ZEGOCLOUD Services Privacy Policy

1.1 Personal Information in this Privacy means any information we collect regarding your use of the Services and your interactions with ZEGOCLOUD. This Privacy does not apply to the data you store through the Services.

1.2 ZEGOCLOUD Services in this Privacy refers to various cloud products and services provided by ZEGOCLOUD Technology, Inc., such as Audio and Video Services, Real-time Messaging, Interactive Whiteboard, File Transcoding, Cloud Recording, etc.

2.1 You should provide true, legal and valid information for successfully use of the Services, such as account registration, management, and real-name authentication including but not limited to name, contact person, email address, phone number, address, bank account information, business registration information, face recognition information, etc.

2.2 To provide continuous services and ensure the quality, we will record and save your login and use information during your use of the Services, including but not limited to IP address, browser type, language used, visit date and time, software and hardware characteristic information, user identifier and web browsing history, etc.

2.3 If you use optional functions of the Services, such as Cloud Market, Face Recognition, SMS, etc., you should provide necessary information such as contact person, contact information, ID card, photo, equipment identification number, etc.

2.4 If you need offline service assistance, which is necessary to fulfill the contract, you should provide necessary information such as contact person, contact information, address, etc.

2.5 If you need to join a partner cooperation plan or enter the cloud market, which are necessary to fulfill the contract, you should provide necessary information such as contact person and contact information.

2.6 When you use the Express SDK, we may collect the following information from you:

• User information, including the user ID and username. The information is collected to identify the user.
• Device information, including the device SDK ID, device brand, app version number, and app name. The information is collected to accurately obtain the operating status of different devices and versions and the source of product defects.
• IP address of your device. The information is collected to match the most suitable node with your IP address and achieve precise dispatching.
• Geographic location of your device. The information is collected to achieve more precise dispatching and better service quality. We do not store the information.

2.7 When you use the Effects SDK, we need to process some of your facial feature values in your device to achieve the desired facial beautification effects. For this purpose, we need you to authorize our access to the camera of your device. We only process relevant facial feature values offline in your device. We do not upload, store, or share such information with any third party.

2.8 When you use the Avatar SDK, we need to process your facial feature values and voice features in your device to implement character creation, facial expression synchronization, and voice-driven features. For this purpose, we need you to authorize our access to the camera and microphone of your device. If you do not authorize the access, the aforementioned functions are unavailable. However, you can still use the other features of the Avatar SDK. We only process relevant facial feature values and voice features offline in your device. We do not upload, store, or share such information with any third party.

3.1 We will collect Personal Information from your active submission and correspondent records during your use of the Services.

3.2 We collect and use your Personal Information through Cookies and other related technologies. Cookies are small data files placed on your devices (computer or phones), that allows us record certain information, in order to store your references and your login status, or recognize your browser used. Cookies are used to:

• Remember your ID. For example, Cookies helps us to identify whether you are our registered user.
• Analyze your use of the Services in order to provide you with more thoughtful and personalized services, including customized webpages and recommendations.
• Tracking the traffic flow and patterns to research and improve the performance of target advertisement.

3.3 You can refuse and manage Cookies through your browser settings. However, in the event of your refusal to install Cookies, ZEGOCLOUD may be prevented from providing some of the Services available to you.

3.4 This Policy will apply to the relevant information recorded by the Cookies of the Services.

4.1 We will use the collected Personal Information for the following purposes, to provide you with better quality, convenient and safe services, in accordance with relevant laws and regulations.

• Provide Services
• Meet your personalized requirements, such as language settings, location settings, personalized help and instructions, or response to you and other users.
• Service optimization and development. For example, we will optimize the Services based on the information generated by the Services when responding to your needs.
• Protect the Services users and our cooperators. For example, we will use your Personal Information for identity verification, security prevention, complaint handling, dispute coordination and fraud monitoring. When you use security or other similar services, we will detect malicious programs or viruses, or identify fraudulent information for you.
• Provide services that are more relevant to you. For example, to provide you with similar functions or services that you may be interested in.
• Invite you to participate in surveys about our products and Services.
• Other relevant scenarios that may require the use of the collected information. If the use scenario is not reasonably related to the initial scenarios, we will re-obtain your consent before using the information.

4.2 Our lawful basis for processing your personal information:

• Processing based on your explicit consent (e.g., when you register for our website);
• Processing as necessary for us to enter into and to perform our contract with you (e.g., when you purchase our products);
• Based on legal responsibilities (e.g., confirm your age to confirm that we have not collected personal information from children);
• Processing is necessary for our legitimate interests of transmitting your data for internal administrative purposes within our group companies, to ensure our network security, to prevent fraud, and we have determined that such use of your data is not overridden by considerations of your interests, rights or freedoms;
• For the purpose of performing public interest or exercising our official duties (e.g., when you are punished for a criminal offence, we will transmit the data to the appropriate inspection authority when necessary).

4.3 You are not under any obligation to provide us any personal information. As noted below, the choice is yours. However, please note that without certain data from you, we may not able to undertake some or all of our obligations to you under the contract, or adequately provide you with our full range of services. If you would like to obtain more detail about this, please contact us following the instructions in the Contact section below.

4.4 In accordance with the law, we currently do not collect or process the following categories of data relating to you: your racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, genetic data and biometric data. If we had to process this type of data, we would always request your prior explicit consent.

5.1 We may disclose your Personal Information within our affiliates, third-party service providers, Contractors and Agents. And the Personal Information is used only for the following purposes:

• The information is necessarily needed to provide functions and services set forth in "Section 2 What Personal Information We Collect" and "Section 4 How We Use Your Personal Information"
• To fulfill our obligations and exercise our rights in the ZEGOCLOUD Services Terms and this Policy.

5.2 Your Personal Information may be transferred as part of any merger, acquisition, transfer of assets, or similar transaction that may occur between us and our affiliates as a result of the continued development of our business. We will comply with relevant laws and regulations and notify you before the transfer to ensure the confidentiality of the information during the transfer, and to continue to perform the corresponding responsibilities and obligations after the change.

5.3 We may also disclose your Personal Information for the following reasons:

• To comply with applicable laws and regulations.
• To comply with court judgments, rulings or other legal procedures.
• To comply with the requirements of relevant government authorities or other competent authorities.
• To comply with other relevant laws and regulations which we have reason to believe we need to abide.
• To comply with other relevant laws and regulations which we have reason to believe we need to abide.
• Circumstances legally authorized by you.

6.1 Based on your business scenario, the Personal Information about you collected by the Services will be stored on the ZEGOCLOUD servers located in Singapore.

6.2 Generally, your Personal Information is retained as long as your account exits.

• To comply with applicable laws and regulations.
• To comply with court judgments, rulings or other legal procedures.
• To comply with the requirements of relevant government authorities or other competent authorities.
• To comply with other relevant laws and regulations which we have reason to believe we need to abide.
• Purposes reasonably necessary for the implementation of relevant service agreements or this Policy, safeguarding public interests, handling complaints/disputes, and protecting the personal and property safety or legal rights of our customers, our affiliates, other users or employees.

7.1 Access to personal information in ZEGOCLOUD Console. If you want to access or edit the personal information in your account, click on the “avatar” in the upper left corner or upper right corner of the home page, expand the pop-up window, click on the “nickname” in the upper left corner or click on “personal information” to enter Personal center, browse avatar, nickname, mobile phone number, email (can be modified and deleted).

7.2 Access and control of personal information by email. As part of our services to users, we provide you with a variety of self-service access, update, delete and limit the use of personal information within the ZEGOCLOUD console itself for free. Access to your personal information and other requests may be made by emailing global_support@zegocloud.com.

7.3 Other options of your personal information data. You may specify other options regarding personal information data (eg: access, restriction of use, reproduction, withdrawal of consent to its use, etc.) by sending an email to global_support@zegocloud.com.

9.1 If you have other user account in ZEGOCLOUD, the Personal Information of your service account may be associated with other account information in certain scenarios.

9.2 We ensure your Personal Information security by preventing information loss, improper use, unauthorized access or disclosure.

• We use various security technologies to ensure the security of information. For example, we will use server backups and password encryption to prevent information leakage, damage, and loss.
• We have established strict management systems and procedures to ensure information security. For example, we strictly limit the scope of people who can access information, conduct standardized management, and require them to comply with confidentiality obligations.
• We attach importance to information security compliance work and have achieved numerous international and domestic security certifications. However, please understand that due to technical limitations and various malicious methods that may exist, in the Internet environment, even if you do your best to strengthen security measures, it is impossible to always guarantee 100% security of information. You need to understand that the system and communication network you use to access to the Services may cause problems due to factors beyond our control.
• In the event of a security incident such as Personal Information leakage, we will initiate an emergency plan to prevent the expansion of security incidents, timely report to relevant authorities in accordance with relevant laws and regulations, and notify you of the situation by sending emails, push notifications, announcements and give you safety advice.

9.3 To ensure your Personal Information security more effectively, we also hope that you can strengthen the sense of self-protection. We only assume responsibility within the scope of the Services’ directly leading to the disclosure of your Personal Information. Therefore, please keep your account and password information properly to avoid disclosure. The service account has security protection functions, but you also need to properly protect your Personal Information. Do not provide your account password and other personal information to any third party unless it is necessary.

10.1 Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal information:

• The right to request a copy of your personal information which we hold about you;
• The right to request that we correct any personal information if it is found to be inaccurate or out of date;
• The right to request to erase your personal information where it is no longer necessary for us to retain such data;
• The right to withdraw your consent to the processing at any time, where we rely on your consent to process your data;
• The right to request that we provide you with your data and where possible, to transmit that data directly to another data controller, where the processing is based on your consent or is necessary for the performance of a contract with you, and in either case we process the data by automated means;
• The right, where there is a dispute in relation to the accuracy or the lawfulness of our processing of your personal information, to request that a restriction is placed on further processing of your data;
• The right to lodge a complaint regarding our processing of your data, with the competent authority of the European Union member state where you reside or in which your data is processed.

10.2 If you want to realize any of the rights we mentioned above or have any questions, please contact us following the instructions in the Contact section below.

10.3 In certain situations, we may not be able to respond to your request. These situations may include situations:

• relating to national security and national defense security;
• relating to public safety, public health, and major public interests;
• relating to criminal investigation, prosecution and trial;
• where there is sufficient evidence that you have subjective intentions or abuse rights ;
• where a response will result in serious damages to the legitimate rights and interests of you or other individuals and organizations.