Privacy Policy

Our Privacy Policy (hereinafter referred to as the “Policy”) was issued and took effect on [10 ] [22 ], 2025.

Please take some time to familiarize yourself with the Policy. For any question, please feel free to contact us.

About Us

Shanghai Imilab Technology Co., Ltd. (hereinafter referred to as “Imilab” or “we”) and its affiliates take your privacy very seriously. The Policy is intended to provide customer (hereinafter referred to as “user” or “you”) with a comprehensive explanation of how we collect, use, disclose, store, protect, and delete your personal information when you use this App and related services, while also ensuring that you retain control over the information you provide to us.

About the Policy

The Policy specifies how Imilab handles the information you provide to us through this App when using our products and/or services. We hereby commit to protect the privacy, confidentiality and security of your personal information in strict compliance with the requirements of applicable laws (For example: Personal Data Protection Act of Singapore, Personal Information Protection Law of China, General Data Protection Regulation (GDPR) of the European Union, California Consumer Privacy Act (CCPA), etc. ).

Unless otherwise specified under the applicable laws in your region, “personal information” in the Policy refers to various types of information recorded electronically or by other means that related to an identified or identifiable natural persons, but excluding any anonymized information. Where required by applicable laws, personal information shall also include sensitive personal data or information. We will strictly comply with this Policy when using such information.

We aim to provide you with a better experience. In case of any questions or suggestions about the Policy, please feel free to contact us by email to cm-privacy@imilab.com.

I. Information We Collect and How it is Used

(I) Circumstance where you should authorize us to collect and use your personal information

We collect personal information on the principle of legitimacy, legality, and necessity for the purpose of providing you with our products and/or services and will strictly comply with relevant laws and regulations. You are entitled to provide such information at your own discretion, however in most cases, if you refuse to provide it, we may not be able to offer you the corresponding services or address the issues you encounter. These functions include:

(1) Smart Device Connection

To provide you with the App services and enable you to securely connect and manage smart devices, we may collect your Wi-Fi information, location information, login account information, mobile phone-related information and smart device-related information as well as the correlation between your Imilab account and smart devices. Such information will be used to provide you with functions including quick connection, connection, nearby device discovery and device management for smart devices. The information above is detailed as follows:

Login account information: Imilab account number, nickname and avatar information.
Mobile phone-related information: hardware device identifiers (OAID, Mac address and Android ID), phone model, system version information, system language, country or region set out on the phone, app store version number, mobile phone screen size and resolution, as well as CPU and display device-related information.
Device related information: information about the hardware, performance, status, etc. of your device, including device name, device ID (DID), firmware version, installation location (such as in the living room), time zone, security code (if any) for viewing the device, electric quantity of the device, as well as memory card information (errors, remaining storage, recording mode).
Information about device settings: we may collect information about device settings, including information about dormancy settings, image settings, night vision settings, home surveillance assistant settings (sensitivity, home surveillance period, shooting interval, push settings), floating window play and cloud platform calibration.
Information collected during smart device connection: based on the type of smart device you want to connect, the following information may be collected:
- Smart devices connected over Wi-Fi: Wi-Fi information (SSID, BSSID, Wi-Fi Mac address and Wi-Fi password), Mac address of the device, device ID, device model, device ID (DID), device name, device status, Wi-Fi connection mode (LAN mode or remote mode), IP address assigned to the device, Wi-Fi signal strength, received Wi-Fi signal strength indicator (RSSI).
- Smart devices connected over Wi-Fi after establishing a local connection over Bluetooth: Wi-Fi information (SSID, BSSID, Wi-Fi Mac address and Wi-Fi password), Mac address of the device, device ID, device model, device ID (DID), device name, device status, Bluetooth signal strength, Wi-Fi connection mode (LAN mode or remote mode), IP address assigned to the device, Wi-Fi signal strength, received Wi-Fi signal strength indicator (RSSI).
- Smart devices connected over Bluetooth: device name, device status, Bluetooth signal strength, IP address assigned to the device, Bluetooth Mac address.

(2) Device Sharing

We support you in sharing your smart devices with others for joint use through your Imilab account. After a device is shared, the shared user can also control that smart device.

To provide you with this function, we may collect the following information: your account ID, the shared user’s account ID and information about the shared device (device ID, device name, authentication key of the device, the sharing status of the device). The aforementioned information will be used to provide you with the service of “sharing devices with other Imilab account users for joint control and use,” as well as to display the sharing status of devices on the device list page.

(3) App and Smart Hardware Upgrade

To ensure you to enjoy the latest App services, we may use the version information of your App and phone model to provide you with App upgrade services. Meanwhile, we may collect the list of smart devices you have connected and their version number information. The information is used to provide you with smart device update functionality, ensuring you can use the latest version of services (including the firmware versions).

(4) Device Binding and Data Synchronization

To synchronize data, enable the device to receive plug-in commands, and upload data to the server (applicable only to certain functions/services), we will collect account ID, location information, device-related information (MAC address, IP address), and network information (user's WiFi account and password, IP address).

(5) Viewing Real-time Image

You can view the real-time image at any time through the mobile App. To enable this, we will collect the information about timestamp of the current image, playback network speed, image quality option and volume level. In addition, you may snap screenshots/record videos of the current real-time image. Such screenshots/recorded videos are only stored on your mobile device and will not be uploaded to any server. You can also control the angle (of the device/camera) using the direction keys. For this purpose, we will send your control commands to the device.

(6) Home Surveillance Assistant

You can choose to enable or disable the home surveillance assistant function. When enabled, the device will trigger video recording if there are image changes, human movements or similar activities within the detection range of the device’s camera. You can also set: the distance (in meters) from the door within which human presence will trigger video recording, the start and end times of home surveillance, and the shooting interval to avoid disturbances from the same event. You can view such recordings online via your mobile device. To support this, we will collect information about your settings including sensitivity, home surveillance time periods, shooting interval, and image change push notification on/off, as well as your recording information (recorded voice, recording start time and recording duration). If you use a memory card, you may also choose to store the recordings on the memory card in the recording mode you have set.

(7) Video Playback

You can view different types of recordings within the plug-in. To enable this, we will collect the event information that triggers recording and the corresponding video files, encrypt them and store them on secure servers. You can download, view or delete the recordings at any time within the specified period; you may also extend the recording storage period or view recordings from earlier dates by upgrading your membership tier. To support this, we will collect your network information (IP address) and membership information (account ID).

(8) Memory Card Management

You may choose to store recordings on a memory card for convenient viewing at any time. If the storage space of the memory card is insufficient, newly recorded videos will automatically overwrite old ones; you can manage the recordings stored on the memory card within the plug-in as needed. To support this, we will collect memory card-related information (including the memory card’s abnormal state, remaining capacity, and recording mode).

(9) Two-way Chat

You can view real-time footage within the plug-in and communicate with others via the two-way chat function. We do not collect the content of your conversation by default, unless you choose to record the current real-time footage (which will be stored locally on your mobile device) before or during your use of the two-way chat function. However, under no circumstances will we attempt to access or identify the content of your conversations.

(10) Sending Notifications

The device will send notifications based on triggered events. For example, when there is a change in the footage, you can enable the push function for such notifications, and the notifications will then be sent to your mobile device. To support this, we will collect your push notification settings. You can disable the push function via the path: “Settings - Home surveillance settings - Alarm message push”.

(11) Function Analysis and Improvement

Based on the specific permissions you grant during software installation and usage, we will receive and record information regarding the mobile devices you use to optimize the relevant functions of the App and analyze abnormal function conditions. This includes Software & hardware characteristic information of your mobile device, such as its model, operating system version, device settings, operating environment, MAC address, IMEI, IDFA, and other device identifiers; location-related information of your mobile device, including GPS location you authorized, as well as sensor information such as WLAN access points, Bluetooth, base stations. We will also record information about the smart devices you use or share (such as information about the smart devices that have completed network configuration through our services). This information includes the device model, operating system version, device settings, device operating environment, type of operational functions (e.g., turn on, turn off, etc.), MAC address, IMEI, IDFA, and other device identifiers and other software & hardware characteristic information.

In addition, we may collect your key operational behavior records, crash analysis data, and device information (including unique device identifiers). Before collecting such data, the App will display a pop-up notification, and upon your consent, we will collect and automatically upload the data.

(12) Fault Analysis

To resolve faults such as App crashes and anomalies, when you use our services, we will automatically collect details of your service usage (including collection while the App is running in the background) and store this information as relevant network logs in the cloud for aggregated analysis. The collected information includes: your account information, device information, App version, IP address, telecommunication operator, language used, location, access date and time; and error logs generated when the device malfunctions.

(13) Use of Gyroscope Sensor

The App collects information related to the gyroscope sensor and acceleration sensor in the user's mobile phone to ensure the normal operation of the video playback function.

(II) Scenarios where you may choose whether to authorize us to collect and use your personal information

To help you better enjoy the services such as smart device control and management provided by the App, your personal information may be collected and used in the additional functions below. Even if you do not provide this personal information, you can still use the basic services of the App, but you may not be able to use the additional functions that can bring convenience to you. These additional functions include:

(1) User Feedback

We may collect the feedback questions, feedback logs you send to us, as well as the email address you fill in. Such information will be used to help us better understand the issues you encounter and to contact you.

(2) Login Via Third-party Account

We may obtain your third-party account information (such as account ID, profile picture, nickname and other information shown on the page) from the third party upon your authorization. After binding, you can directly log in and use our products and/or services through this third-party account. We will only use your relevant information within the scope of your consent.

(3) Advertising Impact Evaluation and Personalized Recommendations

To evaluate the effectiveness of advertising campaigns and provide you with personalized recommendation services that better align with your needs, we may collect and use the following information:

Information about your mobile device, including the mobile device model, operating system version, device settings, device operating environment, MAC address, IP address, IMEI, IDFA, and other device identifiers, as well as other hardware and software characteristic information; and location-related information of the device (this information is collected only with your authorization, including GPS location information you actively permit, and location-related data associated with sensors such as WLAN access points, Bluetooth, and base stations);
Information about smart devices you use or authorize us to share (e.g., information about smart devices that have completed network configuration through our products or services), including the smart device model, operating system version, device settings, device operating environment, types of operable functions (such as device on/off control), MAC address, IMEI, IDFA, and other device identifiers, as well as other hardware and software characteristic information.

(III) Circumstances where your consent is not required

In accordance with applicable law, we may collect and use your personal information without your consent in the following circumstances:

Where it is for responding to emergencies that threaten life, health or safety, or for preventing public safety risks;
Where it is for specified scenarios such as assessing an individual’s suitability (e.g., background checks for job applications), addressing legal proceedings, recovering debts, or managing employment relationships;
Where the personal information falls within the scope of "generally available to the public" (e.g., information observable in public places, information published through public channels) and is not made public due to non-compliant acts;
Where personal information collected in compliance with regulations is used to improve, enhance or develop new goods or services, and such purpose cannot be reasonably achieved through data analysis in a non-identifiable form;
Where it is for research that serves the public interest, the research purpose cannot be reasonably achieved through non-identifiable data, the research results will not be used to make decisions affecting individuals, and the results will be de-identified when published;
Where the collection, use or disclosure of personal information is required by mandatory provisions of other laws (e.g., the Anti-Money Laundering Act).

(IV) Processing of non-personal information

We may also collect other information that can not identify a specific individual (i.e., information that does not constitute personal information), such as statistical data generated when you use a specific service (including user operations behaviors, e.g., clicks, page navigations, browsing duration, etc.). The purpose of collecting such information is to improve the services we provide to you. The type and quantity of the information collected depend on the specific way you use our products and/or services.

We will aggregate such information to help us provide customers with more valuable information and understand which parts of our products and services are of most attractive to our customers. For the purposes of this Policy, aggregated data is deemed non-personal information. If we use non-personal information in combination with personal information, the combined information will be deemed personal information in its entirety during such combination.

II. How Do We Use Cookies and Similar Technologies

The scope of application of this Policy is limited to the personal information we collect and process when providing services to you through the App. It does not currently include personal information collected through websites, nor does it involve associating information collected via websites with this App for use. Therefore, the App does not utilize website-based Cookie technologies at present.

That said, while the App does not use website Cookies, it may use software development kits (SDKs) provided by third-party service providers or other similar technologies (such as pixel tags, web beacons, etc.). These third-party SDKs may collect relevant information about you to enable specific functions (e.g., third-party account login or sharing, payment services, push notifications, advertising delivery, advertising monitoring, data analysis, etc.).

It should be noted that each third-party service provider has its own independent privacy policy, which clearly specifies the specific rules for how they collect, use, and protect your personal information. We recommend that you carefully read and understand these third parties’ privacy policies before using the relevant functions.

Please also note: We will conduct a strict assessment of the compliance of third-party SDKs and sign data processing related agreements with these third parties. These agreements require them to take necessary security measures in accordance with laws and regulations to protect the security of your personal information. You can query specific information about each SDK through the List of Third-Party SDKs (Appendix) we provide.

III. How Do We Disclose Your Personal Information

We will never transfer any of your personal information to any third party. However, if you expressly consent to the transfer or if Imilab undergoes business reorganization, merger, division, acquisition, bankruptcy, etc., where personal information transfer is involved, we will require the company or organization that newly holds your personal information to continue abiding by the Policy. If the new entity fails to meet this requirement, we will require it to obtain your consent again.

We may occasionally disclose your personal information to third parties (as described below) to provide you with the products and/or services you have requested.

We may disclose your personal information to the third-party service providers listed later in this section. In all circumstances described in this section, you can rest assured that Imilab will only share your personal information according to your authorization. Your authorization to Imilab will cover various sub-processors that process your personal information. You should be aware that, in any of the circumstances described below, when Imilab shares your personal information with third-party service providers, Imilab will clearly specify the third parties’ operating standards and obligations through contracts to ensure they comply with applicable local data protection laws and regulations. Meanwhile, Imilab will require third-party service providers, through contracts, to comply with the privacy standards applicable to them in your jurisdiction.

(I) Sharing with third-party service providers

To ensure the smooth operation of our business and provide you with the complete functions of our products and services, we may disclose your personal information to our third-party service providers (including hardware partners, distributors, data centers, data storage institutions, advertising and promotion service providers; collectively referred to as "third-party service providers" below). For example, to provide you with after-sales services, we will share information such as your device’s online status, device MAC address, mobile phone number, and email address with our hardware partners and distributors.

Such third-party service providers may process your personal information on behalf of Imilab or for one or more of the above-mentioned purposes. If you no longer allow us to share such information, you may contact us by sending an email to cm-privacy@imilab.com.

(II) Sharing with other entities

When explicitly required by applicable laws, Imilab may disclose your personal information without obtaining your further consent.

(III) Information shared without consent

We may share anonymized information with third parties (e.g. advertising agency on our website) in an aggregated form for business purpose. For instance, we may share general usage trends of our services with them, including statistical data such as the quantity of customers among specific groups who purchase particular products or conduct specific transactions.

For the avoidance of doubt, Imilab may collect, use or disclose your personal information without your consent to the extent and in circumstances explicitly permitted by local data protection laws (for example, to comply with a subpoena). Additionally, if we have reasonable grounds to believe that disclosure is necessary to protect our legitimate rights, ensure the safety of you or others, investigate fraud or respond to lawful request from government authorities, we may also disclose your information without obtaining your consent.

IV. Security Measures

(I) Imilab’s safety measures

We are committed to safeguarding the security of your personal information. To prevent unauthorized access, disclosure or other similar risks, we have established reasonable physical, electronic and administrative measures to protect the information collected from you when you use the App. We will take all reasonable measures to ensure the security of your personal information.

When you send or receive information from Imilab devices to our servers, we ensure that such information is encrypted using Secure Sockets Layer (SSL) and other encryption algorithms.

Your personal information is stored on secure servers and protected in a controlled environment. We classify information based on importance and sensitivity, and ensure your personal information is afforded the highest security level. For employees and third-party service providers who need to access this information to assist in providing products and services to you, we require them to assume strict contractual confidentiality obligations; failure to fulfill such obligations will result in disciplinary action against the relevant party or termination of cooperation. Similarly, for cloud-based data storage, we have also implemented specialized access control measures. In summary, we regularly review operations related to the collection,storage, and processing of information (including physical security measures) to prevent any unauthorized access and use.

We will take all feasible measures to protect your personal information. However, you should be aware that the use of Internet is not always secure; therefore, we cannot guarantee the security or integrity of personal information during bidirectional transmission over the Internet.

In the event of a personal information breach, we will take corresponding measures, such as reporting the breach to regulatory authorities as required by law; in some cases, we will also notify the data subject of personal formation breach in accordance with applicable laws (including data protection laws in your region).

(II) Protective measures you can take

You may proactively participate in the protection of your personal information: please do not disclose your login password or account information to anyone (except for the person who has obtained your formal authorization). Whenever you log in as a Imilab account user --- especially when logging in on another person’s computer or a public Internet terminal --- be sure to log out of your account after the session ends.

Imilab shall not be liable for security issues caused by unauthorized access to your personal information by third parties due to your failure to properly safeguard your personal information (disclosing your password). Notwithstanding the above provisions, if you discover any unauthorized use of your account or any other security vulnerabilities, you should notify us immediately.

Your active cooperation will help us better protect the confidentiality of your personal information.

V. Personal Information Retention Policy

The retention period of your personal information shall be based on the time necessary to achieve the purpose for which the personal information was collected, or comply with the retention period specified by applicable laws. When the purpose of collecting personal information is fulfilled, or after we confirm your request for deletion or account cancellation, or after we terminate the operation of the corresponding products or services, we will no longer retain your personal information and will delete or anonymize the personal information.

If the further processing and archiving of information is for public interests, or for the scientific or historical research purposes or for statistical purposes in accordance with applicable laws (even if the purpose of further information processing is inconsistent with the original purposes), we may still retain the relevant data in accordance with the law.

VI. Accessing Other Functions of Your Device

With such information, our application program could be run on your device and interact with you. Our App may access certain functions on your device. The collection of such information is intended to ensure the App operates properly on your device and to enable you to interact with the App. The specific permissions are as follows:

Permission	Purpose
Access to Geolocation	Used for scanning the list of nearby Wi-Fi networks, searching for nearby devices, and configuring network connections.
Access to Camera	Used for scanning QR codes to add devices.
Access to Photo Library	Used for reading and writing photos and files on the device in functions such as QR code scanning, file saving, and user feedback.
Access to Microphone	When you have bound a camera device, it is used for functions such as video intercom and audio pickup for voice commands.
Bluetooth	Used for device addition, App connection to devices, and network configuration.
Access to Advertising Identifier	Used to quickly identify suitable products when you use the App.
Clipboard Access	Used to identify and quickly copy relevant passcodes or other information.

VII. Your Rights

(I) Control Settings

Imilab understands that individuals have different concerns regarding privacy rights. Therefore, we provide multiple options for you to restrict the collection, use, disclosure or processing of your personal information, while allowing you to independently control your privacy settings. These options specifically include:

Logging in to or logging out of Imilab account;
In the App, modifying your personal information (e.g., nickname, mobile phone number, avatar, etc.) via the path "Me - Personal Information".
Enabling or disabling the motion detection function.

If you have previously consented to our use of your personal information, you may contact us at any time by sending an email to cm-privacy@imilab.com to change your authorization decision.

(II) Accessing, Updating, Correcting or Erasing Your Personal Information

You have the right to request access to and/or correction of the personal information we hold about you. When you apply to update your personal information, we will first verify your identity before processing your request to ensure information security. Once we have obtained sufficient information to deal with your request for accessing or correcting your personal information, we will respond to your request within a reasonable period as specified by applicable laws.

Upon your request, we may provide you with a free copy of your personal information we have collected and processed. For any additional request for the same information, we may charge a reasonable fee as per the actual administrative expenses in accordance with applicable laws.

If you wish to access the personal information we hold about you, or if you believe the personal information held by us is inaccurate or incomplete, you may contact us by email to cm-privacy@imilab.com.

Under the following circumstances, you have the right to request Imilab to delete your personal information:

We have collected your personal information without your consent;
Our processing of your personal information violates the provisions of laws and regulations;
We used or processed your personal information in violation of our agreement with you;
You have canceled your Imilab account, uninstalled or ceased using our products or services;
We have terminated the provision of services to you.

You may request the deletion of your personal information by sending an email to cm-privacy@imilab.com and we will respond within 10 days. After you delete the relevant information (either by yourself or with our assistance), due to applicable legal restrictions and security technology limitations, we may not be able to immediately delete the corresponding information from our backup system. In such cases, we will securely store your personal information and isolate it from any subsequent processing activities until the backup can be cleared or information is anonymized. For example, in accordance with the E-Commerce Law of the People’s Republic of China, the retention time of information about your products, services and transactions shall not be less than three years from the date when the transaction is completed.

We reserve the right to refuse the following types of requests: requests that are insubstantial or repetitively harassing; requests that may infringe on the privacy rights of others; requests that are extremely unrealistic or require disproportionate technical costs; requests that are not required to be responded to under local laws; and requests involving information that has been made public or provided under confidential conditions. We may also refuse requests for data deletion or access if we believe such requests would prevent us from lawfully and reasonably using the data for anti-fraud and security purposes.

For more details about your personal information in Imilab account, you may log in to your account via your device to access and modify it on your own.

(III) Withdrawing Consent

You may withdraw your consent by submitting a request, including withdrawing consent for our collection, use, and/or disclosure of your personal information that we hold or control. Depending on the specific service you use, you may handle the relevant process by sending an email to cm-privacy@imilab.com. We will deal with your request within a reasonable period after you submit it, and upon completion of the request, we will no longer collect, use, and/or disclose your personal information.
Please note that withdrawing consent may lead to certain legal consequences. Based on the scope of your previous authorization for us to process your personal information, this may result in your inability to use some or all of the Imilab products and/or services normally. However, your decision to withdraw consent or authorization will not affect the legality of personal information processing activities that have already been conducted based on your valid prior authorization.

(IV) Account Cancellation

If you wish to close your Imilab account, you may complete the corresponding cancellation procedures through “Me - About- Legal Information - Revoke Authorization” in the App. You may also contact us by sending an email to cm-privacy@imilab.com, and execute corresponding processes as instructed in the e-mail. Please be sure to pay attention to the relevant matters stated in the e-mail. After we verify your identity and formally start the account cancellation procedures for you, we will immediately stop providing products or services to you. In accordance with the provisions of relevant laws and regulations, we will handle your personal information by means of deletion, anonymization, or other methods permitted by laws and regulations (except where otherwise provided by laws and regulations or required by regulatory authorities; for example, in accordance with the Cybersecurity Law of the People’s Republic of China, your network operation logs must be retained for at least six months.)

Please note that, after account cancellation, you will no longer be able to use Imilab’s products and services.

VIII. Transfer of Personal Information Outside Your Jurisdiction

Imilab processes and backs up personal information through its operational and control facilities worldwide. Currently, Imilab has established data centers in Singapore and China. For the purposes described in the Policy, your personal information may be transmitted to the aforementioned data centers in accordance with applicable laws.

Subject to compliance with applicable laws, we may also transmit your personal information to our third-party service providers and business partners. Therefore, your information may also be transmitted to other countries or regions. It is important to note that the personal information protection standards of the jurisdictions where these global facilities are located may differ from those of your jurisdiction. Due to differences in local data protection laws, there may be certain risks associated with information transmission. However, this does not change our commitment to complying with this Policy and protecting the security of your personal information.

In particular,

All personal information collected and generated by us during operations within Singapore is stored in data centers located in Singapore.
All personal information collected and generated by us during operations within the Chinese mainland is stored in data centers located in the Chinese mainland.

If it is necessary to transfer your personal information outside your jurisdiction (whether to our affiliates or to third-party service providers), we will strictly comply with relevant applicable laws and implement unified security measures to ensure that all such transfers meet the requirements of the applicable data protection laws. You may contact us by sending an email to cm-privacy@imilab.com to learn about the specific protection measures we have adopted for the transmission of your personal information.

If we transfer the personal information generated within the European Economic Area (EEA) to relevant institutions or third-party service providers of Imilab outside EEA, we will conduct the transfer according to the security protection mechanism set out in the EU Standard Contractual Clauses(SCCs) or other security protection mechanisms specified in the General Data Protection Regulation (GDPR). You have the right to contact us via cm-privacy@imilab.com to learn about security protection mechanisms we have established or to request a copy of the Standard Contractual Clauses.

IX. Protection of Minors’ Personal Information

We believe that it is the responsibility of parents or other guardians to supervise minors’ use of our products and services. This Policy does not require the collection of minors’ personal information, nor does it send any promotional materials to minors.

Imilab will not proactively seek or attempt to obtain any personal information of minors. If parents or other guardians have reasonable grounds to believe that a minor has provided personal information to Imilab without their prior consent or without being able to fully understand this Policy, please contact us promptly. We will assist in deleting such personal information and ensure that the minor unsubscribe from all applicable Imilab services.

X. Updates to the Privacy Policy

We will conduct regular reviews of this Policy. If there are changes to our personal information processing practices, we may update this Policy. In the event of major changes to this Policy, we will notify you through the following methods: sending an email to the email address bound to your account, posting a notice within the App, or pushing a notification to your mobile device—this ensures you are promptly informed of changes to the scope of information we collect and how we use it. Such changes to the Policy will take formal effect from the effective date specified in the notification.

We recommend that you review this Policy periodically to obtain the latest information about our privacy protection practices. If you continue to use our products and services, it will be deemed that you have accepted the updated Privacy Policy. Additionally, if we need to collect more personal information from you, or use or disclose the personal information you have already provided for new processing purposes, we will obtain your consent again.

XI. Third Party Websites and Services

The Policy does not apply to the products and services provided by any third party. The products and services of Imilab may include third-party products, services, as well as links to third-party websites. When you use these third-party products or services, the third party may also collect your personal information. Therefore, we strongly recommend that you take the time to carefully read the third party's privacy policy, just as you read ours. We are not liable for how third parties use your personal information they have collected, nor can we control their usage behavior. It is important to note that our Privacy Policy does not apply to other websites you access via links redirected through our services.

If you use the extension services of these specific products on Imilab platform, the third-party’s terms of service and privacy policy shall apply. Please read their relevant provisions carefully and make appropriate choices based on your own needs.

Explanation of Auto-Start Function

To ensure that the App can still normally receive the broadcast information pushed by the client when it is closed or running in the background, the App needs to use the auto-start capability. This means the system will send broadcasts at a certain frequency to trigger the App's auto-start or associated start behavior. This operation is a necessary condition for the normal implementation of the App’s relevant functions and services.

XII. Contact Us

If you have any comments or questions about the Policy or if you have any inquiries about Imilab’s collection, use or disclosure of your personal information, please feel free to contact our Data Protection Officer via the address set forth below, and kindly indicate “Matters Related to Privacy Policy” in your communication:

Company Name: Shanghai Imilab Technology Co., Ltd.

Contact Address: 29/F, Building A, New Caohejing International Business Center, No. 391, Guiping Road, Xuhui District, Shanghai, China

Email Address: cm-privacy@imilab.com

Upon receipt of your inquiry, we will verify your identity first and deal with the issue you raised and reply to you in a timely manner. If your inquiry involves significant matters, we may request you to provide additional supplementary information. If you are not satisfied with our response --- especially when you believe our personal information processing activities infringed upon your legitimate rights and interests --- you may file a complaint with the relevant regulatory authority in your jurisdiction. If consulted, we will provide you with information about relevant complaint channels which may be applicable according to your actual situations.

Thanks for your time!

XIII. Special Section for Certain Jurisdictions

(I) European Union (EU)/European Economic Area (EEA) and the United Kingdom (UK)

This section applies to data subjects residing in the EU, EEA, or UK, and serves as a supplement to the provisions set forth in this Policy.

Data Subject Rights

This Policy was developed with full consideration of the transparency requirements for information under the GDPR. If you are an EU user or UK user subject to the GDPR, in addition to the data subject rights mentioned in Section VII of this Policy, you also have the following rights:

Right to Restrict Processing of Personal Information: You may request that we temporarily stop processing your personal information, or only allow the processing of your personal information for specific purposes or specific functions.
Right to Object to Processing of Personal Information: You may request that we stop processing your personal information for a specific purpose (e.g., use for marketing purposes).
Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions that are solely based on automated processing (including profiling) which may produce legal effects or similar significant impacts on you.
Right to Data Portability: You have the right to obtain your personal information in a structured, commonly used format and transmit it to another data controller.

Circumstances Where Consent Is Not Required for Processing Personal Information Under the GDPR

Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
Processing is necessary for compliance with a legal or regulatory obligation to which we are subject.
Processing is necessary to protect your vital interests or those of another natural person.
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Processing is necessary for the purposes of legitimate interests pursued by us or by a third party, provided such interests are not overridden by your fundamental rights and freedoms.

If you have any questions or comments regarding our Privacy Policy, this supplementary section, or the manner in which we collect and use your personal information, or if you wish to exercise your rights under the GDPR, please feel free to contact us at any time via: dpo@imilab.com.

(II) California, United States

This section applies to data subjects residing in California, United States, and serves as a supplement to the provisions set forth in this Policy.

If you are a user located in California, United States, in addition to the data subject rights mentioned in Section VII of this Policy, you also have the following rights:

Right to Data Portability: Within each calendar year, you may request from us, free of charge, a copy of (i) "the list of third parties to whom we disclosed your personal information for direct marketing purposes in the previous calendar year (if any)" and (ii) "the specific categories of personal information disclosed to these third parties." You may submit your request by contacting us via email at cm-privacy@imilab.com.
Right to Opt Out of Data Sale or Sharing: Imilab does not engage in the business of selling or disclosing personal information to third parties for their direct marketing purposes. However, we may occasionally share your personal information for our own marketing, advertising, and analytics purposes. If you do not want us to share your personal information, please contact us at privacy@imilab.com to process your request.

If you have any questions or comments regarding our Privacy Policy, this supplementary section, or the manner in which we collect and use your personal information, or if you wish to exercise your rights under California law, please feel free to contact us at any time via: privacy@imilab.com.

Appendix: List of Third-Party SDKs

The following provides information about third-party SDKs that may collect your personal information when you use our App:

SDK Name	Purpose of processing	Type of personal information collected	Privacy policy link
[Aliyun EMAS]	[For mobile push and crash analysis]	[Please refer to the privacy policy in the link]	https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202102011015_11746.html?spm=a2c4g.11186623.0.0.22f411ebBZQ2gv
[SDK for APP payment client] Developer: Alipay (Hangzhou) Information Technology Co., Ltd.	[Used for Android user payments]	[Device information (device screen density), device identifier (Android ID), network information (network type, current Wi-Fi connection information, BSSID, SSID, operator), application information (access to external storage card), installed application package names/application installation list/application list]	https://opendocs.alipay.com/open/54/01g6qm?pathHash=01459d85
[Apple]	[Used for third-party login or sharing]	[Please refer to the privacy policy in the link]	https://www.apple.com/legal/privacy/szh/
[Xiaomi Push] Developer: Beijing Xiaomi Mobile Software Co., Ltd.	[Used to send messages to Xiaomi mobile phone users]	[Please refer to the privacy policy in the link]	https://dev.mi.com/console/doc/detail?pId=1822
[Huawei Push SDK]	[Used to send messages to Huawei mobile phone users]	[Please refer to the privacy policy in the link]	https://consumer.huawei.com/cn/privacy/privacy-policy
[vivo PUSH-SDK] Developer: Vivo Mobile Communications Co., Ltd.	[Used to send messages to VIVO mobile phone users]	[Please refer to the privacy policy in the link]	https://dev.vivo.com.cn/documentCenter/doc/652
[OPPO PUSH Client SDK] Developer: Guangdong Huantai Technology Co., Ltd.	[Used to send messages to OPPO mobile phone users]	[Please refer to the privacy policy in the link]	https://open.oppomobile.com/new/developmentDoc/info?id=11228
[Tencent Turing Shield Risk Identification SDK]	[Advertising recommendations, attribution, and anti-cheating scenario statistics, e.g. false traffic identification, etc.]	[Hardware serial numbers, network status, system settings, system attributes, device models, operating systems, IP addresses, operator information, and identifiers such as OAID, IDFA, IDFV, etc. are collected and transmitted to the SDK by third-party developers based on actual conditions. The SDK processes this information using de-identification and encryption methods ]	Android version: https://privacy.qq.com/document/preview/5331f064a91a47eb93993fdacb91c8f7 IOS version: https://privacy.qq.com/document/preview/71da09a0402c439fac73f7b97f38f328
[Crash SDK] Developer: Guangzhou Dongjing Computer Technology Co., Ltd.	[For mobile push and crash analysis]	[Please refer to the privacy policy in the link]	https://yueying-docs.effirst.com/privacy.html
[Object Storage OSS] Developer: Alibaba Cloud Computing Co., Ltd.	[For mobile push and crash analysis]	[Please refer to the privacy policy in the link]	https://terms.alicdn.com/legal-agreement/terms/privacy_policy_full/20240202100310511/20240202100310511.html
[Crash Analysis] Developer: Hangzhou Alibaba Cloud Intelligent Technology Co., Ltd.	[Used for crash analysis]	[Please refer to the privacy policy in the link]	https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112071754_83380.html?spm=a2c4g.11186623.0.0.598730e5wsglWa
[Performance analysis] Developer: Hangzhou Alibaba Cloud Intelligent Technology Co., Ltd.	[Used for crash analysis]	[Please refer to the privacy policy in the link]	https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112071754_83380.html?spm=a2c4g.11186623.0.0.598730e5wsglWa
[Performance acceleration library] Developer: Huawei Software Technologies Co., Ltd.	[Used to send messages to Huawei mobile phone users]	[Please refer to the privacy policy in the link]	https://developer.huawei.com/consumer/cn/doc/development/graphics-Guides/sdk-data-security-0000001050700772
[Douyin SDK] Developer: Beijing Microbroadcast Vision Technology Co., Ltd.	[Advertising placement and anti-fraud]	[Please refer to the privacy policy in the link]	https://developer.open-douyin.com/docs/resource/zh-CN/dop/operation-standard/service-protocol/douyin-sdk-privacy-policy
[Mobile user feedback] Developer: Hangzhou Alibaba Cloud Intelligent Technology Co., Ltd.	[Used for crash analysis]	[Please refer to the privacy policy in the link]	https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112071754_83380.html?spm=a2c4g.11186623.0.0.598730e5wsglWa
[Remote Log] Developer: Hangzhou Alibaba Cloud Intelligent Technology Co., Ltd.	[Used for crash analysis]	[Please refer to the privacy policy in the link]	https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112071754_83380.html?spm=a2c4g.11186623.0.0.598730e5wsglWa
[PayPal] Developer: PayPal Pte. Ltd.	[Used for payment]	[Please refer to the privacy policy in the link]	https://www.paypal.com/c2/legalhub/paypal/home
[TradPlus] Developer: Shanghai Shiquan Network Technology Co., Ltd	[Advertising delivery, monitoring & attribution, and anti-Fraud]	[Please refer to the privacy policy in the link]	https://www.tradplusad.com/privacy-policy