This policy applies exclusively to the products and services of Shenzhen Kinwayn Technology Co., Ltd. and its affiliated companies (hereinafter referred to as “the Company,” “We,”), specifically for 'Smart Aqua'. It encompasses the collection, use, disclosure, processing, and protection of your information provided to us through the 'Smart Aqua' App when you utilize our products and services.
If we require you to provide certain information for the purpose of verifying your identity when using 'Smart Aqua' products and services, we will strictly adhere to this Privacy Policy and our User Terms in utilizing such information.
Recent Update Date: January 1, 2024
Version: V1.0.0
We have revised our Privacy Policy, and from this date, this Privacy Policy will provide details on how we manage the privacy of your personal information disclosed while using all 'Smart Aqua' products and services. Please read our Privacy Policy carefully. If you have any questions, comments, or suggestions regarding the content of this agreement, you can contact us by accessing the 'Contact Us' page within the 'Smart Aqua' app or via email at 'service@kinwayn.com'.
Rules for Collection and Use of Personal Information
How We Protect Your Personal Information
Your Rights
How Your Personal Information is Transferred Globally
How We Handle Children's Personal Information
Retention Period of Information
How This Policy is Updated
How to Contact Us
In this Privacy Policy, certain proprietary terms are defined as follows:
Personal Information: Refers to all data that can directly or indirectly identify an individual, either through information specific to that individual or in combination with other information accessible to Smart Aqua. Hereinafter referred to as "Personal Information.
Smart Devices: Refers to terminal products with internet access, data transmission capabilities, and human-machine interface, manufactured by hardware producers. This includes smart home appliances, wearable devices, and intelligent environmental purification equipment, specifically referring to the smart devices that you purchase and use.
Application: Refers to the "Smart Aqua" mobile application (including phone clients, mini-programs) provided by our company, which enables end users to remotely control smart devices and connect to the Smart Aqua IoT platform.
The application we provide relies on certain information to function. When you choose to use the login feature, add device feature, or control device feature of this application, you need to provide or allow us to collect necessary information in 5 categories, including:
(1) Personal Account Information
Scope of Collection: We will obtain your mobile phone number or email address.
Purpose of Collection: To create a "Smart Aqua" account.
(2) Handheld Terminal or SIM Card Information
Scope of Collection: We will collect information related to the handheld terminal running "Smart Aqua", including device serial number, mobile phone model, system version information, system language, device manufacturer information, network operator information, app running process information.
Purpose of Collection: Wi-Fi networking based on consumer choice and consent.
(3) Smart Device Terminal Information
Scope of Collection: We will also collect device information of the smart terminals linked to your account, such as MAC address, Device ID (DID), serial number, firmware version, app running process information.
Purpose of Collection: To provide services for device connection, control, status synchronization, and device linkage.
(4) Login Information
Scope of Collection: Information related to your other mobile applications and websites, such as cookies and other anonymous identifier technologies, IP address, network request information, temporary message history, standard system logs, and crash information, etc.
Purpose of Collection: Services such as third-party platform login and third-party authorized login based on consumer choice and consent.
(5) Account Credentials
Scope of Collection: Information regarding your account credentials, such as password, password security questions, and answers.
Purpose of Collection: To provide password reset functionality.
(1) Certain Personal Account Information:
Scope of Collection: Includes some of your "Smart Aqua" account information, such as your name, email/phone, gender, profile picture, and other related setting information; information provided when submitting user feedback and suggestions, including your email/phone number, feedback content, problem logs, etc.
Purpose of Collection: To provide account setting features, synchronize account information, and address feedback issues.
(2) Location Information (Applicable Only to Specific Services/Features)
Scope of Collection: Your country, timezone settings, and language settings.
Purpose of Collection: Used for product geofencing services, automatic loading of system language.
There are a total of 2 categories of personal information. These pieces of information are not essential for the main functionality of the application, but they are very important for improving service quality, using specific services/features, and developing new products or services. We will not forcefully require you to provide this information, and your refusal will not adversely affect the use of the main functionality of the application.
When you use the following features of the application, our App will request the following system permissions related to personal information:
(1) Camera Permission: Features in the application such as scanning QR codes, changing avatars, and changing wallpapers involve processing images captured by your phone's camera. We will erase EXIF information from avatar and wallpaper images and save them on the server. When you change your avatar or wallpaper next time or cancel your account, the previous retained information will be deleted.
(2) Access to Photo Album Permission: Features in the application such as changing avatars and wallpapers involve processing image information obtained from your phone's photo album. We will erase EXIF information from the selected avatar and wallpaper images and save them on the server. When you change your avatar or wallpaper next time or cancel your account, the previous retained information will be deleted.
(3) Use of Geolocation Permission: Features in the application such as automatic country information recognition for user registration, product use country information retrieval, and personalized automatic setting of the App will obtain your phone's geolocation information and save it on the server.
(4) Bluetooth Permission: Features in the application that discover Bluetooth type devices, network for Bluetooth devices, retrieve Bluetooth device status, and control Bluetooth devices will request your phone's Bluetooth permission. We will only use Bluetooth for communication in these features.
(5) Storage Permission: To ensure the stable operation of the application, we need permission to read/write to your device's storage, to read/write images, files, crash log information, etc., stored on your device, to provide you with the functionality of information publishing or local crash log recording.
(6) Network Permission: Application version updates, user registration, and the settings of smart device terminals connected to the user's App require your device's network permission to upload/download related data.
A total of 6 system permissions. If you do not grant these permissions, we will not be able to provide the functionality of the application. Besides these permissions, you have the option to grant additional system permissions to the App.
SDK: Google Login
Type of Personal Data Collected: Only specific user codes are entered for user identity verification; no transfer of any personal information of the user is involved. Purpose of Use: In countries and regions outside of mainland China, we use the third-party authorization login service provided by Google for quick login to the App.
Third-Party SDK Privacy Policy Link: https://policies.google.com/privacy
For necessary personal information, we use it to provide the main functions of the application, including:
(1) Creating Your "Smart Aqua" Account: Personal information collected during account creation via the website or our mobile devices is used to establish a user's personal account and profile page.
(2) Device Access: To operate devices through the App, verification of the device's authenticity is required. Therefore, we need to verify factory MAC and DID information to confirm the device's legitimate identity.
(4) Device Control: Allows you to control devices via Bluetooth.
(5) Setting Up Automated Tasks: Event information reported by your device (information comes from the devices you add, and the specific information that can be set depends on the privacy authorization range you grant to that device. Each added device will provide the privacy policy terms of the device provider for you to agree to) can be used to create personalized automated tasks for you.
We also use the above information to maintain and improve the functionality of this application, develop new business features, etc.
(1) Providing Push Services: The account will also be used to provide push services, sending device notifications to users. You can turn off this feature at any time by changing your preference options under "Message Settings."
(2) Providing Location-Based Services: When using "Smart Aqua" and the smart devices connected to "Smart Aqua", we use location information to determine the device's time zone, ensuring accurate time display and login service region in the device. We also use this information to enhance your experience, such as automatically turning on certain devices based on your choice. You can turn off this feature at any time by going into device settings or by stopping the use of this application.
(1) Entrusting Processing
Certain specific modules or functions within this application are provided by external suppliers. We use services from external service providers to implement our business functions.
For companies, organizations, and individuals to whom we entrust the processing of personal information, we require them to process personal information in accordance with our instructions, this Privacy Policy, and any other relevant confidentiality and security measures.
(2) Sharing
We do not share your personal information with any companies, organizations, or individuals outside of our company, unless we have your explicit consent.
(3) Transfer
We do not transfer your personal information to any companies, organizations, or individuals, except in the following cases:
a. Transfer with explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
b. In cases of mergers, acquisitions, or bankruptcy liquidation, if personal information transfer is involved, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy, or we will require the company or organization to seek your authorization and consent again.
(4) Public Disclosure
We will only disclose your personal information to third parties (defined below) in the following circumstances, in order to provide the products or services you request:
a. We may provide statistical information about your use of smart devices to our partners from time to time. This statistical information does not involve your name, account, password, phone number, email, or other personal information.
b. We may disclose your personal information as necessary and according to the lawful requests of government authorities.
c. In the event of a corporate restructuring, merger, or sale, and with your consent, we may transfer all personal information we have collected to the relevant third party.
(1) We have implemented security measures that meet industry standards to protect the personal information you provide, preventing unauthorized access, public disclosure, use, modification, damage, or loss of data. We will take all reasonably feasible measures to protect your personal information.
(2) We have implemented the following measures: To prevent unauthorized access, disclosure, or other similar risks, we have implemented reasonable physical, technical, and administrative protective facilities to safeguard the information we collect from your use of the Aqua APP. We will take all reasonable measures to protect your personal information.
(3) Our Data Security Capabilities: We ensure that your personal information is stored on secure servers and protected in controlled facilities. We classify your data based on its importance and sensitivity, ensuring that your personal information receives the highest level of security. We ensure that employees and third-party service providers who access these information to provide products and services to you have strict contractual confidentiality obligations. Failure to fulfill these obligations may result in disciplinary action or termination of cooperation, and in severe cases, criminal liability may be pursued. Similarly, we have specific access control measures for cloud-based data storage. In summary, we regularly review our information collection, storage, and processing practices, including physical security measures, to prevent any unauthorized access and use.
(4) We will take all reasonably feasible measures to ensure that no irrelevant personal information is collected or used. We will retain your personal information only for the duration necessary to achieve the purposes described in this policy unless an extended retention period is required or permitted by law.
(5) The internet environment is not 100% secure, and we will do our best to ensure or guarantee the security of any information you send to us. However, you should be aware that the use of the internet is not always secure, and we cannot guarantee the security or integrity of any personal information during its two-way transmission over the internet. If our physical, technical, or administrative protective facilities are compromised, leading to unauthorized access, public disclosure, alteration, or destruction of information, and thereby harming your legal rights, we will take appropriate measures in response to the personal data breach, such as notifying relevant regulatory bodies and proactively reporting the handling of personal information security incidents.
(6) In the unfortunate event of a personal information security incident, we will inform you in a timely manner in accordance with legal and regulatory requirements, including the basic circumstances and potential impacts of the security incident, the measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and remedial measures for you. We will promptly inform you of the relevant circumstances of the incident via email, letter, phone, push notification, etc. If it is difficult to notify the subjects of personal information individually, we will take reasonable and effective methods to make a public announcement.
In accordance with relevant Chinese laws, regulations, standards, as well as common practices in other countries and regions, we ensure your rights over your personal information as follows:
You have the right to access your personal information, except in cases exempted by laws and regulations. If you wish to exercise your data access right, you can do so in the following way: Access your personal information through "Me" in our application.
When you find errors in the personal information we process about you, you have the right to request a correction. You can submit a correction request through the path in "ME"
When you update your personal information, we may ask you to verify your identity before processing your request. Once we have sufficient information to process your request to access or correct your personal information, we will respond to your request within the timeframe stipulated by applicable data protection laws. If you wish to access the personal data we hold about you or if you believe that any information we hold about you is incorrect or incomplete, please write to us or email us as soon as possible at the email address provided below. Email: service@kinwayn.com.
In the following circumstances, you can request us to delete your personal information:
a. If our actions in processing personal information violate laws and regulations;
b. If we collect and use your personal information without your consent;
c. If our actions in processing personal information violate our agreement with you;
d. If you no longer use our products or services, or you have canceled your account;
e. If we no longer provide products or services to you.
You can cancel your previously registered account at any time. You can do this by: Deleting your user information through "Me - profile - Delete my profile." Information to be deleted includes:
a. User account information
b. User device information
c. Device data information
d. Images/videos captured by the camera
e. Feedback information
f. Device grouping information
When you delete information from our services, we may not immediately delete the corresponding information in our backup system, but will delete these during the backup update process.
(1) If you are a user within the European Union under the General Data Protection Regulation (GDPR), you have the right to request the erasure of your personal information. If the GDPR provides relevant provisions, we will consider the reasonableness of the erasure request and take reasonable steps, including technical measures.
(2) If you are a user within the European Union under the General Data Protection Regulation (GDPR), you have the right to restrict our processing of your personal information. We will consider the reasonableness of this restriction request. If the GDPR provides relevant provisions, we will process your personal information only in ways that comply with the applicable regulations of the GDPR and will notify you before lifting the restriction.
(3) If you are a user within the European Union under the General Data Protection Regulation (GDPR), you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
(4) If you are a user within the European Union under the General Data Protection Regulation (GDPR), you have the right to receive your personal information in a commonly used structured format and to transmit this data to another data controller.
(1) Related to the personal information controller's obligation to fulfill duties as stipulated by laws and regulations;
(2) Directly related to national security and defense security;
(3) Directly related to public safety, public health, or significant public interests;
(4) Directly related to criminal investigations, prosecutions, trials, and judgment enforcement;
(5) Where there is sufficient evidence to show that the subject of personal information is acting with subjective malice or abusing their rights;
(6) For the purpose of protecting the significant lawful rights and interests, such as life and property, of the subject of personal information or other individuals, where it is difficult to obtain consent from the person concerned;
(7) Responding to the request of the subject of personal information would cause serious harm to the lawful rights and interests of the subject of personal information or other individuals or organizations;
(8) Involving trade secrets.
This policy is formulated in accordance with the laws of the People's Republic of China and is subject to the jurisdiction of the People's Republic of China. The personal information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China.
As we provide products or services through resources and servers distributed globally, this means that, with your authorized consent, your personal information may be transferred to jurisdictions outside of the country/region where you use the products or services, or be accessed from those jurisdictions.
Such jurisdictions may have different data protection laws, or even no relevant laws established. In such cases, we will ensure that your personal information receives sufficient and equivalent protection as it does within the territory of the People's Republic of China. For example, we may ask for your consent for cross-border transfer of personal information, or implement security measures such as data de-identification before cross-border data transfer.
Our products, websites, and services are primarily intended for adults. Children should not create their own accounts with personal information without the consent of a parent or guardian.
In cases where we collect personal information of children with the consent of their parents, we will only use or disclose such information where it is legally permitted, explicitly consented to by the parents or guardians, or necessary to protect the child.
Although local laws and customs may define 'children' differently, we consider anyone under the age of 14 to be a child.
If we discover that we have collected personal information from a child without verifiable parental consent, we will take steps to promptly delete the relevant data.
We will retain your personal information for the duration necessary to achieve the purposes described in this policy, or to comply with applicable legal requirements or permissions, if necessary.
If there is a reasonable basis to believe that retaining personal information will not fulfill the purpose of collecting the information, we will no longer retain the personal information, or we will remove the means by which the personal information can be associated with a specific individual.
If the information is further processed for archiving in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with legal uses, even if the purpose of further processing is not consistent with the original purpose, Smart Aqua may continue to retain the data.
We regularly review our Privacy Policy to reflect changes in our information practices and will update this Privacy Policy accordingly.
Without your explicit consent, we will not reduce your rights under this Privacy Policy. Any changes to this policy will be posted on this page.
For significant changes, we will provide more prominent notice, including for certain services, by sending notifications to the email address associated with your account, announcing on the APP, or notifying you through mobile devices. This way, you can understand the information we collect and how we use it.
Significant changes referred to in this policy include, but are not limited to:
Significant changes in our service model, such as the purposes for processing personal information, types of personal information processed, and the ways personal information is used;
Major changes in ownership structure, organizational structure, etc., such as changes in ownership due to business adjustments, bankruptcy mergers, etc.;
Changes in the main recipients of personal information sharing, transfer, or public disclosure;
Significant changes in your rights in personal information processing and how they are exercised;
Changes in the responsible department for personal information security, contact information, and complaint channels;
High risk indicated in the personal information security impact assessment report.
Such changes to the Privacy Policy will take effect from the notification or the effective date specified on the website. We recommend that you regularly review this page for the latest information on our privacy practices.
Your continued use of our products, website, mobile, and/or any other device services will be considered as acceptance of the updated Privacy Policy. If we collect more personal information from you or wish to use or disclose your personal information for new purposes, we will seek your consent again.
For EU users under the General Data Protection Regulation (GDPR), we will provide:
Use of risk management methods, offering systematic ways to manage personal data related to our employees, management processes, and information systems. Under GDPR, we will use the following methods:
Appoint a Data Protection Officer (DPO) responsible for data protection. The DPO can be contacted at dpo@kinwayn.com;
Establish processes such as Data Protection Impact Assessment (DPIA).
Priority Order
If you have agreed to an applicable user agreement and there is inconsistency between such user agreement and this Privacy Policy, the user agreement will prevail.
If you have any questions, comments, or suggestions regarding this Personal Information Protection Policy, please contact us using the following method.
Email: service@kinwayn.com