Privacy Policy - Yaowise

Welcome to Yaowise!

Beijing Huoli Culture Technology Co., Ltd. (hereinafter "Yaowise" or "we"), as the operator of the Yaowise application and related services (collectively the "Service"), understands the importance of personal information to you. We will strictly protect your personal information in accordance with the Personal Information Protection Law of the People's Republic of China (PIPL), the Cybersecurity Law, the Data Security Law, and the Information Security Technology — Personal Information Security Specification (GB/T 35273).

Please read this Privacy Policy carefully before using the Service, especially the clauses displayed in bold. These clauses concern important matters such as the collection, use, storage, sharing, cross-border transfer of your personal information, and your rights.

By checking the box to agree to this Privacy Policy, registering an account, signing in, or continuing to use the Service, you are deemed to have fully understood and agreed to the entirety of this policy. If you do not agree, please immediately stop using the Service.

This Privacy Policy will help you understand:

How we collect and use your personal information
How we use cookies and similar technologies
How we share, transfer, and publicly disclose your personal information
How we transfer your personal information across borders
How we store and protect your personal information
The rights you have over your personal information
Protection of minors
Updates to this policy
How to contact us

I. How We Collect and Use Your Personal Information

We collect your personal information only to the extent necessary to provide the Service, following the "minimum necessary principle". Specific collection scenarios and types of information are as follows:

1.1 Account Registration and Login

When you register or sign in to your Yaowise account, we collect:

Mobile phone number: For receiving SMS verification codes, account login, and identity verification. The mobile phone number is the basic information required by law for real-name authentication.
Email address (optional): For email registration/login and receiving service notifications.
Third-party account information: If you choose to log in via WeChat, Apple ID, or other third-party accounts, we will obtain your unique identifier (such as WeChat OpenID/UnionID, Apple User ID) and necessary public information (such as nickname and avatar) from the third-party platform with your authorization.

Without this information, you will not be able to register an account or use account-related features.

1.2 AI Interpretation

When using the core AI interpretation feature, we collect and process:

Consultation question content: The text of the question you wish to consult.
Operation data: Records generated during your use of the Service.
Conversation history: Your follow-up dialogue with the AI.

Please note: To generate personalized AI interpretation results, the consultation questions, operation data, and other information you input will be sent to our integrated AI service providers for processing. For specific AI service providers and data flows, please refer to "Section III. How We Share, Transfer, and Publicly Disclose Your Personal Information" and "Section IV. How We Transfer Your Personal Information Across Borders".

1.3 Personalization Details (Optional)

To enhance interpretation accuracy, you may optionally provide the following personal details:

Date of birth, time of birth: For personalized interpretation
Place of birth: For personalized interpretation
Gender: For personalized interpretation

The above information constitutes your sensitive personal information. You may choose not to provide it without affecting your use of basic interpretation features. You can modify or delete this information anytime in the App's "My Profile".

1.4 History Records

To enable you to review and manage your interpretation records, we save:

Interpretation records (questions, interpretation results)
Follow-up history

History records are kept for the duration of your account. You can delete individual records anytime in the "History" page of the App.

1.5 Device and Log Information

To ensure service security, improve user experience, and diagnose issues, we collect:

Device information: Device model, brand, OS version, screen resolution, device language, CPU architecture, unique device identifier (IDFV/Android ID)
Network information: IP address, network operator, network type (Wi-Fi/mobile data)
App information: App version, build number, SDK version
Log information: Operation logs, crash logs, performance data
Device identifiers accessed by third-party SDKs: When you actively trigger WeChat login/payment/sharing, Alipay payment, Huawei account sign-in, or receive push notifications on OPPO/vivo/Xiaomi/Huawei/Honor Android devices, the corresponding third-party SDKs may invoke system APIs to obtain MAC address, OAID (Open Anonymous Device Identifier) and similar network identifiers for their own identity recognition, push-channel registration, or payment risk control. Yaowise servers do not collect, store, or receive these device identifiers; the data is independently processed by each third-party SDK under its own privacy policy (see SDK list in Section 3.1.1).
Installed-app queries: To determine whether the appropriate share/payment/login flow can be launched, the app uses PackageManager to query specific target apps such as WeChat (com.tencent.mm), Alipay (com.eg.android.AlipayGphone), and Huawei Account. At the app code level, we do NOT request the QUERY_ALL_PACKAGES permission and do NOT retrieve a complete installed-software list on your device. Please note: Certain integrated third-party push SDKs (OPPO/vivo/Xiaomi/Huawei/Honor) and open-platform SDKs (WeChat, Alipay) may query the device's installed-software list internally as required by their own implementation. The specific collection scope is governed by each SDK's official privacy policy — see the "Data Collected" column in the SDK list in Section 3.1.1.

1.6 Payment Information

When you purchase Yao Coins, subscribe to VIP membership, or use other paid services, we collect:

Order information: Order number, product name, payment amount, payment time, payment status
Subscription information: Subscription type, start time, expiration date, auto-renewal status

Please note: Yaowise does not collect or store sensitive payment information such as your payment passwords, bank card numbers, or CVV. This information is processed and protected directly by your chosen third-party payment channel (WeChat Pay, Alipay, Apple App Store, etc.).

1.7 Customer Service and Feedback

When you contact us via in-App feedback or customer service email, we collect what you proactively provide:

Feedback content and problem description
Feedback screenshots (images you choose to upload)
Contact information (if you choose to provide it)

1.8 Push Notification Tokens

To send you notifications such as interpretation completion alerts and calendar event reminders, we obtain and store your device push tokens. The source depends on your device type:

iOS devices: Apple Push Notification Service (APNs) Token
Non-Chinese-vendor Android devices: Firebase Cloud Messaging (FCM) Token
Huawei Android devices: HMS Push Token
Honor Android devices: Honor Push Token
Xiaomi Android devices: MiPush RegId

You may disable notification permissions for this App in your system settings at any time. After disabling, you will no longer receive push notifications.

1.9 Personalization Services

YaoWise's core AI interpretation and analysis features do not rely on user profiling or behavior-based recommendation algorithms. For paid users such as subscription members, we may provide personalization services within the following scope:

Scope of personalization: Based on your in-app interpretation history, questioning patterns, and preference settings, we may adjust interpretation style, content depth, calendar reminder cadence, and question template suggestions to better match your long-term usage habits.
Data involved: Only data generated within YaoWise, including your history records, subscription status, and language/theme preferences. We do not use device advertising identifiers or cross-app behavior tracking data, and we do not use any data for third-party ad targeting.
How to turn off: You may turn off personalization at any time via Settings → Privacy → Personalization Services. Turning it off does not affect core AI interpretation, questioning, or history features.
Future changes: If we adjust the scope, data types, or algorithmic mechanisms of personalization services, we will notify you through prominent in-app notices or re-obtain your consent.

II. Device Permissions We Request

To provide the Service's features, we need to request certain system permissions. We only request permissions when you actively trigger the related features, and you can refuse authorization or disable previously granted permissions in your system settings at any time.

2.1 Android Permissions

Permission Name	Permission ID	Purpose	Trigger Scenario	Can Be Disabled
Notification	android.permission.POST_NOTIFICATIONS	Send interpretation completion notifications, calendar event reminders, system announcements	Prompted on first use of notification feature	Yes (in system settings)
Boot Completed	android.permission.RECEIVE_BOOT_COMPLETED	Restore scheduled notification services after device restart	System boot (only if you have granted notification permission)	Yes (in system auto-start management)
Internet Access	android.permission.INTERNET	Connect to servers, load content, submit interpretation requests	App startup and use	No (required for basic functions)
Network State	android.permission.ACCESS_NETWORK_STATE	Detect network connection state to avoid requests when offline	App startup and use	No (required for basic functions)
Wi-Fi State	android.permission.ACCESS_WIFI_STATE	Detect Wi-Fi connection state to optimize network request strategy	App startup and use	No (required for basic functions)
In-App Billing	com.android.vending.BILLING	Support Yao Coin recharge and membership subscription	When the user clicks recharge or subscribe	No (only used during purchase)

Please note: We have proactively removed sensitive permissions such as camera (CAMERA), microphone (RECORD_AUDIO), and external storage read/write (READ/WRITE_EXTERNAL_STORAGE), as these features are not required by the Service.

2.2 iOS Permissions

Permission	Permission Key	Purpose	Trigger Scenario
Photo Library	NSPhotoLibraryUsageDescription	Choose avatar images, upload feedback screenshots, save interpretation results as images	When you actively click "Choose Avatar", "Upload Screenshot", or "Save Image"
Push Notifications	— (managed by iOS)	Send interpretation completion notifications, calendar event reminders, system announcements	Prompted on first use of notification feature

You can manage these permissions anytime in iOS "Settings → Yaowise".

2.3 Auto-Start and Associated Launch Notice

To ensure the proper functioning of push notifications and scheduled reminders, this application uses the Expo Notifications SDK, which may trigger auto-start behavior in the following scenarios:

After device restart: Automatically restores scheduled calendar event reminders and notification services (Android clears all scheduled tasks after restart, requiring re-registration).
After app update: Re-registers notification services to ensure push delivery.

These auto-start behaviors only take effect after you grant notification permissions. You can disable auto-start or notification permissions for this App in your system settings at any time.

III. How We Share, Transfer, and Publicly Disclose Your Personal Information

3.1 Information Sharing

We only share your personal information with third parties under the following circumstances, following the principles of "minimum necessary" and "explicit consent":

3.1.1 Third-Party SDK List

To enable corresponding features, this application integrates the following third-party SDKs. When using the SDKs, the relevant SDK service providers may collect part of your personal information:

SDK Name	Provider	Use Scenario	Personal Information Collected	Provider Location	SDK Privacy Policy
Expo Notifications	650 Industries, Inc.	Push notification scheduling	Device push token	USA ⚠️	View
Apple Push Notification Service (APNs)	Apple Inc.	iOS device push channel	APNs device token	USA ⚠️	View
Firebase Cloud Messaging (FCM)	Google LLC	Non-Chinese-vendor Android device push channel	FCM device token, device model	USA ⚠️	View
HMS Push Kit	Huawei Device Co., Ltd.	Huawei Android device push channel	HMS push token (AAID), device model, OS version, MAC address, IMEI, Android ID, OAID, IMSI, IP address, network state, installed-software list	China	View
Honor Push SDK	Shenzhen Honor Software Technology Co., Ltd.	Honor Android device push channel	Honor Push Token, device model, OS version, MAC address, Android ID, OAID, IP address, network state, installed-software list	China	View
MiPush	Beijing Xiaomi Mobile Software Co., Ltd.	Xiaomi Android device push channel	MiPush RegId, device model, OS version, MAC address, IMEI, Android ID, OAID, IMSI, IP address, network state, installed-software list, carrier information	China	View
Apple Sign In (expo-apple-authentication)	Apple Inc.	Apple ID login	Apple User ID, email (optional), name (optional)	USA ⚠️	View
Apple In-App Purchase (expo-iap)	Apple Inc.	iOS in-app purchases	Transaction ID, product ID, purchase receipt	USA ⚠️	View
HMS IAP SDK	Huawei Device Co., Ltd.	Huawei Android in-app purchases	Transaction ID, product ID, purchase receipt, device model, OS version, IP address	China	View
HMS Analytics Kit (Performance Kit)	Huawei Software Technologies Co., Ltd.	Huawei Android performance monitoring and runtime statistics	Device identifiers (Android ID/OAID), device model, OS version, runtime state, crash stack traces, network state	China	View
WeChat OpenSDK Android	Shenzhen Tencent Computer Systems Co., Ltd.	WeChat login, payment, sharing	WeChat OpenID/UnionID (after user-authorized login), payment order info, device model, OS version, network state, installed-app query (only checks whether WeChat com.tencent.mm is installed to confirm native share/payment/login can be launched), user-selected sharing content (image/text/link)	China	View
Alipay App Payment Client SDK	Alipay (Hangzhou) Information Technology Co., Ltd.	Alipay payment	Payment order info, device identifiers (IMEI, Android ID, OAID, MAC address), network info (IP address, Wi-Fi MAC, SSID), location (for payment risk control), installed-app list, sensor data, device hardware info, carrier information	China	View
OPPO Push SDK (HeytapPushSDK)	Guangdong Huantai Technology Co., Ltd. (OPPO)	OPPO Android device push channel	OPPO RegisterID, device model, OS version, MAC address, IMEI, Android ID, OAID, IMSI, IP address, network state, installed-software list, carrier information	China	View
vivo Push SDK	Vivo Mobile Communication Co., Ltd.	vivo Android device push channel	vivo RegID, device model, OS version, MAC address, IMEI, Android ID, OAID, IMSI, IP address, network state, installed-software list	China	View
HUAWEI Account Kit	Huawei Device Co., Ltd.	Huawei Android device account sign-in (user-initiated)	Huawei Account OpenID/UnionID, nickname, avatar, email (optional, when user authorizes), device model, OS version, network state	China	View
Sentry React Native	Functional Software, Inc. (Sentry)	Crash reporting and error monitoring	Error stack traces, device info, app version, anonymous user ID	USA ⚠️	View

3.1.2 Backend Service Providers

In addition to client-side SDKs, our backend services share necessary information with the following third-party service providers:

Service Provider	Use Scenario	Personal Information Shared	Provider Location
AI Service Provider	AI interpretation content generation	Consultation questions, operation data, conversation history	China
Alibaba Cloud SMS	SMS verification codes for registration, login, password reset	Mobile phone number	China
WeChat Open Platform	WeChat OAuth login authorization	Authorization code (used only to exchange user info, contains no sensitive data)	China

Special note about AI service providers: To generate personalized interpretations, the consultation questions and operation data you input will be sent to the above AI service providers for processing. We do not send your name, phone number, email, or other directly identifiable information to AI providers. Data received by AI providers is used solely to generate interpretation results and is not used to train AI models.

3.2 Disclosure Required by Law

We may disclose your personal information in accordance with the law in the following circumstances:

Related to national security or national defense
Related to public safety, public health, or major public interests
Related to criminal investigation, prosecution, trial, and judgment enforcement
To protect significant legal rights of you or others where it is difficult to obtain your consent
Personal information that you have made public on your own
Personal information collected from lawfully publicly disclosed information
According to legal requirements or mandatory requests from government authorities

3.3 Information Transfer

We will not transfer your personal information to any third party except in the following circumstances:

With your explicit prior consent
In the event of merger, acquisition, or bankruptcy liquidation, if personal information transfer is involved, we will require the new entity holding your personal information to continue to be bound by this Privacy Policy, or we will require the entity to seek your authorization again

3.4 Public Disclosure

We only publicly disclose your personal information in the following circumstances:

With your explicit consent
Disclosure based on law: when required by law, legal process, litigation, or government authority

IV. How We Transfer Your Personal Information Across Borders

Some features of the Service involve transferring your personal information to service providers outside the People's Republic of China. In accordance with Article 38 of the Personal Information Protection Law, we conduct cross-border transfers only with your explicit consent.

4.1 Cross-Border Transfer Recipients and Data Types

Recipient	Country/Region	Personal Information Transferred	Purpose
Apple Inc.	USA	APNs device token, Apple User ID, in-app purchase transaction receipts	iOS push notifications, Apple Sign In, in-app purchases
Google LLC	USA	FCM device token, device model	Push channel for non-Chinese-vendor Android devices
Functional Software, Inc. (Sentry)	USA	Error stack traces, device info, app version, anonymous user ID	Crash reporting and error monitoring
650 Industries, Inc. (Expo)	USA	Device push token, app version, build identifier	Push notification scheduling

4.2 Compliance Safeguards for Cross-Border Transfers

For the above cross-border transfers, we have taken or will take the following measures to safeguard your personal information:

On first launch of the App, we explicitly inform you of the cross-border transfer recipients, purposes, and risks you may face via a privacy popup, and obtain your separate consent.
Apply minimization to transferred content, transferring only what is necessary to complete the function.
Do not provide overseas recipients with directly identifiable information such as your name, phone number, or email.
Use HTTPS/TLS encrypted transmission channels.
Periodically assess overseas recipients' data security and privacy protection capabilities.

4.3 Your Choices

If you do not want your personal information to be transferred across borders, you may:

Disable push notification features (this will affect your reception of interpretation completion alerts and other notifications)
Choose to register via mobile phone or email instead of using Apple Sign In

V. How We Store and Protect Your Personal Information

5.1 Storage Location

Personal information collected and generated during our operation of the Service within the People's Republic of China is stored on servers located in the People's Republic of China.

5.2 Storage Duration

We retain your personal information only for the period necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:

Personal Information Type	Retention Period
Account information (phone, email, nickname)	Retained while the account exists; deleted within 30 days after account cancellation
Interpretation history	Retained while the account exists; you may delete it at any time
Personal details	Retained while the account exists; you may modify or delete it at any time
Payment order information	Retained for at least 10 years from the transaction date as required by the Accounting Archives Management Measures
Device and log information	No more than 12 months; automatically deleted or anonymized after expiration
Customer service and feedback records	Deleted within 6 months after the issue is resolved
Crash logs	No more than 90 days

After the above retention periods, we will delete your personal information or anonymize it in accordance with the law.

5.3 Security Measures

We employ industry-standard security technologies and management measures to protect your personal information:

Transmission encryption: Use HTTPS/TLS protocols to encrypt all communications between clients and servers
Storage encryption: Hash or encrypt your passwords and sensitive information for storage
Access control: Strictly limit internal access to personal information, authorize only necessary staff, and provide privacy protection training
Security auditing: Regularly conduct security audits and vulnerability scans
Data backup: Regularly back up data to prevent loss

Despite the reasonable measures we take, please understand that no information transmitted over the internet can be absolutely secure. In the event of a personal information security incident, we will promptly activate emergency response procedures, report to regulatory authorities as required by law, and notify you via in-App notifications, email, etc.

VI. Your Rights Over Personal Information

Under the Personal Information Protection Law of the People's Republic of China and related laws and regulations, you have the following rights regarding your personal information. We have provided convenient paths to exercise these rights within the App, and you may also contact us using the contact information in Section IX.

6.1 Right of Access

You have the right to access the personal information we hold about you.

How to exercise: Open the Yaowise App → My → Profile, where you can view your account information, interpretation history, etc.

6.2 Right of Rectification

You have the right to correct inaccurate or incomplete personal information.

How to exercise: Open Yaowise App → My → Profile → Edit Profile, where you can modify your nickname, avatar, etc. To modify your phone or email, please use the in-App "Account Security" page.

6.3 Right of Erasure

You may request that we delete your personal information in the following circumstances:

The processing purpose has been achieved, can no longer be achieved, or is no longer necessary
We stop providing the Service, or the retention period expires
You withdraw your consent
We violate laws, regulations, or our agreement in processing personal information

How to exercise:

Delete interpretation history: Open Yaowise App → History → long-press a record → Delete
Delete personal data: Open Yaowise App → My → Profile → Edit → clear the corresponding fields
Cancel account: Open Yaowise App → Settings → Account Security → Cancel Account. After cancellation, all your personal information will be permanently deleted within 30 days

6.4 Right to Withdraw Consent

You may withdraw your previously granted consent for us to process your personal information at any time. Withdrawal of consent does not affect the validity of personal information processing activities conducted based on your consent before the withdrawal.

How to exercise:

Withdraw notification permission: Disable Yaowise notification permission in system settings
Withdraw photo library permission: Disable Yaowise photo library permission in system settings
Withdraw AI interpretation authorization: Stop using the AI interpretation feature

Please note: withdrawing consent may prevent you from continuing to use the corresponding features or parts of the Service.

6.5 Right to Data Portability

You have the right to obtain a copy of the personal information we hold about you. To export your personal information, please contact us using the methods in Section IX; we typically respond within 7 working days, and no later than 15 working days.

6.6 Right to Complain

If you believe our personal information processing has harmed your legitimate rights, you may:

File a complaint via the in-App "Feedback" feature
Contact us using the methods in Section IX
Report to the National Internet Information Office's 12377 reporting center for illegal and harmful internet content
File a lawsuit with a People's Court

6.7 Processing After Account Cancellation

When you actively cancel your account, we will stop providing the Service and delete or anonymize your personal information as required by applicable law (except where laws and regulations provide otherwise, such as transaction records that must be retained for at least 10 years).

VII. Protection of Minors

We attach great importance to the protection of minors' personal information.

7.1 Children Under the Age of 14

Pursuant to the Law on the Protection of Minors of the People's Republic of China and the Provisions on the Cyber Protection of Children's Personal Information:

We decline to provide this Service to children under the age of 14. If you are a child under 14, please choose an application appropriate for your age, accompanied by your guardian, and please do not provide us with any of your personal information.

If we discover that we have collected personal information from children under 14 without verifiable parental or guardian consent, we will take steps to delete the relevant data as soon as possible, and we reserve the right to pursue legal liability against any person assisting in such registration.

7.2 Minors Aged 14 to Under 18

If you are a minor aged 14 to under 18, the collection and use of your personal information may be authorized either by your guardian or by yourself. We recommend that your parent or other legal guardian read this Privacy Policy together with you, and that consent of the guardian be obtained before using the Service, providing your personal information, or activating paid features.

7.3 Guardian Rights

If you are a parent or legal guardian of a minor, you may contact us using the methods in Section IX to request:

Access to, correction or deletion of the minor's personal information that we hold;
Withdrawal of previously granted consent for us to process the minor's personal information;
Cancellation of the minor's account.

We typically verify and process such requests within 7 working days, and no later than 15 working days; for complex matters, we will explain the reason for any extension.

VIII. Updates to This Policy

We may revise this Privacy Policy in light of laws and regulations, regulatory requirements, business changes, or technical upgrades.

For material changes (e.g., expanding the purpose or scope of personal information processing, adding or adjusting important features, adding new SDKs or third-party service providers, changing recipients of cross-border transfers), we will notify you through prominent in-App notifications, push notifications, or in-App messages, and seek your consent again before the material changes take effect.

You can check the "Last Updated" date at the top of this page for the latest version of this policy.

If you do not agree with the updated Privacy Policy, you may choose to stop using the Service. Continuing to use the Service constitutes acceptance of the updated Privacy Policy.

IX. How to Contact Us

If you have any questions, opinions, or suggestions about this Privacy Policy or personal information processing, or if you wish to exercise any rights granted by this policy, please contact us through the following means:

Personal Information Protection Officer Email: privacy@yaowise.com
Customer Service Email: support@yaowise.com
In-App Feedback: Open Yaowise App → Settings → Feedback
Operating Entity: Beijing Huoli Culture Technology Co., Ltd. (registration details available through the National Enterprise Credit Information Publicity System of the PRC)

We typically respond within 7 working days of receiving your request, and no later than 15 working days; for complex matters, we will explain the reason for any extension.

If you are dissatisfied with our response, particularly when our personal information processing has harmed your legitimate rights, you may also file a complaint with regulatory authorities of the People's Republic of China or file a lawsuit with a People's Court of competent jurisdiction at the defendant's location.