User Privacy Agreement
Effective Date: Nov.1st, 2024
Last Updated: Nov.1st, 2024
Easemob IM SDK Privacy Policy Statement
In order to better protect your relevant rights, it is recommended that you carefully read this Easemob IM SDK Privacy Policy Statement (hereinafter referred to as “this Policy”). If you have any questions or suggestions about the content of this Policy, you can contact us through the contact information published in “Contact Us” in this Policy. Easemob strictly abides by laws and regulations and protects the personal information of third-party developers and their end users in accordance with established security and privacy standards in the industry.
Easemob IM SDK is a public cloud product provided by Beijing Easemob Technology Co, Ltd. (hereinafter referred to as “We”). Easemob IM SDK product provides the SDK and API capabilities. Since the current relevant laws, regulations, policies and standards mainly provide relevant guidance for the application of SDK products, the following contents are provided in the SDK perspective. If you are a third-party developer who integrates and calls API capabilities, the content in this guide also applies to you.
The “Easemob IM SDK Privacy Policy Statement” mainly explains to third-party developers and their end users how we handle personal information (includes “collection, storage, use, processing, transmission, provision, disclosure, etc.”). Before registering, accessing, and using the Easemob IM SDK (hereinafter referred to as “this SDK”) products and/or services, third-party developers and end users must read this statement carefully. In the aforementioned scenarios, developers, as personal information processors, decide the purpose and method of processing end-user data. We, as the trustee of personal information processing, only collect data on behalf of developers and process data according to the entrustment and instructions of developers when developers implement relevant SDK-specific business functions. We highlight personal sensitive information in bold format for emphasis. If you have any questions, comments or suggestions on the content of this policy, you can contact us at any time in ways stated in Article 9 of this Policy.
Special notes for developers
If you are a developer, please:
Please make sure you fully understand and agree to this Policy before integrating the SDK products. If you disagree with any content of this Policy, you should immediately stop accessing and using the SDK products.
Integrate SDK products and process end-user personal information only after gaining the end-user’s consent.
Collect, use and process the personal information of end users in accordance of laws and regulations, including but not limited to formulating and publishing privacy policies on the protection of personal information, providing end users with a user rights implementation mechanism that is easy to operate and meets the requirements of laws and regulations, and informing end users how to view, copy, modify, delete personal information, withdraw consent, and restrict the processing of personal information, transfer personal information, obtain copies of personal information, and cancel accounts.
Special notes for end users
This policy does not replace the privacy policy of the developer’s application.
Developers should disclose their privacy policies to you for their apps to explain how they collect, process and protect your personal information.
If you seek access to data, or attempt to correct, modify or delete incorrect data, or you do not want to continue using an application that integrates an SDK product, please contact the corresponding developer (personal information processor) directly.
This policy will help you understand the following:
I. Personal information collected and how to use the information
II. Authorization and consent for third-party end users
III. How to share, transfer, and publicly disclose personal information of third-party developers and/or end users
IV. How to store personal information of third-party developers and/or end users
V. How to protect the personal information security of third-party developers and/or end users
VI. How do third-party developers and/or end users manage their personal information
VII. How to handle children’s personal information
VIII. How to update this privacy policy statement
IX. How to contact us
X. Others
I. What personal information we collect about you and how it is used
We collect and use the information for the following purposes described in this statement under the principles of lawfulness, legitimacy, and necessity:
Personal information provided by third-party developers and/or end users or collected directly by us;
Personal information generated by third-party end users when using the SDK products and/or services;
Personal information of third-party developers and/or end users obtained from third-party developers or other third parties.
We usually collect personal information after obtaining the consent of third-party developers. Before obtaining the consent of end users, third-party developers should not collect any personal information of end users and should not enable this SDK product and/or related services unless otherwise permitted by laws and regulations. We will specify the purpose of collecting personal information in this statement. If we want to use the collected personal information for other purposes not specified in this statement, we will inform the third-party developer in a reasonable manner and obtain the consent of the third-party developer again before use.
1. Personal information provided by third-party developers and/or end users or collected directly by us
In order to realize the business functions of this SDK, we may need to collect relevant personal information from third-party developers and/or end users. The following will list in detail the business functions of this SDK and the personal information that needs to be collected to realize the functions.
Basic functions : The basic function of this SDK is to provide developers with stable instant messaging services, including login, conversation, friend relationship, one-to-one chat, group chat, chat room, push, and other basic services.
Extended functions: In addition to the basic functions, this SDK also provides additional extended functions, such as text message translation, content moderation, and other functions.
Necessary personal information to be collected:
The personal information that must be collected to achieve both basic and extended functions is as follows:
| Specific information collected | Purpose of collection | platform |
|---|---|---|
| Device identification code (APNS Token) | To provide message delivery, multi-terminal message synchronization, and message roaming functions, and to prevent security risks and accurately identify violations of laws and regulations | iOS |
| Bundle ID | To protect your account security, ensure that the IM service is only used in applications authorized by you. | iOS |
| The application package name, application version number, and installation path of the application | Android, HarmonyOS | |
| Device type, device name and model, operating system (version information), network connection type and status, IP address | Accurately judge the operating environment, optimize network scheduling, ensure normal service operation, and facilitate troubleshooting of problems that arise during communication service operation | Android, iOS, HarmonyOS |
Optional information:
To implement the push service, we will embed the message push SDK of third-party mobile phone manufacturers in SDK products. For information about third-party SDKs, please refer to the list of third-party SDKs connected to Easemob IM SDK.
2. Personal information of third-party developers and/or end users that we obtain from third parties
We may indirectly obtain personal information of third-party developers and/or end users from third parties (our partners) authorized by third-party developers. The personal information obtained is the minimum amount required to realize the necessary functions of this SDK product and/or service.
We will require third parties to make commitments on the legitimacy of the sources of personal information before collecting such information. For example, when processing personal information based on the consent of end users, we will require third parties to inform developers and/or end users of the purpose and information of sharing, and collect personal information after obtaining the consent of developers and/or end users in accordance with the law, ensuring that sharing is performed within the scope of the authorized consent for the processing of personal information.
If a third party violates any legal or regulatory requirements or agreements, we will immediately stop collecting information from that party, stop cooperating with that party, and take appropriate remedial measures to minimize losses. At the same time, we will protect indirectly obtained personal information with a level of protection no less than that of our own users’ personal information. When indirectly obtaining sensitive personal information, we will adopt more stringent security measures (such as transmission encryption, etc.).
3. Application for relevant system permissions
Depending on the scope of the SDK service plan used by developers and end users, we may apply for the use of end users’ system permissions when third-party developers use the SDK. Please see the following for specific usage scenarios. The specific permissions applied for and the purpose of the application are as follows:
System Permission Application Form
| Permission name | Purpose of collection | platform | Required or not |
|---|---|---|---|
| Network connection status (ACCESS_NETWORK_STATE) | Determine the network connection status and whether the network is available | Android | Required permissions |
| Wi-Fi network status (ACCESS_Wi-Fi_STATE and CHANGE_Wi-Fi_STATE) | Determine the network connection status and whether the network is available | Android | Required permissions |
| Access to the Internet (INTERNET) | Determine whether the network is connected to ensure the normal operation of the SDK function | Android, iOS, HarmonyOS | Required permissions |
| Get network information (GET_NETWORK_INFO) | Determine the network connection status and whether the network is available | HarmonyOS | Required permissions |
| Device storage (WRITE_EXTERNAL_STORAGE) | Provides the function of sending local file messages | Android | Required permissions |
| Device storage (READ_EXTERNAL_STORAGE) | Provides the function of sending local file messages | Android | Required permissions |
| Location information | Provides the function of sending location messages | Android, iOS, HarmonyOS | Non-essential permissions |
| CAMERA | Provides the function of taking photos and sending picture messages | Android | Non-essential permissions |
| Microphone (RECORD_AUDIO) | Provides the function of sending audio messages | Android | Non-essential permissions |
| Device storage (STORE_PERSISTENT_DATA) | Persistently store the data required for the operation of the business system | HarmonyOS | Non-essential permissions |
Note: When the end user closes the permissions, it means that they cancel these authorizations. We will no longer continue to collect and use the corresponding personal information, and we will not be able to provide the end user with the above-mentioned functions corresponding to these authorizations.
4. In the following circumstances, we use personal information of end users without the need to obtain the authorization or consent of third-party developers:
(1) Necessary for the conclusion and performance of a contract;
(2) Necessary for the performance of statutory duties or obligations;
(3) It is necessary to respond to public health emergencies or to protect the life, health and property safety of natural persons in an emergency;
(4) Carry out news reporting, public opinion supervision and other activities for the public interest and process personal information within a reasonable scope;
(5) Process personal information that an individual has disclosed on his/her own or that has been legally disclosed within a reasonable scope in accordance with the provisions of the Personal Information Protection Act;
(6) Other circumstances stipulated by laws, administrative regulations.
Note: If the information we collect cannot be used to identify the personal identity of third-party developers and/or end users alone or in combination with other information, it does not constitute personal information in the legal sense.
5. Rules for the use of personal information
(1) We will process the collected personal information in accordance with this statement and/or the contractual agreement with the third-party developer and only for the purpose of realizing the functions of this SDK product and/or service. If the collected personal information needs to be used for other purposes, we will inform the third-party developer and/or end user in a reasonable manner, and use it after the third-party developer obtains the consent of the end user and/or obtains the consent of the end user separately.
(2) After the SDK products and/or services we provide to third-party developers cease operations, or after the third-party developers and/or end users withdraw their authorization for personal information, or after the third-party developers and/or end users cancel their accounts, we will destroy or anonymize all personal information received from third-party developers and/or end users within a reasonable time, unless otherwise provided by law.
II. Authorization and Consent of Third-Party End Users
Third-party developers integrate this SDK product and/or service into their third parties. In order to provide this SDK product and/or service to end users, we will collect, store and process personal information from third-party developers and/or end users in a legal and compliant manner.
Before using this SDK, developers should carefully read the relevant service agreements, this Policy and the third-party developer compliance guide (or similar legal documents of the same nature) published on our official website, and conduct compliance self-inspections based on the collection and use of personal information by your products. Before obtaining the consent of the end user, unless otherwise permitted by laws and regulations, developers should not collect any personal information of the end user and should not enable this SDK product and/or related services. Please note that the premise for us to provide you with this SDK product and/or service is:
Third-party developers have complied with and will continue to comply with applicable laws, regulations and supervisory requirements to collect, use and process the personal information of third-party end users, including but not limited to formulating and publishing relevant personal information protection statements or privacy policies;
The third-party developer has informed the third-party end-users and has obtained sufficient, necessary and clear authorization, consent and permission from the end-users in accordance with the law, especially the express, separate consent and permission when sensitive personal information is involved (if your product is designed and developed for children under the age of fourteen, you should have taken necessary technical measures to ensure that the consent of their parents or other guardians has been obtained). For the purpose of providing this SDK product and/or service and corresponding to the third-party functions, we will collect and share and how to use (including allowing us to collect and process in accordance with the provisions of this Statement) the personal information of third-party end-users;
Unless otherwise provided by applicable laws, third-party developers have informed end users and obtained sufficient and necessary authorization, consent and permission from end users in accordance with the law, allowing us to de-identify the personal information that has been collected, and, subject to compliance with relevant laws and regulations, may use the collected and processed information for the purposes listed in Article 1 of this Statement;
Third-party developers have provided end users with an easy-to-operate mechanism for implementing user rights, and explained how and when end users can exercise their rights of choice, how to access and correct their personal information, as well as exercise the right to delete and change the scope of their authorization consent.
III. How to share, transfer, and publicly disclose personal information of third-party developers and/or end users
1. Sharing
We may disclose your personal information to our affiliates as necessary to achieve the purposes mentioned in Article 1 of this Policy. “Affiliates” refers to any other entity that directly or indirectly controls us, is controlled by us, or is under common control with us.
We will strictly restrict third parties involved in data processing in accordance with laws and regulations, and require them to strictly comply with our measures and requirements for personal information protection. Except as stated in this policy or otherwise specified when collecting information about end users, we will not share end user information with third parties without the explicit consent of third-party developers.
2. Transfer
We will not transfer the personal information of third-party developers and/or end users to any company, organization or individual, except in the following circumstances:
(1) Obtain separate consent from third-party developers and/or end users in advance;
(2) If personal information needs to be transferred due to merger, division, dissolution, bankruptcy, etc., we will inform the developer and/or end user of the name or name and contact information of the recipient and require the recipient to continue to perform the obligations of the personal information processor. If the recipient changes the original processing purpose or processing method, we will require the recipient to obtain the consent of the developer and/or end user again.
(3) If personal information is transferred, we will require the new company or organization that holds your personal information to continue to be bound by this policy, otherwise we will require the company or organization to re-ask for your authorization and consent. If the recipient changes the original processing purpose or processing method, we will require the recipient to re-obtain the consent of the end user.
3. Public Disclosure
We will not publicly disclose personal information of third-party developers and/or end users unless:
(1) After obtaining separate consent from third-party developers and/or end users;
(2) When required by laws, regulations, legal procedures, litigation or government authorities.
IV. How to store personal information of third-party developers and/or end users
1. Storage method and period
We will store information of third-party developers and/or end users in a secure manner, including local storage, databases, and server logs.
In general, we will only store the personal information of third-party developers and/or end users for the shortest period of time necessary to achieve the purposes described in this Policy or within the conditions/scope required by laws and regulations or otherwise authorized by the personal information subject. However, in the following circumstances, and only for the purposes related to the following circumstances, we may need to retain the personal information of third-party developers and/or end users for a longer period of time: (1) Comply with applicable laws and regulations and other relevant provisions; (2) Comply with court judgments, rulings or other legal procedures; (3) Comply with the requirements of relevant government agencies or other competent authorities; (4) Purposes that are reasonably necessary to implement relevant service agreements or this statement, safeguard the public interest, handle complaints/disputes, and protect the personal and property safety or legitimate rights and interests of our customers, us or our affiliates, other users or employees.
2. Storage Region
We will store personal information collected within China in accordance with laws and regulations.
At present, we do not transfer or store the personal information of third-party developers and/or end users across borders. If cross-border transfer or storage is required in the future, we will inform the developer and/or end user of the purpose, recipient, security measures and security risks of the personal information transfer, obtain the consent of the developer and/or the separate consent of the end user, and meet other conditions stipulated by laws and regulations.
V. How to protect the personal information security of third-party developers and/or end users
1. Security protection measures
We have used industry-standard security measures to protect personal information provided by third-party developers and/or end users to prevent unauthorized access, public disclosure, use, modification, damage, leakage or loss of data.
We use industry-leading technical protection measures. The technical means we use include but are not limited to firewalls, encryption (such as SSL), de-identification or anonymization, access control measures, etc. In addition, we will continue to strengthen the security capabilities of integrating SDKs into third parties.
We have established management systems, processes and organizations specifically to protect the security of personal information. We will also review such management systems, processes and organizations to prevent unauthorized persons from accessing, using or disclosing user information.
2. Security incident handling measures
If a security incident such as leakage, damage, or loss of personal information occurs, we will activate the emergency plan to prevent the security incident from expanding. After a security incident occurs, we will promptly inform third-party developers and/or end users of the basic situation of the security incident, the disposal measures and remedial measures we will or have taken, and our response suggestions to third-party developers and/or end users in the form of push notifications, emails, etc.
VI. How do third-party developers and/or end users manage their personal information?
We attach great importance to the management of personal information by third-party developers and/or end users, and do our best to provide relevant rights such as access, copy, modify, delete, withdraw consent, cancel accounts, file complaints, and set privacy functions for personal information, so that third-party developers and/or end users can protect their own privacy and information security.
For third-party developers
(1) Third-party developers should provide and clearly define ways for end users to view, copy, modify, delete personal information, withdraw consent, transfer personal information, restrict the processing of personal information, obtain copies of personal information, and cancel their accounts.
(2) During the use of this SDK by third-party developers, if the end user makes a request to exercise rights related to personal information according to the agreement between the third-party developer and us, and the third-party developer has determined that such exercise request involves the personal information provided by the third-party developer to this SDK, please contact us in a timely manner through the methods described in Article 9 of this Policy and attach the necessary written credentials. We will verify the relevant credentials in a timely manner and provide corresponding support and cooperation to third-party developers in accordance with relevant laws and regulations, as well as the rules clearly stated in legal texts such as this Policy.
(3) If a third-party developer wishes to cancel the SDK service, they can contact us in the manner described in Article 9 of this Policy to cancel the service. We will take reasonable steps to cancel the account, and we will delete personal information in accordance with the requirements of laws and regulations. Unless we need to preserve such information for legal reasons, we will process it only within the scope prescribed by laws and regulations and will not use it in daily business activities. Please be aware that once the third-party developer account is cancelled, it cannot be restored, so please proceed with caution. Before canceling the account, please make sure that all services related to the third-party developer account have been properly handled.
2. For third-party end users
Since third-party end users are not our direct users, we recommend:
End users have the right to view, copy, modify, delete, and withdraw consent to their personal information. If you wish to exercise the above rights, since you are not our direct user, we, as the trustee of personal information processing, will process your personal information in accordance with our agreement with the third-party developer and the instructions of the third-party developer, and will directly send requests related to the end user’s personal information to the third-party developer, asking it to process and/or seek help. As a personal information processor, the developer is responsible for processing your personal information and is obliged to disclose to you how to process and protect your personal information. You should seek to exercise the rights of the personal information subject from the developer.
VII. How to handle children’s personal information
The third-party developer should make sure that users are 14 years old or above. Please understand and be aware that if the third party is serving child users, please ensure that the guardian of the third-party end user (child) has read and agreed to the third-party privacy policy, and provide the child’s personal information to us after their separate consent, so as to implement the relevant functions described in the third-party developer’s privacy policy.
If in this scenario, you as a parent or guardian of a child believe that the third-party developer has collected children’s information through our SDK products without your consent, please contact the third-party developer as soon as possible to delete it. We will assist in deleting the relevant data as soon as possible after verifying the situation based on the third-party developer’s request.
VIII. How to update this privacy policy statement
In order to provide better services to third-party developers and as the products and/or services of this platform continue to develop and change, we may revise this policy from time to time.
When the terms of this policy change, we will provide reminders through pop-up windows, in-site messages, website announcements, etc, and indicate the effective date when the version is updated. In addition, if the updated policy affects the rights of third-party end users, third-party developers will also need to update their privacy policies in a timely manner.
For major changes, we will also provide more prominent notices (including for certain services, we will send notices via email or in-site mail or announcements to explain the specific changes to this policy). Therefore, please check and understand the content of this Policy at any time. If third-party developers and/or end users do not agree to accept the updated privacy policy statement, please stop accessing and using our services.
IX. How to contact us
We have established a dedicated personal information protection team and a personal information protection officer. If third-party developers and/or end users have any questions, complaints or suggestions regarding this policy or matters related to personal information protection, they can contact us in the following ways:
(i) Contact us through customer service (400-622-1776) or log in to the Easemob Console to conduct online consultation;
(ii) Send an email to support@easemob.com. We will review the issue as soon as possible and provide feedback within 15 working days after identity verification or within the period prescribed by laws and regulations.
If you are an end user, we will promptly forward your request to the corresponding developer, who will respond to you and process it. We will only respond directly to you and process it according to the developer’s instructions if the developer explicitly authorizes us to do so.
X. Others
We ask third-party developers to pay special attention: When third-party developers process personal information, if any of the following conditions are met, please pay attention to comply with the EU General Data Protection Regulation (hereinafter referred to as “GDPR”):
Third Party Developers in the European Economic Area (“EEA”), regardless of whether the processing activities take place in the EU.
Offer goods or services (whether paid or unpaid) to individuals in the EEA, or monitor their behaviour within the EEA.
Not in the EEA, but subject to European Union Law according to the International Law (e.g. an embassy or consulate of an EEA Member State).
If the third-party developer and/or end user is from the EEA, our legal basis for collecting and using the above personal information will depend on the relevant personal information and the specific context in which we collect it. For third-party developers and/or end users in the EEA, they have the right to complain to the competent data protection authority or bring an action in a court with jurisdiction under applicable data protection laws. If third-party developers and/or end users have questions about the legal basis for our collection and use of personal information or need further information, please contact us in accordance with the methods described in Article 9 of this Policy.
