As the developer and operator of the TalkingData SDK, Beijing Tendcloud Tianxia Technology Co. Ltd. and its affiliates (collectively referred to as "we/us" or "TalkingData") have always attached great importance to the protection of personal information and privacy rights. We recognize the importance of personal information to you and will do our utmost to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us, abiding by principles such as the principle of balancing rights with responsibilities, the principle of clear purpose, the principle of consent, the principle of minimum necessary, the principle of security, the principle of participation of personal information subjects, and the principle of openness and transparency. When you use products/services that use the TalkingData SDK (referred to as "host applications" below), we will adopt security protection measures in accordance with industry standards to protect your personal information. If you have any questions, comments, or suggestions, please reach out to us using one of the following contact methods:
E-Mail:support@tendcloud.com
Phone:400-870-1230Important Notice:The TalkingData SDK Privacy Policy only applies to the products and services we provide to host applications through the TalkingData SDK-Android, TalkingData SDK-iOS, and other versions of the SDK that we may provide or update from time to time (collectively referred to as "TalkingData SDK"), and does not apply to products and services provided by third parties through us or the TalkingData SDK. In such cases, we recommend that you carefully read and understand the third party's privacy policy.Please read the following privacy policy carefully to understand how we collect, use, store, and transfer information from or about you, especially the terms marked in bold. We strive to provide you with clear, understandable, and appropriate explanations so that you know your rights and can make informed choices after reading. Please note that if you do not agree to this privacy policy, you should immediately stop using the host application or exercise your right to refuse or withdraw consent through the approach disclosed in this privacy policy.Please ensure that you utilize the TalkingData SDK service in a legal and compliant manner, adhering to relevant laws, regulations, national standards, and regulatory requirements. The specific procedure is as follows:1.Please upgrade the TalkingData SDK to the latest version, and you can find the download link here:https://doc.talkingdata.com/posts/catalogue/10752.Please complete the SDK integration according to the "SDK Integration Document." TalkingData SDK performs preparatory work only during the initialization phase of the application, without collecting any data. You should ensure that you initiate the analytics capabilities of the TalkingData SDK based on reasonable business scenarios and in compliance with privacy policies, only after obtaining consent from end-users. For instructions on the latest version's initialization configuration and enabling analytics capabilities, please refer to the following links:Android:https://doc.talkingdata.com/posts/1025
iOS:https://doc.talkingdata.com/posts/1024This privacy policy will help you understand the following:I. How we collect and use your personal information
II. How we share, transfer, and publicly disclose your personal information
III. How we protect your personal information
IV. Your rights
V. How we handle children's personal information
VI. How your personal information is stored or transferred internationally
VII. Updates to this policy
VIII. How to contact usI. How we collect and use your personal information
Personal information refers to information recorded in electronic or other forms that is capable of, either by itself or in combination with other information, to identify the identity of a specific person or that specific person's activities. TalkingData SDK will only collect and use your personal information for the purposes described in this policy. Unless specifically stated, this service is only available to users in the mainland of the People's Republic of China (referred to as "PRC" below). If you are located outside of the mainland of the PRC, there may be different regulatory requirements for the collection, storage, use, sharing, and other processing of data and personal information in other jurisdictions. If applicable, you should also comply with relevant provisions of the "Overseas Personal Information Protection Compliance Commitment." When we use data for purposes not covered by this policy, we will ask for your consent in advance.When we use information collected for a specific purpose in a different way, we will also ask for your consent in advance.TalkingData SDK provides data statistics and analysis services for host applications, including but not limited to application statistics analysis and mobile advertisements monitoring. We will only collect your relevant data through technical means, based on the following needs and purposes of providing TalkingData SDK products and services commissioned by the developer or operator of the host application that you use. This is subject to the prerequisite that the afore mentioned developer or operator has obtained your full authorization and consent. The specifics are as follows:
| Product Functionality | Types of Data | Specific Data Fields | Processing Purposes |
| App Analysis | Mandatory | Fundamental personal information | Unique device identifiers (OAID and Android ID), IP address, IDFV, and IDFA | To generate de-identified unique identifiers for end-users, facilitating fundamental analysis. |
| Basic data concerning other aspects of applications, devices, and networks | SDK or API version, platform, timestamp, system file creation time, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, sensor information, application's NFC permission status (yes or no), device's NFC capability (yes or no), device's Bluetooth capability (yes or no), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language locale, mobile network/country code, time zone, hard disk, CPU, and battery usage information, network information (connectivity status of WiFi network or mobile network, connected WiFi BSSID or SSID information) | To conduct coarse-grained multidimensional analysis and provide data reports categorized by region and application version number. |
| Optional | Optional personal information | MEID, IMEI, or Mac information | To enhance the precision of end-user identification and identify fraudulent traffic. |
| Application list | To identify, analyze, and purge fraudulent traffic. |
| Location information (latitude and longitude, SystemID, NetworkID, and BasestationID) | To generate more precise location distribution reports and identify fraudulent traffic. |
| Ad Tracking | Mandatory | Fundamental personal information | Unique device identifiers (OAID and Android ID), IP address, IDFV, and IDFA | To generate de-identified unique identifiers for end-users, facilitating fundamental analysis. |
| Basic data concerning other aspects of applications, devices, and networks | SDK or API version, platform, timestamp, system file creation time, application identifier, application version, application distribution channel, application process information, application's IDFA authorization status, sensor information, application's NFC permission status (yes or no), device's NFC capability (yes or no), device's Bluetooth capability (yes or no), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language locale, mobile network/country code, time zone, hard disk, CPU, and battery usage information, network information (connectivity status of WiFi network or mobile network, connected WiFi BSSID or SSID information) | To conduct a coarse-grained multidimensional analysis, assess the effectiveness of advertising placements, identify, analyze, and purge fraudulent traffic. |
| Optional | Optional personal information | MEID, IMEI, or Mac information | To enhance the precision of user identification and identify fraudulent traffic. |
| Application list | To identify, analyze, and purge fraudulent traffic. |
| Location information (latitude and longitude, SystemID, NetworkID, and BasestationID) | To generate more precise location distribution reports and identify fraudulent traffic. |
If you do not wish for your above personal information to be collected, you can exercise your opt-out right through TalkingData's opt-out process. Once you exercise opt-out right, your personal information will not be collected or processed in any form, and we will not frequently require your consent. The Opt-Out link for TalkingData:http://www.talkingdata.com/optout.jsp?languagetype=en.You can also request to exercise your personal information rights to the host application developer. Upon receipt of the notification from the host application developer and verification of the legitimacy of the request, we will actively cooperate with the host application developer to respond to your request accordingly.1. Permission related to the collection of personal information
Due to different system requirements, the host application may need to obtain the following related permissions when using TalkingData SDK service to collect personal information.
Android: | Name of the Permission | Purpose of the Permission |
| INTERNET | To permit applications to establish online connectivity and transmit data. |
| ACCESS_NETWORK_STATE | To permit applications to check the connectivity status, and suspend data transmission in instances of network irregularities. |
| READ_PHONE_STATE | To generate de-identified unique identifiers for end-users. |
| ACCESS_WIFI_STATE | To generate de-identified unique identifiers for end-users. |
| WRITE_EXTERNAL_STORAGE | To store device information, and document logs. |
| ACCESS_FINE_LOCATION (optional) | To rectify end-user geographic distribution data, enhancing the precision of report data, and identify fraudulent traffic. |
| ACCESS_COARSE_LOCATION (optional) | To identify fraudulent traffic. |
| GET_TASKS (optional) | To enhance the precision in evaluating end-user engagement levels. |
iOS: | Name of the Permission | Purpose of the Permission |
| INTERNET | To permit applications to establish online connectivity and transmit data. |
| IDFA | To generate de-identified unique identifiers for end-users. |
| Location (optional) | To rectify end-user geographic distribution data, enhancing the precision of report data, and identify fraudulent traffic. |
| WIFI(optional) | To identify fraudulent traffic. |
You should be aware and confirm that we will only collect the above information if the host application has obtained your authorized consent.
If you do not wish to have the above information collected, you can refuse or withdraw your consent by turning off the corresponding permissions.2. Exceptions
Pursuant to relevant laws and regulations, it is not necessary to obtain your authorization to collect your personal information in the following cases:
1) Directly related to national security and national defense safety;
2) Directly related to public safety, public health, and major public interest;
3) Directly related to criminal investigation, prosecution, trial, and enforcement of judgments;
4) To protect material legal rights such as the lives and property of individuals or other individuals but fail to obtain the consent in time;
5) For the necessity of academic research, provided that the personal information contained in the results is de-identified when it makes the academic research or the descriptive results available;
6) The information collected is already made public by yourself;
7) The information collected is publicly and legally disclosed, such as legitimate news reports, government information disclosure or others;
8) To fulfill the contract you have signed;
9) To maintain stable operation of the products or services provided by TalkingData, such as discovering and disposing malfunction of products orservices;
10) Other circumstances as prescribed by laws and regulations.
II. How we share, transfer, and publicly disclose your personal information
1. Sharing
We do not share your personal information with any other company, organization,or individual except in the following cases:
1) We may share your personal information with other parties after obtaining your explicit consent;
2) We may share your personal information externally in accordance with laws and regulations, or as required by government authorities;
3) Sharing with our affiliates: Your personal information may be shared withTalkingData affiliates. We only share the necessary personal information and arebound by our Privacy Policy. If an affiliate wants to use your personal information in a different way, we will request your explicit consent;
Our affiliates include Suzhou Tendcloud Tianxia Technology Co. Ltd
4) Sharing with advertisers, ad networks, or other operators: We will cooperate with such authorized partners to use processed data from the TalkingData DMP platform for commercial use in various ways, such as using data to optimize addelivery and increase marketing effectiveness. We will not use personally identifiable information (including name, e-mail, or any contact information through which one can connect or identify an individual) or provide advertising and analysis unless we receive your permission. We will provide our partners with information about advertising coverage and effectiveness without providing personally identifiable information. We may aggregate this information so that it does not identify individuals. For example, we may only inform advertisers about the effectiveness of their ads or how many people have viewed or installed their applications or provide these partners with non-identifiable demographic information (such as "25-year-old male in Beijing who likes software development") after the advertisers have agreed to comply with our advertising guidelines to help them understand their audience or customers. This type of information, whether individually or in combination with other information,cannot identify your personal identity and does not constitute your personal information in a legal sense.
2. Transfer
We will not transfer your personal information to any company, organization, orindividual except in the following cases:
1) Transfer with explicit consent: We will transfer your personal information to other parties only with your explicit consent;
2) When it comes to mergers and acquisitions or bankruptcy, if it requires atransfer of personal information, we will require the new company or organization to either continue following this privacy policy or ask for your consent.
3. Public disclosure
We will only publicly disclose your personal information in the following circumstances:
1) After obtaining your explicit consent;
2) Legal disclosures: We may disclose your personal information publicly, if required to do so by law, legal procedures, litigation or mandatory requirements from government authorities;
3) In emergency situations, we may disclose your information based on reasonable judgment to protect our and our agents', customers', end-users', or any other person's legitimate rights, interests, and safety;
4) Bringing forward lawsuits or arbitration in order to safeguard our legitimate rights or those of our users.
III. How we protect your personal information
1. Measures we have taken to ensure data confidentiality
There is no method of transmission on the Internet or method of electronic storage that is 100% secure. Even though we have safeguarded personal information to the highest level, it is still possible for there to be stolen,illegally obtained, or misused data that brings risk to you, your property, and your reputation. You have understood the above risks and agree to continue.
We will use industry-accepted and reasonable standards to protect the security and confidentiality of the information we store, including but not limited to firewall and data backup measures, data center access restrictions, encryptionof identifiable information of mobile device.
We have established a sound data security management system, which include screating an inventory of network and information assets and an asset responsibility system, classifying user information, encrypting data, dividing data access permissions, establishing internal data management systems and operating procedures, and imposing strict requirements on the acquisition, use,and destruction of data to prevent illegal use of user privacy data.
We will take all reasonable and feasible measures to ensure that no unnecessary personal information is collected. We will only keep your personal informationfor the period required to achieve our purposes, as described in this policy,unless we need to extend the retention period for reasons required by law.
We have established an information security working group, which is responsible for organizing information security-related exchanges, coordinating the handling of information security-related issues and the decision-making of security construction throughout the data lifecycle, and actively communicating and collaborating with other related organizations.
TalkingData requires that every employee sign a data security confidentiality agreement before joining the company. We have also established a training mechanism for regularly conducting security and privacy protection training to enhance employees' awareness of personal information protection. We will periodically review, update, and publicly disclose TalkingData's security riskand personal information security impact assessment reports.
We have obtained numerous certifications to enhance our security and compliance capabilities, including the following:
1) The third level of cybersecurity classified protection system;
2) Privacy information management system certification ISO/IEC 27701:2019;
3) Information security management system certification ISO/IEC 27001:2022;
4) Quality management system certification ISO 9001:2015;
5) Information technology service management system certification ISO/IEC 20000-1:2018;
6) The data platform security certification by excellent security surpass trusted program;
7) The China Academy of Information and Communications Technology SDK security special assessment;
8) The certificate of Data flow platform security capability assessment;
9) One star rating for social responsibility in data security and personal information protection.
Furthermore, TalkingData has taken the lead in and participated in multiple data compliance projects with regulatory authorities, and has become a member of working groups on data security and personal information protection.Specifically, we have accomplished the following:
1) The company of launching the Information Security Technology Personal Information Security Specification pilot program;
2) The company of launching the Information Security TechnologyData Security Maturity Model pilot program;
3) The company of launching the Information Security Technology Personal Information Security Impact Assessment pilot program;
4) Jointly releasing the "Security and Compliance White Paper for Software Development Kit (SDK)" with China Academy of Information and Communications Technology;
5) The National Information Security Standardization Technical Committee-The member of the TC260 big data security standard specific working group;
6) The member of the excellent security surpass trusted program of the China Academy of Information and Communications Technology;
7) The memberof data security working Committee of the China Cybersecurity Industry Alliance;
8) The first group of members of the promotion of personal information protection compliance and audit team;
9) One of the first group of members ofthe Data Security Community (DSC) Program of the China Academy of Informationand Communications Technology;
10) One of the first group of participating companies in the Green SDK industry ecological co-construction initiative.
2. Emergency situations and early warning
In the unfortunate event that there is a personal information security incident,we will promptly notify you of the basic situation and possible impact, as well as the emergency response we have undertaken or plan to take, in accordance with relevant laws and regulations. We will also notify you of any related data disposal measures, remedial measures, etc. If it is too difficult or impossible to notify individuals one by one, we will issue notices in a reasonable and effective manner and proactively report to relevant regulatory authorities on the handling of personal information security incidents.
If you discover that any of your personal information is leaking out, please contact us immediately using the contact information outlined in this privacy policy.
IV. Your rights
In accordance with relevant laws, regulations, and standards in China, as well as common practices in other countries and regions, we guarantee your rights to exercise the following with respect to your personal information:
1. Access your personal information
If you want to access your information, please send an email to【support@tendcloud.com】.
2. Rectify/Supplement your personal information
When you discover any inaccuracies in the personal information we have processed about you, or when you need to update and supplement your personal information,please contact us through various means indicated in this privacy policy or on the TalkingData website. To ensure the security of your account, we may request that you undergo identity verification.
3. Delete your personal information
You may revoke your authorization for us to collect and use your personal information by accessing the TalkingData Opt-Out:
http://www.talkingdata.com/optout.jsp?languagetype=en_us.We will cease using and delete your personal information. Please note that wemay not immediately delete such information from our backup systems, but it willbe deleted upon the next update of the backup.
You can request for TalkingData to delete your personal information in the following cases:
1) If we use your personal information in a way that violates laws or regulations;
2) If we collect and use your personal information without your consent;
3) If we deal with personal information in violation of agreement with you;
4) If you no longer use the host application.
If we decide to respond to your request for deletion, we will also make reasonable efforts to notify any third parties with whom we have shared your personal information, and request that they delete it as well, unless required by law or if such third parties have obtained independent authorization from you.
If you are unable to access, update, or delete your personal information, you may contact us through TalkingData customer service at any time. We will respondto your request within 15 working days.
Notwithstanding the above provisions, we may keep certain data for a reasonable period of time within the limit allowed by law for dispute settlement, users'agreement performance and compliance with technical requirements related to safe operation.
4. Change the scope of your consent
Each business function requires some basic personal information to be completed(see Part | of this policy). For any additional collection and use of personal information, you may give or withdraw your consent at any time. When you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the processing of personal information from your previous authorization.
You can cancel by rejecting commercial advertisements through the Opt-Out channel:
http://www.talkingdata.com/optout.jsp?languagetype=en_us5. Acquisition of a copy of your personal information
You have the right to obtain a copy of your basic personal information, personal identification information, personal health information, and personal educationor work information by sending a request to TalkingData.
If technically feasible, such as through data interface matching, at your request, we can also directly transfer a copy of your personal information to athird party designated by you.
6. Automatic decision-making information system
Based on the personal information that is legally collected, automatic decision-making (such as commercial information push) is implemented through tagging or profile processing through non-manual automatic decision-making techniques, such as information systems and algorithms. The above behaviors make your personal information unidentifiable, and cannot be considered as sharing,transferring, or disclosing any of your personal information to any third party.If these decisions significantly affect your legal rights, you have the right toask us for an explanation and we will provide appropriate remedies to the situation. If you do not wish to participate in this type of targeted advertising, please cancel through the following Opt-Out channel:
http://www.talkingdata.com/optout.jsp?languagetype=en_us7. Responding to your request
For security, you may need to provide a written request or prove your identityin some other way. We may ask you to verify your identity before processing your request. We will respond within 15 working days. If you are not satisfied, you can read Part VIII about how to file a complaint.
We generally do not charge a fee for your reasonable requests, but for multipleand excessively repeated requests beyond reasonable limits, we reserve the right to charge a certain cost fee. We may refuse requests that are groundlessly repeated, require excessive technological means (such as the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical (such as requests involving information stored on backup tapes).
In the following cases, we will not be able to respond to your request, as required by laws and regulations, if it relates to the following:
1) Directly related to national security and national defense security;
2) Directly related to public safety, public health, and the public interest;
3) Directly related to a criminal investigation, prosecution, trial, orexecution of judgment;
4) There is sufficient evidence that you have abused your rights;
5) Responding to your request may result in serious damage to your or other individuals' or organizations' legitimate rights and interests;
6) Related to trade secrets.
V. How we handle children's personal information
We will not collect and use children's data with knowledge.
If the host application is designed and developed for children, we have requested that the host application's developer and operator ensure that necessary technical means are taken to ensure that registration and use of the host application are carried out by the guardians of children. Meanwhile, the host application's developer and operator have formulated sufficient user agreements and privacy policies to fulfill their notification obligations, and for the collection of children's personal information with parental consent, we will only use or publicly disclose this information when permitted by law, with explicit consent from parents or guardians, or when it is necessary to protect children.
Although local laws and customs may have different definitions for children, we consider anyone below the age of 14 to be a child.
If we find ourselves inadvertently collecting personal information from children without first obtaining parental consent, we will try to delete the data as soon as possible.
VI. How your personal information is stored or transferred internationally
1.Storage location
In principle, personal information collected and generated within the PRC will be stored within the territory of the PRC.
During the process of providing services, we may transfer the data obtained from you or your product end users to an affiliated entity or other third party outside your jurisdiction, and such transfer will be handled to the extent permitted by applicable laws and regulations and provide adequate protection of your personal information in accordance with this policy. If you or your productend user is located beyond the jurisdiction of the PRC, or when you and your product terminal user is in the jurisdiction of the PRC while we need to transfer it to the place outside the jurisdiction of the PRC, you shall consentor obtain consent from the end user for this international transfer.
We highly advise you to consult local professionals to ensure that this transfer complies with local data protection requirements. Especially, when the international transfer involves the European Union or the United States, pleasepay attention to the legal regulations for data protection and protection of personal information in these places.
2.Storage time
We retain your personal information solely for the purposes outlined in this privacy policy and for the minimum storage time mandated by legal regulations.Following the expiration of the stipulated storage period, we commit to deleting or anonymizing your personal information in accordance with the requirements of applicable laws and regulations. However, if specific legal provisions or your explicit consent necessitate otherwise, we may extend the storage duration of your personal information.
VII. Updates to this policy
We have the right to adjust the privacy policy at any time in accordance with change of service, adjustment of applicable laws and policies, as well as otherfactors. We will not diminish your rights guaranteed under this Privacy Policy without your explicit consent. Any update to this privacy policy will be published on this webpage marked with the updated time.
Therefore, please check the privacy policy regularly so that you are always in compliance. If you do not agree with this privacy policy, please terminate visiting and using our service.If there are material changes to this Privacy Policy, such as changes in the content of your personal information, changes in the controller of your personal information, changes in the sharing/transfer/disclosure of personal information,or changes in your rights related to the protection of personal information, we will notify you in a more significant way, such as through pop-up alerts or messages.
Material changes to this policy include, but are not limited to:
1) If there have been major changes in our service model, such as in the purpose of processing personal information, the types of personal information handled, how we use personal information, etc.;
2) If we have undergone major changes in ownership and organizational structure,such as business adjustment, bankruptcy, mergers, or other such changes;
3) If there have been changes in personal information sharing, transfer, or public disclosure;
4) If there are significant changes to your rights and exercise methods in participating in personal information processing;
5) If there are changes to our department responsible for personal information security, contact information, and complaint channels;
6) If the personal information security impact assessment report indicates that there is high risk.
VIII. How to contact us
If you have any question, advice, or complaint related to our privacy policy, please contact 【support@tendcloud.com】.
We have set up a Personal Information Protection Department. You can contact us through【td_legal@tendcloud.com】. In general, we will reply within 15 working days.
If you are unsatisfied with our response, especially if you believe that our personal information processing practices are in any way detrimental to your legitimate rights and interests, you have the right to file a complaint or report with regulatory authorities, such as the Cyberspace Administration, the Telecommunications Administration, Public Security, and Industry and Commerce. Additionally,
you may also submit the dispute to the Beijing Arbitration Commission for arbitration in Beijing in accordance with its then-effective rules.
