AO.space Privacy Policy
Version update date: Mar. 20th, 2024
Effective date: Mar 20th, 2024
【Reminder Terms】
AO.space is a product developed by the Institute of Software, Chinese Academy of Sciences. AO.space ("we") is a solution that focuses on protecting personal data ownership, security and privacy. Utilizing end-to-end encryption and device-based authentication, users have complete control over their personal accounts and data. AO.space also employs various technologies, including transparent traffic forwarding, peer-to-peer acceleration, and LAN direct connection, to enable fast access to personal data from anywhere at any time. Account authentication and authorization in AO.space are managed solely by the server-side technology running on the personal device, thereby ensuring that users take the personal data into their own hands.
AO.space's vision is to protect the ownership of personal data and to create a digital space that is truly personal. Therefore, we understand the importance of user information security and respect and protect the privacy and personal information of our users.
Please note that this Privacy Policy applies only to users of AO.space products and/or services and that we have prompted you to review this Privacy Policy by prominently displaying it in the interface of AO.space products and/or services or by sending you a push message or otherwise notifying you. Except as otherwise provided in this Privacy Policy, we will not disclose or make available this information to third parties without your prior consent. By using or continuing to use our products and/or services, you are deemed to have agreed to this Privacy Policy in its entirety. This Privacy Policy is an integral part of the agreement governing the use of our products and/or services.
【This policy will help you understand the following】
1. Information We Collect and the Purpose of Use Accordingly
2. How we use cookies and similar technologies
3. How we share, transfer and publicly disclose your personal information
4. How we protect and store your personal information
5. Your rights
6. Protection of information of minors
7. Notices and Amendments
8. How to contact us
I. Information We Collect and the Purpose of Use Accordingly
Personal information refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person alone or in combination with other information.
Sensitive personal information refers to personal information that, once leaked, illegally provided or abused, may endanger personal and property safety, easily lead to damage to personal reputation, physical and mental health, or discriminatory treatment. We will only collect and use users' personal information for the following purposes described in this policy:
1. Login When you use AO.space products and/or services, you need to initialise AO.space first. You need to go through the process of device binding, network configuration, space information setting, security password setting, space access channel setting, etc. to start using AO.space .
1)Device Information When you create an AO.space user, you need to select a personal mobile device as the authentication ID for the first binding login. We will obtain your device attribute information (such as device model, device serial number, operating system version, device settings, MAC address, unique device identifier, advertising identifier IDFA and other software and hardware feature information), information about the location of the device (such as Wi-Fi, Bluetooth and other sensor information), device connection information (such as network operator, network connection type/connection method/connection status, Bluetooth, system language), SSID list obtained by scanning wireless LAN, user-configured wireless network SSID List, date, time, and duration of your access to the service, personal information collected by the scene: DHCP information (may include: local IP address, etc.), this type of information is the basic information that must be collected to provide services Your use of the basic functions of AO.space.
2)Domain Information As a first time user, you can create an administrator account by tethering your mobile device to AO.space. You can also become a family member authorised by the administrator and enter AO.space as a family member by binding your mobile device.
The administrator user enters the initialisation process after binding the device. Users can customise the name of their space, set a security password, choose their own access channel, and then by default, they will be given a personal domain name consisting of a string of characters, which will be used as the identity of your personal space. We will collect the information of the domain name you created to help you complete the login, if you do not agree, you may not be able to use our services normally.
User Type | Creation Method | User Info |
---|
Administrator | Bind personal mobile device | User personal domain name |
Family members | Bind personal mobile devices with administrator authorization |
User Type | Creation Method | User Info |
---|
Administrator | Bind personal mobile device | User personal domain name |
Family members | Bind personal mobile devices with administrator authorization |
3)Channel Authentication AO.space provides LAN channel, Internet channel and P2P acceleration channel (Internet channel can only be used after it is opened). At the same time, the Internet channel supports the services provided by AO.space official platform and other third-party services. We would like to remind you that if you choose to open the services provided by AO.space official platform (ao.space), you will need to enter the channel authentication process and obtain the verification code through your mobile phone number in mainland China to verify your identity. The collection of mobile phone numbers is to meet the requirements of relevant laws and regulations.
4)Bluetooth If you are using AO.space hardware products, we need you to choose to authorise the use of Bluetooth connectivity during the binding phase to access your Bluetooth privileges to enable the binding of devices and network settings. If you do not agree to this, you may not be able to initialise your device properly.
2. Uploading and downloading services When you use the file upload or download service, we need you to grant local file reading/writing/storage permissions. You can select local files such as pictures and videos for uploading or content already stored in the space for downloading through the prompts on the homepage interface. If you do not agree, you will not be able to preview the file, load the file list or load it slowly, upload or download the file. You can stop our collection of your information at any time by cancelling the authorisation to read/write/store your local files, after which you may not be able to use the uploading/downloading related services or functions, but it will not affect your normal use of other business functions that are not based on the above mentioned permissions.
3.Backup and Recovery You can find the backup and recovery function in [My - Settings - Backup], when you need to use this service, we need you to grant local file read/write/store permissions, you can cancel the system authorisation at any time to obtain read/write/store permissions to your local files, to stop our collection of your information. We support the automatic backup function, you can choose whether to enable it or not.
4.Album/Video Synchronisation You can turn on the automatic synchronisation of photos/videos in [My - Settings - Album Synchronisation], when you choose to use this function, you need to grant permission to read the album. When uploading photos/videos in albums, we will collect the geographic location information contained in the albums synchronously, and collect this information only for album management (e.g., footprints, memories, etc.) We will not combine the location information of your time periods in order to determine your whereabouts. You can stop the collection of your information at any time by cancelling the authorisation to read your albums.
5. Intelligent Photo Albums In order to help users manage photo albums more intelligently, AO.space relies on AI technology, which will intelligently categorise the face element tags in the album pictures into smart characters. If you use this feature, you can quickly find the pictures you need through the People Album. We will not store your picture information separately and will not use your pictures outside of this scenario.
6. Contacts application You can choose to install the [Address Book] application in your space to store/backup your address book information. When you install this application, you need to grant separate permissions to get the space avatar, name, domain name and read contacts/address book. This information is obtained for the purpose of importing or backing up your address book/contacts list. You can stop our collection of your information at any time by cancelling the system granting access to your address book/contacts.
7. Feedback When you fill in your feedback information, we may collect your personal email or mobile phone number and your chat and service history with us (including any other information you may provide to us during your interactions with us) so that we can get in touch with you quickly, address feedback as soon as possible, and improve/optimise our features and services.
Please note that when you open any permission, you authorize us to collect and use relevant personal information to provide you with corresponding services. Once you close any permission, it means that you cancel the authorization, and we will no longer continue to collect based on the corresponding permission. and the use of related personal information, it cannot provide you with the services corresponding to this permission. In order to exercise the above rights, you can turn on or turn off the corresponding function authorization in the settings of the Android/IOS system environment at any time, but your decision to turn off the permission will not affect the previous collection and use of information based on your authorization.
1)Optimizing services and developing functions
In order to understand the actual needs of user experience, optimization of services, and development of new functions, we may collect data from user participation in evaluation or feedback, such as evaluation content filled in by users, user group behavior data, and user feedback for evaluation and analysis.
2)Exceptions that require your prior authorization and consent
Please note that you are fully aware that in the following situations, the collection and use of personal information does not require your prior authorization and consent:
a. Those directly related to national security and national defense security;
b. Those directly related to public safety, public health, and major public interests;
c. Those directly related to criminal investigation, prosecution, trial and execution of judgments;
d. In order to protect your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain my consent;
e. The collected personal information is disclosed to the public by you;
f. Collecting personal information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels;
g. Necessary for entering into and performing a contract at your request;
h. Necessary for maintaining the safe and stable operation of the products or services provided, such as finding and disposing of faults in the products or services;
i. Necessary for legitimate news reporting;
j. When it is necessary to carry out statistical or academic research in the public interest, and when it provides the results of academic research or description to the outside world, the personal information contained in the results is de-identified;
k. Other circumstances stipulated by laws and regulations.
II. How we use cookies and similar technologies
We will send to your computer or mobile device one or more small data files called cookies, if you have not refused to accept cookies, cookies usually contain an identifier, a site name and some numbers and characters. The cookies sent to you are to ensure that you have an easier access experience, to achieve more thoughtful personalized service needs, to help optimize and organize your demand information, and to determine your login status and data security.
We will not use cookies for any purpose other than those described in this Privacy Policy. You have the right to choose to accept or refuse to accept cookies. You can refuse to accept cookies by modifying your browser settings. However, if you choose to refuse to accept cookies, you need to personally change the user settings every time you visit our website, but you may not be able to log in or use the web services or functions of this application that rely on cookies due to such changes.
III.How do we share, transfer and publicly disclose your personal information
1)Sharing
Unless you have separately agreed in advance or meet other legal and regulatory requirements, we will not share your personal information with any third party, except for information that has been anonymized and cannot be restored.
In the following cases, we may share your personal information with the following third parties: To provide business processing capabilities, improve service quality, or for other considerations, with your authorized consent, we may share your personal information with the Umeng+SDK: Umeng+SDK needs to collect your device's Mac address, unique device identification code (IMEI/android ID/IDFA/OPENUDID/IP address/GUID, SIM card IMSI information) to provide statistical analysis services and report data accuracy through geographic location calibration, and provide basic anti-cheating capabilities.
Please note that you can share your personal information or other information with third parties (including unspecified objects) based on the products and/or services provided by AO.space, but we are not responsible for information leakage, use, and other situations caused by your sharing behavior, and we are not liable for this.
2)Transfer
We will not transfer your personal information to any third party, except in the following cases:
a. Obtain your express consent or authorization in advance;
b. Provided in accordance with applicable laws and regulations, requirements of legal procedures, mandatory administrative or judicial requirements;
c. Provided in accordance with the relevant agreements signed with you (including electronic agreements signed online and corresponding platform rules) or other legal documents;
3)Public disclosure
We will only publicly disclose your personal information in the following circumstances:
a.Obtain your express consent;
b.Based on laws and regulations, legal procedures, litigation or mandatory requirements of government authorities.
4)Exceptions clause
In the following cases, the sharing, transfer and public disclosure of personal information does not require the prior authorization and consent of the personal information subject:
a.Those directly related to national security and national defense security
b.Directly related to public safety, public health, and major public interests;
c.Directly related to criminal investigation, prosecution, trial and execution of judgments;
d.In order to protect the life and property of the personal information subject or other individuals, but it is difficult to obtain the consent of the individual;
e. Personal information disclosed by the subject of personal information to the public;
f.Collecting personal information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels.
IV. How we protect and save your personal information
1)Information Security
a.We will collect, use, store, and transmit user information in accordance with the "minimum" principle and inform you of the purpose and scope of the relevant information use through user agreements and privacy policies.
b.We attach great importance to data security, and we will take all reasonable and feasible measures to protect your personal information. For this purpose, technically, we have adopted security protection measures that meet industry standards, such as data security encryption transmission, secure storage, etc., to protect the personal information you provide from unauthorized access, public disclosure, use, modification, damage, or loss. In terms of management, we regularly organize legal regulations related to security and privacy protection training, strengthen employees' awareness of the importance of protecting personal information; establish data classification management system and related management norms to ensure that your information is collected, transmitted, used, stored, transferred, and disposed of in compliance with relevant legal regulations and security requirements;
c.We remind you that the Internet is not an absolutely secure environment. When you interact with other users through social software, it is uncertain whether third-party software completely encrypts the transmission of information. Please ensure the security of your personal information and avoid sending personal information through such methods to prevent personal information leakage. Please use complex passwords to assist us in ensuring the security of your personal information.
d. We also ask you to understand that due to technological limitations and rapid development in the Internet industry, as well as various malicious attack methods that may exist, even if we do our best to strengthen security measures, it is impossible to always guarantee 100% information security. In the unfortunate event of a personal information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and your suggestions for self-prevention and risk reduction , remedies for you. We will promptly inform you of the relevant information of the event by email, letter, telephone, or push notification. When it is difficult to inform the subject of personal information one by one, we will publish an announcement in a reasonable and effective way.
e.In the event of merger, reorganization, bankruptcy, etc., we will require the data receiver to undertake data security responsibilities and obligations. If there is no data receiver, we will destroy the data. Where laws and administrative regulations provide otherwise, such provisions shall prevail.
f.For the information collected, we will keep it within the shortest period stipulated by law. After the storage period is exceeded, we will anonymize the information collected.
2)Storage period
We will retain your personal information for the necessary and shortest period of time when providing products and/or services to you. After the above storage period has expired, we will delete or anonymize your personal information. However, in the event that the retention period is otherwise specified by laws and regulations, you agree to retain it for a longer period of time, to ensure the security and quality of our services, to achieve dispute resolution purposes, or due to technical difficulties, we will extend the storage period in accordance with the law, the agreement, or within a reasonable range after the expiration of the above storage period.
3)Storage Location
our personal information is stored in the territory of the People's Republic of China. If your personal information may be transferred to overseas jurisdictions where you use products or services or accessed from such jurisdictions, we will strictly comply with the obligations stipulated by laws and regulations, and clearly inform you again and obtain your authorization and consent in accordance with the law to ensure the security of your personal information.
V. Your rights
1)Right to Query/Correct
In accordance with Chinese laws, regulations, standards, and common practices in other countries and regions, we ensure that you have the following rights to your personal information. If you have any questions or difficulties in exercising these rights, you can also contact us for feedback through the methods outlined in :How to Contact Us.
a.You can check and modify the personal information (such as signature, avatar, etc.) set when using the service by entering "My-Personal Information" on the Ao Space mobile app.
b.You can check and manage the information of product devices by entering "My-Device Management" on the Ao Space mobile app.
c.You can check and manage the space information of family members by entering "My Home" on the Ao Space mobile app.
2)Right to Deletion
You can request us to delete personal information in the following situations:
a.We violate laws and regulations or agreements in handling your personal information.
b.The purpose of our processing has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose.
c.We stop providing products or services, or the storage period has expired.
d.You withdraw your consent.
e.Other situations stipulated by laws and administrative regulations.
You can contact us through the Ao Space mobile app:"My-Help and Feedback-Feedback" or the web: "Feedback" at any time. After you delete information from our service, we may not immediately delete the corresponding information in the backup system, but we will delete this information when the backup is updated. Please be aware that if the retention period specified by laws and regulations or this privacy policy has not expired, or if deletion of personal information is technically difficult, we will stop processing other than storage and take necessary security measures.
3)Right to Withdraw Consent
When using the Ao Space product and/or service, some basic personal information is required to be completed. For the additional collection and use of your information, you can give or withdraw your authorization at any time.
You can modify the system permissions of related functions (such as location, address book, camera, push, etc.) at any time through your terminal device (such as mobile phone, tablet, etc.) to change the scope of consent or withdraw your authorization. After you withdraw your consent, we cannot continue to provide services corresponding to the withdrawn consent and will no longer collect/use the corresponding personal information. However, your decision to withdraw consent will not affect the personal information processing based on your consent before.
4)Right to Cancel
All user accounts in Ao Space are independent of each other, and we provide corresponding cancellation permissions according to account types.
The management user can enter "My-Device Management" on the Ao Space mobile app and click "Unbind Device" to complete the unbinding operation after passing the security password verification.
Family member users can be cancelled by the administrator user. The administrator enters "My-Home", selects the user to be cancelled, and clicks "Delete Member". Once deleted, all records and storage in the account space will be cleared.
For your reasonable requests, we generally do not charge fees, but for repeated requests beyond reasonable limits, we will charge certain costs depending on the situation. We may refuse requests that are groundless, require too many technical means, pose risks to the legitimate rights and interests of others, or are very unrealistic.
5)Right to Advance Notice of Product and/or Service Cessation
If the product and/or service stops operating due to special reasons, we will notify you in a reasonable period of time on the main page of the product or service, internal messages, or by sending you an email or other appropriate means of reaching you, and stop collecting your personal information. At the same time, we will delete or anonymize the personal information we have collected in accordance with legal requirements.
6)Exceptions to the Exercise of Rights
In the following situations, we will be unable to respond to your requests for correction, deletion, or cancellation of information in accordance with legal requirements:
a. Directly related to national security and national defense security.
b.Directly related to public safety, public health, and major public interests.
c.Directly related to criminal investigation, prosecution, trial, and execution of judgments.
d.We have sufficient evidence that you have subjective malice or abuse of rights (such as your request will harm public safety and the legitimate rights and interests of others, or your request exceeds the scope that general technical means and commercial costs can cover).
e. Responding to the request of the personal information subject will cause serious damage to your or other individuals' or organizations' legitimate rights and interests.
f.Involving trade secrets.
VI. Protection of Minor Information
We provide products and services primarily for adults. If you are a minor, we require you to ask your parents or guardians to read this Privacy Policy carefully, and use our services or provide us with information with the consent of your parents or guardians.
For the collection of minors' personal information using our products or services with the consent of parents or guardians, we will only use, share, and transfer minors' personal information permitted by laws and regulations, express consent of parents or guardians, or necessary to protect minors or disclose this information.
If at any time the guardian has reason to believe that we have collected the personal information of minors without the consent of the guardian, please pass the AO.space mobile terminal: [My-Help and Feedback-Product Suggestion], Web: [Feedback] Contact us and we will take steps to delete the relevant data as soon as possible.
VII. Notice and Amendment
Our Privacy Policy is subject to change. We will not reduce your rights under this Privacy Policy without your express consent. We will post any changes to this Privacy Policy on this page, and it is recommended that you check the latest version of the Privacy Policy while online.
For major changes, we will notify you on the main exposure page of the product or service or on the website, or send you an email or other suitable means to reach you. If you do not agree to such changes, you can stop using our products and services, and if you continue to use our products and/or services, you agree to be bound by the revised Privacy Policy.
Material changes referred to in this policy include, but are not limited to:
1. Significant changes to our service model. Such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.;
2. We have undergone significant changes in ownership structure, organizational structure, etc. Such as changes in owners caused by business adjustments, bankruptcy mergers and acquisitions, etc.;
3. The main object of personal information sharing, transfer or public disclosure has changed;
4. Significant changes in your rights to participate in the processing of personal information and the way they are exercised;
5. When our responsible department responsible for handling personal information security, contact information and complaint channels change;
6. When the personal information security impact assessment report indicates that there is a high risk;
7. When other important or potentially serious situations occur that may affect your personal rights and interests.
VIII. How to contact us
If you have any questions and comments about the contents of this statement and policy, or if you have any questions and comments about the practice and operation of this privacy policy, you can pass the AO.space mobile terminal: [My-Help and Feedback] or Web: [Comments and Feedback] ,or contact us via service@ao.space.
In order to ensure timely processing and feedback, you need to provide a written request and valid contact information. We may need to verify your identity. Under normal circumstances, we will make a reply and reasonable explanation within fifteen working days after verifying your identity or within the time limit stipulated by laws and regulations.
Attached: Glossary
1. Personal information refers to various information recorded in electronic or other ways that is related to identified or identifiable natural persons, excluding anonymized information. Personal information includes name, date of birth, ID card number, personal biometric information, address, communication contact information, communication records and content, account passwords, property information, credit information, travel trajectory, accommodation information, health and physiological information, transaction information, etc.
2. Sensitive personal information refers to personal information that, once leaked or illegally used, may easily harm the personal dignity, physical or property safety of natural persons, including biometric information, religious beliefs, specific identities, medical health, financial accounts, travel trajectory, etc., as well as personal information of minors under the age of 14.
3. Device information may include device attribute information (such as hardware model, operating system version and system status, device configuration, International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), Media Access Control (MAC) address, Identifier for Advertising (IDFA), Identifier for Vendors (IDFV), Mobile Equipment Identifier (MEID), anonymous device identifier (OAID), Integrated Circuit Card Identifier (ICCID), Android ID, hardware serial number, etc.) used to install and run Ao Space products and/or services, device connection information (such as browser type, telecom operator, WIFI information), and device status information (such as device application installation list, device sensor information).
4. Log information refers to the requests automatically recorded by our servers when you access Ao Space products and/or services, such as your IP address, browser type and language used, hardware device information, operating system version, network operator information, date, time, and duration of your access to the service, and other information provided, generated, or retained when you use our products or services.
5. Cookies refer to a mechanism that supports servers (or scripts) to store and retrieve information on clients, extending web-based client/server applications by adding simple, persistent client states. When the server returns an HTTP object to the client, it also sends a status message, which is saved by the client. The status message specifies the valid URL range under this status. Subsequently, HTTP requests initiated by the client within this range will return the current value of the status message to the server without any additional information, and this status message is called a cookie.
6. Location information refers to precise location information obtained through GPS information, WLAN access points, Bluetooth, base stations, and other sensor information, as well as rough geographic location information obtained through IP addresses or other network information.
7. De-identification refers to the process of processing personal information so that it cannot identify specific natural persons without additional information.
8. Anonymization refers to the process of technically processing personal information so that the subject of personal information cannot be identified, and the processed information cannot be restored. The information obtained after personal information is anonymized does not belong to personal information.