```html Privacy Policy

Privacy Policy

Introduction

Welcome to Minduck! Minduck is an online tool platform for generating mind maps, articles, posters, PPTs, etc., operated by Nanjing Zhiyakeji Co., Ltd. and its affiliates (hereinafter referred to as "we", "platform" or "Minduck"). We highly value your privacy and personal information protection. Based on the "Cybersecurity Law of the People's Republic of China", the "Information Security Technology Personal Information Security Specification" (GB/T), and relevant laws and regulations, we have formulated the "Minduck Privacy Policy" (hereinafter referred to as "this Policy") as part of the "Minduck User Service Agreement". During your use of Minduck, we will request access to your mobile phone number, camera, photo album, microphone, and device information (device information includes device-related information and device location information). Please refer to the main body of this Policy for specific information collected and its purposes.

We hope this Policy helps you understand the following:

  1. I. How we collect and use your personal information
  2. II. How we use Cookies and similar technologies
  3. III. How we share, transfer, and disclose your personal information
  4. IV. How we protect your personal information
  5. V. How you manage your personal information
  6. VI. How we handle minors' personal information
  7. VII. How your personal information is transferred globally
  8. VIII. Revisions and notifications of the Privacy Policy
  9. IX. How to contact us

We deeply understand the importance of personal information to you and will do our utmost to protect your personal information security. The personal information collected, used, managed, shared, and transferred mentioned in this Privacy Policy includes personal sensitive information marked in bold and underlined as well as other personal information. We are committed to maintaining your trust and adhere to the following principles: accountability principle, purpose specification principle, consent principle, data minimization principle, security principle, subject participation principle, and transparency principle. We promise to take corresponding security measures to protect your personal information according to industry-standard security measures. We hope you carefully read and fully understand the content specified in this Policy before using our services. By clicking agree, you are deemed to have accepted the content of this Policy and agree to authorize us to collect, use, store, and share your relevant information in accordance with this Privacy Policy.

I. How We Collect and Use Your Personal Information

We will collect and use your personal information for the following purposes:

(I) User registration and login function

When you use the Minduck platform and services, we recommend you register a Minduck account. During this process, you need to provide us with your mobile phone number and create a username and password to fully use all Minduck features. You can also complete registration through a third-party account supported by the platform and authorize us to use your third-party avatar and nickname. If you only need basic services such as browsing and searching, you do not need to register a Minduck account or provide the aforementioned information.

If you need to modify your avatar, we will request your consent to access your photo album or authorize the camera to take pictures to add as your avatar.

(II) Template creation and use

  1. Upload content: We will store the images, videos, and text information you upload so that you can use them again. We will not use them for any other purposes.
  2. Design records: We will store your final design products so that you can view them. We will not use them for any other purposes.

(III) Template usage and collection records

When you use design templates, we will collect your drawing records so that you can directly use the design templates from your drawing records next time. If you do not want to keep the drawing records, you can choose to delete them in bulk in the "Drawing Records". If you think some design templates are worth collecting, you can click "Collect", and we will collect your collection records so that you can directly use them from "My Collection" next time. If you do not want to keep the collection records, you can choose to delete them in bulk in "My Collection".

(IV) Search

When you use the Minduck search service, we will collect your search records, search keywords information, and log records. To provide efficient search services, some of the aforementioned information will be temporarily stored on your local storage device and can display search result content and search history records to you.

(V) Purchase products and services

When you purchase Minduck membership or products and services provided by Minduck, the system will generate an order for you. The order includes your order number, product or service information, payment account information (Alipay account information, WeChat account information, or bank card account information), the amount you should pay, and the purchase time. We collect this necessary information to help you complete the transaction smoothly, ensure the security of your transaction, and facilitate your order information query.

(VI) Personalized recommendation

To provide you with templates that match your needs and interests, we will conduct personalized recommendations for design templates. We will collect your template display records, template click records, and drawing records.

(VII) Secure operation

To improve the security of the services provided by the Minduck platform, protect the personal and property safety of you or other users or the public from infringement, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, and other security risks, and more accurately identify violations of laws and regulations and Minduck's relevant agreements, we may use or integrate your device information, log information, etc., to comprehensively judge your account and transaction risks, conduct identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures according to law:

  1. Device information: We will receive and record device-related information (such as device model, device settings, unique device identifier, and other software and hardware characteristic information) and device location-related information (such as IP address) based on the specific permissions granted by you during installation and use.
  2. Log information: When you use the products or services provided by Minduck, we will automatically collect your detailed usage information, such as your search query content, the editing time of your templates, download time, and the generated result image, as relevant network log records.

Please note that separate device information and log information cannot identify a specific natural person's identity. If we combine this type of non-personal information with other information to identify a specific natural person's identity, or combine it with personal information, then during the combination period, this type of non-personal information will be regarded as personal information.

(VIII) Functions necessary for improving our platform and/or services

To make our services more in line with your expectations and requirements and improve our service quality, we will record the relevant information you provide when contacting customer service and the questionnaire responses you send to us when participating in surveys to provide feedback to you.

(IX) Usage rules

After collecting your personal information, we will strictly use it according to the following rules:

  1. We will strictly use your personal information in accordance with laws, regulations, and this Privacy Policy.
  2. We will encrypt, anonymize, or de-identify your personal information using legal and technical means.
  3. When you cancel your account, we will delete or anonymize your personal information.
  4. When we need to use your personal information for purposes not specified in this Policy, we will ask for your consent again.

(X) Exceptions to obtaining authorized consent

According to relevant laws and regulations, the following circumstances do not require your authorized consent to collect your personal information:

  1. Related to national security and national defense security;
  2. Related to public safety, public health, and significant public interests;
  3. Related to criminal investigation, prosecution, trial, and judgment execution;
  4. Necessary to protect the personal information subject or other individuals' life, property, and other significant legitimate rights and interests, but it is difficult to obtain the consent of the individual;
  5. The collected personal information is publicly disclosed by you;
  6. Personal information collected from legally publicly disclosed information, such as legitimate news reports, government information disclosure, and other channels;
  7. Necessary to sign and perform contracts based on your requirements;
  8. Necessary for maintaining the safe and stable operation of the products or services provided, such as discovering and handling product or service failures;
  9. Necessary for legitimate news reports;
  10. When it is necessary for academic research institutions to conduct statistical or academic research based on public interests, and the results of academic research or descriptions are provided externally, the personal information contained in the results is de-identified;
  11. Other circumstances stipulated by laws and regulations.

Please understand that the functions and services we provide to you are constantly updated and developed. If a specific function or service is not included in the aforementioned descriptions but collects your information, we will explain the content, scope, and purpose of information collection separately through page prompts, interactive processes, announcements, etc., to obtain your consent. If we cease to operate the Minduck platform or services, we will promptly stop continuing to collect your personal information and notify you in the form of individual notice or announcement. We will delete or anonymize your personal information that we hold.

II. How We Use Cookies and Similar Technologies

To ensure the normal operation of the platform, we will store small data files named Cookies on your computer or mobile device. Cookies usually contain identifiers, site names, and some numbers and characters. With the help of Cookies, we can store your preferences and other data to help you avoid repeating the actions of filling in personal information and entering historical search content. At the same time, we may also use the above technologies to recommend, display, and push content that interests you. You can manage or delete Cookies according to your preferences. For example, you can clear all Cookies saved on your computer through your browser settings options. However, if you do this, you need to manually change user settings each time you visit Minduck, and the corresponding information recorded previously will be deleted. It may also affect the security of the services you use to some extent.

III. How We Share, Transfer, and Disclose Your Personal Information

(I) Sharing

We will not share your personal information with companies, organizations, and individuals outside the Minduck platform service providers, except for the following situations:

  1. Sharing with explicit consent: After obtaining your explicit consent, we will share your personal information with other parties.
  2. Sharing under legal circumstances: We may share your personal information externally in accordance with laws and regulations, the need for litigation and dispute resolution, or as required by administrative and judicial authorities.
  3. Interoperability of Minduck mobile terminal, web terminal, mini program terminal, and PAD terminal accounts. When you use your Minduck mobile terminal account to log in to the web terminal, mini program terminal, and other platforms operated by our affiliated companies, to facilitate your use, we will share all information collected in the first article of this Policy with the aforementioned products or services, such as your nickname, avatar, drawing records, collection records, etc.
  4. Sharing with affiliated companies: All information collected in the first article of this Policy will be shared with affiliated companies of Beijing Biscuit Technology Co., Ltd. Affiliated companies' use, processing, and collection of your information are also subject to the purposes stated in this Privacy Policy. If affiliated companies change the purpose of processing personal information, they will seek your authorization and consent again.
    Our affiliated companies include Beijing Biscuit Technology Co., Ltd. and its branches and subsidiaries.
  5. Sharing with authorized partners
    We may entrust the following types of authorized partners to provide related services or perform functions on our behalf. We will only share your information for legitimate, justifiable, necessary, specific, and clear purposes stated in this Privacy Policy. Authorized partners can only access the information needed to perform their duties and cannot use this information for any other purpose.

Currently, our authorized partners include the following types and main authorization purposes:

(1) Specific functions. When software service providers, smart device providers, or system service providers jointly provide services to you with us, such as authentication services, SMS services, etc., we may collect your relevant device information (such as hardware model, operating system version number, International Mobile Equipment Identity (IMEI), network device hardware address (MAC)) and provide it to the aforementioned providers after de-identification.
(2) Advertising push. We may share information with partners entrusted to promote and advertise, but we will not share information that identifies your personal identity, such as your name and phone number. We will only provide these partners with user portrait tags and de-identified or anonymized statistical information to help them improve the effective reach rate of advertisements without identifying your personal identity.
(3) Product analysis. To analyze the usage of our services and improve the user experience, we may share statistical data on product usage (crashes, flashbacks) with third parties. This data is difficult to use to identify your personal identity.

(II) Transfer

We will not transfer your personal information to any company, organization, or individual, except for the following situations:

  1. After obtaining your explicit consent, we will transfer your personal information to other parties;
  2. In the case of mergers, acquisitions, or bankruptcy liquidation, if personal information transfer is involved, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy, otherwise, we will require the company or organization to seek your authorization and consent again.

(III) Public disclosure

We will only publicly disclose your personal information under the following circumstances:

  1. After obtaining your explicit consent;
  2. Based on legal disclosure: In the case of legal, legal procedures, litigation, or mandatory requirements from government authorities, we may publicly disclose your personal information.

(IV) Exceptions to obtaining authorized consent when sharing, transferring, and publicly disclosing personal information

Under the following circumstances, sharing, transferring, and publicly disclosing your personal information does not require your prior authorization and consent:

  1. Related to national security and national defense security;
  2. Related to public safety, public health, and significant public interests;
  3. Related to criminal investigation, prosecution, trial, and judgment execution;
  4. Necessary to protect the personal information subject or other individuals' life, property, and other significant legitimate rights and interests, but it is difficult to obtain the consent of the individual;
  5. Personal information you disclose to the public;
  6. Personal information collected from legally publicly disclosed information, such as legitimate news reports, government information disclosure, and other channels.

IV. How We Protect Your Personal Information

  1. We have used security measures that comply with industry standards to protect the personal information you provide and prevent data from unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonable and feasible measures to protect your personal information. For example, we provide HTTPS protocol secure browsing methods for the Minduck platform; we use encryption technology to ensure data confidentiality; we use trusted protection mechanisms to prevent data from malicious attacks; we deploy access control mechanisms to ensure that only authorized personnel can access personal information; and we hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal information.
  2. We will take reasonable and feasible measures to avoid collecting irrelevant personal information and will only retain your personal information for the period necessary to achieve the purposes stated in this Policy or as required by law, unless an extension of the retention period is required or permitted by law.
  3. We only allow employees and partners who need to know this information to access personal information, and we have set strict access control and monitoring mechanisms for this purpose. We also require all personnel who may come into contact with your personal information to fulfill corresponding confidentiality obligations. If third parties fail to fulfill their confidentiality obligations, they may be held legally responsible by us, and we may terminate cooperation with them.
  4. The Internet is not an absolutely secure environment, and emails, instant messaging, and other communication methods with other users are not encrypted. We strongly recommend that you do not send personal information through such methods. Please use a complex password to help us ensure the security of your account.
  5. In the unfortunate event of a personal information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the measures we have taken or will take, suggestions for you to prevent and reduce risks independently, and remedial measures for you. We will promptly inform you of the incident-related situation by email, letter, phone, push notification, etc. If it is difficult to inform the personal information subjects individually, we will take reasonable and effective ways to publish an announcement. At the same time, we will also report the handling of personal information security incidents in accordance with regulatory requirements.

V. How You Manage Your Personal Information

We highly value your management of your personal information and protect your rights to access, correct, withdraw consent, and delete your personal information. Your rights include:

(I) Access and correct your personal information

Unless otherwise provided by laws and regulations, you can access and correct the personal information you provide, such as avatar, username, nickname, birthday, industry, profession, etc., during your use of the Minduck platform and services. The specific path is: Home page - "Personal" - "Edit Profile". If you cannot achieve this or have any questions, you can contact us for a solution.

(II) Delete your personal information

You can request us to delete personal information in the following situations:

  1. If our handling of personal information violates laws and regulations;
  2. If we collect and use your personal information without your consent;
  3. If our handling of personal information violates our agreement with you;
  4. If you cancel the Minduck account;
  5. If we terminate services and operations.

If we decide to respond to your deletion request, we will also notify third parties who have obtained your personal information from us and require them to delete it promptly, unless otherwise provided by laws and regulations, or these third parties have obtained your authorization. When you delete information from our services, we may not immediately delete the corresponding information from the backup system but will delete it when the backup is updated.

(III) Change or revoke the scope of your authorized consent

Each business function requires some basic personal information to be completed. In addition, if you wish to revoke our collection, use, and disclosure of additional personal information, you can contact us to withdraw your authorized consent.

After you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw consent will not affect the personal information processing previously carried out based on your authorization.

If you do not want to receive our commercial advertisements, you can unsubscribe through the SMS prompt or other methods we provide.

(IV) Cancel the account

You can cancel your Minduck account at any time through [Personal Center - Settings - Cancel this account] according to your choice. You can directly apply to cancel the account in our products or contact us to assist you in canceling the account. After you cancel the account, we will stop providing you with products or services and will delete your personal information according to your request, except as otherwise provided by laws and regulations.

(V) Responding to your requests

To ensure safety, you may need to provide a written request or prove your identity in other ways. We may first require you to verify your identity before processing your request.

For your reasonable requests, we generally do not charge fees, but for repeated requests that exceed reasonable limits, we will charge a certain cost fee depending on the situation. For those requests that are unreasonably repetitive, require excessive technical means (for example, requiring the development of new systems or fundamentally changing current practices), pose risks to the legitimate rights and interests of others, or are impractical, we may refuse to respond.

In the following situations, according to laws and regulations, we will not be able to respond to your request:

  1. Related to the performance of the obligations of the personal information controller as stipulated by laws and regulations;
  2. Related to national security and national defense security;
  3. Related to public safety, public health, and significant public interests;
  4. Related to criminal investigation, prosecution, trial, and judgment execution;
  5. There is sufficient evidence that the personal information subject has subjective malice or abuse of rights;
  6. Necessary to protect the personal information subject or other individuals' life, property, and other significant legitimate rights and interests, but it is difficult to obtain the consent of the individual;
  7. Responding to the request of the personal information subject will cause serious damage to the legitimate rights and interests of the personal information subject or other individuals, organizations;
  8. Involving trade secrets.

VI. How We Handle Minors' Personal Information

(I) Our products, websites, and services are mainly aimed at adults. If there is no consent from parents or guardians, minors are not allowed to create their own user accounts. If you are a minor, it is recommended that your parents or guardians carefully read this Privacy Policy and use our services or provide us with information with the consent of your parents or guardians.

(II) For situations where minors' personal information is collected with the consent of parents or guardians, we will only use, share, transfer, or disclose this information as permitted by laws and regulations, with explicit consent from parents or guardians, or necessary to protect minors.

(III) If we discover that we have collected minors' personal information without prior verifiable consent, we will try to delete the relevant data as soon as possible.

VII. How Your Personal Information is Transferred Globally

(I) In principle, the personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China.

(II) Since we provide products or services through resources and servers around the world, this means that, after obtaining your authorized consent, your personal information may be transferred to the jurisdiction of the country/region where you use the products or services or accessed from these jurisdictions.

(III) Such jurisdictions may have different data protection laws, or even no relevant laws. In such cases, we will ensure that your personal information receives sufficient and equal protection as in the People's Republic of China. For example, we will request your consent for cross-border transfer of personal information or implement security measures such as data de-identification before cross-border data transfer.

VIII. Revisions and Notifications of the Privacy Policy

(I) To provide you with better services, Minduck and related services will be updated and changed from time to time. We will revise this Privacy Policy in due course, and the revised content will constitute a part of this Privacy Policy and have the same effect as this Privacy Policy. However, without your explicit consent, we will not reduce your rights enjoyed under the current effective Privacy Policy.

(II) After the Privacy Policy is updated, we will issue the updated version on the Minduck mobile client and remind you of the updated content through notifications, announcements, etc., before the updated terms take effect so that you can understand the latest version of this Privacy Policy in time. If you continue to use our services, you agree to accept the revised content of this Policy. However, if the updated content involves collecting new personal sensitive information, we will still seek your consent in a prominent way.

(III) For major changes, we will also provide more noticeable notifications (including for certain services, we will send notifications by email explaining the specific changes to the Privacy Policy).

  1. Significant changes to our service model, such as the purpose of processing personal information, the type of personal information processed, the way personal information is used, etc.;
  2. Significant changes in our ownership structure and organizational structure, such as changes caused by business adjustments, bankruptcy mergers, etc.;
  3. Changes in the main objects of personal information sharing, transfer, or public disclosure;
  4. Significant changes in your rights and how you exercise them regarding personal information processing;
  5. Changes in the department responsible for handling personal information security, contact methods, and complaint channels;
  6. When the personal information security impact assessment report indicates high risk. We will also archive the old versions of this Policy for your review.

IX. How to Contact Us

(I) If you have any questions, opinions, or suggestions regarding this Policy or your use of our services, you can contact us through the following methods:

Company name: Nanjing Zhiyakeji Co., Ltd.;

Contact information: xielin@minduck.com;

(II) We will review the issues involved as soon as possible and reply promptly after verifying your identity, no later than fifteen days or within the time limit specified by laws and regulations.