Privacy Policy

This Privacy Policy contains complete terms regarding our collection, use, sharing, storage, cross-border transfer, and protection of your personal information. We recommend reading it in full to make choices that best protect your rights.

1. This Privacy Policy applies to all services we provide to global users through this product, including but not limited to core features such as multilingual AI text interaction, AI image generation, voice interaction, personalized content recommendation, as well as supporting services such as browsing the official website, account registration and login, and cross-border customer support, covering major regions including the EU, the US, and Japan.

2. This Privacy Policy only applies to your personal information directly collected and processed by us, and does not cover:

• affiliated products/services with independent privacy policies (e.g., other cross-border products operated by our affiliated companies);
• personal or non-personal information collected by any third party through its own channels (e.g., international payment platforms, third-party login tools);
• non-personal information (e.g., anonymized statistical data, public information, de-identified AI model training data, etc.).

3. If you use cross-border products or services of our affiliated companies, you should review the privacy policy of that product or service; if you use this product via a third-party channel, you must comply with both the third party's privacy policy and this Policy.

We strictly follow the "minimum necessary, purpose-limited" principle, collecting and using your personal information only for implementing service functions, ensuring service security, and optimizing product experience, as detailed below:

1. Information you voluntarily provide

Information you actively fill in, submit, or authorize us to obtain when using the features or services of this product, including:

• Account registration and identity verification information:
  • Basic information: mobile number, SMS verification code, email address (EU users may choose to register anonymously with only email, without providing a phone number);
  • Third-party authorization information: public account identifiers (UnionID/OpenID, within authorized scope) provided when logging in via international third-party platforms such as Google, Apple, Facebook, Line, Twitter;
  • Real-name information: when using cross-border paid services or advanced AI features, you may need to provide identity verification information that meets regional requirements (e.g., EU users comply with Anti-Money Laundering (AML) requirements, Japan users provide APPI-compliant real-name information).
• Service usage-related information:
  • AI feature usage data: text entered during AI text interaction, images uploaded for AI image generation (desensitized) and descriptive terms, voice data recorded during voice interaction (de-identified);
  • Inquiry and feedback information: inquiries, contact information, screenshots, emails, etc., submitted via cross-border customer service or multilingual feedback pages.
• Personalized setting information: avatars you actively set (can choose anonymized avatars), nickname, language preference, AI-generated style tags, regional service adaptation settings, etc.

Purpose of use: solely to implement requested service functions, including account login verification, cross-border order verification, handling inquiries and feedback, generating multilingual AI content, saving personalized settings, and not for purposes not stated in this policy.

2. Automatically collected information

To optimize cross-region user experience, ensure global service security, and improve AI functionality, we automatically collect and record necessary device and behavioral information during product use, including:

• Device and network information: IP address (desensitized), browser type/version, OS type/version, device model, device identifiers (Android ID/IDFV/OAID/IDFA, desensitized), network type, telecom operator info, timezone, etc.
• Service usage logs: product access time, browsing path, AI feature usage records (content type, frequency), content favorites/likes/shares, operation error logs, crash logs (desensitized), etc.

Purpose of use:

• Optimize global product performance, fix cross-region functional issues, improve page load speed and AI content generation efficiency in different network environments;
• Conduct statistical analysis of service usage (after anonymization) to support product iteration and AI multilingual adaptation;
• Prevent, identify, and handle cross-border cybersecurity risks, such as abnormal logins, cross-border attacks, and fraud, ensuring your account and service security.

3. Region-specific compliance notes

• EU users: according to GDPR, we only collect "the minimum necessary information to provide the service"; you may refuse to provide non-essential information (e.g., device identifiers) without affecting core functions;
• US users: according to CCPA/CPRA, you may choose whether to allow behavioral data collection for personalized recommendations and have the right to "opt out";
• Japan users: according to APPI, collected personal information will be clearly labeled with its "purpose of use," used only within that scope, and any use beyond requires your separate consent.

Cookies and similar device identification technologies (such as local storage, anonymized identifiers, SDK collection tools) are widely used across the global Internet. When you access our product’s official website or in-app embedded web pages, we may use these technologies to send cookies or anonymized identifiers to your device to collect, identify, and store information about your visits and usage of the product. We promise not to use cookies for any purposes beyond those stated in this policy and strictly comply with the EU ePrivacy Directive, US state cookie regulations, and Japan’s APPI requirements.

1. Purpose of using cookies

• Confirm your account login status and prevent repeated logins across devices;
• Diagnose cross-border service crashes, functional delays, and other anomalies, and locate and fix regional adaptation issues;
• Record your page browsing preferences to optimize page display effects across different regions (e.g., language, timezone adaptation);
• Collect statistics on cross-border website visits (anonymized) to improve website operational efficiency.

2. Your choices

• On first visit to our product’s website, you can choose “Accept All,” “Necessary Cookies Only,” or “Reject All” via the pop-up banner at the bottom of the page;
• You can modify your acceptance or rejection of cookies through browser settings or device system settings, and clear cookies from your cache at any time;
• EU users: under the ePrivacy Directive, we will not force you to accept non-essential cookies; refusal only affects personalized functions and does not affect core service use;
• US users: certain states (e.g., California, Virginia) require explicit disclosure of cookie usage, and you can adjust your authorization anytime through the “Privacy Center.”

Please note: if you choose to reject or clear cookies, some functions of the product (e.g., automatic account login, personalized page display) may not operate properly, and you may need to complete related actions manually.

We strictly protect your personal information and will not sell or rent it to any third party without authorization. We only share, disclose, or transfer your personal information across borders under the following limited circumstances:

1. Information Sharing

• Shared to fulfill your service requests: necessary personal information may be shared with our affiliates or cross-border partners (such as international payment institutions, cross-border customer service providers) strictly to the minimum extent required to provide the function, and the recipient must comply with this policy and equivalent information protection standards (by signing a Data Processing Agreement, DPA);
• Compliance with laws and legal procedures: disclosure of your personal information as required by applicable laws, administrative regulations, or in response to lawful requests from authorized global authorities (e.g., EU Data Protection Authority, US FTC, Japan Personal Information Protection Commission);
• Necessary to protect legal rights: disclosure of your personal information to investigate or prevent actual or suspected illegal activities, cross-border fraud, violations of user agreements, or to protect the life, property, or rights of us, our users, or others;
• With your explicit consent: sharing your personal information with designated third parties as instructed, after obtaining your written or electronic consent;
• Sharing of anonymized/de-identified information: non-personal information that has been anonymized or de-identified (such as user behavior statistics, AI model training data) may be shared with partners; such information cannot be linked to your identity and is not restricted by this clause.

2. Cross-border transfer compliance

We follow the principles of “minimum necessary, secure and controllable, dual compliance” for cross-border transfers, which meet the following requirements:

• EU users: data transfers are certified under SCHREMS II, or transferred under GDPR standard contractual clauses (SCCs), ensuring compliance with GDPR Article 48 and relevant implementing rules;
• US users: comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and applicable state laws;
• Japan users: comply with APPI requirements for “prior notification” or “certification by a recognized authority” regarding cross-border data transfers;
• Users in other regions: comply with local cross-border data transfer laws and international best practices to ensure safe and compliant data transfer.

According to global and local laws and regulations, you have the following rights regarding your personal information held by us, and we provide convenient channels to exercise these rights:

1. Basic Rights (Applicable to all users globally)

• Right to access and inquire: to query the personal information we collect, store, and process about you;
• Right to correction: to request correction if your personal information is inaccurate or incomplete;
• Right to deletion: to request deletion of your personal information when legally permitted;
• Right to withdraw consent: to withdraw your authorization for us to collect and use your personal information (after withdrawal, we will stop the corresponding processing, but services already provided based on consent will not be affected);
• Right to lodge complaints: to file a complaint with us or report to local regulatory authorities if you believe our information processing infringes your rights.

2. Region-specific Rights

• EU users (under GDPR): right to data portability (receive a copy of your personal information in a structured, commonly used format), right to restrict processing, right to object (to use of personal information for marketing or AI model training);
• US users (under CCPA/CPRA): right to deletion (“right to be forgotten”), right to opt out (object to use of personal information for cross-platform marketing), right to request disclosure of information sharing;
• Japan users (under APPI): right to stop use of personal information, right to request processing records, right to object to information processing activities.

3. How to exercise your rights

You can exercise the above rights through the following global channels:

• Online channel: Open the Avatronic product APP, go to “My - Settings - Privacy Center - Personal Information Management” to submit a request;
• Email channel: Send an email to hello@avatronics.ai (please indicate “Personal Information Rights Exercise + Region + Account/Contact Information”);
• Phone channel: Call the international customer service hotline +86-755-22678897 (multilingual support, weekdays 9:00-18:30, time zone Beijing Time);
• Region-specific channels: EU users may file a complaint with the local Data Protection Authority (DPA), Japan users may complain to the Personal Information Protection Commission.

4. Response Time

• EU users: under GDPR, we will respond within 1 month, complex requests may extend to 2 months (with written explanation for the extension);
• US and Japan users: respond within 7-15 business days;
• Other regions: no more than 15 business days.

We will verify your identity securely upon receiving your request (to ensure the request is initiated by you) and process it within the above timelines upon successful verification.

1. Information Storage

Storage period: Personal information will be retained only for the minimum period necessary to achieve the purposes described in this policy; after this period, your personal information will be anonymized, de-identified, or deleted in accordance with law. If there are statutory retention requirements (e.g., EU anti-money laundering laws requiring transaction records to be kept for 5 years), information will be retained accordingly.

Storage location:

• EU users: Personal information is stored on servers within the EU (e.g., AWS Europe, Azure Europe);
• Japan users: Personal information is stored on servers within Japan or cross-border storage nodes approved under APPI;
• US users: Personal information is stored on compliant servers within the US, meeting CCPA data localization requirements;
• China users: Personal information is stored on Alibaba Cloud servers within China, complying with the Data Security Law.

2. Security Measures

We have implemented internationally standard, reasonable security measures to protect your personal information from unauthorized access, disclosure, use, modification, damage, or loss, including:

• Technical protection: AES-256 encryption for sensitive personal information, SSL/TLS 1.3 for cross-border data transmission, firewalls, intrusion detection systems, data masking, and abnormal behavior monitoring to prevent cross-border malicious attacks;
• Access control: Global unified access control mechanism, access limited to authorized personnel, adhering to the "least privilege" principle, with all access logged and audited (retention period complies with local regulations);
• Organizational measures: Dedicated global personal information protection teams, cross-border information security policies and emergency plans, regular employee security training covering global compliance, and cross-border security audits;
• International certification: ISO 27001 information security management, SOC 2 compliance, and China’s Class 3 Cybersecurity Level Certification, meeting global security standards.

Although we have taken the above security measures, absolute information security cannot be guaranteed in the internet environment. In the event of force majeure, cross-border hacker attacks, or third-party faults beyond our control causing data breaches, we will immediately initiate cross-border emergency response plans, implement remedial measures (e.g., notify affected users, fix vulnerabilities, cooperate with regulators), and notify you and relevant authorities in accordance with global and local laws and regulations.

The official website and in-app pages of this product may contain links to third-party websites, products, or services (e.g., international payment platforms, cross-border map services, third-party information platforms). These third parties and/or their affiliates may collect your personal information, and their servers may be located in different regions globally.

We have no control over, and assume no responsibility for, the privacy policies, data protection policies, or related practices of any third party or their affiliates. We strongly recommend that you carefully review the privacy and data protection policies of any third party before clicking on their links or using their services (especially cross-border service providers) to understand how your personal information is handled and to ensure your information security.

We may revise this Privacy Policy from time to time in response to updates in global laws and regulations, adjustments to cross-border business functions, or operational requirements. The updated Privacy Policy will be posted on the global official website and within the app of this product, with the new "Update Date" and "Effective Date" clearly indicated.

For major changes (e.g., expansion of personal information collection scope, changes in purpose of use, adjustments to cross-border sharing methods, or modifications to the way users exercise their rights), we will provide prominent notices as follows:

• EU users: Notification via app pop-ups and emails to ensure you are clearly informed of the changes and can provide confirmation;
• US users: Notification via email and in-app messages, providing a summary of policy changes and a link to the full text;
• Japanese users: In accordance with APPI, prominently display the changes within the app and retain the original policy version for reference;
• Users in other regions: Notification via app pop-ups, in-app messages, or other means.

By continuing to use this product, you indicate your acceptance of the revised Privacy Policy; if you do not agree, you should stop using the product and contact us to cancel your account.

We place a high priority on protecting the personal information of minors globally and strictly comply with the Regulations on the Protection of Minors Online, EU General Data Protection Regulation (GDPR), US Children’s Online Privacy Protection Act (COPPA), Japan's Act on the Protection of Personal Information of Minors and APPI, and other relevant regulations. The following protective measures are implemented:

1. Age Restrictions and Guardian Authorization

• EU users: Minors under 16 must obtain consent from a legal guardian to use this product; minors under 13 must comply with COPPA requirements, with registration and authorization completed by a guardian.
• US users: Minors under 13 must obtain consent from a legal guardian and follow COPPA regulations; self-registration is not permitted.
• Japanese users: Minors under 20 must obtain consent from a legal guardian; minors under 16 require guardian assistance to enable "Youth Mode."
• Users in other regions: Comply with local legal age standards and guardian authorization requirements.

2. Youth Mode Features

When Youth Mode is enabled, the product will implement the following measures:

• Limit daily usage time (no more than 2 hours, in accordance with most regional internet usage standards for minors);
• Filter inappropriate content (only display educational or science-related AI content, compliant with local public order and morals);
• Disable cross-border payment functions and personalized marketing pushes;
• Do not collect sensitive personal information of minors (e.g., precise location, biometric information, financial data).

3. Information Protection and Remediation

We will not push commercial advertisements to minors and will not share minors’ personal information with third parties for commercial purposes. If a guardian discovers that a minor has used this product without authorization or has provided personal information, they may contact us using the channels in Article 10 of this policy. We will assist in deleting the relevant information, closing the account, and refunding any unused paid services (if applicable).

We have established a dedicated global personal information protection department responsible for handling inquiries, complaints, and suggestions related to personal information protection. If you have any questions, opinions, or suggestions regarding this Privacy Policy, or need to exercise your personal information rights, you may contact us via the following channels:

• Global corporate email: hello@avatronics.ai
• International customer service hotline: +86-755-22678897 (multilingual support including English, Japanese, Chinese; weekdays 9:00–18:30 Beijing Time)
• Global official website message: Submit feedback via the “Contact Us” page on www.beambox.com
• APP customer service: Open the Guangsheng product APP, go to “My - Customer Service Center” for online consultation (multilingual support)

We will communicate and handle your request as soon as possible upon receipt, with the maximum response time in accordance with Article 5, Clause 4 of this Policy. If you are not satisfied with the handling result, you may file a complaint with the regulatory authorities in your region (e.g., EU DPA, US FTC, Japan Personal Information Protection Commission).