Effective Date: November 20, 2023
Last Updated: March 5, 2026
Compliance Statement: This Privacy Policy complies with the highest international security standards and privacy protection regulations, including ISO 27001 Information Security Management System, ISO 27701 Privacy Information Management System, SOC 2 Service Organization Control, HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), EN18031 (European Union Cybersecurity Act), and COPPA (Children's Online Privacy Protection Act). We are committed to continuously maintaining and improving our data security and privacy protection systems to ensure your personal information receives the highest level of protection.
ShengYun Speech-to-Text (hereinafter referred to as "the Product") is a product developed by Nanjing YouYuanChuang Network Technology Co., Ltd. (hereinafter referred to as "We" or "Us"). When you use our products and/or services, we may collect and use your personal information. Through this Privacy Policy, we will explain to you how we collect, store, use, and provide your personal information to others, as well as the rights you are entitled to.
Please read this Privacy Policy carefully before using our products and/or services to ensure that you fully understand and accept all terms. If you do not agree, please do not register, log in, or use the services. If you use or continue to use our services, it means you agree to our processing of your personal information in accordance with this Privacy Policy. If you are a minor under 14 years of age, please read and fully understand this policy accompanied by your parents or other guardians, and obtain their consent before using the Product and/or services.
This Privacy Policy is our general privacy clause used uniformly for all our products and services. For specific products (or services), we will clearly inform you of the purpose, manner, and scope of information collection and use through corresponding product (or service) agreements, authorization letters, etc., and obtain your authorization or consent before collecting and using your information. The above documents together with this Privacy Policy constitute the complete privacy policy between us and you. In case of any inconsistency, the corresponding product (or service) agreement or authorization letter shall prevail.
You can read the following sections to learn more about the specific provisions of this policy:
I. How We Collect and Use Your Personal Information
II. How We Use Cookies and Similar Technologies
III. Storage and Provision of Your Personal Information
IV. How We Protect Your Personal Information
V. How We Protect Minors' Personal Information
VI. Your Rights to Control Your Personal Information
VII. International Standards Compliance
VIII. Auto-start and Associated Launch Instructions
IX. How This Policy Is Updated
X. How to Contact Us
I. How We Collect and Use Your Personal Information
As a personal information processor, we will follow the principles of lawfulness, legitimacy, necessity, and good faith to collect and use your personal information for the purposes described below.
1.1. Information We Collect
1.1.1. Personal Information You Actively Provide When Using Our Products and/or Services
According to the "Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications," ShengYun Speech-to-Text belongs to the "utility tool" category App, which can use basic function services (i.e., browsing services) without personal information. In addition, to provide you with account registration/login, recording, speech-to-text, customer service and feedback, and other functional services, you only need to provide us with the basic necessary personal information required for those functions, unless special requirements are specified by relevant laws and regulations. If you refuse to provide such information, we will not be able to provide you with the corresponding functional services. Please note: If you provide personal information that does not belong to you, please ensure that you have obtained the consent of the relevant subject.
The complete functions of ShengYun Speech-to-Text and the personal information processed are as follows:
(1) Account Registration/Login/Cancellation
To ensure the security of your personal space, you need to register and log in to a "ShengYun Speech-to-Text account" before you can use other services after registration and login, including speech-to-text, customer service and feedback. When you register and log in to your ShengYun Speech-to-Text account, we will collect your nickname, avatar, phone number/email address. If you do not set a nickname or avatar, the system default will be used. This information is necessary for the function. If you do not provide it, you will not be able to complete registration/login. The phone number is sensitive information, and its collection is to meet the network real-name requirements of relevant laws and regulations.
In addition, you may choose to provide us with your voiceprint characteristic information, which is also sensitive information. Refusing to provide this information will only prevent you from using voice cloning and other related features, but will not affect your normal use of other functions of ShengYun Speech-to-Text.
Account Cancellation Method and Process: App -> Me -> System Settings -> Cancel Account
(2) Recording and Speech-to-Text
When you use the recording and speech-to-text function, we need to call your microphone permission and storage permission to obtain and save your voice information and/or other recording content you provide and perform speech-to-text on our cloud servers. This is a required system permission for this function service. If you refuse, you will not be able to use the recording and speech-to-text function. If you choose to upload audio from your local device for transcription, we need to call your storage permission to obtain your local recording content, which is a required system permission for local upload. If you refuse, you will not be able to upload local recording files for speech-to-text. At the same time, we will collect the transcribed text information and provide real-time processing feedback based on your needs, so you can understand what voice interactions occurred and access record viewing and effect analysis services.
Please note that even if you have agreed to enable the microphone permission, we will only obtain your voice information by calling the microphone permission when you actively start the recording function. Moreover, although the voice information you enter and the transcribed text information may contain personal information about you or others, we will not identify individuals based on the content of such personal information.
Please note that for audio files you upload yourself, we will store them encrypted on our cloud servers, and you can choose to delete this information at any time. Unless you voluntarily choose otherwise or are required by relevant laws and regulations, we will not provide the above audio information to third parties or use it for purposes other than this function.
Clipboard Access Permission
To facilitate your input and paste functions, the application may automatically detect whether the clipboard contains text content when the input box is focused, to determine whether to display the "Paste" button.
The application will not actively read, store, or upload your clipboard content.
(3) Customer Service and Feedback
When you submit feedback through our customer service, file complaints, appeals, or consult about issues related to the Product and/or services, we will collect the text information you input to understand your feedback content and needs. This information is necessary for the user feedback and customer service function.
To ensure the security of your account and the system, you need to provide the account you registered/logged in with so we can verify your user identity. This information is necessary for identity verification in user feedback.
You can also fill in your phone number, email, and QQ to facilitate us contacting you to better understand your needs and solutions to related issues, or to help you resolve other issues. This is non-essential information for user feedback and customer service. To provide you with customer service and after-sales service related to your order needs to ensure the normal completion of orders, to understand your experience with our product and other needs to improve our products and services, or to provide you with other services related to your rights, our customer service personnel may use your account phone number or other contact information you provided to contact you via phone, SMS, or email to better understand your needs and solutions to related issues, or to help you resolve other issues.
During the feedback, complaint, or consultation process, to help you solve problems or record solutions and results, you can choose to provide us with supporting materials (pictures or videos). The system will record your communication with customer service to better help you resolve consulted issues and improve service quality. If you do not provide the above information, we will not be able to timely respond to your consultation results, but this will not affect your normal use of other services of the Product.
To further clarify the permissions used by this software that involve your personal information, we have summarized the usage in the table below. You can view the status of the above permissions in your device settings or our client, and decide whether to enable or disable these permissions at any time. Please note that enabling any permission means you authorize us to collect and use relevant personal information to provide you with corresponding services. Once you disable any permission, you cancel the authorization. We will no longer collect and use relevant personal information based on that permission, nor provide you with services corresponding to that permission. However, your decision to disable permissions will not affect information collection and use that was conducted based on your prior authorization.
| Permission Type | Corresponding Function | Purpose of Permission | When Permission is Requested | Can Be Disabled |
|---|---|---|---|---|
| Camera | Upload user avatar via photo | Take photo for avatar upload | Prompted when first using camera to upload avatar | Yes |
| Photo Album | Upload user avatar | Get image information | Prompted when first using album to upload avatar | Yes |
| Microphone | Recording | Use microphone for recording | Prompted when first using microphone for recording | Yes |
| Storage | Recording save, audio import, meeting report download, App update package download | Store files | Prompted when first uploading audio files from device | Yes |
| WiFi and Network | Audio upload, transcription result delivery, audio editing | Use network to communicate with server | Asked when first opening ShengYun Speech-to-Text | Yes |
| Geographic Location | Get location information | Upload meeting location | Prompted when first saving audio file | Yes |
| Positioning | Get location information | Search for recording device | Asked when entering APP home page | Yes |
| Device Status | Mobile device crash information | Get device information | Asked when first opening ShengYun Speech-to-Text | Yes |
| Notification | Push function | Send notification messages | Asked when first opening ShengYun Speech-to-Text | Yes |
| Bluetooth | Hardware device connection | Connect external microphone device | Prompted when first using device connection function | Yes |
| Sensor | Error information collection | Collect possible preceding operations for error reporting | Asked when first opening ShengYun Speech-to-Text | Yes |
1.1.2. Personal Information We Actively Collect When Providing Products and/or Services
To ensure you can normally use our services, maintain the normal operation of our services, improve and optimize our service experience, and ensure the security of your account, we will collect your device model, operating system, unique device identifier (SN code), login IP address, ShengYun Speech-to-Text software version number, network connection method, type and status, network quality data, operation logs, service log information (such as information you search and view in ShengYun Speech-to-Text, service fault information, referral URLs, etc.). This information is essential for providing services.
1.1.2.1 Ensuring Operation Security and Troubleshooting
Our product is developed based on DCloud uni-app (5+ App/Wap2App). When you use this Product, we need to collect your device unique identification code (device serial number, IMEI/Android ID/DEVICE_ID/IDFA, SIM card IMSI information, OAID) during the application operation to provide statistical analysis services, and analyze application startup data and abnormal error logs to improve performance and user experience, and provide better services to users. To ensure users can still use services normally when the app runs in the background, we will continue to use your device information in silent and background states.
1.1.2.2 Operational Statistics and Product Optimization
To ensure you can normally use our services, maintain the normal operation of our services, improve and optimize our service experience, and ensure the security of your account, we will collect your device model, operating system, unique device identifier (SN code), login IP address, ShengYun Speech-to-Text software version number, network connection method, type and status, network quality data, operation logs, service log information (such as information you search and view in ShengYun Speech-to-Text, service fault information, referral URLs, etc.). This information is necessary for providing services. If you refuse us to collect the above information, we will not be able to conduct security monitoring for this software, which may affect account security.
1.1.3. Your Personal Information We Obtain from Third Parties
Please note that currently, ShengYun Speech-to-Text does not actively obtain your personal information from third parties. If we need to indirectly obtain your personal information from third parties for future business development, we will inform you in advance about the source, type, and scope of use of your personal information. If the personal information processing activities required for ShengYun Speech-to-Text's business exceed the scope of your original consent when providing personal information to third parties, we will obtain your explicit consent before processing your such personal information. In addition, we will strictly comply with relevant laws and regulations and require third parties to ensure the legality of the information they provide.
If you use a third-party account to log in to your ShengYun Speech-to-Text account, we will collect your authorized shared account information (nickname, avatar), Open ID from the third party, and bind your third-party account with your ShengYun Speech-to-Text account after you agree to this policy. To cancel the binding of the above third-party account, you can close the authorization binding or contact us through the methods provided in Article X of this Privacy Policy.
1.2. How We Use Information
1.2.1. Service Optimization and Security
To ensure service security and help us better understand the operation of our application, we may record relevant information, such as your frequency of using the application, crash data, overall usage, performance data, and the source of the application. We will not combine the information stored in our analysis software with any personally identifiable information you provide in the application.
If we use your personal information beyond the stated purpose at the time of collection and its directly related scope, we will inform you again and obtain your explicit consent before using your personal information.
To ensure users can still use services normally when the app runs in the background, we will continue to use your device information in silent and background states.
1.2.2. Anonymization Processing and Statistical Analysis
Pursuant to applicable laws and regulations, we may technically process your personal information so that it cannot precisely identify individuals, and conduct academic research or statistical analysis on the technically processed information (including using anonymized or de-identified voice information for model algorithm training) to better improve product functions and service capabilities.
1.2.3. Automated Decision-Making and Profiling (GDPR Compliance)
(1) Automated Decision-Making: We will not make decisions with legal effects or similar significant impacts on you based solely on automated processing (including profiling);
(2) User Profiling: We may use your information for user profiling to provide personalized services, but you have the right to refuse such processing at any time;
(3) Direct Marketing: We will not use your personal information for direct marketing purposes unless we obtain your explicit consent.
1.2.4. Legal Basis for Processing (GDPR)
We process your personal information based on the following legal bases:
(1) Consent: You have explicitly consented to our processing of your personal information;
(2) Contract Performance: Processing is necessary for the performance of the contract with you;
(3) Legal Obligation: Processing is necessary for compliance with a legal obligation;
(4) Legitimate Interest: Processing is necessary for the legitimate interests pursued by us or a third party, and your rights and freedoms take precedence over these interests.
1.3. Appendix: Third-Party SDKs
Some functions in ShengYun Speech-to-Text are provided by third-party institutions in the form of SDK plugins. SDK technical service providers will obtain corresponding permissions and information based on the necessity of providing you with functions or services. For the names, contact information, processing purposes, sharing methods, and types of shared information/permissions of third-party SDKs, please refer to the Information Sharing List with Third Parties.
| Third-Party Company Name | Product/Type | Contact Information | Types of Information/Permissions Shared | Processing Purpose | Usage Scenario | Sharing Method | Third-Party Privacy Policy |
|---|---|---|---|---|---|---|---|
| Tencent Payment Technology Co., Ltd. | WeChat Pay | 0755-86013860 | Device information (IMSI, ICCID, MAC address, Android ID, hardware serial number, device serial number, IMEI, MEID, OAID, Bluetooth MAC address, file directory, running app list, network information, operator information, accelerometer sensor information, sensor information), clipboard information, account information, biometric features (static or dynamic facial information), images, videos, photos, audio, photo album, SMS records, GPS information, precise geolocation information, approximate geolocation information, contacts, local storage, storage files, directories, space status, system SHELL commands | Help users use WeChat Pay within the app | WeChat Pay for package purchases | SDK local collection | https://posts.tenpay.com/posts/18ed0968618e3db204d4931651708953.html |
| Alibaba (China) Network Technology Co., Ltd. | Alipay | 95188 | Device information (IMSI, ICCID, MAC address, Android ID, hardware serial number, device serial number, IMEI, MEID, OAID, Bluetooth MAC address, file directory, running app list, network information, operator information, accelerometer sensor information, sensor information), clipboard information, account information, biometric features (static or dynamic facial information), images, videos, photos, audio, photo album, SMS records, GPS information, precise geolocation information, approximate geolocation information, contacts, local storage, storage files, directories, space status, system SHELL commands | Help users use Alipay within the app | Alipay for package purchases | SDK local collection | https://render.alipay.com/p/yuyan/180020010001196791/preview.html?agreementId=AG00000132 |
| Tencent Computer System Co., Ltd. Shenzhen | Bugly | Dataprivacy@tencent.com | Device information (including device model, device serial number, device identifier IMEI/Android ID/IDFA/GUID/OAID), device MAC address, network device hardware address, network information, geolocation, storage read (album, media and other files) permission | Record error logs, conduct APP problem troubleshooting, optimize service quality | Record user information collection when app crashes | SDK local collection | https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56 |
| Shenzhen Hexun Huagu Information Technology Co., Ltd. | Jiguang Security Authentication SDK | support@jiguang.cn | Device identifiers (including IMEI, IDFA, Android ID, GAID, MAC, OAID, IMSI, MEID, UAID, ICCID), device hardware information (device serial number, including device model, device screen resolution, device hardware manufacturer, device product name), operating system information (including OS version, system name, system language), network information (including network type, operator name, base station information, IP address, WiFi information, SSID, BSSID), precise location information, software list information (including software list and software running list information) | Through de-identification, encrypted transmission, and other security methods | Provide APP users with one-click login, number verification, security verification services | SDK local collection | https://www.jiguang.cn/license/privacy |
| China Mobile Internet Co., Ltd. | China Mobile Authentication | Network type, network address, operator type, local phone number information, SIM card status, mobile device type, mobile operating system, hardware manufacturer | Identify user's phone number for quick login/number verification, problem inquiry, analysis, risk control | Identify user's phone number for quick login/number verification | SDK local collection | https://wap.cmpassport.com/resources/html/contract2.html | |
| China United Network Communications Co., Ltd. | China Unicom Authentication | Network type, network address, operator type, local phone number, mobile device type, mobile operating system, hardware manufacturer | Identify user's phone number for quick login/business risk control | Identify user's phone number for quick login | SDK local collection | https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true | |
| China Telecom Digital Life Technology Co., Ltd. | China Telecom Authentication | cn.com.chinatelecom | International mobile subscriber identity number, app process information, ANDROID_ID (optional, removed in V3.8.10+), registered phone number, local phone number, network connection type, network status information, network address, operator type, mobile device type, mobile device manufacturer, mobile operating system type and version | Identify user's phone number for quick login/number verification and business risk control | Identify user's phone number for quick login | SDK local collection | https://e.189.cn/sdk/agreement/show.do?order=2&type=main&appKey=&hidetop=&isShowPre=&returnUrl=https%3A%2F%2Fe.189.cn |
1.4. Exceptions to Obtaining Consent for Collecting and Using Your Personal Information
According to relevant laws and regulations, we may collect and use personal information without obtaining your consent in the following circumstances:
(1) Necessary for entering into or performing a contract in which the individual is a party, or necessary for implementing human resource management in accordance with legally established labor rules and regulations and collectively negotiated contracts;
(2) Necessary for fulfilling statutory duties or legal obligations;
(3) Necessary for responding to public health emergencies, or necessary to protect the life, health, or property of individuals in emergency situations;
(4) Processing personal information within a reasonable scope for news reporting, public opinion supervision, or other activities carried out in the public interest;
(5) Processing personal information within a reasonable scope that the individual has voluntarily made public or that has been legally disclosed;
(6) Other circumstances as provided by laws and administrative regulations.
Please understand that the functions and services we provide are constantly being updated and developed. If a function or service not described above collects your information, we will separately explain the content, scope, and purpose of the information collection to you through page prompts, interaction processes, website announcements, etc., to obtain your consent.
This policy explains how we process personal information, but does not cover all scenarios where third-party products and services that invoke ShengYun Speech-to-Text products and/or services process personal information. Although third parties invoke our products and/or services, we do not understand or control their specific usage behaviors and are not responsible for their behaviors. If you are an end user using products and services that invoke ShengYun Speech-to-Text, we recommend that you carefully consider visiting or using their products and services after reviewing and agreeing to their privacy policies.
II. How We Use Cookies and Similar Technologies
2.1. Cookies
To ensure the website functions properly, we will store small data files called Cookies on your computer or mobile device. Cookies usually contain identifiers, site names, and some numbers and characters. We will not use Cookies for any purposes other than those described in this policy. You can clear all Cookies saved on your computer. Most web browsers have the ability to block Cookies. However, if you do so, you may need to change your user settings every time you visit our website.
2.1.1. Web Beacons and Pixel Tags
In addition to Cookies, we also use web beacons and pixel tags and other similar technologies on websites. For example, the emails we send you may contain click-through URLs that link to our website content. If you click on such a link, we will track that click to help us understand your product or service usage and improve customer service. Web beacons are usually transparent images embedded in websites or emails. With pixel tags in emails, we can know whether an email has been opened. If you do not want your activities to be tracked in this way, you can unsubscribe at any time.
2.1.2. Do Not Track
Many web browsers have a Do Not Track feature that sends Do Not Track requests to websites. Currently, major Internet standards organizations have not established relevant policies for how websites should respond to such requests. However, if your browser enables Do Not Track, all our websites will respect your choice.
III. Storage and Provision of Your Personal Information
3.1. Storage
3.1.1. Location of Information Storage
In principle, personal information collected and generated within the People's Republic of China will be stored within the People's Republic of China, and no cross-border transmission will be conducted.
Exceptions include:
(1) As explicitly provided by laws and regulations;
(2) With your explicit authorization;
(3) Your personal initiative behavior such as cross-border transactions through the Internet;
(4) Under GDPR, cross-border transmission conducted with appropriate safeguards (such as Standard Contractual Clauses, Binding Corporate Rules, etc.).
3.1.2. Information Retention Period
Generally, we will retain your personal information for the shortest time necessary to achieve the processing purposes stated in this policy, unless otherwise provided by applicable laws and regulations. After the above period expires, or when you voluntarily request deletion of your personal information or cancellation of your account, we will delete your personal information as soon as possible in accordance with applicable laws and regulations, unless applicable laws and regulations require longer retention. However, in the following circumstances, we may change the retention period of personal information to comply with legal requirements:
(1) To comply with relevant laws and regulations;
(2) To comply with court judgments, rulings, or other legal procedures;
(3) To comply with requirements of relevant government agencies or statutory authorized organizations;
(4) We have reason to believe we need to comply with relevant laws and regulations;
(5) Necessary for executing relevant service agreements or this policy, maintaining public interests, or protecting our or third parties' legitimate rights and property or other lawful rights.
After you stop using the Product, we will stop collecting and using your information, unless otherwise provided by laws and regulations or regulatory requirements.
When the services related to this Product cease operation, we will notify you by sending notifications and announcements, and delete your personal information retained on servers within the period required by laws and regulations.
3.1.3. Data Retention Period Description (GDPR Compliance)
We determine data retention periods based on the following criteria:
(1) Account data: Retained until 6 months after account cancellation or the shortest period required by law (whichever is longer);
(2) Voice transcription data: Deleted immediately after you actively delete or cancel your account (unless otherwise required by law);
(3) Log data: Retained for no more than 12 months;
(4) Marketing data: Stopped immediately upon withdrawal of consent.
3.2. Sharing, Transfer, and Disclosure
(1) Unless otherwise agreed, we will not share your personal information with any other company, organization, or individual without your explicit consent.
(2) We will not publicly disclose the personal information we collect. If disclosure is necessary, we will inform you of the purpose of disclosure, types of information to be disclosed, and any sensitive information involved, and obtain your explicit consent.
(3) With the continuous development of our business, we may need to transfer your personal information due to mergers, acquisitions, asset transfers, etc. We will inform you of the relevant circumstances (including but not limited to the name and contact information of the recipient), and continue to protect your personal information in accordance with laws and regulations and standards no lower than those required by this Privacy Policy, or require the recipient to continue to protect your personal information.
(4) According to relevant laws, regulations, and national standards, we may share, transfer, or publicly disclose your personal information in the following circumstances without obtaining your prior consent:
1) Directly related to national security and defense security;
(2) Directly related to public security, public health, or significant public interests;
(3) Directly related to criminal investigation, prosecution, trial, and execution of judgments;
(4) Necessary to protect the vital legitimate rights and interests of the data subject or other individuals when it is difficult to obtain consent;
(5) Personal information voluntarily made public by the data subject to the public;
(6) Collecting personal information from legally disclosed information, such as legitimate news reporting and government information disclosure;
(7) Other circumstances as provided by laws and regulations.
3.3. Records of Processing Activities
We maintain records of processing activities, including: purposes of processing, categories of data, categories of recipients, appropriate safeguards for cross-border transfers, description of retention periods, and general description of technical security measures. This record can be provided upon your request.
IV. How We Protect Your Personal Information
4.1. ISO 27001 / ISO 27701 Information Security Management System
We have established and continuously maintain management systems and technical measures that comply with ISO 27001 Information Security Management System and ISO 27701 Privacy Information Management System standards. Our information security management system has passed strict internal and external audits to ensure your personal information is effectively protected throughout its entire lifecycle. We have a dedicated information security team responsible for continuous monitoring, evaluation, and improvement of our security control measures.
4.2. SOC 2 Compliance Statement
Our services have passed SOC 2 (Service Organization Control Type 2) audits and comply with the following Trust Service Principles:
(1) Security: We implement multi-layered security controls, including firewalls, intrusion detection systems, access control lists, etc., to prevent unauthorized access;
(2) Availability: We have established comprehensive disaster recovery plans and business continuity mechanisms to ensure continuous service availability;
(3) Processing Integrity: We ensure the accuracy, completeness, and validity of data processing;
(4) Confidentiality: We implement strict confidentiality measures for sensitive information, including data encryption, access control, etc.;
(5) Privacy: We collect, use, store, and disclose personal information in accordance with privacy protection principles.
4.3. HIPAA Health Information Protection (If Applicable)
If you use this Product to process health-related voice data (such as medical record consultations, doctor-patient communication, etc.), we will protect your Protected Health Information (PHI) in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act):
(1) We implement appropriate administrative, physical, and technical safeguards to protect PHI;
(2) We limit access to PHI to personnel necessary for providing services;
(3) We enter into Business Associate Agreements (BAA) with any third parties that may access PHI, ensuring they also comply with HIPAA requirements;
(4) We have established procedures for responding to and notifying about PHI breaches.
4.4. EN18031 Cybersecurity Regulation Compliance
Our products and services comply with the requirements of EN18031 (European Union Cybersecurity Act):
(1) Risk Management: We implement systematic cybersecurity risk management, including regular vulnerability assessments, penetration testing, and risk assessments;
(2) Incident Response: We have established a comprehensive cybersecurity incident response mechanism to take timely countermeasures when security incidents are discovered;
(3) Vulnerability Management: We continuously monitor and evaluate system vulnerabilities and timely apply security patches;
(4) Supply Chain Security: We conduct security reviews of third-party suppliers to ensure they meet cybersecurity standards.
4.5. General Data Security Measures
We have used security protection measures that meet industry standards to protect the personal information you provide, preventing unauthorized access, public disclosure, use, modification, damage, or loss of data. We take all reasonably feasible measures to protect your personal information. For example: we use encryption technologies (such as SSL/TLS), end-to-end encryption to ensure data confidentiality; we use trusted protection mechanisms to prevent data from malicious attacks; we deploy access control mechanisms to ensure only authorized personnel can access personal information; and we conduct security and privacy protection training courses to strengthen employees' awareness of the importance of protecting personal information.
4.6. Please understand that due to technical limitations and possible malicious attacks, unexpected situations that we cannot reasonably foresee, prevent, avoid, or control may occur. The Internet is not an absolutely secure environment. Please use complex passwords to help us ensure the security of your account.
4.7. In the event of a personal information security incident, we will initiate emergency response plans in accordance with the requirements of laws and regulations to prevent the incident from escalating, promptly inform you of the incident details via email, letter, phone, push notification, etc., or publish announcements through reasonable and effective means. At the same time, we will report the handling of personal information security incidents in accordance with regulatory requirements.
4.8. How to handle minors' personal information.
4.9. We continuously improve the security capabilities of the software installed on your device to prevent your personal information from being leaked. For example, we complete partial information encryption locally on your device for secure transmission; to prevent viruses, Trojan programs, or other malicious programs, websites may check the apps installed on your device or running process information. We have established dedicated management systems, processes, and organizations to ensure information security. For example, we strictly limit the scope of personnel who can access information, require them to comply with confidentiality obligations, and conduct audits.
V. How We Protect Minors' Personal Information
5.1. COPPA (Children's Online Privacy Protection Act) Compliance Statement
We strictly comply with the provisions of COPPA (Children's Online Privacy Protection Act) and are committed to protecting the privacy and safety of children (minors under 13 years of age). We will not collect personal information from children under 13 without obtaining verifiable parental consent.
5.2. Age Restrictions and Verification
(1) Age Restriction: We will not intentionally collect personal information from children under 13 (except with parental or guardian consent). Our services are not designed for children under 13. If we discover that we have inadvertently collected a child's personal information, we will promptly delete such information;
(2) Age Verification: We will take measures to verify user age to ensure we do not improperly collect children's personal information;
(3) Parental Control: Parents or guardians have the right to review, delete, or refuse our collection of their children's personal information.
5.3. Verifiable Parental Consent
Before collecting, using, or disclosing personal information from children under 13, we will seek verifiable parental consent. We accept the following forms of consent:
(1) Signing a consent form and sending it to us by mail, fax, or scanned email;
(2) Credit card number along with verification of parent's name;
(3) Telephone confirmation after verifying parental identity through government-issued ID;
(4) Other feasible methods recognized by us.
5.4. Limitations on Children's Information Collection
For service types that require parental consent, we only collect the minimum personal information necessary to provide the service, and will not use children's personal information for purposes unrelated to providing the service.
5.5. Parental Rights
As a parent or guardian, you have the right to:
(1) Review: View the personal information we collect about your child;
(2) Delete: Request us to delete your child's personal information;
(3) Refuse: Refuse further collection or use of your child's personal information;
(4) Opt-out: Opt out of future collection of your child's personal information.
5.6. Minor Protection Under Chinese Legal Framework
According to relevant Chinese laws and regulations, if you are a minor aged 14 or above, we will obtain your or your guardian's consent before collecting your personal information. If you, your parents, or other guardians request us to correct or delete the minor's personal information, we will take prompt measures to correct or delete, unless otherwise provided by laws and administrative regulations.
5.7. If you are a minor under 14 years of age (hereinafter referred to as a "Child"), we will obtain consent from your parents or other guardians before collecting your personal information. When processing children's personal information, we will, in addition to complying with the provisions of this policy regarding user personal information, adhere to the principles of necessity, informed consent, clear purpose, security guarantee, and lawful use, and strictly follow the requirements of laws and regulations such as the "Regulations on the Protection of Children's Personal Information on the Internet" for storage, use, and disclosure. We will not retain children's personal information beyond the period necessary to achieve the collection and use purposes, and will delete children's personal information upon expiration.
5.8. If you are a parent or guardian of a minor, and you have any questions, opinions, suggestions, or complaints regarding the matters described in this Privacy Policy, please contact us through the contact information provided in Article X of this Privacy Policy.
VI. Your Rights to Control Your Personal Information
In accordance with Chinese relevant laws, regulations, and regulatory requirements, the GDPR (General Data Protection Regulation), and other applicable laws, we ensure you can exercise the following rights over your personal information:
6.1. Access, Correction, and Update of Your Personal Information
You have the right to access, correct, and update your personal information through our official website, mobile APP, and other channels, unless otherwise provided by laws and regulations. You are responsible for keeping your personal information up to date.
6.2. Deletion of Your Personal Information (Right to be Forgotten)
You may request deletion of your personal information in the following circumstances:
(1) If our processing of personal information violates laws or regulations;
(2) If we collect or use your personal information without obtaining your consent;
(3) If our processing of personal information violates our agreement with you;
(4) If you withdraw consent (and we have no other legal basis for processing);
(5) If the collection or processing of personal information is no longer necessary for achieving the collection purpose;
(6) Other circumstances as provided by laws and administrative regulations.
6.3. Data Portability (GDPR)
Pursuant to GDPR, you have the right to receive the personal information you provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another controller.
6.4. Right to Restriction of Processing (GDPR)
You have the right to restrict our processing of your personal information in the following circumstances:
(1) If you contest the accuracy of the personal information;
(2) If we process personal information unlawfully but you oppose deletion;
(3) If we no longer need the personal information but you need it for the establishment, exercise, or defense of legal claims.
6.5. Right to Object (GDPR)
You have the right to object to our processing of your personal information at any time on grounds relating to your particular situation, including processing based on legitimate interests or public interests. You have the right to object at any time to processing of your personal information for direct marketing purposes.
6.6. Controlling Personal Information Through Account Cancellation
Account cancellation: Contact customer service to cancel your account. After account cancellation, we will delete or anonymize your personal information.
6.7. Right to Request Explanation
You have the right to request our personnel to explain the personal information processing rules through the contact information provided in Article X of this Privacy Policy.
6.8. Responding to Your Requests
To ensure security, you may need to provide a written request or otherwise prove your identity. We may first require you to verify your identity before processing your request. Please understand that for requests that are unreasonably repetitive, require excessive technical means, pose risks to the legitimate rights of others, or are extremely impractical, we may refuse them.
6.9. Exceptions to Rights
Notwithstanding the above, in accordance with legal requirements, we may not be able to respond to your requests in the following circumstances:
(1) Related to national security and defense security;
(2) Related to public security, public health, or significant public interests;
(3) Related to criminal investigation, prosecution, trial, and execution of judgments;
(4) Where there is sufficient evidence that you have subjective malice or are abusing rights;
(5) Where responding to your request would seriously harm the legitimate rights and interests of you or other individuals or organizations;
(6) Involving our trade secrets;
(7) Cases where retention is required by law (such as tax record retention obligations).
VII. International Standards Compliance
7.1. GDPR (General Data Protection Regulation) Compliance
7.1.1 Data Controller Information
According to GDPR, we are the data controller. Our details are as follows:
Company Name: Nanjing YouYuanChuang Network Technology Co., Ltd.
Registered Address: Nanjing, Jiangsu Province, China
Contact: as643904584@sina.com
7.1.2 Data Protection Officer (DPO)
We have designated a Data Protection Officer (DPO) to oversee our data protection compliance work. If you have any questions about your personal data processing, please contact the DPO:
Email: as643904584@sina.com
7.1.3 Legal Basis for Processing
The legal bases for processing your personal information include:
(1) Consent: You have explicitly consented to our processing of your personal information;
(2) Contract Performance: Processing is necessary for the performance of a contract with you;
(3) Legal Obligation: Processing is necessary for compliance with a legal obligation;
(4) Legitimate Interest: Processing is necessary for the legitimate interests pursued by us or a third party, but your interests and fundamental rights take precedence over these interests.
7.1.4 Cross-Border Data Transfer (GDPR)
In principle, personal information collected and generated within the People's Republic of China will be stored within the People's Republic of China. However, for the purpose of providing services, your personal information may be transferred outside of China. We will take the following measures to ensure the legality of cross-border data transfer:
(1) Adequacy Decision: If the European Commission determines that the destination country provides an adequate level of data protection, data transfer will be conducted directly;
(2) Standard Contractual Clauses: Enter into Standard Contractual Clauses approved by the European Commission with the recipient;
(3) Binding Corporate Rules: Establish Binding Corporate Rules where applicable;
(4) Other Safeguards: Take appropriate technical and organizational measures based on specific circumstances.
If you need more information about cross-border data transfers, please contact us through the contact information above.
7.1.5 Data Processors
We may engage third-party service providers to process your personal information. These processors only process data under our instructions and are bound by contractual obligations to ensure adequate data protection.
7.1.6 Right to Lodge a Complaint
Under GDPR, you have the right to lodge a complaint with the data protection authority (supervisory authority) in your country. In particular, you can complain to the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement.
7.2. EN18031 (European Union Cybersecurity Act) Supplementary Explanation
7.2.1 Security Incident Notification
According to EN18031 requirements, in the event of a security incident affecting your personal data, we will notify the relevant supervisory authority within 72 hours of discovering the incident (unless the incident is unlikely to result in a risk to your rights and freedoms). If the incident may result in a high risk to you, we will notify you promptly.
7.2.2 Technical Measures
The technical security measures we implement include but are not limited to: encryption technology, security protocols (such as TLS 1.3), access control, audit logs, intrusion detection systems, etc.
7.3. Data Protection Impact Assessment (DPIA)
For processing activities that may present a high risk to your rights and freedoms (such as systematic monitoring, large-scale processing of special categories of data, etc.), we will conduct a data protection impact assessment before processing to assess the necessity of the processing activity and determine appropriate risk mitigation measures.
VIII. Auto-start and Associated Launch Instructions
1. To ensure this application can properly receive client push broadcast information when closed or running in the background, this application needs to use the (auto-start) capability. There will be a certain frequency of system-sent broadcasts to wake the application for auto-start or associated start, which is necessary for implementing functions and services.
2. To ensure this application can properly communicate with recording devices via Bluetooth when running in the background, this application needs to use the (auto-start) capability. There will be a certain frequency of system-sent broadcasts to wake the application for auto-start or associated start, which is necessary for implementing functions and services.
IX. How This Policy Is Updated
According to changes in national laws and regulations and service operational needs, we will periodically modify this policy and related rules. The modified content will be published through our official website, mobile APP, and other channels, replacing the previous relevant content. You should periodically check relevant announcements, prompts, and changes to agreements and rules. You understand and confirm that if you do not agree to the updated content, you should immediately stop using the corresponding services and cancel your account. We will stop collecting your relevant personal information. If you continue to use the services, you will be deemed to have accepted the changes.
Please read this Privacy Policy carefully before clicking "Agree" to ensure you fully understand and are fully aware of the meaning and corresponding legal consequences of the bolded content. Your "agreement" and completion of the registration process constitutes your acceptance of this Privacy Policy. We will process and protect your personal information in accordance with relevant laws and regulations and this policy.
X. How to Contact Us
Data Controller: Nanjing YouYuanChuang Network Technology Co., Ltd.
Data Protection Officer (DPO) Contact: as643904584@sina.com
If you have any questions or suggestions about this Privacy Policy while using ShengYun Speech-to-Text, please contact us through the following methods:
Email: as643904584@sina.com
To ensure we can efficiently handle your issues and provide timely feedback, you may need to submit proof of identity, valid contact information, and written requests along with relevant evidence. We will process your request after verifying your identity. Under normal circumstances, we will respond to your request within one month. In accordance with GDPR requirements, we will respond to your request within one month of receipt, which may be extended to two months if necessary (we will explain the reason for the extension).
Right to Lodge a Complaint:
If you are not satisfied with our response, especially if you believe our personal information processing has harmed your legitimate rights and we cannot provide a satisfactory reply after your feedback and refuse to improve, you have the right to:
(1) Lodge a complaint or report with Chinese relevant supervisory authorities;
(2) If you are located in the European Union or other regions where GDPR applies, lodge a complaint with the data protection supervisory authority in your country;
(3) Seek remedies through judicial proceedings.
Special Notice: If you believe our processing of personal information violates GDPR, you have the right to lodge a complaint with the supervisory authority of any EU member state.