Chuanxingda logo Chuanxingda
Privacy and compliance background
Privacy Agreement

Global Privacy and Data Protection Notice

Effective Date: 2026-05-13. This Privacy Agreement explains how Chengdu Chuanxingda Technology Co., Ltd processes personal data in relation to websites, software services, mobile management applications, and app-store distributed products.

1. Identity of Data Controller and Contact Channels

Controller: Chengdu Chuanxingda Technology Co., Ltd.

Registered Office and Operational Address: Room 5-4, 8th Floor, Building 12, No. 38 Jinke South Road, Jinniu High tech Industrial Par k, Chengdu, Sichuan Province, Chengdu, 610000, CN.

Website: https://chuanxingda.com/

Business Support Contact: support@chuanxingda.com

Key Account Contact: zhangjian1@chuanxingda.com

2. Scope of This Privacy Agreement

This Agreement applies to:

  • Website visitors and business contacts on chuanxingda.com.
  • Clients and end users of software development projects and network technology services.
  • Users of mobile management applications released to Google Play, Apple App Store, and other lawful distribution channels.
  • Users of applications and services that include advertising monetization and analytics SDKs.
  • Enterprise contacts for consulting, system integration, IoT R&D, and maintenance services.

3. Categories of Personal Data We Process

  • Identity and account data: name, organization name, role, login identifier, profile alias.
  • Contact data: email address, communication history, support tickets, key account communication records.
  • Device and technical data: device model, operating system, IP address, language settings, app version, crash reports.
  • Usage data: interactions, feature usage events, session metrics, in-app event records, installation attribution data.
  • Commercial data: subscription status, order metadata, invoice references, non-sensitive transaction records.
  • Security data: authentication logs, fraud detection signals, abuse-prevention indicators.
  • Advertising and marketing data: ad request metadata, ad response metadata, consent signals, campaign performance data.

4. Sources of Data

  • Data provided directly by users or enterprise customers.
  • Data generated automatically by websites, apps, systems, and devices.
  • Data from app stores and distribution partners, including install and subscription status data where permitted.
  • Data from analytics, fraud prevention, identity verification, and ad monetization partners where legally allowed.

5. Purposes of Processing and Legal Bases

We process personal data for contract performance, legal compliance, legitimate interests, and consent where required. Key purposes include:

  • Service delivery, account operation, project execution, and technical support.
  • Software development, system integration, IoT operations, and maintenance workflows.
  • Mobile app release management, app store compliance checks, and customer communication.
  • Fraud prevention, abuse monitoring, incident response, and legal defense.
  • Feature analytics, service quality improvement, and reliability optimization.
  • Advertising monetization and campaign analytics in supported products.

For EEA, UK, and Switzerland, we rely on GDPR/UK GDPR legal bases including contract necessity, legal obligation, legitimate interests, and consent where applicable (especially for non-essential cookies, advertising identifiers, and personalized advertising).

6. App Store Compliance and Platform-Specific Privacy Handling

  • Google Play: We align with Google Play User Data policy, Families policy where applicable, and Data safety form disclosures.
  • Apple App Store: We align with Apple App Store Review Guidelines, privacy nutrition labels, ATT consent requirements, and SDK privacy manifests where applicable.
  • Other stores and channels: We map privacy disclosures and permissions to applicable local store requirements and governing law.
  • We maintain a data inventory by SDK and processing purpose and update disclosures when integrations change.

7. Advertising Monetization, SDK Integrations, and Ad Formats

Some applications may monetize through advertising. We implement policies for transparency, lawful basis, user controls, and ad quality review. Ad formats may include:

  • Open App ads (launch or app-open placements).
  • Rewarded Video ads.
  • Interstitial ads.
  • Banner ads.
  • Native ads (where available and disclosed).

Advertising and mediation partners may include one or more of the following, depending on app and region: Google AdMob, Google Ad Manager, AppLovin MAX, Unity Ads, Meta Audience Network, ironSource LevelPlay, Liftoff Monetize (formerly Vungle), Mintegral, Pangle, Chartboost, InMobi, Start.io, Smaato, BidMachine, Digital Turbine, Amazon Publisher Services, Fyber, Moloco, Yandex Ads, and other compliant demand partners integrated through mediation.

SDKs and ad partners may process identifiers (such as advertising IDs), IP-derived region, device characteristics, and ad interaction data for ad delivery, frequency capping, anti-fraud controls, and reporting. Personalized advertising is served only where lawful basis and required consent are obtained.

8. Cookies, Similar Technologies, and Consent Frameworks

  • Website and apps may use cookies, local storage, SDK-based identifiers, and similar technologies.
  • Where required by law, non-essential tracking is disabled until user consent is captured.
  • We may support recognized consent standards including IAB TCF signals in relevant regions.
  • Users can manage consent and tracking preferences within app settings, device controls, and browser settings.

9. Data Sharing and Disclosure

We may share personal data with:

  • Cloud hosting, content delivery, data analytics, and service infrastructure providers.
  • App store operators and payment processors for store-managed subscriptions and purchases.
  • Customer-authorized enterprise systems for contracted service workflows.
  • Advertising mediation and monetization partners when advertising features are enabled.
  • Professional advisors, auditors, insurers, and legal authorities where required.

We do not sell personal data in exchange for monetary consideration. In certain jurisdictions, cross-context behavioral advertising may be treated as "sharing" and users have opt-out rights where applicable.

10. International Data Transfers

Given global service operations, data may be processed in countries other than the user's home jurisdiction. Where required, we implement safeguards such as Standard Contractual Clauses, UK Addendum mechanisms, contractual controls, transfer impact assessments, and security controls appropriate to processing risk.

11. Data Retention

  • We retain personal data only for as long as necessary for business purposes, legal obligations, dispute resolution, and audit requirements.
  • Retention periods vary based on data category, contract terms, legal mandates, and risk control requirements.
  • When retention is no longer required, data is deleted, anonymized, or irreversibly aggregated.

12. Security Measures

  • Encryption in transit, role-based access control, and production environment restrictions.
  • Logging, monitoring, vulnerability management, and incident response procedures.
  • Vendor due diligence and contractual data-protection requirements for processors.
  • Security review for SDK integrations and release controls for app-store deployments.

13. Age Policy and Child Protection

Our services are generally intended for business and general audiences, not children under applicable minimum ages unless legally permitted and explicitly supported in product design. We implement age handling as follows:

  • United States (COPPA): no knowing collection of personal data from children under 13 without verified parental consent where legally required.
  • EEA and UK (GDPR/UK GDPR): additional protections for children; digital consent thresholds vary by member state, generally between 13 and 16.
  • Other jurisdictions: local age and guardian-consent rules are applied as required by law.
  • If we identify unauthorized child data collection, we delete affected data and apply corrective measures.

14. Regional and Country-Specific Privacy Rights

14.1 European Economic Area (EEA)

Rights include access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. Complaints may be submitted to local supervisory authorities.

14.2 United Kingdom

Rights under UK GDPR and Data Protection Act include access, correction, deletion, objection, and data portability. Users may contact the UK ICO where appropriate.

14.3 Switzerland

Rights are governed by the Swiss Federal Act on Data Protection (FADP), including information rights and correction/deletion rights as applicable.

14.4 United States

Residents in states with comprehensive privacy laws (including California, Colorado, Connecticut, Virginia, Utah, and others as enacted) may have rights to know, access, correct, delete, and opt out of certain targeted advertising or profiling. California residents may exercise CCPA/CPRA rights, including right to limit use of sensitive personal information where applicable.

14.5 Canada

Privacy rights are provided under PIPEDA and applicable provincial laws, including transparency, access, correction, and consent management.

14.6 Brazil

Rights under LGPD include confirmation, access, correction, anonymization, portability, deletion, and information about sharing.

14.7 Mexico

Rights under LFPDPPP include ARCO rights (Access, Rectification, Cancellation, and Opposition).

14.8 Australia and New Zealand

Rights under Australian Privacy Act and New Zealand Privacy Act include access and correction rights and complaint channels via local authorities.

14.9 Singapore

Rights under PDPA include consent withdrawal, access, correction, and complaint rights through official mechanisms.

14.10 Japan

Rights under APPI include disclosure, correction, suspension of use, and deletion in specific circumstances.

14.11 Republic of Korea

Rights under PIPA include access, correction, deletion, and suspension of processing, with strong protection obligations.

14.12 India

Where applicable, processing aligns with DPDP Act obligations including notice, consent, correction, grievance handling, and data principal rights.

14.13 Middle East and Africa

Where applicable, we adapt to UAE Personal Data Protection Law, Saudi PDPL, South Africa POPIA, and equivalent legal requirements for transparency, legal basis, rights handling, and security controls.

15. Data Subject Request Procedure

Users and enterprise representatives can submit privacy requests by email to support@chuanxingda.com with enough information to verify identity and process the request securely. We may request additional verification to protect account integrity and prevent unauthorized disclosure.

  • Request scope should identify the service, account identifier, and the right being exercised.
  • Where legally required, we respond within applicable statutory timelines and may extend the response period when permitted by law.
  • We may decline, limit, or defer requests where exemptions apply, including legal defense, fraud prevention, security requirements, or disproportionate technical burden under applicable law.
  • Authorized agents may submit requests where legally permitted, subject to authority and identity verification standards.

16. Cookie and Identifier Categories

Where used, cookies and similar technologies are grouped into operational categories for transparency and user control:

  • Strictly necessary: authentication state, security tokens, load balancing, and core site functionality.
  • Functional: language preference, interface settings, and user experience continuity.
  • Analytics and measurement: traffic analysis, feature usage statistics, service quality diagnostics.
  • Advertising and attribution: campaign performance, ad delivery diagnostics, anti-fraud ad verification, and frequency management.

Where consent is required, non-essential categories remain disabled until valid consent is captured, and users can modify preferences later through available controls.

17. Sensitive Data and Special Categories

We do not intentionally collect sensitive personal data unless strictly necessary for a lawful and disclosed business purpose. Where sensitive data processing is required by law or contractual context, we apply enhanced controls, purpose limitation, and additional access restrictions.

18. Controller and Processor Roles in Enterprise Projects

Depending on service model, Chuanxingda may act as controller, joint controller, or processor. For enterprise engagements, role allocation and instruction boundaries are defined through contract documentation and, where applicable, data processing addenda.

  • Controller scenarios: direct product operations, website communication, and self-managed service analytics.
  • Processor scenarios: customer-directed development, managed operations, and technical maintenance under documented instructions.
  • Sub-processor management: vendor due diligence, contractual safeguards, and security review obligations.

19. Government, Regulatory, and Law Enforcement Requests

We may disclose data where required by valid legal process or binding legal obligation. We evaluate requests for legal sufficiency, scope, and proportionality, and where legally permitted, we seek to narrow overbroad requests.

20. Automated Decision-Making and Profiling

We may use automated processing for operational analytics, fraud detection, and ad performance optimization. We do not use solely automated decision-making for legal or similarly significant effects without required safeguards where applicable by law.

21. Data Breach Response

We maintain incident response procedures including containment, impact assessment, remediation, and legally required notifications to authorities, customers, and users within applicable timelines.

22. Do Not Track and Global Privacy Controls

Browser "Do Not Track" signals are not uniformly defined across all jurisdictions and technologies. Where legally required by local law, we honor recognized opt-out mechanisms, including applicable global privacy control signals and equivalent regulatory frameworks.

23. Third-Party Sites and Services

Our websites or apps may contain links to third-party websites, SDK documentation, app-store pages, and partner services. We are not responsible for third-party privacy practices outside our control. Users should review those external privacy notices independently.

24. Recordkeeping and Compliance Governance

We maintain internal privacy governance processes including processing records, legal basis mapping, SDK inventory reviews, and periodic policy updates to align with app-store and jurisdictional changes.

25. Changes to This Agreement

We may update this Privacy Agreement to reflect legal, technical, or operational changes. Material updates will be communicated through website notice, in-app notice, or other required channels. Continued use after update effectiveness constitutes acknowledgement where permitted by law.

26. Language and Prevailing Version

This Privacy Agreement is provided in English for international operations. If translated versions are published for convenience, the English version prevails unless mandatory local law requires otherwise.

27. Contact

Business Support: support@chuanxingda.com

Key Account: zhangjian1@chuanxingda.com

Address: Room 5-4, 8th Floor, Building 12, No. 38 Jinke South Road, Jinniu High tech Industrial Par k, Chengdu, Sichuan Province, Chengdu, 610000, CN

This Privacy Agreement applies to website and app services delivered by Chengdu Chuanxingda Technology Co., Ltd, including app-store distributed products and advertising-enabled application variants.