Shanghai Chujin Chuangyue Information Technology Co., Ltd. and its affiliates (hereinafter referred to as "we," "us," or "our") as the operator of "XuanTu AI" (hereinafter referred to as "XuanTu"), deeply understand the importance of your personal information. We are committed to protecting your personal information and maintaining your trust in us by adhering to the following principles:
- Principle of Accountability
- Principle of Purpose Specification
- Principle of Consent
- Principle of Data Minimization
- Principle of Security Safeguards
- Principle of Individual Participation
- Principle of Openness and Transparency
XuanTu commits to protecting your personal information in accordance with internationally recognized security standards. Please read and understand this Privacy Policy before submitting any personal data to XuanTu. The following privacy policy outlines our practices regarding the collection, use, storage, and protection of your personal information.
1. Collection and Use of Personal Information
We collect information that you actively provide when using our services, as well as information automatically collected through automated means during your use of our features or services:
1.1 Registration, Login, Authentication, and Account Deletion
(1) Third-Party Account Login:
- You may use third-party accounts (e.g., WeChat, Apple ID, Google, Facebook) to authorize login and use XuanTu services
- You authorize us to obtain your public information (avatar, nickname) and other authorized information from these third-party platforms
- This information will be used to create your XuanTu account and link it with your authorized third-party account
- You may choose to add a personal introduction to complete your profile
(2) Clipboard Access:
- When using third-party login, we may need to write and read necessary information from your clipboard
- This information is solely used for login purposes and will not collect your private information
(3) Required Information:
- For information we need but cannot obtain from third parties, we will request you to provide it
- If you refuse to provide such information, you may not be able to use certain services
(4) Identity Verification:
- For features requiring identity verification, you must ensure your third-party accounts have completed real-name registration as required by applicable laws
- You may need to provide your real identity information for verification
- You may refuse to provide this information, but you may not be able to use certain features while still having access to other XuanTu functions
(5) Account Creation:
- When registering or logging in, you can create an account using:
- Email address
- Mobile phone number (including country code for international users)
- Other online identifiers
- Contact information is necessary for account security and service delivery
- After registration, you may complete your profile with additional information that will be displayed to other users
1.2 Ensuring Normal and Secure Operation of XuanTu
1.2.1 Operations and Security
We are committed to providing you with secure and reliable products and services. To maintain the normal operation of our services and protect the legitimate interests of you, other users, and the public, we collect necessary information for maintaining product security and operational stability.
1.2.2 Device and Log Information
(1) Device Information:
We may collect:
- Hardware model
- Operating system version
- Device identifiers:
- For Android devices: IMEI/MEID, AndroidID, OAID, IMSI, SIM card information (e.g., ICCID), GAID, hardware serial number (SN)
- For iOS devices: IDFV, IDFA
- Network device MAC address
- IP address
- WLAN access points (SSID, BSSID)
- Bluetooth information
- Base station information
- Software version
- Network access method and status
- Network quality data
- Operation logs
- Device sensor data
- Carrier information
(2) Security and Performance Information:
To prevent malicious programs and ensure operational quality, we collect:
- Installed application information
- Software list
- Running process information
- Application usage patterns and frequency
- App crash information
- Overall installation and usage statistics
- Performance data
- Application sources
(3) Account Security:
We may use:
- Your account information
- Device information
- Service logs
- Information from our affiliates and partners (with your authorization or as legally permitted) For:
- Account and transaction security assessment
- Identity verification
- Detecting and preventing security incidents
- Taking necessary measures as required by law
1.3 Image Editing and Related Features
XuanTu provides:
- Image editing
- Partial image redrawing
- Text-to-image generation
- Media file download/local storage/sharing capabilities
Required Permissions:
- Photo gallery access (storage) - This is considered sensitive permission
- We will only access these permissions after your explicit authorization
- If you decline these permissions, you can still use other XuanTu services not requiring these permissions
1.4 Face data
We collect and process facial data solely for the purpose of providing the AI Face Swap feature, enabling users to merge their facial features with preset templates or other images. We do not use facial data for identity verification, user profiling, or any other purpose not explicitly authorized.
The face data is not retained after the face swap effect is completed, the maximum length of time of face data storage is 24 hours.
We do not share users' facial data with any third parties.
1.5 Notifications
You acknowledge and agree that:
- We may send notifications to your provided contact methods (e.g., email, phone number) for:
- User notifications
- Identity verification
- Security verification
- User experience surveys
- New feature announcements
- Promotional information
- Opt-out options:
- You can unsubscribe through the provided opt-out method in messages
- You can contact us directly to opt out
- Opting out of promotional messages will not affect service-related notifications
1. Information Storage and Protection
2.1 Data Storage
(1) Storage Location:
- Primary data centers are located in mainland China
- International data centers in:
- Singapore
- United States
- European Union
- Data may be transferred between these locations in compliance with applicable laws
(2) Storage Period:
- We retain your personal information only for the minimum time necessary
- Standard retention period: Duration of your use of XuanTu services plus 6 months
- Extended retention may apply when:
- Required by laws and regulations
- Necessary for dispute resolution
- Protecting our legitimate business interests
- After the retention period:
- Personal information will be deleted or anonymized
- Deletion may take additional time due to backup systems
2.2 Information Security Measures
We implement industry-standard security measures including:
(1) Technical Measures:
- TLS 1.3 encryption for data transmission
- Advanced encryption for stored data
- Access control systems
- Network security monitoring
- Anti-DDoS protection
- Regular security assessments
(2) Administrative Controls:
- Strict employee access controls
- Regular staff security training
- Data classification system
- Internal audit procedures
- Incident response plan
(3) Physical Security:
- Data center security
- Access control systems
- Environmental controls
- Backup power systems
2.3 Security Incident Response
In case of a security incident:
- We will activate our incident response plan immediately
- Notify affected users without undue delay
- Provide:
- Description of the incident
- Potential impact
- Measures taken
- Recommendations for users
- Report to relevant authorities as required by law
2. Information Sharing and Transfer
3.1 Information Sharing
We may share your information with:
(1) Service Providers:
- Cloud service providers
- Payment processors
- Analytics services
- Customer support services Under strict confidentiality agreements
(2) Business Partners:
- Only with your explicit consent
- Limited to necessary information
- Subject to our security requirements
(3) Legal Requirements:
- When required by law
- In response to legal proceedings
- To protect our rights
- To protect public interest
3.2 International Data Transfers
When we transfer your data internationally:
- We ensure adequate protection measures
- Comply with local data protection laws
- Use standard contractual clauses
- Implement additional safeguards as needed
3. Your Rights and Controls
4.1 Your Rights
You have the following rights regarding your personal information:
(1) Access Rights:
- Request a copy of your personal data
- Know what information we hold about you
- Understand how we use your data
- View your data in a machine-readable format
(2) Correction Rights:
- Update incorrect information
- Complete incomplete information
- Modify profile information
- Update contact details
(3) Deletion Rights:
- Request deletion of your personal data
- Account deletion options
- Right to be forgotten (where applicable)
- Removal from marketing lists
(4) Data Portability:
- Receive your data in a structured format
- Transfer your data to another service
- Download your content and information
(5) Restriction Rights:
- Limit how we use your data
- Opt-out of specific processing
- Restrict marketing communications
- Control third-party sharing
(6) Objection Rights:
- Object to processing of your data
- Withdraw consent
- Stop direct marketing
- Challenge automated decisions
4.2 How to Exercise Your Rights
You can exercise these rights through:
(1) In-App Settings:
- Privacy settings
- Account management
- Notification preferences
- Data sharing controls
(2) Contact Methods:
- Email: xuantuagi@gmail.com
- Customer support
- Online help center
- Data protection officer
Response Time:
- We will respond within 30 days
- Complex requests may require an extension
- We'll keep you informed of progress
4. Children's Privacy
5.1 Age Restrictions
- Users must be at least 16 years old (EU/UK)
- Users must be at least 13 years old (US)
- Users must be at least 14 years old (China)
- Other regions as per local requirements
5.2 Protection Measures
If we discover we've collected information from a minor:
- We will delete the information immediately
- Terminate the account
- Notify parents/guardians where possible
5.3 Parental Controls
For legitimate use by minors:
- Parental consent required
- Parental monitoring tools available
- Limited feature access
- Enhanced privacy protection
5. Updates to Privacy Policy
6.1 Policy Changes
We reserve the right to update this Privacy Policy:
- To reflect changes in our practices
- To comply with new regulations
- To incorporate user feedback
- To improve clarity and accuracy
6.2 Notification of Changes
When we make material changes:
- We will notify you through:
- In-app notifications
- Email notifications
- Website announcements
- Push notifications
- Important changes may require:
- Re-consent
- Acknowledgment
- Active opt-in
6.3 Previous Versions
- Access to previous policy versions available upon request
- Archive of policy changes maintained
- Change log available for review
- Comparison tools for policy versions
6. Contact Us
7.1 General Inquiries
For questions about this Privacy Policy:
- Email: xuantuagi@gmail.com
- Customer Support Portal: support.xuantu.ai
- Business Hours: 9:00-18:00 (GMT+8)
- Response Time: Within 2 business days
7.2 Data Protection Officer
For specific privacy concerns:
- DPO Email: xuantuagi@gmail.com
7. Governing Law
8.1 Applicable Law
This Privacy Policy is governed by:
- Laws of the People's Republic of China
- Local data protection regulations
- International data protection standards
- Industry best practices
8.2 Jurisdiction
- Primary jurisdiction: Shanghai, China
- Additional jurisdictions as required by local law
- User rights under local regulations preserved
8.3 Dispute Resolution
For privacy-related disputes:
8. Direct communication
9. Mediation
10. Legal proceedings
11. Alternative dispute resolution