Privacy Policy

CHAPTER ONE: GENERAL PROVISIONS

Article 1: Introduction and Scope of Application

HeDuck (hereinafter referred to as "the Platform," "we," "us," "our," or "the Service Provider") understands the importance of your personal information and is fully committed to ensuring its security and protection. We are dedicated to maintaining your trust in us by adhering to the following principles in protecting your personal information: principle of accountability, principle of purpose limitation, principle of consent, principle of data minimization, principle of security, principle of individual participation, and principle of transparency. We also commit to adopting appropriate security measures in accordance with mature industry standards to protect your personal information.

This Privacy Policy (hereinafter referred to as "this Policy") applies to your access to and use of the products and/or services provided by the Platform through any means (hereinafter collectively referred to as "the Service"), including but not limited to: services provided through the Platform's website, mobile applications, mini-programs, embedded applications, software development kits (SDKs), application programming interfaces (APIs), plugins, extensions, or any other form. Whether or not you register or log in to the Platform, this Policy applies to you as long as you use the Service.

Please read and fully understand all the contents of this Policy before using the Service. If you do not agree with any content of this Policy, you should immediately stop using the Service. When you use the Service in any way, it means that you have fully read, understood, and agreed to be bound by this Policy, and this Policy shall have legal effect between you and the Platform. If you have any questions, comments, or suggestions about this Policy, you may contact us through the contact information provided at the end of this Policy.

Article 2: Definitions and Interpretations

Unless otherwise specified in this Policy, the following terms shall have the following meanings in this Policy:

• Personal Information: Refers to various information recorded electronically or by other means relating to an identified or identifiable natural person, excluding information that has been anonymized. Personal information includes name, date of birth, identification document number, personal biometric information, address, communication contact information, communication records and content, account password, property information, credit information, location data, accommodation information, health and physiological information, transaction information, etc.
• Sensitive Personal Information: Refers to personal information that, once leaked or illegally used, may easily lead to infringement of personal dignity or harm to personal or property safety, including biometric data, religious beliefs, specific identities, medical and health information, financial accounts, location data, etc., as well as personal information of minors under the age of fourteen.
• Personal Information Processor: Refers to an organization or individual that independently determines the purpose and method of processing in personal information processing activities. Under this Policy, the Platform is the personal information processor.
• Processing of Personal Information: Includes collection, storage, use, processing, transmission, provision, disclosure, and deletion of personal information.
• Anonymization: Refers to the process by which personal information is processed so that it cannot identify a specific natural person and cannot be restored.
• De-identification: Refers to the process by which personal information is processed so that it cannot identify a specific natural person without the use of additional information.
• User or You: Refers to the natural person individual who uses the Service.
• Affiliates: Refers to any company, institution, or entity that controls, is controlled by, or is under common control with the Company.
• Third Party: Refers to any natural person, legal person, or other organization other than the Platform and its affiliates.
• Cookie: Refers to a small data file stored on your device that is used to identify your browser or store information.
• Device Identifier: Refers to a unique code assigned to your device, including but not limited to IMEI, IDFA, Android ID, MAC address, OAID, etc.

Article 3: Updates and Notifications of Privacy Policy

We may update or revise this Policy from time to time due to business adjustments, changes in laws and regulations, or regulatory requirements. When significant changes are made to this Policy, we will notify you through one or more of the following methods: (1) posting an update notice in a prominent location on the Platform website or application; (2) sending an email notification to the email address you provided during registration; (3) sending a notification through the Platform's in-site messaging system; (4) alerting you through a pop-up window or other prominent means when you next log in or use the Service. We recommend that you regularly review this Policy to understand how we protect your personal information.

If you continue to use the Service after the updated Policy takes effect, it means that you have read, understood, and agreed to accept the updated Policy. If you do not agree with the updated Policy, you should stop using the Service. For significant changes, we will also provide more prominent notice (including but not limited to public announcements on the Platform or sending separate notices to you). Significant changes referred to in this Policy include but are not limited to: (1) significant changes in our service model, such as the purpose of processing personal information, the types of personal information processed, the way personal information is used, etc.; (2) significant changes in ownership structure, organizational structure, etc., such as changes in ownership caused by business adjustments, bankruptcy mergers and acquisitions, etc.; (3) changes in the main objects of personal information sharing, transfer, or public disclosure; (4) significant changes in your rights regarding personal information processing and the way they are exercised; (5) changes in the responsible department, contact information, and complaint channels for handling personal information security; (6) when the personal information security impact assessment report indicates high risk.

CHAPTER TWO: COLLECTION OF PERSONAL INFORMATION

Article 4: Types of Personal Information We Collect

To provide you with the Service, we need to collect and process certain personal information about you. The types of personal information we collect may vary depending on the service features you use. The following is a detailed description of the personal information we may collect:

4.1 Account Registration Information

When you register a Platform account, we will collect the following information that you actively provide:

• Email Address: Used for account registration, login verification, password recovery, receiving service notifications and important information. Your email address is one of the unique identifiers of your account, and we will use it to verify your identity and communicate with you as necessary.
• Password: Used to protect the security of your account. We use industry-standard encryption technology to encrypt and store your password to ensure that even in the event of a data breach, your password cannot be directly read.
• Nickname or Display Name: Used to identify you in the Service and display in interactions with other users. You may choose to use your real name or any name you prefer as your nickname.
• Referral Code (optional): If you register through another user's referral link or referral code, we will record the relevant referral relationship in order to provide corresponding rewards to the referrer.

4.2 Service Usage Information

When you use the Service, we will collect the following information:

• Conversation Content: Including all text information you enter in mediation sessions. This information is essential for providing our core service, as our AI system needs to analyze this content to provide mediation suggestions and assistance. Please note that your conversation content may contain sensitive information, and we will protect the security and privacy of this data to the highest standards.
• Session Information: Including session topic, creation time, participant information, session status, invitation code, etc. This information is used to manage and organize your mediation sessions.
• AI-Generated Content: Including fact drafts, mediation suggestions, resolution reports, and other content generated by our AI system based on your conversation content.
• User Feedback: If you provide us with feedback, suggestions, or complaints, we will collect the relevant information you provide.

4.3 Automatically Collected Technical Information

When you access or use the Service, we automatically collect the following technical information:

• Device Information: Including device model, operating system type and version, screen resolution, device unique identifiers (such as IMEI, IDFA, Android ID, MAC address, OAID, etc.), device manufacturer, device language settings, timezone settings, etc. This information helps us optimize the Service to adapt to different device environments.
• Network Information: Including IP address, network type (such as WiFi, 4G, 5G, etc.), carrier information, network connection status, etc. IP addresses may be used to roughly determine your geographic location (usually accurate to the city level).
• Browser Information: Including browser type and version, browser language settings, browser plugin information, etc.
• Access Logs: Including access time, accessed pages, access source (referral URL), page dwell time, clickstream data, etc.
• Performance Data: Including page load time, error logs, crash reports, etc., used to monitor and improve service quality.

4.4 Information Collected Through Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, local storage (such as HTML5 localStorage), and similar technologies to collect and store information about how you use the Service. These technologies help us:

• Remember your login status so you don't have to log in again each time you visit
• Remember your preference settings, such as language selection, theme settings, etc.
• Understand how you use the Service so we can improve the user experience
• Conduct service analysis and performance monitoring
• Prevent fraud and abuse

Article 5: Methods of Collecting Personal Information

We collect your personal information through the following methods:

• Information You Actively Provide: When you register an account, create or participate in mediation sessions, submit feedback, or contact customer service, you will actively provide certain personal information to us.
• Automatic Collection: When you access or use the Service, we will automatically collect certain information through technical means, such as device information, log information, etc.
• Third-Party Sources: In some cases, we may obtain information about you from third parties, such as when you use a third-party account to log in to the Service, or when you register through another user's referral link.

Article 6: Legal Basis for Collecting Personal Information

The legal basis for our processing of your personal information includes but is not limited to:

• Your Consent: When you register an account and agree to this Policy, you consent to our collection and processing of your personal information in accordance with this Policy. For certain specific personal information processing activities, we may separately seek your explicit consent.
• Contract Performance: To provide you with the Service, we need to process certain personal information. This is a necessary condition for fulfilling the service agreement between us and you.
• Legal Obligations: In some cases, we may need to process your personal information in accordance with applicable laws and regulations.
• Legitimate Interests: Without harming your fundamental rights and freedoms, we may process your personal information based on legitimate interests, such as to improve service quality, prevent fraud, etc.

CHAPTER THREE: USE OF PERSONAL INFORMATION

Article 7: Purposes of Using Personal Information

We use the personal information collected for the following purposes:

7.1 Providing Core Services

• Creating and managing your account
• Verifying your identity and protecting account security
• Processing your mediation session requests
• Analyzing conversation content through AI technology and providing mediation suggestions
• Generating fact drafts and resolution reports
• Managing session invitations and participants
• Recording and displaying session history

7.2 Service Communication

• Sending you service-related notifications and updates
• Responding to your inquiries, feedback, and complaints
• Providing customer support services
• Notifying you of changes to this Policy or Terms of Service

7.3 Service Improvement and Optimization

• Analyzing service usage trends and patterns
• Conducting user behavior research and analysis
• Developing new features and services
• Improving existing features and user experience
• Conducting A/B testing and product optimization
• Conducting service quality monitoring and performance optimization

7.4 Security and Compliance

• Detecting, preventing, and addressing fraud, abuse, or illegal activities
• Protecting the rights, property, or safety of the Platform, users, and the public
• Enforcing our Terms of Service and other policies
• Complying with applicable laws, regulations, and regulatory requirements
• Responding to legal processes and government requests

7.5 Marketing and Promotion (with Your Consent)

• Sending you promotional information and special offers (only if you choose to receive them)
• Conducting market research and surveys
• Personalizing your service experience

Article 8: AI Processing Disclosure

The core functionality of the Service relies on artificial intelligence technology. To provide you with mediation services, we need to send your conversation content to third-party AI service providers for processing. The following is a detailed description of AI processing:

• AI Service Providers: The AI service providers we currently use include but are not limited to OpenRouter, Google, etc. These service providers may be located in different jurisdictions and have their own privacy policies.
• Data Transmission: Your conversation content will be transmitted to the AI service provider's servers for processing through encrypted connections. We only transmit the information necessary to provide the service.
• Data Processing: AI service providers will process your conversation content to generate mediation suggestions, fact drafts, and resolution reports. After processing is complete, AI service providers will not permanently store your conversation content.
• Model Training: We will not use your conversation content for AI model training or improvement. Your conversation content is only used to provide you with immediate mediation services.
• Data Security: We have signed data processing agreements with AI service providers, requiring them to take appropriate security measures to protect your data.

Article 9: Automated Decision-Making

The Service uses artificial intelligence technology for automated processing, including analyzing conversation content, generating mediation suggestions, etc. We will not use fully automated methods to make decisions that have a significant legal impact on you. All AI-generated content is for reference only, does not constitute professional advice, and the final decision is always in your hands.

CHAPTER FOUR: SHARING, TRANSFER, AND DISCLOSURE OF PERSONAL INFORMATION

Article 10: Sharing of Personal Information

We commit not to sell your personal information. We will only share your personal information with third parties in the following circumstances:

10.1 Sharing with Your Consent

After obtaining your explicit consent, we may share your designated personal information with third parties.

10.2 Sharing with Service Providers

We may share your personal information with third parties that provide services for us, including but not limited to:

• Cloud Service Providers: For data storage and processing (such as Google Firebase)
• AI Service Providers: For processing conversation content and generating mediation suggestions (such as OpenRouter, Google AI)
• Analytics Service Providers: For service analysis and performance monitoring
• Customer Service Providers: For providing customer support services
• Payment Service Providers: For processing payments (if applicable)

We will only provide service providers with the personal information necessary to fulfill their service responsibilities and require them to process your personal information in accordance with our instructions and this Policy. We have signed data processing agreements with these service providers, requiring them to take appropriate confidentiality and security measures.

10.3 Sharing with Affiliates

We may share your personal information with our affiliates to provide you with better services or conduct business operations. Affiliates' use of your personal information will be subject to this Policy.

10.4 Sharing Required by Law

We may disclose your personal information in accordance with legal provisions or legitimate requests in the following circumstances:

• To comply with applicable laws, regulations, legal processes, or mandatory government requirements
• To enforce our Terms of Service or other agreements
• To protect the rights, property, or safety of the Platform, our users, or the public
• To detect, prevent, or address fraud, security, or technical issues
• To respond to emergencies to protect the personal safety of any person

Article 11: Transfer of Personal Information

We will not transfer your personal information to any company, organization, or individual, except in the following cases:

• Transfer with Your Consent: After obtaining your explicit consent, we may transfer your personal information to third parties.
• Business Transfer: In the event of a merger, acquisition, asset transfer, or similar transaction involving the transfer of personal information, we will require the new company or organization holding your personal information to continue to be bound by this Policy; otherwise, we will require that company or organization to obtain your authorization and consent again.

Article 12: Public Disclosure of Personal Information

We will not publicly disclose your personal information, except in the following cases:

• Public disclosure with your explicit consent
• Public disclosure based on legal provisions or reasonable grounds: In the case of legal provisions, legal processes, litigation, or mandatory requirements of government authorities, we may publicly disclose your personal information.

CHAPTER FIVE: STORAGE AND PROTECTION OF PERSONAL INFORMATION

Article 13: Information Storage

Storage Location: Your personal information is primarily stored on the Google Firebase platform, whose servers may be located in different countries or regions. We will ensure that your personal information is properly protected during transmission and storage.

Storage Period: We will retain your personal information for as long as necessary to achieve the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Information: We will retain your account information while your account is active. If you delete your account, we will delete or anonymize your personal information within a reasonable time, except as required by law.
• Conversation Content: Conversation content will be retained after the session ends so that you can view historical records. You can delete sessions at any time.
• Log Information: Log information is usually retained for a shorter period (usually no more than one year), after which it will be deleted or anonymized.
• Legal Compliance: In some cases, we may need to retain your personal information longer in accordance with legal requirements.

Article 14: Information Security

We attach great importance to the security of your personal information and have taken various reasonable technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, modification, or destruction. These measures include but are not limited to:

14.1 Technical Measures

• Transmission Encryption: We use industry-standard TLS/SSL encryption technology to protect the security of data during transmission
• Storage Encryption: Sensitive data is encrypted during storage
• Password Security: User passwords are encrypted and stored using one-way hash algorithms, so that even in the event of a data breach, the original password cannot be recovered
• Access Control: Strict access control mechanisms are implemented to ensure that only authorized personnel can access personal information
• Security Audits: Regular security audits and vulnerability scans are conducted
• Firewalls and Intrusion Detection: Firewalls and intrusion detection systems are deployed to protect server security

14.2 Organizational Measures

• Employee Training: Data protection training is provided to employees with access to personal information
• Confidentiality Agreements: Employees are required to sign confidentiality agreements
• Principle of Least Privilege: Employees can only access personal information necessary for their job responsibilities
• Security Incident Response: Security incident response mechanisms are established to handle security incidents in a timely manner

Article 15: Security Incident Handling

Although we have taken various security measures, internet transmission and electronic storage methods are not 100% secure. If a personal information security incident occurs, we will notify you in a timely manner in accordance with the requirements of applicable laws and regulations, including but not limited to: the basic situation of the security incident, the remedial measures we have taken or will take, measures you can take to reduce risks, and remedial measures we offer to you. We will notify you by email, in-site message, or other appropriate means.

CHAPTER SIX: YOUR RIGHTS

Article 16: Rights You Have Regarding Your Personal Information

In accordance with applicable laws and regulations, you have the following rights regarding your personal information:

16.1 Right of Access

You have the right to access the personal information we hold about you, including account information, session history, etc. You can view most of the information by logging into your account. If you need to obtain a copy of other personal information we hold, please contact us through the contact information provided at the end of this Policy.

16.2 Right of Rectification

If you find that the personal information we hold about you is inaccurate or incomplete, you have the right to request that we make corrections. You can correct certain information (such as your nickname) through the account settings page, or request correction of other information by contacting us.

16.3 Right of Deletion

You have the right to request deletion of your personal information in the following circumstances:

• The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose
• We have stopped providing products or services, or the retention period has expired
• You withdraw your consent
• We process personal information in violation of laws and regulations or agreements with you
• Other circumstances stipulated by laws and regulations

You can delete your account through account settings. After your account is deleted, we will delete or anonymize your personal information within a reasonable time, except as required by law. Please note that deleting your account is an irreversible operation.

16.4 Right of Data Portability

Where technically feasible, you have the right to request that we provide you with a copy of your personal information in a structured, commonly used, and machine-readable format, or request that we transfer your personal information to a third party you designate.

16.5 Right to Withdraw Consent

For processing of personal information based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal. You can withdraw your consent through account settings or by contacting us.

16.6 Right to Restrict Processing

In some cases, you have the right to request that we restrict the processing of your personal information.

16.7 Right to Object

You have the right to object to our processing of your personal information based on legitimate interests. If you object, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for continued processing.

Article 17: How to Exercise Your Rights

You can exercise the above rights through the following methods:

• Self-service operations through the account settings page
• Contact us through the contact information provided at the end of this Policy

To protect the security of your personal information, we may need to verify your identity before processing your request. We will respond to your request within a reasonable time (usually no more than 30 days) after receiving it. If we cannot fulfill your request, we will explain the reasons to you.

CHAPTER SEVEN: COOKIE POLICY

Article 18: Use of Cookies

We use cookies and similar technologies (such as web beacons, pixel tags, local storage, etc.) to collect and store information about how you use the Service. The following is a detailed description of the types of cookies we use and their purposes:

18.1 Necessary Cookies

These cookies are essential for the normal operation of the Service. They enable you to use the basic features of the Service, such as authentication, session management, etc. Without these cookies, the Service will not function properly. Necessary cookies usually include:

• Authentication Cookies: Used to identify logged-in users
• Session Cookies: Used to maintain your session state
• Security Cookies: Used to detect and prevent fraudulent activities

18.2 Functional Cookies

These cookies allow us to remember your preference settings to provide a more personalized experience. Functional cookies usually include:

• Language Preference Cookies: Remember your language selection
• Theme Preference Cookies: Remember your interface theme settings

18.3 Analytics Cookies

These cookies help us understand how visitors interact with the Service, enabling us to improve service quality. Information collected by analytics cookies is usually anonymous and includes pages visited, time spent, clickstream data, etc.

Article 19: Managing Cookies

Most web browsers allow you to manage cookies through browser settings. You can set your browser to reject all cookies or prompt you when receiving cookies. However, please note that if you disable or reject cookies, some features of the Service may not function properly.

Different browsers manage cookies in slightly different ways. Please refer to the help menu of the browser you use for details.

CHAPTER EIGHT: PROTECTION OF MINORS

Article 20: Protection of Minors' Personal Information

The Service is intended for adult users. We do not intentionally collect, use, or disclose personal information of minors under the age of 18. If you are a minor, please do not use the Service or provide us with any personal information.

If we discover that we have inadvertently collected personal information of a minor, we will immediately take steps to delete the relevant information. If you believe we may have collected personal information of a minor, please contact us immediately through the contact information provided at the end of this Policy.

We especially remind parents and guardians to educate your children not to provide personal information to any website or application without your permission.

CHAPTER NINE: CROSS-BORDER DATA TRANSFER

Article 21: Cross-Border Data Transfer

To provide the Service, we may need to transfer your personal information to servers or third-party service providers located in different countries or regions. The data protection laws of these countries or regions may differ from those of your location.

When we conduct cross-border data transfers, we will take appropriate protective measures to ensure that your personal information receives the same level of protection as described in this Policy, including but not limited to:

• Signing data processing agreements with data recipients, requiring them to comply with appropriate data protection standards
• Adopting data transfer mechanisms recognized by applicable laws and regulations
• Conducting data transfer security assessments

CHAPTER TEN: APPLICABLE LAW AND DISPUTE RESOLUTION

Article 22: Applicable Law

The formation, execution, interpretation, and resolution of disputes under this Policy shall be governed by applicable laws and regulations. We comply with the applicable privacy and data protection laws and regulations in the jurisdictions where we operate and where you are located.

Article 23: Dispute Resolution

If you have any questions, comments, or complaints about this Policy or how we handle your personal information, please first contact us through the contact information provided at the end of this Policy, and we will try our best to resolve your issue. If the issue cannot be resolved through direct communication with us, you may file a complaint with the relevant regulatory authority or seek other remedies in accordance with applicable laws and regulations.

CHAPTER ELEVEN: CONTACT US

Article 24: Contact Information

If you have any questions, comments, suggestions, or complaints about this Policy, or if you wish to exercise your data rights, please contact us through the following methods:

Email: support@hehaoya.live

We will try our best to respond to your request within 30 days of receiving it. If your request is complex or we need more time to process it, we will inform you of the expected response time.

APPENDICES

Appendix A: Personal Information Collection List

Appendix B: Third-Party Service Provider List