Personal Information Collection List
Updated Date: December 15, 2025|Effective Date: December 15, 2025
To help you better understand how we collect and use your personal information in core business scenarios, we have compiled this list for your reference.
Instructions for Use
To help users worldwide better understand how we collect, use, and transfer your personal information across borders in our core business scenarios, this list strictly complies with domestic and international laws, including the Personal Information Protection Law and Data Security Law of the People's Republic of China, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), and the Act on the Protection of Personal Information (APPI) of Japan. It adheres to the principles of minimal necessity, transparency, and cross-border compliance, clearly specifying the collection scenarios, scope, and purposes of use for global users to review and supervise.
Account Registration, Login, and Management Services
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Account Registration and Login |
Basic Information: Mobile phone number, SMS verificationcode, email address, password. Voluntarily Provided Information: Nickname, profile picture (anonymous avatar optional). Regional Adaptation Information: EU users may choose to register anonymously using only an email address, while Japanese users are required to provide identity verification information in compliance with APPI. |
Verify the validity of identity to complete account registration and login, ensuring account ownership. EU users may choose the “minimal identity information registration” mode in accordance with GDPR |
1. Data Storage: EU user data is stored on servers within the EU; Japanese user data is stored within Japan or on cross-border storage nodes approved under APPI. 2. Cross-Border Transfer: Conducted only with explicit user consent; EU transfers comply with SCHREMS II certification. |
| One-Click Login via Mobile Number | Mobile phone number, network information (IP address, anonymized), device information (device model, device identifiers such as Android ID/IDFA/OAID, anonymized), and telecom operator information. | Quickly complete account registration and login, verifying login security through device characteristics. |
1. Device identifiers are used solely for identity verification and not for other purposes. 2.U.S. users may refuse to provide non-essential device information in accordance with CCPA requirements. |
| Third-Party Authorized Login | International third-party platforms (Google, Apple, Facebook, Line, Twitter, etc.) nickname, profile picture, public account identifier (within user-authorized scope); device verification information (verification results of installed third-party apps), unique device identifier (anonymized), network information (anonymized). | Bind international third-party accounts, simplify global user registration and login process, enhance operational convenience. |
1. Only collect publicly authorized information from third-party platforms; do not obtain third-party account passwords or sensitive data. 2. Comply with third-party platform data sharing rules and privacy regulations in the user’s region. |
Use of Core AI Services
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| AI Text Interaction | Text content you input, interaction commands (original input is used only to generate results; after generation, it is anonymized and stored for model optimization). | Generate multilingual AI text results that meet requirements, adapt to regional language habits, and optimize interaction experience |
1. Original input content is not transferred across borders (unless explicitly authorized by the user). 2. EU users may request to view or delete input content and generated records in accordance with GDPR. |
| AI Image Generation/Recognition | Uploaded images (anonymized), input image description keywords; device photo album access permission (requires separate authorization; EU users require secondary confirmation) | Perform image generation and recognition functions in compliance with regulations across multiple regions, supporting local storage or cross-border cloud backup of generated results (user choice) |
1. Uploaded images do not contain sensitive personal information (e.g., biometric data); if they do, users must explicitly declare 2. Japanese user image data follows APPI’s “purpose limitation” principle and is used only for agreed functions |
| AI Voice Interaction | Recorded voice data (anonymized and de-identified); device microphone access permission (requires separate authorization, can be disabled at any time) | Enable multilingual voice command recognition, speech-to-text conversion, and AI voice response functions, adapting to regional accent characteristics |
1. Voice data is stored in encrypted form with a retention period of no more than 1 year (EU users can set their own retention period) 2. Voice data is not collected for commercial marketing purposes (unless explicitly authorized by the user) |
| Personalized Recommendations | Your browsing history, AI feature usage records (content type generated, favorites/likes behavior, anonymized), usage duration; regional preference information (user-configured) | Optimize recommendation algorithms across regions to deliver AI services and content that comply with local regulations and match user interests |
1. U.S. users may exercise the right to “opt out” of personalized recommendations under CCPA 2. Recommendation algorithms do not use sensitive personal information (e.g., race, religion, health data) |
Orders and Payments
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Placing Orders (Value-Added Services) | Identity information (in compliance with regional verification requirements), contact information (phone/email, anonymized), purchased items (membership packages/single-payment features), order number, order time, order amount, invoice information (adapted to regional tax requirements: EU VAT invoices, U.S. state tax invoices, Japanese consumption tax invoices, etc.) | Complete the purchase of value-added services globally, provide cross-border order inquiry and after-sales support, and issue invoices in accordance with local tax regulations |
1. Invoice information is used only for tax reporting and user reimbursement, and is not shared with third parties (except tax authorities) 2. EU users’ order data is retained according to the GDPR “minimal necessary” principle, kept for 3 years after the transaction is completed |
| Payment |
Transaction amount, order number, payment method, payment account (anonymized), payment status information necessary transaction information shared (anonymized) via compliant cross-border payment channels (PayPal, Stripe, Square, WeChat Pay International, Alipay International, etc.) |
Complete cross-border payment settlement, ensure payment security and compliant fund flow |
1. Do not collect full bank card numbers, CVV codes, or other sensitive payment information 2. Payment data transmission is encrypted with SSL/TLS 1.3, complying with PCI DSS international payment security standards |
Improve Our Products or Services
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Product Operation and Optimization | Software information (version number, language type, download channel), device information (operator information, device identifiers [anonymized], hardware model, screen resolution), device connection information (browser type, network type), account information (anonymized), operation behavior data (AI feature usage frequency, generated content types, usage duration, operation paths, de-identified), software crash logs (anonymized); anonymized AI-generated results (excluding original input and personal identifiers) | Optimize global product performance and AI model multilingual adaptation, fix cross-region functionality issues, and provide a consistent service experience |
1. All data is anonymized/de-identified and cannot be used to re-identify users 2. EU users may request to view data usage records and stop use for model optimization in accordance with GDPR |
| Cross-Region Service Adaptation | Regional location information (user-authorized, country/region level only, precise location not collected), language preference settings, network environment information | Adapt services to different regions (e.g., compliant content filtering, payment channel adaptation) and enhance cross-region user experience |
1. Location information is not collected by default; users may manually set their region 2. Japanese users’ location information follows APPI “minimal necessary” principle and is used only for service adaptation |
Security Assurance
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| During Service Use | Account information, device information (anonymized), device identifiers (anonymized), network information (IP address, anonymized), operation logs (anonymized), crash reports; app network and data transmission permissions (requires separate authorization) | Prevent security risks such as abnormal logins, cross-border malicious attacks, and fraud globally, ensuring stable service operation |
1. Security data is used only for risk prevention and control, not for other commercial purposes 2. EU users may request to view security audit records in accordance with GDPR |
| Function Permission Requests |
1) Photo album permission: used to upload images to AI image generation features (options include “Allow
once only,” “Always allow,” or “Deny”) 2) Microphone permission: used for voice interaction and voice input features (can be disabled at any time) 3) Storage permission: used to save AI-generated text/image results locally or to cross-border cloud storage (user choice) 4) Network permission: used for AI model invocation and secure cross-border data transmission (in compliance with regional encryption standards) 5) Location permission (optional): used only for regional service adaptation (precise location is not collected) |
Enable corresponding core functions while ensuring the security and compliance of cross-border data transmission |
1. All permissions require separate authorization with explicit user consent, with no mandatory authorization 2. U.S. users may withdraw permission authorization at any time under CCPA, and Japanese users may request to stop permission use under APPI |
Customer Support and After-Sales Service
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Customer Support Consultation and After-Sales Handling |
Software information (version number, download channel), device information (anonymized), account information (anonymized), order information (anonymized), operation logs (anonymized), crash reports email content, screenshots, communication records you provide (multilingual online support/international calls/messages, excluding sensitive personal information), issue descriptions, comments and suggestions |
Identify the causes of cross-region service issues and provide multilingual after-sales support and solutions collect AI feature–related input content/generated results (anonymized) only with explicit user consent |
1. Communication records are stored on compliant servers in the user’s region (EU user data is stored within the EU) 2. EU users may exercise the right to request deletion of communication records under GDPR, and Japanese users may request to view communication records under APPI |
Message Notifications
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Service and Notification Push | Device information (anonymized), account information (anonymized), AI service usage behavior data (e.g., incomplete generation tasks, membership expiration reminders, de-identified), regional preference tags | Deliver timely service notifications, feature updates, and region-specific benefit reminders to users worldwide, adapting to different time zones and languages |
1. U.S. users may exercise the right to “opt out” of marketing-related notifications under CCPA 2. Push data does not include personal identity information, and users can disable notifications via app settings or device system settings |
Purchase of This Service via Third-Party Channels
| Usage Scenario | Scope of Personal Information | Purpose of Use | Cross-Border Compliance Notes |
|---|---|---|---|
| Purchase via Global Distributors/Agents | Order information (name, contact details [anonymized], purchased value-added service details), bound Guangsheng product information (device identifiers, anonymized) | Verify the validity of cross-border orders, provide cross-region after-sales service and entitlement activation support, and protect users’ paid rights |
1. Only collect information necessary for order processing and do not collect additional sensitive data 2. Order data sharing follows the “minimal necessary” principle, and cross-border Data Processing Agreements (DPAs) are executed with distributors/agents |
