined behavior data analysis for end users;
  • Operating system information (system name, system version, system language): used to ensure the compatibility of services on different devices, and to achieve refined behavior data analysis for end users;
  • Application information (time zone, application app_id, application name, application version number): it is used to analyze the data of different application versions, and realize the refined behavior data analysis of end users.

1.2.2.2. Optional personal information

  • Location information (GPS location information): the developer actively calls the SDK interface settings, which is used to collect the location of the device, so as to realize the refined behavior data analysis of the end user;
  • Sensor (screen direction): the developer actively calls the SDK interface settings, which is used to collect the current screen direction of the device, so as to achieve refined behavior data analysis for end users;
  • Device identifier, of which the device identifier of Shence SDK under Android SDK v6.8.0 is IMEI/OAID/IMSI/Mac address: the developer actively calls the activation statistics interface to collect and analyze the channel source. Please refer to the compliance guide to disable not collecting. The identifier of Shence collection device for Android SDK v6.8.0 and above is OAID: the developer actively calls to activate the statistical interface to collect and analyze the channel source. Please refer to the compliance guide to disable non collection.

For optional information, you can choose to turn it off, but it will affect the realization and effect of some functions of the operation growth service. We suggest you turn it on.

Here we remind you:

 

  • When collecting anonymous IDs for the Shence SDK, it will collect Android IDs, IDFA and other device IDs by default. The Shence SDK does not collect GPS location information by default. Developers can use the relevant interfaces provided by Shence to enable or disable the collection of relevant information. reference resources: Turn on/off information mode
  • Please note that the information collected by related products and/or services will be different based on different devices and systems (such as Android/iOS) and system versions, as well as different permissions decided by developers when integrating Shence SDK products. Therefore, developers should explain the personal information collected by the end users to the end users. The collection capability of preset event and preset attribute information provided by Shence SDK can refer to: Preset Events and Preset Attributes
  • Individual equipment information, log information, location information, etc. cannot identify a specific natural person. If we use the above information in combination with other personal information to identify the identity of a specific natural person, or use it in combination with information that can identify the identity of a natural person, the developer shall also anonymize and de identify such personal information during the combined use period, in addition to obtaining the end user's authorization or otherwise specified by laws and regulations.

1.3. Device Permission Call Description

Please note and understand that Shence SDK collects "device information", "network information"“ Sensor "and/or" Location Information " The premise of, End user authorization consent enable "Device Information Permission", "Network Access Permission"“ Sensor "and/or" Location Permissions ”If your end user does not want to collect the above information, you can turn off "Network Access Permission", "Device Information Permission"“ Sensor "and/or" Location Permissions ”Implementation. When a user opens any permission, he or she authorizes us to collect and use relevant information to provide corresponding services. When an end user closes any permission, he or she cancels the authorization. We will no longer collect and use relevant information based on the corresponding permission, nor can we provide services corresponding to this permission.

1.3.1. Android SDK Product Permission Description

To ensure the normal deployment of customer data collection, the Android SDK requires the following system permissions:

jurisdiction

purpose

Must

remarks

INTERNET

Allow app to send statistics

The permission is required. The SDK needs this permission to send the buried point data


ACCESS_NETWORK_STATE

Allow app to detect network status

You must have permission. The SDK will choose whether to send data according to the network status


READ_PHONE_STATE

Allow applications to acquire device IMEI, MEID and Android 11 and above system versions to acquire network types

Optional permission, which will be used when promoting and collecting the $carrier attribute in the App

Android v6.8.0 and above Shence SDK is only used to obtain network types for Android 11 and above system versions

ACCESS_WIFI_STATE

Allow application to obtain MAC address

Optional permission, which will be used when promoting in app

Shence SDK for Android v6.8.0 and above does not need to be authorized to open this permission. The permission statement has been deleted

1.3.2. IOS SDK Product Permission Description

To ensure the normal deployment of customer data collection, the iOS SDK requires the following system permissions:

jurisdiction

purpose

Must

Network (special for national service)

Allow app to send data

The permission is required. The SDK needs this permission to send the buried point data

location

Allow app to get GPS data

Optional permission, which is required when the SDK collects GPS data

IDFA

Allow app to obtain IDFA

Optional permission, which will be used when promoting in app

1.4. Exceptions based on consent

According to relevant laws and regulations, we can collect and use some necessary user personal information without your authorization and consent in the following cases:

  1. Related to the performance of obligations stipulated by laws and regulations;
  2. Directly related to national security and national defense security;
  3. Directly related to public safety, public health and major public interests;
  4. Directly related to criminal investigation, prosecution, trial and judgment execution;
  5. In order to protect your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain my consent;
  6. The personal information involved is disclosed to the public by yourself;
  7. Necessary for signing and performing the contract according to your requirements;
  8. Collect your personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels;
  9. Other circumstances stipulated by laws and regulations.

two How we use cookies and similar technologies


When an end user uses products and/or services integrated with the Shence SDK through the Internet, including but not limited to various mobile devices, we will store small data files called cookies on the end user's device to ensure the normal operation of the system. Cookies usually contain identifiers, site names, and some numbers and characters. The main function of cookies is to provide more considerate personalized services for end users, and allow users to set specific service options.

When the end user uses the products and/or services integrated with the Shence SDK, we will send cookies to the end user's device. Cookies (or other anonymous identifiers) and send the above cookies directly to the Shence cluster purchased by the developer.

We will not use cookies for any purpose other than those stated in this statement. End users can manage or delete cookies according to their preferences. End users can clear all cookies saved on their computers. Most web browsers are equipped with the function of blocking cookies. However, if the end user does so, he or she needs to change the settings of the end user personally every time he or she accesses the products and services of the integrated Shence SDK. However, the end user may not be able to log in or use the services or functions provided by the developer that depend on cookies because of such modifications.

three How do we share, transfer and publicly disclose the personal information of end users

When end users use products and/or services integrated with the Shence SDK, the information collected through the Shence SDK is stored in the Shence cluster (including private deployment and SaaS version) purchased by developers. We have no access to user personal data, and do not involve the sharing, transfer, and public disclosure of end users' personal information.

four How do we save personal information of end users

We strictly abide by relevant laws and regulations, take reasonable and feasible measures recognized by the industry, provide developers with the ability to protect end-user personal information, prevent unauthorized access, disclosure, use, modification of information, and avoid information damage or loss.

4.1. Shelf life

When an end user uses the products and/or services integrated with the Shence SDK, the Shence cluster purchased by the developer and its associated server are responsible for storing the end user's personal information. The developer should save the information according to the requirements of laws and regulations, and please ensure that the personal information of the end user is deleted or anonymized after it exceeds the retention period.

4.2. Save Region

The personal information of end users collected by developers is stored on the Shence cluster and its associated servers. Developers shall store personal information in strict accordance with laws and regulations (such as storing personal information collected in China in China).

five How do we ensure the security of end users' personal information

5.1. Product safety measures

  1. In the process of product development, we strictly follow the security development lifecycle process management, embed security and privacy requirements in every stage of product development, and effectively reduce the number of product security vulnerabilities by implementing various security control measures, so as to reduce the actual security risk as much as possible, so as to build a more secure product.
  2. In addition to regular security testing of products, we also invite professional security manufacturers in the industry to conduct mass testing and practical attack and defense drills to discover potential security vulnerabilities of products from multiple perspectives, improve the overall security of products and bring value to customers.

5.2. Vulnerability management measures

We have a sound vulnerability management strategy, which monitors internal/external security vulnerabilities and threat intelligence through various means, studies, judges and disposes of product vulnerabilities and threat intelligence involved, and conducts vulnerability life-cycle management in strict accordance with the process mechanism of "responsibility to people, timeliness expediting, and process visualization" to ensure that all vulnerabilities can be solved in a timely manner.

5.3. Personal information security

Focusing on the collection, transmission, storage, use, deletion and other life cycle links of personal information processing, Shence products provide a series of technical means such as collection delay initialization, data encryption, data watermark, data desensitization, etc. to ensure the security and compliance of personal information. When integrating Shence SDK, developers can, Select appropriate protection means to ensure the security of terminal customer's personal information, see: Our security measures

5.4. Security incident handling

  1. We will try our best to ensure the security of Shence products and the security of the end user's personal information collected using the Shence SDK. However, please understand that due to technical restrictions and various malicious means that may exist in the Internet industry, it is impossible to always guarantee 100% security of information. In order to prevent the occurrence of security accidents, we will develop an emergency plan for network security incidents, timely assist developers to deal with security risks such as system vulnerabilities, computer viruses, network attacks, network intrusion, and take corresponding remedial measures to minimize losses.
  2. After an unfortunate personal information security incident, we recommend that the developer inform the end user of the basic situation and possible impact of the security incident, the handling measures taken or to be taken by the developer, the risk that the end user can independently prevent and reduce, and the remedial measures for the end user in accordance with the requirements of laws and regulations. The developer shall timely inform the user of the relevant information of the event in terms of the reserved contact information of the end user, such as in station notification, SMS notification, telephone, e-mail, etc. If it is difficult to inform one by one, the developer shall take reasonable and effective ways to publish the announcement.
  3. At the same time, developers should actively report the disposition of personal information security incidents in accordance with the requirements of regulatory authorities, and closely cooperate with the work of government agencies.

six How do we enable end users to have the right to manage personal information

We attach great importance to developers and end users' attention to personal information. Here:

6.1. For developers

In view of the developer's direct obligation to respond to the user's personal information request, the developer shall: According to the actual situation of its integrated Shence SDK, provide and clarify the functions and ways for users to view, copy, modify, delete personal information, withdraw consent, transfer personal information, restrict personal information processing, obtain copies of personal information, and cancel their accounts.

6.2. For end users

Since the end user is not our direct user, and there is no direct interactive function interface with Shence SDK, we have asked the third-party developers to promise to provide user-friendly functions and ways to realize user rights to ensure the realization of your rights. If you need to view, copy, modify, delete their relevant personal information, withdraw consent, restrict personal information processing, obtain copies of personal information, and cancel your account, you can achieve your personal information needs through the above functions provided by third-party developers.

Please note that it is difficult for us to control the behavior of third-party developers. If the developers fail to provide as promised, you can contact us through the way in Article 10 of this statement, and we will try our best to coordinate, support and guarantee the realization of the rights of end users.

seven How do we deal with children 's personal information

We attach great importance to the protection of minor user information. Shence SDK products and/or services are mainly for enterprises and adults. We do not accept children to register as our users, and we do not accept in principle that you provide personal information for end-users under the age of 14. Please pay attention and carefully provide it. Although local laws and customs have different definitions of children, we regard anyone under the age of 14 as a child. If we collect personal information from children under the age of 14 without our knowledge, we will delete relevant data in a timely manner, unless we are required by law to retain such data.

If you think we have collected information from children under the age of 14 by mistake or accident, please contact us in time: mkt@sensorsdata.com         。

If your app is designed and developed for children under the age of 14, please make sure that your end user is the guardian, has read and agreed to the privacy policy of the app, and is authorized to agree to provide children's personal information to us to realize the relevant functions of the app.

eight How we update and revise this statement

We reserve the right to update this statement in due course. Without your explicit consent, we will not change your rights under this statement. If this statement is updated due to Shence SDK functions and other reasons, we will notify you through website announcements and other means, so that you can timely understand any changes made to this statement.

If you are a third-party developer, you should update the privacy policy in a timely manner and inform the App and other end users through pop ups when the updated statement has significant changes to the processing of end user personal information. If the end user does not agree to accept the modified privacy policy, please stop using the products and/or services integrated with Shence SDK. If the end user continues to use the products and/or services of the integrated Shence SDK, it will be deemed to accept our changes to the relevant terms of this statement.

nine other

Shence Privacy Policy It is a general privacy clause uniformly applicable to our products and services. The user rights and information security protection measures specified therein are applicable to Shence SDK users. When you use the products and/or services provided by Shence SDK, such as Shence Privacy Policy In case of any inconsistency or contradiction with this statement, this statement shall prevail.

ten How to contact us

We have set up a special privacy protection organization and privacy protection principal. If you have any opinions or suggestions on this statement, or even any disputes arising from this statement, you can go through mkt@sensorsdata.com Contact Shence's privacy protection agency, and we will arrange the commissioner to provide you with advice or coordinate to solve your complaints and grievances in a timely manner.   Generally, we will reply within 15 working days.

In order to ensure that we can deal with your problems efficiently and give you feedback in a timely manner, you need to submit valid identification, valid contact information, written request and relevant evidence to us. We will process your request after verifying your identity.

If you are not satisfied with our reply or handling opinions, you agree here Beijing Arbitration Commission applies for arbitration The arbitration excludes the jurisdiction of the court.

eleven Terminology

Specific words used in this statement have the following meanings:

(1) Associated company: any company subject within the scope of consolidated statements of Shence Network Technology (Beijing) Co., Ltd., any of the above companies is or will be controlled, controlled or under common control with them.

(2) Control: refers to the ability to directly or indirectly influence the management of the mentioned company, whether through ownership, voting shares, contracts or other legally recognized ways.

(3) You refer to registered users of our products and/or services, including developers and operators of products and/or services integrated with Shence SDK, and end users of products and/or services integrated with Shence SDK.

(4) Personal information: refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. Personal information includes personal basic information, personal identity information, personal biometric information, network identity information, personal health physiological information, personal education work information, personal property information, personal communication information, contact information, personal Internet access records, personal common equipment information, personal location information, etc. For the avoidance of doubt, personal information includes but is not limited to personal sensitive information.

(5) Personal information subject: refers to the natural person identified by personal information.

(6) Personal sensitive information: refers to personal information that, once disclosed, illegally provided or abused, may endanger personal and property safety, and may easily lead to damage to personal reputation, physical and mental health or discriminatory treatment. Personal sensitive information includes personal property information, personal health physiological information, personal biometric information, personal identity information, network identity information, etc.

(7) De identification: refers to the process of technical processing of personal information so that it can not identify the subject of personal information without the help of additional information.

(8) Anonymization: refers to the process of making the subject of personal information unrecognized and the processed information unrecoverable through the technical processing of personal information.

(9) China or within China: refers to the mainland region of the People's Republic of China. For the purpose of this declaration only, it does not include Hong Kong Special Administrative Region, Macao Special Administrative Region and Taiwan.