Privacy Policy

Effective Date: March 30, 2026

Updated Date: March 30, 2026

This Privacy Policy is formulated by the operator of CunBA iToy, "Shanghai Mi'ao Information Technology Co., Ltd." (hereinafter referred to as "we" or "us") for processing your personal information. We are committed to providing you with high-quality products and services while comprehensively safeguarding the security of your personal information and privacy. This policy clearly explains how we collect, use, store, share, and protect your personal information.

This policy will help you understand the following:

1. How We Collect and Use Your Personal Information
2. Third Parties Involved in Data Usage, Transfer, and Sharing of Personal Information
3. How We Store Personal Information
4. How We Protect the Security of Personal Information
5. How to Exercise Your Personal Information Rights
6. Provisions for Minors
7. Privacy Policy Update Rules
8. Contact Us

1. How We Collect and Use Personal Information

1.1 Registration and Login.

1.1.1 When you register or log in to CunBA iToy and related services, you can create an account using your mobile phone number. Providing a mobile phone number is required by internet real-name system regulations. If you do not provide a mobile phone number for registration or login, we may be unable to provide you with functions such as AI dialogue.

1.2 Intelligent Conversation

1.2.1 We provide dialogue services to you based on generative artificial intelligence large model technology. You send voice content to us via your device, and we process this information to provide intelligent dialogue in text and voice form. We will request your authorization for microphone permission based on the information you input. If you refuse to grant this authorization, you will be unable to conduct dialogue with CunBA iToy.

1.2.2 After using the microphone function you authorized, we will convert your voice information into text data using third-party platform voice recognition technology. We then also use third-party platform large model technology to generate replies, and finally convert some of the information to speech output using third-party platform text-to-speech technology. Specifically, during your AI dialogue process:

a. When you use health consultation-related functions, we will generate consultation reports (not constituting medical advice) based on your input and the response content for your reference.

b. When you initiate a search request during dialogue with the AI, we will receive the information you input to provide you with search results. When you inquire about location-related information, we may collect your precise geographic location. Geographic location may include precise location information obtained from sensors such as GPS, Wi-Fi access points, Bluetooth, and cellular base stations. We only collect your precise geographic location when you explicitly search for it. If you refuse to provide it, we will not reply based on GPS-sensor-obtained location, but this will not affect the normal use of other functions we provide.

c. To provide you with better interactive dialogue services, we will process your voice messages promptly.

d. When the information/content you provide includes the personal information of others, you must obtain lawful authorization from them before providing such information to avoid affecting their information.

1.3 AI Agent Creation and Usage

1.3.1 You can quickly create your own AI agents through CunBA iToy. To provide technical support for creating, publishing, and operating these agents, we need to collect basic setting information for your agents (including agent name, description, avatar, and voice information). We support you cloning your own voice to configure it for an agent. Voice cloning requires you to read and record audio as prompted on the page. We generate and save the voice for you based on third-party voice cloning technology.

1.4 User Feedback and Service

1.4.1 Customer Service and Issues: To facilitate contact with you, quickly assist in resolving your problems, or record related solutions and outcomes, we may retain our communications/call records and related content (including account information, feedback, other information you provide to substantiate facts, or contact details you leave).

1.4.2 When you file a complaint against others or are complained about, to protect your legitimate rights and interests and those of others, we may provide your account/identity information, contact details, and complaint-related content to consumer rights protection departments and regulatory authorities to timely resolve disputes, unless expressly prohibited by laws and regulations.

1.5 Personalized Optimization

1.5.1 To optimize your user experience and provide services that better meet your requirements, we will offer you personalized services.

1.5.2 When you consent to this process, we will, within the scope of your authorization, collect and use the information you input while using the product, as well as related personal information you provide, to deliver AI personalized services with long-term memory.

1.6 Operations and Secure Operation

1.6.1 Security Safeguards

a. We are committed to providing you with secure and reliable products. To maintain normal service operation and protect your legitimate interests, we collect information necessary for maintaining the security and stability of the product or service.

b. To prevent malicious programs and ensure operational quality and efficiency, we collect information about ongoing processes, overall usage, and performance data.

1.7 Changes in Collecting and Using Personal Information

1.7.1 Please understand that as our business develops, the services provided by CunBA iToy may be adjusted. When new features or services relate to our current functions, we will, in accordance with laws, regulations, and national standards, notify and explain to you again and obtain your consent for collecting and using your personal information.

1.8 Exceptions Requiring Prior Authorization and Consent

1.8.1 Please understand that in the following circumstances, according to laws, regulations, and relevant national standards, we may collect and use your personal information without obtaining your prior authorization and consent:

a. Related to fulfilling our legal obligations as stipulated by laws and regulations;

b. Directly related to national security and defense security;

c. Directly related to public safety, public health, and significant public interests;

d. Directly related to criminal investigation, prosecution, trial, and execution of judgments, etc.;

e. Necessary for protecting the life, property, and other significant legitimate rights and interests of you or others, but where obtaining consent is difficult;

f. Personal information that you have voluntarily disclosed to the public;

g. Necessary for concluding or performing a contract as requested by you;

h. Collected from legally publicly disclosed information, such as lawful news reports or government information disclosure channels;

i. Necessary for maintaining the secure and stable operation of the software and related services, e.g., discovering and handling software and service faults;

j. Necessary for conducting lawful news reporting;

k. Necessary for academic research institutions conducting statistical or academic research based on public interest, and where the disclosed research or descriptive results involve de-identified personal information;

l. Other circumstances stipulated by laws and regulations.

1.8.2 We specifically remind you to note that if information cannot identify you personally, either alone or in combination with other information, it does not constitute your personal information in the legal sense. When your information can identify you personally, either alone or in combination, or when we combine data that cannot be linked to any specific personal information with your other personal information, such information will be treated and protected as your personal information in accordance with this Privacy Policy during the period of combined use.

2. Third Parties Involved in Data Usage, Transfer, and Sharing of Personal Information

2.1 Principles

2.1.1 Lawfulness Principle: Data usage activities involving cooperation with third parties must have a lawful purpose and a legal basis.

2.1.2 Legitimacy and Data Minimization Principle: Data usage must have a legitimate purpose and must be limited to the minimum extent necessary to achieve the purpose.

2.1.3 Security and Prudence Principle: We will prudently assess the purposes for which third parties use data, comprehensively evaluate their security capabilities, and require them to adhere to cooperation agreements and laws.

2.2 Entrusted Processing

2.2.1 For scenarios involving entrusting the processing of personal information, we will sign relevant processing agreements with entrusted third parties in accordance with legal requirements and supervise and protect their personal information handling activities.

2.3 Joint Processing

2.3.1 For scenarios involving joint processing of personal information, we will sign relevant agreements with third parties stipulating their respective rights and obligations, ensuring compliance with relevant laws and data security when using such personal information.

2.4 Scope of Third Parties

2.4.1 If specific functions or scenarios involve services provided by our affiliates or third parties, the scope of "third parties" includes our affiliates and such third parties.

2.5 Data Usage for Function/Service Provision

2.5.1 When you use functions provided by our third parties within CunBA iToy (e.g., providing audio/video content in dialogue), our third parties may use information necessary for their business purposes to provide you with more relevant content or query results.

2.6 Information Provision for Security and Analytical Statistics

2.6.1 Product Analytics: To analyze the usage and performance of our products, our third parties may need to use information such as product usage statistics (crashes, flash exits), device identifier information, and overall application installation/usage statistics.

2.7 Transfer

2.7.1 As our business continues to develop, we may undergo mergers, acquisitions, or asset transfers, potentially resulting in the transfer of your personal information. In such events, we will require the successor entity to continue fulfilling the obligations of a personal information processor according to laws, regulations, and security standards no lower than those stated in this Privacy Policy. If the successor changes the original processing purpose or method, we will require them to obtain your authorization and consent anew.

2.8 Disclosure

2.8.1 We will not publicly disclose your personal information unless required by national laws and regulations or with your consent. Any disclosure of your personal information will employ industry-standard security safeguards.

2.8.2 When issuing penalty announcements for accounts in violation of regulations or fraudulent activities, we may disclose information related to those accounts, as well as personal information provided or disclosed pursuant to legal exemptions from consent requirements.

2.8.3 Please understand that in the following circumstances, according to laws, regulations, and national standards, we may provide or disclose your personal information to third parties without obtaining your authorization and consent:

a. Necessary for concluding or performing a contract as requested by you;

b. Necessary for fulfilling statutory duties or legal obligations;

c. Directly related to national security and defense security;

d. Directly related to criminal investigation, prosecution, trial, and execution of judgments, etc.;

e. Necessary for responding to public health emergencies or protecting the life, health, and property safety of individuals in emergency situations;

f. Processing personal information within a reasonable scope for implementing news reporting, public opinion supervision, etc., in the public interest;

g. Processing personal information that you have voluntarily disclosed or that has been lawfully disclosed otherwise, in accordance with relevant laws;

h. Collecting personal information from legally disclosed information;

i. Other circumstances stipulated by laws and administrative regulations.

2.8.4 To ensure the stable operation of the application and provide you with necessary statistical analysis and messaging services, our product integrates the Umeng+ SDK.

SDK Provider: Youmeng Tongxin (Beijing) Technology Co., Ltd.

Purpose: For app data statistical analysis and message push services

Types of personal information collected: Device information (Android ID/IDFA/IDFV/OAID/OpenUDID/GUID; optional - IMEI/IMSI/ICCID), network information, location information (optional), app list (optional)

Privacy Policy Link:https://www.umeng.com/page/policy

Please note that when providing push services, we may authorize mobile phone manufacturers such as Huawei, Xiaomi, vivo, and OPPO to send messages through their system channels. These manufacturers will process relevant device information in accordance with their respective privacy policies. You can find specific details on the Umeng privacy policy page.

3. How We Store Personal Information

3.1 Storage Location

3.1.1 In accordance with the requirements of relevant laws and regulations, the personal information we collect and generate during our operations within mainland China is stored within mainland China. Currently, we do not transfer such information across borders. If cross-border data transmission becomes necessary, we will strictly comply with Chinese laws and regulatory requirements, following relevant national standards or obtaining your explicit authorization.

3.2 Storage Period Explanation

3.2.1 We strictly adhere to the principle of data minimization regarding personal information storage periods. We retain your personal information only for the duration necessary to achieve the functions of the CunBA iToy service, avoiding excessive retention. Specific retention rules are as follows:

3.2.2 Essential Retention Scenarios:

a. Mobile Phone Number Verification: When you use a mobile phone number to register/login, we will retain this information to ensure normal account use, promptly respond to your service inquiries and complaints, and maintain account and system security.

b. User Interaction Data: Content you input, feedback information, content evaluations (likes/dislikes), etc., will be retained for use during the account's existence to ensure the stable and continuous operation of business functions.

3.3 Information Deletion Mechanism

3.3.1 We will initiate data deletion or anonymization processes under the following circumstances:

a. Account cancellation request

b. Active request for information deletion

c. Exceeding the necessary retention period

3.3.2 Special Circumstances for Extended Retention: The following special circumstances may lead to an extended data retention period:

a. Legal Compliance Requirements: Information that must be retained according to mandatory provisions of national laws and regulations.

b. Financial Audit Needs: Situations requiring extended storage periods for statutory processes such as financial reconciliation, audit supervision, and dispute resolution.

4. How We Protect the Security of Personal Information

4.1 Security Commitment

4.1.1 We attach great importance to the security protection of your personal information, continuously improving a multi-layered security guarantee system. We build protection mechanisms from both technical and management dimensions, striving to prevent security risks such as improper use, unauthorized access, disclosure, alteration, damage, and leakage of information.

4.2 Data Protection Technologies

4.2.1 We employ industry-leading encryption algorithms and anonymization technologies, implementing security protection throughout the entire transmission and storage process. We deploy intelligent monitoring systems for real-time defense against network attacks, configure multi-factor authentication mechanisms, and build a defense-in-depth system to effectively intercept malicious attacks.

4.3 Organizational Safeguard Mechanisms

4.3.1 We have established a dedicated data security department, formulated specialized management systems, and standardized operational procedures. We implement fine-grained access control, ensuring traceability of operations through the principle of least privilege. We have established a regular security audit mechanism, conduct periodic risk assessments and penetration testing, and continuously optimize our protective capabilities.

4.4 Information Security Management

4.4.1 Despite establishing comprehensive protection systems and strictly adhering to national information security standards, given the uncertainties of the internet environment and technical limitations, we cannot absolutely eliminate all information security risks. We are committed to remaining highly vigilant against emerging threats and continuously investing resources to enhance our protection levels.

4.5 Emergency Response Procedures

4.5.1 In the event of a security incident such as an information leak, we will immediately initiate a graded emergency response mechanism:

a. Incident Containment: Rapidly isolate affected systems and block leakage channels.

b. Notification: Inform affected users via APP push notifications, SMS, email, etc., within the timeframe required by regulations, outlining the incident overview and response plan.

c. Situation Explanation: Clarify the nature of the incident, scope of impact, and measures already taken.

d. Rights Protection: Provide guidance on risk mitigation and necessary remedial measures.

e. Regulatory Reporting: Submit a handling report to the competent authorities as required by regulations.

f. Announcement Publication: We will primarily use pop-up notifications within the app, supplemented by website announcements, to ensure information reaches users.

5. How to Exercise Your Personal Information Rights

5.1 Guidance on Exercising Personal Information Rights

5.1.1 We highly value your autonomy in managing your personal information and have established a multi-dimensional rights response mechanism. This ensures you can effectively exercise your statutory rights, including access, copy, correction, supplementation, deletion, withdrawal of authorization, account cancellation, complaint reporting, and privacy settings, thereby safeguarding your privacy and data security.

5.2 Authorization Management

5.2.1 Different device operating systems may have varying paths for authorization management. Please operate according to your device's instructions. After withdrawing authorization, we will cease data collection for the corresponding service, but information previously processed based on your authorization will be retained in accordance with the law. It is recommended that you operate via the settings path within the application or contact contact@miaosoft.cn for specific guidance.

5.3 Information Management Operation Guide

5.3.1 You can manage your personal information autonomously through the following methods:

5.3.2 Account Information Maintenance: Enter the personal homepage/avatar area to independently view, correct, or supplement your information.

5.4 Privacy Policy Query - Visual Path: Log in to the mini-program/mini-app → [Me] → [Privacy Policy]. It is recommended to read the privacy policy terms in full before first use.

5.5 Termination of Operations Disposal

5.5.1 Fulfill notification obligations through multiple channels (pop-ups, SMS, email).

5.5.2 Establish a dedicated liquidation team to handle information disposal in accordance with the provisions of theData Security Law.

6. Provisions for Minors

6.1 We have established a comprehensive protection system for minors' personal information covering the entire process, strictly following laws and regulations such as theMinor Protection Lawand theRegulations on the Cyber Protection of Children's Personal Information, and implementing multiple protective measures to ensure minors' safe use of services.

6.2 Notice for Minor Users

6.2.1 We emphasize the protection of minors' rights and interests. If you are under 18 years of age:

a. You must read this privacy policy together with your guardian before using the service.

b. It is recommended that your guardian participates throughout the account registration and permission settings.

c. Your guardian has the right to view your service usage (excluding historical conversation records) at any time.

6.3 Additional Protection for Younger Children

6.3.1 Enhanced protection measures are implemented for children under 14 years of age ("Children"). Accessing a Child's historical conversation records requires simultaneous fulfillment of the following conditions:

a. The guardian has obtained authorization from the Child.

b. It is for legitimate reasons (e.g., educational guidance, etc.).

c. This requirement has been clearly notified via system pop-up messages.

6.4 We protect the personal information of minors in accordance with relevant national laws and regulations. We will only collect, use, or disclose the personal information of minors when legally permitted, with the explicit consent of a parent or other guardian, or as necessary to protect the minor. If we discover that we have collected a minor's personal information without prior verifiable parental consent, we will endeavor to delete such information promptly.

7. Privacy Policy Update Rules

7.1 To continuously optimize the service experience, CunBA iToy and related services may adjust the content of this Privacy Policy from time to time. All revisions form an integral part of this policy and have equal legal effect. Without your explicit consent, we will not reduce any rights you enjoy under the current policy.

7.2 Whenever the Privacy Policy is updated, we will push the updated version via the CunBA iToy application. We will also clearly notify you of the specific changes through announcements on our official website or APP messages before the revised terms take effect, ensuring you are promptly informed of the latest policy text.

8. Contact Us

8.1 CunBA iToy is provided by Shanghai Mi'ao Information Technology Co., Ltd. or its affiliates. If you have complaints, suggestions, or questions regarding personal information protection, you can send them to (contact@miaosoft.cn). We will promptly respond to your complaints and reports after verifying your user identity.