ChatUp Privacy Policy
Effective Date: January 9, 2026
1. Privacy Protection Statement
As a professional social communication application, ChatUp always places the privacy and security of users' personal information at the core. We deeply understand that your trust in us is the fundamental premise for the platform's development. To this end, we have specifically established a comprehensive and rigorous information security management system adapted to the characteristics of real-time communication services, fully ensuring the confidentiality, integrity and availability of your personal information, allowing you to enjoy a smooth, safe and secure communication experience in the digital environment created by ChatUp.
2. Scope of Collection and Purpose of Use of Personal Information
To ensure the stable operation of ChatUp's core communication services and provide you with a personalized and high-quality user experience, we will strictly follow the principles of "legality, necessity and minimum scope" in collecting and using your personal information. The specific scope of collection and purpose of use are as follows:
(1) Core Communication-Related Information
Such information is the basis for us to provide you with core services such as real-time calls, voice chats, and video communications, and will be collected when you register and use core functions:
1. Communication Behavior Information: When you use call, voice or video communication functions, we will automatically record necessary communication logs, including call time, call duration, communication object and call quality data. Such information is only used to optimize communication quality, troubleshoot call faults (such as stuttering, disconnection, etc.), and ensure the smooth development of communication services. Without your explicit consent, it will never be used for any other purposes unrelated to communication services.
(2) Device and Environment Information
To ensure the compatibility of the application with your device and the security of the account and communication process, when you use ChatUp services, the system will automatically collect and record relevant device and environment information. Such information cannot directly identify your personal identity alone, and specifically includes:
1. Basic Device Parameters: Device model, brand, operating system type and version, hardware configuration (such as CPU, memory, camera, microphone parameters), unique device identifiers (such as IMEI, OAID) and device status (such as battery level, network connection status). These parameters help us adapt to different device configurations, solve compatibility issues (such as interface adaptation, function activation failure, etc.), and improve application stability.
2. Network Environment Information: IP address, Internet Service Provider (ISP) information, mobile operator information, network connection type (such as Wi-Fi, 4G, 5G, etc.) and network signal strength. Collecting such information is mainly to locate network faults (such as regional network access restrictions, poor signal leading to degraded call quality, etc.), optimize network resource allocation, and ensure the smoothness of real-time communication.
(3) Service Optimization and Analysis Data
To continuously improve the quality of ChatUp services and provide you with more tailored function recommendations, we will collect and analyze your service usage logs and related diagnostic data. The specific content and purpose of use are as follows:
1. Usage Behavior Logs: Record your interactive behavior with the application, including functions used (such as one-on-one calls, voice messages, video messages, etc.), frequency of use of each function, single use duration, browsed pages and operation paths. Such data is used to analyze user usage habits, optimize application function layout, adjust function modules with poor usability, and thereby improve the overall user experience.
2. Diagnostic Data: When the application has abnormal phenomena such as crashes, stutters or function failures, the system will automatically collect diagnostic data, including crash reports, error logs, hardware setting information and application running status data. Such data is only used to quickly locate and solve technical problems, improve application stability, and does not involve any of your private communication content.
3. Personalized Analysis (Requiring Explicit Consent): With your prior explicit consent, we may use your device ID and advertising ID to conduct data analysis. Specific scenarios include evaluating the effectiveness of marketing activities (to avoid ineffective promotion), optimizing service operation efficiency, and pushing personalized function recommendations or promotional information that may be of interest to you. You can withdraw this consent at any time through the application settings.
(4) Application for Necessary Permissions and Detailed Explanation
In the process of providing communication services, ChatUp needs to apply for some necessary permissions from your device to ensure the complete realization of core functions and the best user experience. All permission applications follow the principle of "necessity and minimum scope" and will only be activated with your explicit consent. You can independently manage, enable or disable all the following permissions in the device settings at any time. The specific permissions and application scenarios are explained as follows:
1. Camera Access Permission: This permission is required when you use video calls, record video messages or take avatars. We will only activate the camera when you actively trigger the corresponding function, and will not collect images or videos through the camera without permission. If you refuse this permission, you will not be able to use video-related functions, but it will not affect the use of basic functions such as voice calls.
2. Microphone Access Permission: This permission is a necessary condition for using functions such as voice calls and recording voice messages. We will only collect audio data through the microphone when you actively use communication functions that require audio input, and will not perform background audio collection. Refusing this permission will affect the use of voice-related core functions, but text-based interaction functions (if any) can be used normally.
3. Album Access Permission: When you need to upload photos from the album to set an avatar, share photos in the chat interface or attach photos to message content, we will apply for this permission. This permission only allows us to read the photos you actively select, and will not automatically access, read or upload all photos in the album. Refusing this permission only affects the function of uploading photos from the album, and does not affect other core communication functions.
4. Bluetooth Access Permission: When you need to connect external audio devices (such as Bluetooth headsets, Bluetooth speakers) to use ChatUp's audio communication services, we will apply for this permission to achieve fast pairing and stable connection between the device and external audio devices, and improve the audio quality and communication experience during your use. If you refuse this permission, you can still use the device's built-in audio devices for communication.
5. External Storage Access Permission: This permission is divided into read and write permissions, which are applied for on demand for different service scenarios:
• Read Permission: Used to retrieve files stored in your device's external storage, such as uploading photos, videos or documents from external storage to the ChatUp application for sharing or setting avatars.
• Write Permission: Used to save content generated or obtained in the ChatUp application (such as downloaded chat files, recorded voice/video messages, exported call records, etc.) to the device's external storage, facilitating your subsequent offline viewing and management.
6. Advertising ID Access Permission: To improve the accuracy and effectiveness of marketing activities and reduce the interference of irrelevant advertisements on you, we may collect your device's advertising ID. This ID is used to analyze the effectiveness of marketing activities, optimize advertising delivery directions, and avoid repeated delivery of the same advertising content. You can turn off the collection of advertising ID through device settings or application privacy settings.
It should be emphasized that ChatUp will never use the obtained permissions for any purposes unrelated to the service, nor will it force you to authorize non-essential permissions. If you refuse to authorize non-core permissions, it may affect the use of corresponding auxiliary functions, but will not affect the normal operation of basic communication services.
3. Protection of Minors' Personal Information
ChatUp services are oriented to users over 18 years old. We attach great importance to the protection of minors' personal information, strictly abide by the relevant laws and regulations on the protection of minors' information in various countries and regions, and formulate a special minor information protection mechanism to ensure that the legitimate rights and interests of minors are not infringed.
(1) Core Protection Principles
We adhere to the principle of "not actively collecting" personal information of minors under the age of 18. To prevent minors from using the service without authorization, for users suspected of being minors, we will further conduct real-name information verification (requiring the consent of a guardian if necessary) to restrict minors' access to the platform. If it is found that personal information of minors has been inadvertently collected under special circumstances, we will immediately stop the collection behavior and completely delete the relevant information within the shortest time (no more than 7 working days) after verification.
(2) Restrictions on Minors' Use
Minors under the age of 18 shall not use ChatUp services independently. We remind minors that when using the Internet and related communication tools, they should do so under the guidance and supervision of their parents or legal guardians, correctly recognize the risks of online communication, and not arbitrarily disclose personal information (such as name, school, home address, contact information, etc.) to strangers, so as to avoid information leakage and potential safety hazards.
(3) Guardian's Responsibilities
If you are the parent or legal guardian of a minor and find that your child has registered a ChatUp account or provided us with personal information without your consent, please contact us immediately through the official channels specified in this policy. After you provide the necessary certification materials (such as guardian's identity certificate, minor's identity certificate, guardianship relationship certificate) and we verify the relevant information, we will immediately take measures to delete the minor's account and all stored personal information, and take technical measures to prevent the minor from registering and using the service again with the relevant information.
(4) Application for Deletion of Minors' Data
If you have reason to believe that ChatUp has collected personal information of minors, please contact us as soon as possible through the official service email and explain the specific situation. After receiving your valid application and verifying the relevant information, we will immediately review and process it, complete the deletion of relevant data within 15 working days, and feed back the processing result through the contact information you provided.
4. Sharing, Transfer and Disclosure of Personal Information
ChatUp attaches great importance to the security of your personal information and will never arbitrarily share, transfer or disclose your personal information to third parties. Except as required by laws and regulations or with your explicit consent, we will strictly limit the scope of personal information sharing and take adequate security protection measures.
(1) Data Sharing
1. Based on Explicit Consent: Before sharing your personal information with any third party (except authorized partners providing auxiliary services), we will clearly inform you of key information such as the name of the third party, the scope and type of shared information, the purpose and duration of use, and will only carry out the sharing behavior with your clear and explicit consent. You have the right to refuse such sharing requests.
2. Fulfillment of Legal Obligations: When facing mandatory legal requirements such as legal investigations, court subpoenas, and administrative orders, we may disclose your personal information within the scope specified by law. In such cases, we will strictly follow the principle of minimum necessity, only disclose the information absolutely necessary to fulfill legal obligations, and actively verify the legality and validity of relevant legal documents; at the same time, unless prohibited by laws and regulations, we will try our best to notify you of the relevant situation in advance.
3. Cooperation with Authorized Partners: To better provide you with stable and high-quality communication services, we may entrust some authorized third-party partners to complete specific auxiliary service links. These partners include but are not limited to technical infrastructure service providers, communication quality optimization service providers, payment processing service providers (if there are paid functions), customer service outsourcing agencies, etc. When sharing information with these partners, we will strictly review their qualifications, sign formal data processing agreements, clearly define their rights, obligations and liability for breach of contract, and only provide the minimum scope of information necessary for them to perform their duties; at the same time, we will regularly supervise and inspect their information processing activities (including on-site inspections, data security audits, etc.) to ensure that they do not use the shared information for any purposes other than those agreed in the agreement.
(2) Specific Scenarios of Third-Party Cooperation and Information Protection
In the daily operation of ChatUp, the scenarios of cooperation with third parties and the corresponding information sharing rules are as follows: 1. Technical Infrastructure Cooperation: We may cooperate with cloud service providers to store non-sensitive operation data (such as application operation logs, unidentifiable device parameters). The shared data will be desensitized in advance, and cloud service providers will be required to take the same level of security protection measures as us. 2. Marketing and Effectiveness Evaluation: We may share anonymized and unidentifiable user behavior data with professional marketing analysis institutions (such as Appsflyer) to conduct marketing attribution analysis and optimize the effectiveness of promotion activities. Such data does not involve any information that can identify your personal identity. 3. Payment Processing (if applicable): If you use the paid functions in ChatUp, we will share necessary transaction information (such as order number, transaction amount) with payment service providers to complete the payment processing. Payment service providers will strictly abide by relevant financial regulations and data protection laws to ensure the security of your transaction information. All the above cooperative third parties are required to sign strict data protection agreements with us. The agreements clearly stipulate that they must process personal information in accordance with our requirements, this privacy policy and the relevant laws and regulations of various countries and regions. Those who cause information leakage or improper use due to their own reasons shall bear corresponding liability for compensation.
5. Personal Information Security Protection Measures
In view of the characteristics of real-time communication services, ChatUp has built an end-to-end, multi-level personal information security protection system that integrates advanced technical measures and strict management systems to fully ensure the security of your personal information and prevent risks such as information leakage, tampering and loss.
(1) Technical Protection Measures
1. Data Encryption Technology: End-to-end encryption technology is adopted for your real-time communication content (voice, video, text messages) to ensure that only you and the communication object can decrypt and view the content, and we ourselves cannot obtain the original communication content; at the same time, SSL/TLS encryption technology is adopted for data transmission, and AES-256 encryption technology is adopted for data storage to ensure the security of data transmission and storage processes.
2. Security Defense System: Deploy advanced security protection systems, including firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), etc., to resist malicious network attacks such as hacker attacks, virus intrusions, and DDoS attacks; regularly conduct security vulnerability scans and penetration tests on applications and server systems to timely discover and fix potential security risks.
3. Data Desensitization and Anonymization: For data that does not need to be displayed in its original form (such as device information, usage logs), desensitization or anonymization processing is adopted (such as masking part of the device ID, removing personal identifiers in logs) to reduce the risk of information leakage after accidental data leakage.
4. Access Control Mechanism: Implement a strict access control mechanism based on the principle of minimum authority. Only employees who really need to access sensitive information (such as customer service, technical maintenance personnel) can obtain corresponding access rights after multi-level identity verification (such as account password + dynamic verification code + work certificate verification); at the same time, record all access behaviors of sensitive information for traceability.
(2) Management Protection Measures
1. Strict Internal Management System: Formulate a complete set of personal information security management systems, including data classification and grading management specifications, employee information security codes of conduct, data processing operation procedures, etc., to standardize the behavior of internal employees in processing personal information.
2. Regular Security Training and Assessment: Regularly carry out privacy and information security training for all internal employees, covering data protection laws and regulations, security protection skills, risk identification and response, etc.; at the same time, conduct regular assessments to ensure that each employee has sufficient information security awareness and abides by relevant operating procedures.
3. Security Incident Response Plan: Formulate a complete security incident response plan, clarifying the handling process, division of responsibilities and response measures for information security incidents (such as data leakage, system intrusion). When a security incident occurs, immediately activate the emergency response mechanism, investigate the cause of the incident, take measures to control the scope of the incident, and notify the relevant competent authorities and affected users in accordance with legal requirements.
6. Your Rights to Manage Personal Information
In accordance with the relevant data protection laws and regulations of various countries and regions, as the subject of personal information, you have the rights to inquire about, access, correct, delete, restrict the processing of and withdraw consent to your personal information held by ChatUp. We provide convenient channels for you to exercise these rights, and the specific ways to exercise them are as follows:
(1) Inquiry and Access to Personal Information
1. Self-service Inquiry and Access: You can log in to your ChatUp account, enter the "My" page, and view and inquire about your personal data (nickname, avatar), call records, chat records (locally or cloud stored) and other relevant content; you can also modify editable information (such as nickname, avatar) through this channel.
2. Consult Customer Service: If you encounter technical difficulties or cannot find the required information when inquiring and accessing information through self-service channels, you can contact our customer service team through the in-app customer service function or official service email. After identity verification (to ensure the security of your information), we will assist you in inquiring and accessing the relevant information and respond to your request within 15 working days.
3. Application for Access to Other Information: For personal information generated during the use of the service that cannot be accessed through self-service channels (such as information shared with third parties, historical operation logs), you can submit an access application to us through the official service email. We will review your application in accordance with relevant processes and agreements, and provide you with accessible information in a safe and appropriate manner within a reasonable time (no more than 30 working days).
4. Obtaining Data Copies: If you need a copy of your personal information held by us, you can submit a copy application to the customer service team through the official service email. After identity verification, we will provide you with a data copy in a structured, common and machine-readable format (such as PDF, CSV) through a secure method (such as encrypted email). There is no charge for providing data copies, unless the request is obviously excessive or repetitive.
(2) Correction and Deletion of Personal Information
1. Information Correction: If you find that your personal information held by us is inaccurate or incomplete (such as incorrect bound mobile phone number, outdated avatar information), you can correct it through the self-service channel in (1) 1 above; if you cannot correct it yourself, you can submit a correction application through customer service. After we verify the accuracy of the information, we will complete the correction within 10 working days.
2. Information Deletion: You have the right to legally require us to delete your personal information, and the way to apply for deletion is the same as the inquiry and access method above. In addition, in the following cases, you can take the initiative to require us to delete personal information, and we will complete the deletion or anonymization processing within the specified time after verification:
• Our collection, use or processing of your personal information violates relevant laws and regulations or the provisions of this privacy policy;
• Processing your personal information without your prior explicit consent and without other legal basis for processing;
• The purpose of collecting and using your personal information has been achieved, and there is no requirement by laws, regulations or service agreements to retain the information;
• You decide to terminate the use of ChatUp services and apply for account cancellation;
• We have permanently stopped providing you with all or part of the services, and the stored personal information is no longer necessary for providing the services.
It should be noted that if deleting the information will affect the performance of legal obligations (such as retaining transaction records in accordance with tax regulations) or the handling of ongoing legal disputes, we may not be able to delete the relevant information immediately, but we will stop using the information for any other purposes unrelated to legal obligations or disputes, and delete it immediately after the relevant obligations or disputes are completed.
(3) Exercise of Other Rights
1. Right to Restrict Processing: If you dispute the accuracy of your personal information held by us, or believe that our information processing behavior is illegal but do not want to delete the information, you can require us to restrict the processing of your personal information (such as suspending the use of the information for marketing purposes). We will take corresponding restrictive measures within 15 working days after verification.
2. Right to Data Portability: You have the right to require us to provide your personal information in a structured, common and machine-readable format, and have the right to transfer the information to another data controller designated by you (the other party needs to meet the corresponding data security requirements). You can submit an application to exercise this right through the official service email.
3. Right to Object: If we process your personal information based on legitimate interests or public interests, you have the right to object to such processing behavior. After receiving the objection, we will re-examine the necessity of the processing. If we cannot prove that there is a mandatory legal reason overriding your interests, we will stop the relevant processing behavior.
4. Right to Withdraw Consent: If the data processing activity is carried out based on your consent (such as personalized marketing), you have the right to withdraw your consent at any time. Withdrawal of consent can be completed through "Privacy Settings" in the application or by contacting customer service. Withdrawal of consent does not affect the legality of data processing activities carried out before the withdrawal.
(4) Data Sale/Sharing Opt-Out Operation
For the "right to opt out of data sale/sharing" required by the data protection laws of different regions, you can exercise such right through the following unified channels: 1. Self-service Operation in the Application: You may opt out of data sale/sharing functions through the relevant switches in the privacy settings of the application. 2. Manual Application: You may submit an application through the official service email, indicating the specific type of right to opt out and your account information. We will complete the processing within the time limit required by applicable laws and feed back the result to you.
7. Data Retention Period and Processing Rules
ChatUp strictly abides by the privacy laws and regulations of various countries and regions, and formulates scientific and reasonable data retention rules to ensure that your personal information is retained only for the period necessary to achieve the purpose of collection, and no indefinite retention is carried out. The specific retention framework is as follows:
(1) Determination of Retention Period
The retention period of your personal information is determined by us based on three core factors: the purpose of collecting and using the data, the type of data and the requirements of legal obligations. After the retention period expires, we will take the initiative to delete or anonymize the relevant data. The specific retention periods for different types of data are as follows:
1. Basic Account Information: Retained during the active period of your account; after you apply for account cancellation and complete identity verification, we will delete or anonymize all your basic account information within 30 days, unless otherwise required by laws and regulations (such as retaining relevant information for handling potential disputes).
2. Communication-Related Information: Call records and cloud-stored chat records are retained for 1 year from the date of generation, except for content manually saved by you (manually saved content is retained until you take the initiative to delete it or cancel your account). The purpose of retention is to facilitate your inquiry of historical communication records, which will be automatically deleted after the retention period expires.
3. Transaction Records (if applicable): To meet the requirements of legal obligations such as tax declaration and audit, transaction records related to you (such as order information, payment records) are retained for a maximum of 7 years from the date of transaction completion. After the retention period expires, the transaction records will be anonymized (removing personal identity information) so that they can no longer be associated with your personal identity.
4. Customer Service Records: Records generated during your consultation and communication with customer service (including consultation content, processing process, processing results, etc.) are retained for a maximum of 2 years from the date of processing completion. The purpose of retention is to facilitate the handling of potential subsequent disputes or repeated consultations, which will be automatically deleted after the period expires.
5. Marketing-Related Data: If you agree to receive marketing information (such as promotional activities, new function recommendations), the relevant data used for marketing will be retained until the date you withdraw your consent; after withdrawing consent, we will delete the relevant marketing data within 6 months.
6. System Operation and Diagnostic Logs: Logs related to system operation (such as access logs, login logs) and diagnostic logs (such as crash reports, error logs) are retained for a maximum of 90 days. Such logs are mainly used to ensure system security, troubleshoot technical problems and optimize service performance, and will be automatically cleaned up after the period expires.
(2) Standards for Data Deletion and Anonymization
When your personal information no longer needs to be retained (that is, the retention period expires or the purpose of collection is achieved), we will delete the relevant data in accordance with internal data processing specifications. Deletion methods include permanent deletion from the server, overwriting the data storage area, and destroying physical storage media (if applicable). For data that cannot be completely deleted due to technical reasons (such as backup data in offline storage systems), we will take strict anonymization measures to remove all identifiers that can directly or indirectly identify you (such as device ID, account information), so that it can no longer be associated with a specific individual. Anonymized data is no longer regarded as personal information and can be used for legitimate commercial purposes such as data analysis and service optimization without further consent.
(3) Retention Requirements for Fulfilling Legal Obligations
In special cases, even if the original retention period expires, we may continue to retain your personal information to meet legal, regulatory or contractual obligations. Such cases mainly include: 1. Meeting the requirements of relevant regulations such as tax declaration, financial audit and accounting standards; 2. Handling ongoing legal disputes, responding to judicial or administrative inquiries, and assisting law enforcement agencies in investigating illegal acts; 3. Complying with special provisions of industry regulations or regional data protection laws and regulations. In such cases, we will only retain the necessary information to fulfill the obligations, and immediately stop retaining and delete it after the relevant obligations or disputes are completed.
(4) Response to User Requests Related to Retention
You have the right to inquire about the retention period, retention purpose and storage location of your personal information held by us. If you believe that we have retained your personal information beyond the necessary period, you can submit a request to shorten the retention period or delete the data through the official service email. We will review your request in accordance with legal provisions and actual business conditions, and give a clear reply within 30 days after receiving the request; if your request is reasonable and compliant, we will take corresponding measures to adjust the retention period or delete the data.
8. Legal Basis for Data Processing and Your Core Rights
When processing your personal information, ChatUp strictly abides by the relevant international and regional data protection laws and regulations of various countries to ensure that each data processing activity has a legal basis. The main legal bases for us to process your personal information are as follows:
• Consent: For data processing activities that are not necessary for providing basic communication services (such as personalized marketing, data analysis not for the purpose of service optimization), we will obtain your explicit consent in advance. You have the right to withdraw your consent at any time, and the withdrawal of consent does not affect the legality of data processing activities carried out before the withdrawal.
• Performance of Contract: When it is necessary to process your personal information to perform the service agreement signed with you (such as providing account registration services, completing real-time communication, processing transaction payments for paid functions, etc.), we will process the data based on the needs of contract performance. This is a necessary basis for us to provide you with core services.
• Legitimate Interests: When processing your personal information is necessary to safeguard our legitimate business interests (such as optimizing communication quality, improving user experience, preventing account theft and fraud, ensuring system security, etc.) and does not violate your legitimate rights and interests and public order and good customs, we will process the data based on legitimate interests. A balance of interests assessment will be conducted before processing to ensure that our legitimate interests do not override your rights and interests.
• Fulfillment of Legal Obligations: When it is necessary to process your personal information to comply with the provisions of laws and regulations (such as responding to legal inquiries, performing tax obligations, reporting security incidents in accordance with regulations, etc.), we will process the data based on the needs of fulfilling legal obligations.
• Public Interests: When carrying out public interest activities (such as responding to public health emergencies, assisting public security prevention and control, etc.) and not violating your legitimate rights and interests, we will process the data based on public interests.
As a data subject, under the data protection legal framework, you enjoy a series of core rights related to the protection of personal information. These rights are designed to ensure that you can effectively control your own personal information. In addition to the rights mentioned in Chapter 6, the specific core rights also include:
1. Right to Complain: If you believe that our processing of your personal information violates relevant data protection laws and regulations, you have the right to complain to the local data protection regulatory authority (such as the Office of the Privacy Commissioner for Personal Data, Hong Kong, China; Information Commissioner's Office, UK, etc.).
2. Right to Know the Legal Basis: You have the right to require us to inform you of the specific legal basis for processing your personal information and the reasoning process for determining the legal basis.
We attach great importance to the protection of your core rights. If you need to exercise the above rights, you can contact us through the official channels specified in this policy. We will review your request in accordance with legal procedures and relevant regulations and respond in a timely manner. Your trust is the foundation of our development, and we will always adhere to the highest standards of data protection requirements to protect your legitimate rights and interests.
9. Privacy Rights Under Major International and Regional Data Protection Laws
ChatUp is committed to complying with major international and regional data protection laws and regulations around the world to protect the privacy rights of users in different regions. The main laws and regulations we comply with include the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) of the United States, Brazil's Lei Geral de Proteção de Dados (LGPD) and the Virginia Consumer Data Protection Act (VCDPA) of the United States. The specific rights you enjoy under these laws and the ways to exercise them are explained in detail below.
(1) Rights Under the General Data Protection Regulation (GDPR) (for EU Users)
If you are located in the European Union (EU) or the European Economic Area (EEA), you enjoy the following rights in accordance with GDPR:
• Right of Access: You may request access to your personal data held by us and obtain detailed information on data processing, including the purpose of processing, the category of personal data, the data recipient (including third parties in third countries), the retention period and the source of the data (if not collected from you).
• Right to Rectification: You may request us to rectify inaccurate or incomplete personal data without undue delay; if necessary, you may request to supplement incomplete data.
• Right to Erasure (Right to Be Forgotten): You may request the erasure of your personal data, especially when the data is no longer necessary for the purpose of collection, you withdraw your consent and there is no other legal basis for processing, you object to the processing and there is no overriding legitimate reason to continue processing, or the data processing is illegal.
• Right to Restriction of Processing: You may request the restriction of the processing of your personal data, especially when you dispute the accuracy of the data (during verification), the processing is illegal but you do not want to delete the data, we no longer need the data but you need it for legal claims, or you have filed an objection (during the objection review period).
• Right to Data Portability: You may request to receive your personal data in a structured, common and machine-readable format and to transmit it unhindered to another data controller; if technically feasible, you may request us to transmit the data directly to another data controller designated by you.
• Right to Object: You may object at any time to the processing of your personal data based on legitimate interests or public interests; for processing for direct marketing purposes, you have an absolute right to object, and we will immediately stop the relevant processing after receiving the objection.
• Right to Withdraw Consent: You may withdraw your authorization for data processing based on consent at any time, and the withdrawal does not affect the legality of the processing carried out before the withdrawal; the way of withdrawal is as simple as the way of giving consent.
• Right to Complain: If you believe that your data rights have been infringed, you may complain to the data protection authority of the EU member state where you reside or work or where the alleged infringement occurred.
(2) Rights Under the California Consumer Privacy Act (CCPA) (for California Residents)
If you are a resident of California, USA, you enjoy the following rights in accordance with CCPA (including the California Privacy Rights Act, CPRA):
• Right to Know Personal Information: You may request us to disclose the details of the collection, use, sharing or sale of your personal information in the past 12 months, including the specific categories of personal information collected, the specific content of your personal information held by us, the specific purposes of collecting, using, sharing or selling your personal information, and the specific categories of third parties with whom we share or sell your personal information. You may submit a "right to know" request twice a year, and we will not charge any fees.
• Right to Request Deletion of Personal Information: You may request us to delete the personal information collected or stored by us. However, in the following cases, we may not be able to legally satisfy the deletion request: completing the transaction initiated by you or providing the service explicitly requested by you; detecting security incidents, preventing malicious or illegal activities or prosecuting the responsible persons; complying with legal obligations or exercising legal rights (such as tax declaration or responding to legal requests); ensuring the integrity and security of our services.
• Right to Opt Out of Sale: You may request us not to sell your personal data to third parties. "Sale" under CCPA refers to the exchange of personal data for money or other valuable consideration. After you opt out, we will immediately stop selling your data unless you explicitly agree to resume the sale later.
• Right to Opt Out of Targeted Advertising: You may request us not to use your personal data for targeted advertising. That is, we will not use your data to push advertisements tailored to your interests or behaviors to you on different websites, applications or services.
• Right to Non-Discrimination: When exercising your privacy rights, you have the right to be free from discrimination. We will not refuse to provide you with goods or services, charge you different prices or rates, or provide you with services of different levels or quality solely because you exercise your rights under CCPA.
• Right to Correct Inaccurate Personal Information: You may request us to correct your inaccurate personal information. After we receive the request and verify your identity, we will review and correct the information within a reasonable time.
• Right to Know About Data Sale: You have the right to know whether we have sold your personal data, as well as the categories of sold personal data and the categories of buyers. You may submit a "request for data sale information" through the contact methods specified in Chapter 11 of this policy, and we will disclose the relevant information in the past 12 months within 15 working days.
• Methods to Exercise the Right to Opt Out of Sale: You may exercise the right to opt out of data sale through the following methods: 1. In-application Operation: You may opt out of data sale through the relevant switch in the privacy settings of the application; 2. Email Application: Send a request of "Opt Out of Data Sale" to the official service email and provide account information for identity verification. We will complete the operation within 10 working days after receiving the request and feed back the result to you.
(3) Rights Under Brazil's Lei Geral de Proteção de Dados (LGPD)
If you are located in Brazil, you enjoy the following rights in accordance with LGPD:
• Right of Access: You may request to obtain information related to your personal data held by us, including the purpose of processing, the category of data, the data recipient, the retention period and the source of the data.
• Right to Rectification: If your data is inaccurate, incomplete or outdated, you may request to rectify, update or supplement it to ensure the accuracy and completeness of the data.
• Right to Deletion: You may request us to delete your personal data from the system (within the scope permitted by law), which applies when the data is no longer necessary for the purpose of collection, you withdraw your consent, the processing is illegal, or you object to the processing and there is no overriding legitimate reason.
• Right to Information: You may inquire about the institutions with which we share your data, the reasons for sharing and the scope of sharing, and we will provide you with clear and detailed information about the sharing behavior.
• Right to Revoke Consent: You may withdraw your consent to specific data processing activities at any time, and the withdrawal does not affect the legality of the processing carried out before the withdrawal; we will provide a simple way to revoke consent.
• Right to Object: If the data processing is based on legitimate interests, public interests or the performance of public duties, you may object to the processing; unless we can prove that there is a mandatory legal reason overriding your interests, rights and freedoms, we will stop the processing.
• Right to Data Transfer: You may request us to transfer your personal data to you or a third party designated by you in a structured, common and machine-readable format; if technically feasible, we will assist in completing the transfer.
• Right to Complain: If you believe that your data protection rights have been infringed, you may complain to Brazil's National Data Protection Authority (ANPD).
(4) Rights Under the Virginia Consumer Data Protection Act (VCDPA) (for Virginia Residents)
If you are a resident of Virginia, USA, you enjoy the following rights in accordance with VCDPA:
• Right to Opt Out of Targeted Advertising: You may opt out of the use of your personal data for targeted advertising, including the display of advertisements to you based on your personal data collected on non-affiliated websites or applications.
• Right to Opt Out of Sale: You may opt out of the sale of your personal data to third parties. "Sale" under VCDPA refers to the exchange of personal data for money or other valuable consideration, and we will respond to your opt-out request in a timely manner.
• Right to Opt Out of Profiling: You may opt out of profiling that supports decisions that produce legal or similarly significant effects on you. Profiling refers to the evaluation, analysis or prediction of your behavior, preferences, health status or credit status through the automated processing of personal data.
• Right to Access, Correct and Delete: You may request access to your personal data held by us (including the category of collected data, the purpose of processing and the third parties with whom the data is shared); you may request to correct inaccurate or incomplete data; you may request to delete your personal data (except as required by laws, regulations or legitimate business purposes to retain).
• Right to Appeal: If we refuse your request to exercise the above rights, you have the right to appeal our decision. We will review and make a written reply within 60 days after receiving the appeal; if the appeal is still refused, we will inform you of the reasons and the way to complain to the Attorney General of Virginia.
• Methods to Exercise the Right to Opt Out of Data Sharing/Sales: You may exercise the right to opt out of personal data sharing or sale through the following methods:
○ 1. For opting out of "targeted advertising, data sale, and automated decision analysis": You may opt out of the above functions through the relevant switches in the privacy settings of the application;
○ 2. Email Application: Send a request of "Opt Out of Data Sharing/Sales" to the official service email, clearly stating the specific items to opt out. We will complete the operation within 20 working days after receiving the request and feed back the result to you.
(5) Ways to Exercise Rights Under the Above Laws
To exercise any of the above rights, please contact us through the official service email. When submitting a request, please clearly state the right to be exercised, the specific content of the request, and provide the necessary identity verification materials (to ensure that the request is made by you personally). We will respond to your request within the time limit required by applicable laws (usually 30 to 45 days). If it is necessary to extend the processing time due to the complexity of the request or the need to collect more information, we will notify you in writing within the initial response period, explaining the reason for the extension and the expected processing time. There is no charge for processing your reasonable request, but a reasonable fee may be charged for obviously excessive, repetitive or unfounded requests.
10. Updates to the Privacy Policy
We reserve the right to modify or update this privacy policy from time to time to reflect changes in relevant laws and regulations, adjustments to service functions or optimization of data processing practices. Any update to this privacy policy shall follow the principle of not reducing your legitimate rights and interests without your explicit consent. For minor changes that do not affect your core rights and interests, after the update takes effect, we will announce the updated content through ChatUp's in-app (such as the "Notifications" module) or official website (if any); for changes that may have a significant impact on your rights and interests (such as expanding the scope of personal information collection, changing the purpose of data processing, adjusting the way of information sharing, etc.), we will give prominent notice through in-app pop-ups, push notifications or sending emails to your registered email at least 7 days before the change takes effect, and remind you to carefully read the updated privacy policy. After the updated privacy policy takes effect, your continued use of ChatUp services will be deemed as acceptance of the updated content; if you do not accept it, you have the right to terminate the use of our services and apply for account cancellation.
You can view the latest version of this privacy policy through the "Privacy Policy" module in the ChatUp application at any time. We will also retain historical versions of the privacy policy for your reference, and you can apply to view the historical versions through customer service channels.
11. Contact Us and Explanation of the Data Controller
ChatUp is the processing controller of your personal information and assumes full responsibility for the legality, compliance and security of personal information processing activities involved in the provision of services. If you have any questions, opinions, suggestions or requests regarding this privacy policy, personal information processing matters or the exercise of privacy rights, you can contact us through the following ways:
1. Use the in-app customer service function of ChatUp: Enter the "My" page, select "Customer Service", and submit your inquiry or request.
2. Send an email to the official service email: 8coreeducation@gmail.com. When sending an email, please clearly indicate the subject of the inquiry or request (such as "Request for Access to Personal Information", "Questions About Privacy Policy") and provide your account information and contact details to facilitate our communication and reply.
3. Contact the Data Protection Officer (DPO): If you have professional consulting or demands related to data protection, you can contact our Data Protection Officer, Name: Ethan Miller, Contact Email: 8coreeducation@gmail.com.
We will try our best to review and respond to all valid inquiries within 15 working days after receiving them; if your inquiry involves complex issues that require an extension of processing time, we will promptly inform you of the processing progress. Your feedback is crucial to us, and we are committed to resolving your doubts in a timely and effective manner and continuously improving our privacy protection work.