Privacy Policy

Updated Date: July 29, 2024

Effective Date: August 5, 2024

Introduction

Welcome to use our products and services!

We recognize the significance of personal information to you and are committed to fulfilling our legal and regulatory obligations to safeguard its security. Our registered address is No. 8 Changchun Road, Economic and Technological Development Zone, Wuhu City, Anhui Province. In this document, we refer to ourselves as "we", "our", or "us". We have crafted this Privacy Policy to provide you with a comprehensive understanding of how we manage your personal information, including its collection, use, storage, provision, disclosure, and deletion, during your engagement with our products and services. This policy outlines our practices and the measures we take to protect your data, as well as the avenues available to you for managing your personal information. Before you start using our products and services, please be sure to read and understand this policy carefully to ensure that you fully understand and agree with it before you start using it. We have tried to explain the specialized terms used in this policy in a simple and popular way so that you can understand them. If you have any questions, comments or suggestions about the contents of this policy, you can contact us through the various contact information provided in this policy.

Scope of Application

This Policy applies to our [CheryGPT] platform website (address:https://www.cherygpt.com/) and [CheryAI] mobile application.

This Policy also applies to products and services provided by companies that we have authorized in writing to use in their products or services but do not have a separate privacy policy.
In particular,this Policy applies only to the features and services provided by the CheryGPT Platform Website and the CheryAI Mobile App, and not to the products and services provided by other third parties through the CheryGPT Platform Website and the CheryAI Mobile App, and you should be fully aware of the following before choosing to use the products and services provided by a third party You should be fully aware of the third party's terms and privacy policy before choosing to use the products and services provided by the third party.

This policy section will help you understand the following :

1. How we collect and use your personal information

2. How we use cookies and similar technologies

3. How we entrust processing, disclose to external parties, transfer, and publicly disclose your personal information

4. How we protect your rights

5. How we protect your personal information

6. How your personal information is stored

7. How we protect the personal information of minors

8. How this policy is updated

9. How to contact us

Appendix: Relevant Definitions

1. How we collect and use your personal information

When you use our products and services, we need to collect and use your personal information as follows:
1）Necessary information that you authorize us to collect and use in order to provide you with the basic functions of our products and services. If you refuse to provide the information, you will not be able to use our products and services normally;
2）In order to provide you with additional functions of our products and services, you may choose to authorize the information we collect and use. If you refuse to provide, you will not be able to use the relevant additional functions normally or not be able to achieve the effect of the functions we intend to achieve, but it will not affect your normal use of the basic functions of our products and services.
3）Information we need to collect and use according to laws and regulations.
You can learn more about the specific scenarios in which we collect and use your personal information, the types of relevant information, the purpose of collection, the collection method and the processing method through the List of Personal Information Collected

1.1 Registering as our user and logging in

To use our products and services, you need to register as our user. In order to provide you with basic services such as intelligent dialog and picture interpretation, you need to use your Flying Book APP to scan the QR code provided by us to register and login. After your authorized consent, we will obtain your personal information (name, avatar and other information authorized by you) on the Flying Book platform in order to bind with our products and services. Once bound, you can use your Flying Book account to log in and use the Products and Services by scanning the code.

1.2 Information collected when you use our Products and Services

1）Intelligent Dialog Service
We provide you with dialog and interactive services based on generative artificial intelligence（AI）modeling technology. In order to provide you with dialogue and interactive services, we may collect information you actively input, content instructions, information about your behavior when using the model (including records of your clicks, browsing, editing, and other operations), and information about the feedback you provide (including liking, stepping on, and submitting feedback). We will analyze and calculate the above information in order to better understand your questions and contextual context, so as to provide you with more relevant information content.
2）Intelligent Search
When we recognize that you may have a search intent, we will collect and analyze the information you actively enter in order to provide you with convenient and fast real-time search results.
3）User feedback and service
In order to facilitate contact with you, help you solve the problem as soon as possible or record the handling plan and results of the relevant issues, we may save your communication/call records with us and related content (including account information, feedback information, other information you provide to prove the relevant facts, or contact information left by you)
When you complain about others or are complained about by others, in order to protect the legitimate rights and interests of you and others, we may provide your account/identity information, contact information, and complaint-related content to the relevant authorities for timely resolution of complaint disputes, except where such provision is expressly prohibited by laws and regulations.
4）Questionnaires
To improve service quality and meet legitimate needs, we may send you questionnaires about our products. When analyzing these questionnaires, we will use your questionnaire response information, as well as other information you provide when you contact our customer service. You have the option to opt out of the survey if you wish.

1.3 Information Collected to Provide Security

Risk Control and Security Management. In order to improve the security of your use of the services provided by us and our affiliates and partners, to protect your or other users' or the public's personal and property safety from infringement, to better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusion and other security risks, and to more accurately identify violations of laws, regulations or rules of the relevant agreements, we may collect your personal information,service usage information, equipment information, service log information for identity verification, detection and prevention of security incidents, and take necessary measures for recording, auditing, analyzing and disposal in accordance with the law. If you refuse to allow us to collect and use the aforementioned information, you will not be able to use the security management functions provided by us or will not be able to achieve the expected functional effects.When you use our products and services, in order to identify the abnormal state of your account, maintain the normal operation of the services, improve and optimize your experience (including for the purpose of adapting different devices to display the page content correctly) and safeguard the security of your account, we may collect information about your device and your behavioral information on the use of our products and services:
Device Information: To ensure the safe operation, quality, and efficiency of our products and services, we may collect your hardware model, operating system version number, device identifiers (for Android, such as AndroidID, OAID, SIM card information (e.g., ICCID), GAID; for iOS, such as IDFV, IDFA; different identifiers may vary in terms of their validity period, whether they can be reset by the user, and how they are obtained), network device hardware address (device MAC address), IP address, WLAN access points (e.g., SSID, BSSID), Bluetooth, base station, software version number, network access method, type, status, network quality data, operations, usage, service logs, and device sensor data (e.g., accelerometer) .
Log information: When you use our website or client to access products or services, we automatically collect detailed information about your use of our services and save it as relevant web logs. For example, the content of your search queries, IP address, type of browser, language used, date and time of access, records of web pages you visit, and your operational log information. The aforementioned bolded information is considered your sensitive personal information. If you refuse to allow us to collect and use the aforementioned information, you will not be able to enjoy the optimized service experience and the account security features we provide, or you may not achieve the expected functionality.
Please note that Individual pieces of device information and log information are not capable of identifying a specific natural person. If we combine such non-personal information with other information for the purpose of identifying a specific natural person, or if we use it in conjunction with personal information, such non-personal information may be treated as personal information during the period of such combined use. We will not process your personal information unless we have obtained your authorization or are otherwise required by law or regulation.
To prevent malicious software and ensure the quality and efficiency of our operations, we collect information on running processes, overall operation, usage and frequency of pages, page crashes, overall usage, and performance data. If you refuse to allow us to collect and use the aforementioned information, you will not be able to enjoy the optimized service experience and the account security features we provide, or you may not achieve the expected functionality.

1.4 Information provided by third parties

We will collect information about you when we perform operations related to you for other users, and may also obtain your personal information from our affiliates, cooperating third parties, or through other legal means. For example, in order to provide you with some functions, you agree that the operator sends us an SMS verification code based on your personal cell phone number, otherwise it will not be able to provide you with the functions related to registration and login; we will only collect your personal information through a third party when we have obtained your consent or in the cases stipulated by laws and regulations.

1.5 Information you provide to us

During the use of our services, we welcome your feedback or suggestions on the experience with our products and services to help us better understand your experience and needs, and to improve our products and services. For this purpose, we will record your account number, name, contact information, and the issues or suggestions you provide so that we can further contact you and provide feedback on our processing plan.

1.6 Exceptions to authorized consent

According to relevant laws and regulations, we do not need to obtain your consent to process (including collection, use, storage, provision, disclosure, deletion, etc.) your personal information in the following circumstances:
a) Necessary for the conclusion or performance of a contract to which you are a party
b) Necessary to fulfill statutory duties or obligations
c) Necessary to respond to a public health emergency or to protect the life, health, and property safety of natural persons in an emergency
d) To process your personal information within a reasonable scope for the purpose of news reporting, public opinion monitoring, and other actions in the public interest
e) To process your personal information within a reasonable scope in accordance with the law that you have disclosed on your own or that has been legally disclosed by others
f) Other circumstances stipulated by laws and administrative regulations
Please note that, according to the law, information that has been anonymized is not considered personal information, cannot identify a specific natural person, and cannot be restored. We will not need to notify you and obtain your consent for the processing of such information.

2. How we use cookies and similar technologies

2.1 Use of Cookies

To provide you with a smoother access experience, when you use our products or services, we collect and store relevant data from your visits using various technologies. This allows us to recognize your identity when you access or revisit our services and analyze data to offer you better and more services. This includes using small data files to identify you, which helps us understand your usage habits, save you from repeatedly entering account information, or help determine the security of your account. These data files may be Cookies, Flash Cookies, or other local storage provided by your browser or associated applications (collectively referred to as "Cookies").
Please understand that some of our services can only be realized through the use of cookies. If your browser or browser add-ons allow, you can modify your acceptance level of Cookies or refuse Cookies, but refusing Cookies may prevent you from using some features of the services that rely on them.
ETag (Entity Tag) is an HTTP protocol header transmitted between internet browsers and internet servers, which can replace Cookies. ETag can help us avoid unnecessary server loads, improve service efficiency, and save resources and energy. At the same time, we may use ETag to record your identity so that we can better understand and improve our products or services. Most browsers provide users with the functionality to clear browser cache data, which you can perform in the browser settings. However, please note that disabling ETag may prevent you from enjoying an optimal product or service experience.
Web pages often contain electronic images known as "single-pixel GIF files" or "web beacons," which can help websites calculate the number of users browsing the page or accessing certain Cookies. We collect information about your web browsing activities through web beacons, such as the page address you visit, the address of the referring page you visited earlier, the time you stay on the page, your browsing environment, and display settings, to provide you with a better service experience. The aforementioned bolded information is considered your sensitive personal information. If you refuse us to collect and use the aforementioned information, you can refuse or manage Cookies or similar technologies through your browser or user selection mechanisms.

2.2 Use of SDKs

To ensure the stable operation and functionality of our client, enabling you to use and enjoy more services and features, our applications may include SDKs or other similar application programs from authorized partners. We will fulfill our due diligence to conduct strict security monitoring of the software development kits (SDKs) obtained by our partners to protect data security.
The third-party SDKs we integrate mainly serve the needs of you and other users. Therefore, when meeting new service demands and business function changes, we may adjust the third-party SDKs we integrate. We will promptly disclose to you the latest situation regarding the integration of third-party SDKs. For details of the currently integrated third-party SDKs, please refer to the Personal Information Sharing and SDK List.

3. How we entrust processing, disclose to external parties, transfer, and publicly disclose your personal information

3.1 Entrusted for processing

In the aforementioned functionalities/services, certain specific features or services may be provided to you by service providers we entrust for customer support. We will only entrust the necessary personal information for the provision of these features/services to the service providers for the sole purpose of supporting you. For example, we may entrust authorized partners for advertising and analytics services to handle information related to ad coverage and effectiveness, but we will not share your personally identifiable information with advertising or analytics partners without your permission, or we will anonymize this information so that the authorized partners cannot directly recognize you. Such partners may combine the above information with other data they legally obtain to perform the advertising services or decision-making recommendations we entrust.

For service providers we entrust with personal information processing. We will sign strict confidentiality agreements and entrustment processing agreements with them, requiring them to process personal information according to our requirements, this policy, and any other relevant confidentiality and security measures. When the entrustment processing agreement is not effective, invalid, revoked, or terminated, we will require them to return or delete your personal information.

3.2 Disclosure to external parties

We do not share your personal information with other companies, organizations, or individuals, except in the following cases:
a. Sharing with your consent: After obtaining your explicit consent, we will share your personal information with other parties.
b. Sharing under legal circumstances: We may share your personal information with others according to legal regulations, the need for litigation dispute resolution, or as required by administrative or judicial authorities according to the law.
c. Sharing under your voluntary choice:

1）Sharing with third-party authorized partners or collaborators

To provide you with the services you need, we may share necessary personal information with third-party authorized partners or service providers, such as service providers for website hosting, data analysis and storage, instant messaging, customer service, email delivery, auditing, marketing, and other similar services. Without your consent, the parties with whom we share this information are not allowed to use the shared personal data for any other purposes. For companies, organizations, and individuals with whom we share personal data, we will sign strict data processing agreements with them, requiring them to process personal data according to our instructions, this policy, and any other relevant confidentiality and security measures, and we will ensure that the data security capabilities and information security qualifications of our partners meet the requirements of relevant laws and regulations.

2）Sharing with affiliated companies

To facilitate us to jointly provide you with services based on personal information, we may share necessary personal information with affiliated companies. Please be aware that we will only share necessary personal information (for example, to facilitate the use of your account to use our affiliated companies' products or services, we will share necessary account information with affiliated companies), and if we share your personal sensitive information or if the affiliated company changes the purpose of use and processing of personal information, we will seek your authorization and consent again.

3.3 Transfer

We will not transfer your personal information to any company, organization or individual, except in the following cases:
a. Transfer with explicit consent: We will transfer your personal information to other parties after obtaining your explicit consent.
b. In the event of a merger, acquisition, or bankruptcy liquidation of ours, or in other cases involving merger, acquisition, or bankruptcy liquidation, if it involves the transfer of personal information, we will require the new company or organization holding your personal information to continue to be bound by this policy; otherwise, we will require that company or organization to seek your authorization and consent again.

3.4 Public disclosure

We will only publicly disclose your personal information in the following cases:
a. With your explicit consent or based on your voluntary choice, we may publicly disclose your personal information;
b. If we determine that you have violated laws and regulations or seriously violated the relevant agreement rules with us, or to protect the personal and property safety of users or the public from infringement, we may disclose your personal information, including related violations and measures taken against you, with your consent according to laws and regulations or relevant agreement rules.

4. How we protect your rights

4.1 Access to personal information

You may request access to the personal information you have provided by sending an e-mail to privacy@mychery.com..

4.2 Correction and supplement of personal information

If you find that the personal information we have collected or stored is inaccurate or incomplete, and you need to update your personal information, you have the right to make corrections or supplements. You may correct or supplement your personal information by sending an e-mail to privacy@mychery.com with your request for correction or supplement.

4.3 Copying Personal Information

You may make your request by sending an email to privacy@mychery.com , and we will send a copy of your personal information to the email address you specify.

4.4 Withdrawal of Consent

You may withdraw your authorization for us to access your personal information by sending an email to privacy@mychery.com. To withdraw authorization for us to access your personal information. When you withdraw your consent or authorization, it may result in us being unable to continue to provide you with the services to which the withdrawn authorization relates. However, your withdrawal of consent or authorization does not affect the processing of personal information that we carried out on the basis of your consent prior to the withdrawal.

4.5 Deletion of personal information

You may request us to delete your personal information in the following cases:
a. If we process personal information in violation of laws or administrative regulations or in violation of an agreement;
b. If the purpose of the processing has been achieved, cannot be achieved, or is no longer necessary to achieve the purpose of the processing;
c. If we stop providing products or services or if the retention period has expired;
d. If you withdraw your consent;
e.In other cases stipulated by laws and administrative regulations.

You can make your request for deletion by sending an email to privacy@mychery.com. If we decide to respond to your request for deletion, we will also simultaneously notify the third parties from whom we obtained your personal information and ask them to delete it in a timely manner, unless otherwise stipulated by laws and regulations, or if these third parties are independently authorized by you. When you delete information from our products and/or services, we may not immediately delete the corresponding information in our backup system, but we will stop processing it other than storing it and taking the necessary security measures, and we will delete it when the backup is updated or when the retention period stipulated by laws and administrative regulations expires.

If we cease to operate our products or services, we will promptly cease activities that continue to collect your personal information, notify you of the cessation of operation by means of an announcement 30 days in advance, and delete or anonymize your personal information held in accordance with applicable laws.

4.6 Account cancellation

You can request to cancel your account by sending an email to privacy@mychery.com. Unless otherwise provided by laws and regulations, we will stop providing services to you after account cancellation and delete your personal information at your request. In the event that the retention period stipulated by laws and administrative regulations has not expired, or that deletion of personal information is technically difficult to achieve, we will stop processing other than storing and taking the necessary security measures.

4.7 Explanation of personal information processing rules

You can request an explanation of this privacy statement by sending an e-mail to privacy@mychery.com.

4.8 Rights of the deceased

If you pass away, your close relatives may exercise the rights to inspect, copy, correct, and delete your personal information as stipulated by law for their legitimate and proper interests by sending an email to privacy@mychery.com, unless you have made other arrangements.

4.9 Right to request personal information transfer

You have the right to request the transfer of your personal information to a personal information processor you designate. If you need to transfer your personal information, you can contact us by sending an email to privacy@mychery.comProvided that it complies with the conditions stipulated by the national cyberspace administration and is technically feasible, we will transfer your personal information to the personal information processor you designate according to your request.

4.10 Responding to your request

If you or possibly your guardian, close relatives and other entitled subjects are unable to exercise their rights to personal information in the manner described above, you may contact us by sending an email to privacy@mychery.com. We may need to verify your identity and respond to your request within 15 business days of verifying your identity, and for your request to delete sensitive personal information, we will respond to your request within 10 business days.

For your reasonable requests, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost as appropriate. We may refuse requests that are unnecessarily repetitive, require excessive technical means (for example, the development of a new system or a fundamental change in existing practices), pose a risk to the legal rights of others, or are highly impractical (for example, involving the backing up of information stored on magnetic tapes).

We will not be able to respond to your request in the following circumstances:
a. Related to our fulfillment of obligations stipulated by laws and regulations;
b. Directly related to national security or defense security;
c. Directly related to public safety, public health, or significant public interests;
d. Directly related to criminal investigation, prosecution, trial, and execution of judgments;
e. We have sufficient evidence that you are malicious or abusing rights;
f. To protect your or another person's life, property, or other significant legitimate interests, but it is difficult to obtain consent;
g. Responding to your request will cause serious damage to the legitimate interests of you or another person or organization;
h. Involving trade secrets.

5. How we protect your personal information

5.1 Technical and organizational measures to protect personal information

1）Technical security measures

To ensure the security of your information, we have implemented security measures that comply with industry standards and are reasonable and feasible to protect your information from unauthorized access, public disclosure, use, modification, damage, or loss. For example, data exchanged between your client and our server is protected by encryption under the TLS protocol; we also provide secure browsing methods through HTTPS protocol on our website; we use encryption technology to enhance the security of personal information; we employ trusted protection mechanisms to prevent malicious attacks on personal information; we deploy access control mechanisms to ensure that only authorized personnel can access personal information; and we conduct security and privacy protection training courses to strengthen employees' awareness of the importance of protecting personal information.

2）Security system certifications

We have an industry-advanced data security management system centered around the data lifecycle, which enhances the security of the entire system from multiple dimensions including organizational construction, system design, personnel management, and product technology. Currently, our key information systems have passed ISO27001 and the third-level evaluation certification of network security protection.

3）Personnel security management

We also strictly manage employees or outsourced personnel who may come into contact with your information, including but not limited to different access controls based on their positions, signing confidentiality agreements with them, and monitoring their operational activities. We will provide corresponding security measures to protect your information according to existing technology, provide reasonable security protection, and strive to prevent your information from being leaked, destroyed, or lost. We will conduct security and privacy protection training courses to strengthen employees' awareness of the importance of protecting personal information.

We will take various preventive measures to protect your personal information to ensure it is safeguarded against loss, theft, misuse, unauthorized access, disclosure, alteration, or destruction. To ensure the security of your personal information, we have strict information security regulations and procedures, and a dedicated information security team strictly implements the above measures within the company.

5.2 Potential security risks in providing personal information

The Internet environment is not one hundred percent safe. Although we have these security measures, please note that there is no such thing as "perfect security measures" on the Internet, and we will do our best to ensure the security of your information.

5.3 Notification of personal information security incidents

In the event of a personal information security incident, we will notify you in accordance with the requirements of laws and regulations: the basic situation and potential impact of the security incident, the measures we have taken or will take, suggestions for you to independently guard against and reduce risks, and remedial measures for you, etc. We will inform you of the relevant situation of the incident by email, letter, telephone, push notification, and other means, and if it is difficult to inform each individual subject of personal information, we will take reasonable and effective ways to publish announcements. At the same time, we will also report the handling of personal information security incidents to the regulatory department as required.

6. How your personal information is stored

6.1 Storage location

We store the personal information collected and generated during the operation of our services within the territory of the People's Republic of China on servers and public clouds within the territory of the People's Republic of China. Currently, we do not transfer the above information overseas. 目前，我们不会将上述信息传输至境外。

Under the following circumstances, we will provide your personal information to overseas entities after fulfilling the obligations stipulated by law:
a. There are clear provisions in the applicable laws;
b. Obtain your explicit authorization; or
c. You engage in cross-border transactions and other personal active behaviors through the Internet.

6.2 Storage duration

We will take reasonable and feasible measures to store your personal information and strive to avoid collecting irrelevant personal information. We will only retain your personal information for the period necessary to achieve the purposes stated in this policy and the period required by applicable laws and regulations. For example, we will retain relevant network logs for no less than six months in accordance with the requirements of the Cybersecurity Law of the People's Republic of China for your use of application services. The criteria for determining the aforementioned period include:

a. Completing the service purpose related to you, maintaining corresponding service and business records, and responding to your possible inquiries or complaints;
b. Ensuring the security and quality of the services we provide to you;
c. Whether you agree to a longer retention period;
d. Whether there are other special agreements on the retention period.
After your personal information exceeds the retention period, we will delete your personal information or anonymize it according to the requirements of applicable laws.

7. How we protect the personal information of minors

In the services we provide, we presume that you have the corresponding capacity for civil conduct.

Our products and services are only for adults, and we do not provide products and services to minors. We do not allow minors to register accounts or use our products and services, and we will not actively and intentionally collect any information of minors.
If at any time a guardian has reason to believe that we have collected a child's personal information, please contact us through the contact information provided in this policy, and we will take measures to delete the relevant information as soon as possible.

8. How this policy is updated

Our privacy policy may be updated from time to time. We will not restrict your rights under this policy without your explicit consent. We will announce any changes made to this policy.

For significant changes, we will also provide more noticeable notifications (including notifications through in-app announcements or pop-up alerts).
The significant changes referred to in this policy include, but are not limited to:
a. Major changes in our service model, such as the purposes of processing user personal information, types of personal information processed, and methods of processing user personal information (for such changes, we will also obtain your consent);
b. Major changes in our control and organizational structure, such as changes in ownership due to business adjustments, bankruptcy, mergers, and acquisitions;
c. Major changes in the main entities with whom we share, transfer, or publicly disclose user personal information (for such changes, we will also obtain your consent);
d. Changes in our department responsible for the security of user personal information, contact methods, and complaint channels;
e. High-risk findings indicated in the user personal information security impact assessment report.

9. How to contact us

If you have any questions, comments, or suggestions about our privacy policy or the handling of your personal information, you can reach out to us by mail or email. Our contact information is as follows:

Wuhu Chery Information Technology Co., Ltd.
Address: No. 8 Changchun Road, Economic and Technological Development Zone, Wuhu City, Anhui Province, China
Email: privacy@mychery.com
In general, we will respond within 15 working days after verifying your identity and receiving your inquiry.
If you are not satisfied with our response, particularly if you believe that our handling of your personal information has harmed your legitimate rights, you may lodge a complaint or report to regulatory authorities such as the Cyberspace Administration, telecommunications, public security, or industry and commerce departments. You may also file a lawsuit in a court with jurisdiction to seek resolution.

Appendix: relevant definitions

1) Personal Information: Refers to various types of information recorded electronically or otherwise, related to an identified or identifiable natural person, excluding anonymized information.
2) Sensitive Personal Information: Sensitive personal information is personal data that, if leaked or misused, can easily lead to infringement on a natural person’s dignity or endanger personal or property safety. This includes information such as biometric data, religious beliefs, specific identities, medical health, financial accounts, and location tracking, as well as information about minors under the age of 14 (specific sensitive personal information is highlighted in bold within this policy).
3) Child: A minor under the age of 14.
4) Personal Information Deletion: Refers to the act of removing personal information from systems involved in daily business functions, rendering the information unretrievable and inaccessible.
5) Anonymization: Refers to the process by which personal information is processed so that it can no longer be used to identify a specific individual and cannot be restored.