1. Introduction
HONG KONG HAPPY MOBILE TECHNOLOGY LIMITED ("we," "our," "the company") is committed to protecting your privacy. This Privacy Policy ("Privacy Policy") explains how we collect, use, share, and safeguard your personal information when you use our product ChatQ AI ("the App").
2. Information We Collect
2.1 Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information through Apple's integration and subscription services:
- Identifiers: IP address, device identifiers(We do not have access to your Apple ID or email address; this information is managed securely by Apple)
- Commercial Information: Subscription type, transaction date, order number, payment method(Handled by Apple, we only receive a subscription status confirmation)
- Internet Activity Information: Features used, access records, operation times
- Geolocation Data: General location data derived from IP address
- Audio, Electronic, or Visual Information: User-generated content within the App
- Inferences: Drawn from any of the information identified above to create user profiles
More specifically, we collect:
- Subscription Information: If you subscribe or purchase a service through Apple, we will receive confirmation of your subscription status, but we cannot access your Apple ID or email address, which is securely managed by Apple. We can only receive basic transaction information such as subscription type, transaction date, order number, etc.
- Transaction Information: If you subscribe or purchase services via the App, we will collect relevant transaction records, such as the type of subscription, transaction date, order number, and payment method.
- Device Information: This includes device model, operating system, package name, app version, system version, device identifier (such as IDFA or OAID), IP address, and other technical information related to your device.
- Usage Data: Automatically generated data during your use of the App, such as features used, access records, and operation times, which help us improve user experience and product performance.
- User-Generated Content: Content you upload or generate within the App, such as chat logs, files (e.g., PDFs), and other data.
2.2 Collection of Sensitive Personal Information
In the past 12 months, we have collected the following categories of sensitive personal information as defined under California law:
- Contents of your private communications within the App (chat logs)
- Note: We do not collect or store your Apple ID or login credentials associated with it. When you use Apple subscription services, all authentication and payment processing is securely managed by Apple and we do not have access to this information.
We only use sensitive personal information for purposes necessary to provide our services and as permitted under applicable law.
3. How We Use Your Information
We primarily use your personal information for the following purposes:
- To provide and maintain services: Ensure the normal operation of subscription services. We confirm your subscription status through Apple's subscription service, but we cannot access your Apple ID information.
- Transaction management: We process your subscription through Apple's payment system and maintain transaction records to ensure the security of your payments.
- User behavior analysis: We analyze your device information, operation records, and usage data to improve our service quality and enhance user experience.
- Personalized service: We will not display personalized ads but will offer personalized services based on your usage patterns, such as content recommendations or optimizing feature displays.
- Security and fraud prevention: We use Apple ID information and device identifiers to monitor unusual activities, prevent unauthorized use, and ensure the safety of your account and payment information.
- Improving our AI model: We may use anonymized or aggregated user-generated content (e.g., chat logs, uploaded documents) to improve our AI model. Please note that the AI big model service we use comes from a third-party provider, not developed by us. You can opt out of such data processing by contacting us. Raw data will not be used without explicit consent.
4. International Data Transfers
We work in the cross-border area and provide our App to our Users around the world. This means that your personal data may be transferred to, and stored at, a destination outside your country, where data protection and confidentiality regulations may not provide the same level of protection of personal data as your country does.
We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By using the App, you agree that we may transfer your personal data to any third country, a territory, or to the international organization.
5. Cookies and Similar Technologies
We use cookies and similar technologies only after obtaining your consent (where required by law). Non-essential cookies (e.g., for advertising) are disabled by default for EU users. You may manage preferences via:
iOS: Settings > Privacy & Security > Tracking
Web: Cookie consent banner with granular opt-in/opt-out options.
6. How We Share Your Information
6.1 Our Data Sharing Practices
In the past 12 months, we have not "sold" your personal information as defined by the CCPA/CPRA. However, we have "shared" certain personal information with third parties for cross-context behavioral advertising purposes, specifically:
- Internet Activity Information
- Device Identifiers
- Usage Data
Additionally, we have disclosed the following categories of personal information to service providers and third parties for business purposes:
- Identifiers
- Commercial Information
- Internet Activity Information
- Geolocation Data
- User-Generated Content
- Audio, Electronic, or Visual Information (when provided by users)
We share your information with third parties in the following circumstances:
- Apple: As part of the Apple integration, transaction information about your subscription through Apple may be shared with Apple to complete payment and verify subscriptions. This sharing is necessary for the functionality of our services and does not constitute a "sale" or "sharing" under California law. We do not have access to your Apple ID or personal email information, which is securely managed by Apple.
- Service Providers: We may share information with third-party service providers (e.g., cloud storage, payment processing) to ensure the proper functioning of the app. These providers are required to handle your data securely and in accordance with privacy and security guidelines. This sharing is for business purposes only.
- Third-Party Analytics and Advertising Partners: We share device identifiers and internet activity information with certain third-party analytics and advertising partners. This sharing constitutes "sharing" under California law as it may be used for cross-context behavioral advertising. For details on how to opt out of such sharing, please see Section 14 of this policy.
- Legal Requirements: We may disclose your information when required by law, such as responding to legal requests from government authorities or enforcing legal obligations.
7. List of Third-Party Service Providers
We work with various third-party service providers to deliver and improve our services. Here's a detailed list of our key service providers:
7.1 AI Services (Conversation and Content Generation)
| Provider | Service | Entity Location | Data Shared | Privacy Policy |
|---|---|---|---|---|
| OpenAI | Chat and content generation capabilities | USA | User queries, chat logs | Privacy Policy |
| Anthropic | Advanced AI conversation capabilities | USA | User queries, conversation context | Privacy Policy |
| Deepseek | AI language processing | China | User input, processing requests | Privacy Policy |
| Coze | Chatbots and automation capabilities | Singapore | Chat data, automation requests | Privacy Policy |
| OpenRouter | AI model routing and management | USA | Query routing data, model selection | Privacy Policy |
| Perplexity | AI-driven search and analytics | USA | Search queries, analysis data | Privacy Policy |
7.2 Search Services
| Provider | Service | Entity Location | Data Shared | Privacy Policy |
|---|---|---|---|---|
| Google Custom Search | Web search capabilities | USA | Search queries, results data | Privacy Policy |
| Microsoft Bing Search | Comprehensive web search | USA | Search queries, results data | Privacy Policy |
| Perplexity | AI-enhanced search | USA | Search queries, context data | Privacy Policy |
| OpenRouter | Search query routing | USA | Query routing data | Privacy Policy |
| Serper.dev | Search API aggregation | USA | Search queries, aggregated results | Privacy Policy |
7.3 Infrastructure and Analytics
| Provider | Service | Entity Location | Data Shared | Privacy Policy |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and storage | USA | User data, application data, backups | Privacy Policy |
| Sentry.io | Application monitoring | USA | Error logs, performance data | Privacy Policy |
| Mixpanel | User analytics | USA | Usage patterns, interaction data | Privacy Policy |
| RevenueCat | Subscription management | USA | Purchase data, subscription status | Privacy Policy |
| Appsflyer | Mobile attribution and marketing analytics | USA | Device information, installation sources, in-app events, user interaction data | Privacy Policy |
All our third-party service providers are required to maintain the confidentiality and security of your personal information. These providers may only process your data for the specified purposes and in accordance with our instructions. We encourage you to review each provider's privacy policy to understand how they handle your data.
For more detailed information about these services, including their terms of service and privacy policies, please refer to their respective websites. Please note that while we carefully select our service providers, we are not responsible for their privacy practices.
8. Data Security
We implement reasonable technical and organizational measures to protect your personal data, especially when interacting with us via your Apple ID. These measures include:
- Encrypted transmission: We use encryption technologies (e.g., SSL) to protect sensitive information during transmission, ensuring that your payment and Apple ID data is secure from third-party interception.
- Access control: Only authorized personnel have access to your personal data, and all access is strictly monitored.
- Regular audits: We regularly review and test our security systems to prevent data breaches.
Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security.
9. Data Storage and Retention
We retain your personal data according to the following criteria:
- Apple ID Information and Transaction Records: Retained for 7 years to comply with financial and legal obligations.
- Device and Usage Data: Retained for 2 years for analytics and optimization purposes, or until the user requests deletion.
- User-Generated Content: Retained for 1 year for improving our services and AI model, or deleted upon user request.
- Consumer Request Records: We maintain records of all consumer privacy rights requests and our responses for 24 months to demonstrate compliance with applicable laws. These records are maintained in a secure, access-controlled environment and used solely for compliance purposes.
10. Your Rights
10.1 General Privacy Rights
Depending on your location, you may have certain rights regarding your personal data, including:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent
10.2 How to Exercise Your Rights
To exercise any of these rights, please use one of the following methods:
- Email: Send a detailed request to [email protected]
- In the app: Click Contact us on the settings page to submit the online form
We will respond to your request within 45 days. If we need additional time (up to 45 more days), we will inform you of the reason and extension period in writing. If you make your request electronically, we will deliver our response electronically unless you specify otherwise.
10.3 Verification Process
To protect your information and ensure we fulfill requests only for legitimate users, we use a verification process:
- Basic Requests (e.g., opt-out of data sharing): We'll verify your identity using your email address or device identifier.
- Sensitive Requests (e.g., access to specific data or deletion): We require more stringent verification:
- If you have an active subscription: We'll verify through your Apple ID and may ask you to confirm details about your recent transactions.
- If you don't have an active subscription: We may ask you to provide information about your device, recent app usage, or other details only the legitimate user would know.
In some cases, we may ask you to provide a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
When you submit a request to access your data, we will provide your information in a portable and readily usable format (such as CSV or JSON) that allows you to transmit the information to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
11. Special Notice for California Residents
This section provides additional information for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
11.1 California Consumer Rights
As a California resident, you have the following rights:
- Right to Know: You have the right to request that we disclose:
- Categories of personal information we have collected about you
- Categories of sources from which we collected your personal information
- Our business or commercial purpose for collecting, selling, or sharing your personal information
- Categories of third parties with whom we share your personal information
- Specific pieces of personal information we have collected about you
This information will cover the 12-month period preceding your request.
- Right to Delete: You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions permitted by law.
- Right to Correct: You have the right to request correction of inaccurate personal information maintained by us.
- Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to those uses necessary to perform the services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not:
- Deny you goods or services
- Charge you different prices or rates for goods or services
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price, rate, level, or quality of goods or services
11.2 Authorized Agent
California residents may use an authorized agent to make requests on their behalf. If you use an authorized agent, we require:
- A copy of your written permission authorizing the agent to act on your behalf
- Verification of your identity directly with us (unless the agent has power of attorney)
Please contact us at [email protected] to submit a request through an authorized agent.
11.3"Do Not Sell or Share My Personal Information"
Although we do not "sell" personal information in the traditional sense, some of our data practices with third-party analytics and advertising partners constitute "sharing" for cross-context behavioral advertising under California law.
To opt out of such sharing, please:
- Email us at [email protected]
- In the app: Click Contact us on the settings page to submit the online form
- Follow the instructions in Section 14 (How to Opt-Out)
11.4 Notice of Financial Incentive
We do not currently offer financial incentives or price or service differences in exchange for the retention or sale of personal information.
12. Children's Privacy
Our App is not intended for children. Therefore, we do not knowingly or intentionally collect or solicit any personal information from children. For users in the United States, "children" is defined as under 13 years old.For users in the EU and other regions requiring GDPR compliance, "children" is defined as under 16 years old. Only the people who have parental responsibility are responsible for stopping their children from giving personal information through the App without the right parental consent that can be verified.
For California residents, we do not sell or share the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization from either the consumer who is at least 13 years of age but less than 16 years of age, or the parent or guardian of a consumer less than 13 years of age.
If we find out that we have collected a child's personal information without checking with the person who has parental responsibility for the child, we will delete that information as soon as we can. If you think it's likely that we might have any information from or about a child, or a child has directly given us personal information through the App without verifiable parental consent, please get in touch with us.
13. Links To Third-Party Websites/Services
Our App may contain links to third-party websites or services, or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them.
We encourage you to read the privacy policies of these third-party websites or services before providing them with your personal information or using their services.
14. How to Opt-Out
We respect your privacy and provide multiple ways for you to opt-out of the collection or use of your personal data, including opting out of automated processing, personalized services, and cookies. Below is a detailed explanation of the opt-out mechanisms:
14.1 How to Opt-Out on iPhone Devices
- Disable app tracking:
- Open the Settings app.
- Tap Privacy & Security.
- Select Tracking.
- Turn off Allow Apps to Request to Track. This will prevent all apps from requesting tracking permission.
- Disable personalized ads:
- Go to Settings > Privacy & Security > Apple Advertising.
- Turn off Personalized Ads.
14.2 Contact Support for Opt-Out
If you wish to completely opt-out of all automated processing, personalized analysis, and services, you can contact us via the following methods:
- Email: Send an email to [email protected] to submit an opt-out request.
- In the app: Click Contact us on the settings page to submit the online form
We will process your opt-out request within 45 days and ensure that your personal data will no longer be used for personalized services or automated analysis during this period.
14.3 Do Not Sell or Share My Personal Information
To exercise your right to opt-out of the sale or sharing of your personal information (as defined under California law), please:
- Email us at [email protected] with the subject line "Do Not Sell or Share My Personal Information"
- In the app: Click Contact us on the settings page to submit the online form
We will process your opt-out request without requiring you to create an account with us. If you already have an account, we will not require you to log in to submit an opt-out request.
14.4 Limit Use of Sensitive Personal Information
To limit our use of your sensitive personal information to only what is necessary to provide our services:
- Email us at [email protected] with the subject line "Limit Sensitive Personal Information"
- In the app: Click Contact us on the settings page to submit the online form
When you submit a privacy request through the App, the system will open a pre-populated email. Simply send this email to complete your request submission. We will record your request and process it within the timeframe required by applicable law (45 days for most requests, 15 days for opt-out requests).
14.5 Global Privacy Control (GPC) Signals
We respect and respond to Global Privacy Control (GPC) signals. When we detect that your browser is sending a GPC signal:
- We will automatically treat it as a valid "Do Not Sell or Share My Personal Information" request
- You do not need to take any additional steps to implement this request
- This opt-out preference will apply to all interactions you have with our App using that browser or device
- We will maintain this opt-out unless you later explicitly consent to the sale or sharing of your personal information
You can enable GPC by:
- Installing a browser extension that supports GPC
- Using a privacy browser that enables GPC by default
- Enabling the GPC setting in a supported browser
For more information about GPC, please visit https://globalprivacycontrol.org/
15. Data Breach Notification
In the event of a data breach that may affect the security, confidentiality or integrity of your personal information, we will:
- When to notify: Notify affected users without unreasonable delay and no later than 45 calendar days after becoming aware of the breach, unless applicable law requires a shorter notice period.
- Method of notification: We will notify you by one or more of the following methods:
- Email (if we have your email address)
- In-app notification
- Prominent notice on our website
- Direct mail (in the case of a significant breach)
- Content of notification: Our notification will include, to the extent possible:
- Description of the incident
- Type of personal information involved
- Steps we have taken to protect your information from further unauthorized access
- Steps you can take to protect yourself
- Resources available to help you (such as credit monitoring services, where applicable)
- Contact information for further questions
- Regulatory notification: We will also notify the appropriate regulators as required by applicable law.
If you have reason to believe that your personal information has been leaked through our App, please contact us immediately: [email protected]
16. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in our business or legal requirements. If we make significant changes to this Privacy Policy, we will notify you via email or through the App.
We commit to reviewing and updating this Privacy Policy at least once every 12 months. The date at the top of this Privacy Policy indicates when it was last revised.
17. How to Contact Us
If you have any questions or wish to exercise your privacy rights, please contact us:
- HONG KONG HAPPY MOBILE TECHNOLOGY LIMITED
- Email: [email protected]
- Postal Address: 21/F, 14 Tai Koo Wan Road, Quarry Bay, Hong Kong