imoo SDK Privacy Policy

• I. How personal information of third-party developers and/or end-users is collected and used
  • 1. Personal information volunteered by third party developers and/or end users or collected by us directly
  • 2. The permissions required to realize the functionality of the imoo SDK product
  • 3. Personal information of third-party developers and/or end-users that we obtain from third parties
  • 4. In the following cases, we collect and use personal information without obtaining the authorized consent of third- party developers and/or end-users
  • 5. Rules for the use of personal information
• II. Authorized consent of third-party end-users
• III. How personal information of third-party developers and/or end-users is shared, transferred, or publicly disclosed
  • 1. Sharing
  • 2. Transfers
  • 3. Public disclosure
  • 4. Exceptions to obtaining prior authorized consent for the sharing, transfer, or public disclosure of personal information
• IV. How to store personal information of third-party developers and/or end-users
  • 1. Storage modalities and duration
  • 2. Storage geography
• V. How to protect the personal information security of third-party developers and/or end-users
  • 1. Security protection measures
  • 2. Security incident response measures
• VI. How third-party developers and/or end users manage their personal information
  • 1. For third-party developers
  • 2. For third-party end-users
  • 3. Respond to reasonable requests from third-party developers and/or end users
• VII. How to handle children's personal information
• VIII. How to change and update this statement
• IX. How to contact us
• X. Other

Guangdong Genius Technology Co., Ltd. (hereinafter referred to as "imoo") strictly abides by laws and regulations and protects the personal information of third-party developers and their end- users in accordance with the industry's mature security and privacy standards. This imoo SDK Privacy Policy (hereinafter referred to as the "Privacy Policy") explains to third-party developers and their end-users how we handle personal information (the handling of which includes "collecting, storing, using, processing, transmitting, providing, disclosing, etc."). The Privacy Policy explains to third party developers and end users how we handle personal information (processing includes "collection, storage, use, processing, transfer, provision, disclosure, etc.").

Third-party developers and end-users are advised to read this Statement carefully before registering, accessing, or using the products and/or services of imoo SDK ("imoo SDK"). Third party developers are also requested to provide this Statement to third party end-users so that end-users can understand the contents of this Statement and obtain their consent. If third-party developers or end users do not agree to this statement, they should immediately stop accessing and using the imoo SDK products and/or services. We use "bold" writing to highlight sensitive personal information and some of the key terms in this Privacy Policy. If you have any questions, comments or suggestions regarding the content of this statement, please feel free to contact us through the means provided in Article 9 of this statement.

This paper will be presented in the following order:

• I. How personal information of third-party developers and/or end-users is collected and used
• II. Authorized consent of third-party end-users
• III. How personal information of third-party developers and/or end-users is shared, transferred, or publicly disclosed
• IV. How to store personal information of third-party developers and/or end-users
• V. How to protect the personal information security of third-party developers and/or end-users
• VI. How third-party developers and/or end users manage their personal information
• VII. How to handle children's personal information
• VIII. How to change and update this statement
• IX. How to contact us
• X. Other

I. How personal information of third-party developers and/or end-users is collected and used

We follow the principles of propriety, legality, and necessity to collect and use based on the following purposes described in this statement:

1. Personal information volunteered by third-party developers and/or end-users or collected by us directly;
2. Personal information generated by third-party end users in the course of using imoo SDK products and/or services;
3. Personal information of third party developers and/or end users obtained from third party developers or other third parties. We typically collect personal information with the consent of third-party developers and/or end-users. We will set out in this statement the purposes for which we collect personal information, and if we are going to use the personal information we collect for purposes other than those set out in this statement, we will inform the third party developer and/or end-user in a reasonable manner and again obtain the third party developer's and/or end- user's consent prior to such use.

1. Personal information volunteered by third party developers and/or end users or collected by us directly

In order to realize the business functions of the imoo SDK, we may need to collect personal information from third-party developers and/or end users. The following is a detailed list of the business functions of the imoo SDK and the personal information collected to realize such functions. Please read the following list carefully to understand the types of personal information collected by each imoo SDK (including the third-party SDKs called (if any)), the purposes of use, and the purposes for which the functions are to be realized. In addition to the services provided by imoo SDK and the collection of related information, third-party developers may also integrate third-party SDKs for other auxiliary services, and the personal information collected by these third-party SDKs should be reviewed by the developers and end- users in the third-party SDK's privacy policy.

A list of information about the imoo SDK is provided below:

SDK Type	Fields of Personal Information Collected	Functional purpose achieved
imoo WeChat applet device signature SDK	Device Information, Model	Used to get the applet's device-specific signature data
Share SDK	none	none
Payment SDK	none	none

2. The permissions required to realize the functionality of the imoo SDK product

In order to realize the corresponding functions of the imoo SDK product, we need to apply for specific permissions to open the operating system of the client device through the developer's application, and the required permissions and the purpose of using them are as follows:

SDK Type	operating system	authority name	purpose of user
imoo WeChat applet device signature SDK	Android	android.permission.INTERNET	Used to ultimately obtain the signature information from the network
Share SDK (All permissions in the share SDK are applied for by default and no terminal confirmation is required)	Android	android.permission.ACCESS_NETWORK_STATE android.permission.CHANGE_WIFI_STATE android.permission.SYSTEM_ALERT_WINDOW	Used to determine the user's current network status and whether sharing can be started normally Used for system pop-up windows to display the shared content and the shared object
Payment SDK	Android	android.permission.ACCESS_NETWORK_STATE	Used to determine the user's current network status and whether the payment process can be started normally

Please note that the way in which permissions are displayed and turned off may differ between devices and systems, so please refer to the instructions or guidelines of the developer of the device and operating system used by the end user. When an end-user disables the privileges, it means that the end-user cancels the corresponding authorization, and we and the developers will not be able to continue to collect and use the corresponding personal information, and we will not be able to provide end-users with the functions mentioned above that correspond to such authorization.

3. Personal information of third-party developers and/or end-users that we obtain from third parties

We may indirectly obtain personal information about third-party developers and/or end-users from third parties to whom the third party developers have authorized and agreed to the minimum amount of personal information necessary to implement the necessary functionality of the imoo SDK product and/or service. If the information we collect does not individually or in combination with other information identify the third-party developer and/or end-user, it is not personal information within the meaning of the law. If a third-party violates the requirements of laws and regulations or the agreement, we will immediately stop collecting information from the party, stop cooperation and take corresponding remedial measures to minimize the damage; at the same time, we will use no less than the same level of protection for our own users' personal information to protect personal information obtained indirectly, and when indirectly obtaining sensitive personal information, we will adopt more stringent (such as encryption of transmission, etc.) security measures. ) security measures.

4. In the following cases, we collect and use personal information without obtaining the authorized consent of third- party developers and/or end-users

• 4.1 Necessary for the conclusion and performance of a contract to which an individual is a party, or for the implementation of human resources management in accordance with labor regulations established by law and collective contracts concluded in accordance with law;
• 4.2 Necessary for the performance of statutory duties or obligations;
• 4.3 In response to a public health emergency, or when necessary to protect the life, health and property of natural persons in an emergency;
• 4.4 The handling of personal information within a reasonable range when performing acts such as news reporting and opinion monitoring in the public interest;
• 4.5 Handling personal information that individuals disclose on their own initiative or that has otherwise been lawfully disclosed in accordance with the provisions of this Law, within a reasonable range;
• 4.6 Other cases stipulated by laws and administrative regulations.

5. Rules for the use of personal information

Personal information collected will be processed in accordance with this Statement and/or contractual agreements with third party developers and only for the purpose of realizing the functionality of the imoo SDK

products and/or services. If it is necessary to use the collected personal information for other purposes, we will inform the third-party developer and/or the end-user in a reasonable manner and use it after the third-party developer obtains the end-user's consent and/or obtains the end-user's consent alone. We will destroy or anonymize all Personal Information we receive from third party developers and/or end users within a reasonable period of time after the SDK products and/or services we provide to third party developers have ceased to operate, or after the third party developers and/or end users have withdrawn authorization for the Personal Information, or after the third party developers and/or end users have logged off their accounts, except where otherwise required by law.

II. Authorized consent of third-party end-users

Third-party developers integrate imoo SDK products and/or services with their third parties, and in order to provide imoo SDK products and/or services to end-users, we may collect, store, and process personal information from third-party developers and/or end-users in a legally compliant manner. Third-party developers are asked to be aware of and agree to this: Third-party developers have complied and will continue to comply with applicable laws, regulations and regulatory requirements for the collection, use and processing of third party end users' personal information, including, but not limited to, the development and publication of relevant personal information protection statements or privacy policies; Prior to integrating the imoo SDK Products and/or Services, the Third-Party Developer has informed the Third-Party End-User and has obtained the End-User's full, necessary and express authorization, consent and permission (including obtaining the authorized consent of the child's guardian to provide the Personal Information of the End-User who is a child) that, for the purposes of delivering the imoo SDK Products and/or Services and the Third-Party Functionality corresponding to the Third-Party Functionality, we will collect and share and how we use (including permitting us to collect and process) the Personal Information of third- party end-users in accordance with the provisions of this Statement; Unless otherwise provided by applicable laws, the third-party developer has informed the end-user and obtained the end-user's full and necessary authorization, consent and permission to allow us to de-identify the personal information that has been collected, and to use the collected and processed information for the purposes set forth in Article 1 of this Statement, subject to compliance with relevant laws and regulations; Personal information of end-users shall not be collected before obtaining the consent of end-users, unless otherwise provided by laws and regulations;

A mechanism for realizing user rights that is easy to operate and meets the requirements of laws and regulations has been provided to end-users, and end-users are informed of how to access, copy, modify, and delete their personal information, withdraw their consent, as well as restrict the handling of personal information, transfer personal information, obtain copies of personal information, and cancel their accounts.

III. How personal information of third-party developers and/or end-users is shared, transferred, or publicly disclosed

1. Sharing

In general, we do not share necessary personal information of third-party developers and/or end-users with our affiliates, partners and third parties, unless it is necessary to fulfill the purposes mentioned in Article 1 of this Statement.

In the event of sharing, we will require our affiliates, partners and third parties to provide proof of data security capabilities and information security qualifications (e.g., level protection assessment, information security management system, etc.). For the handling of sensitive personal information, we will require the third party to adopt data desensitization and encryption technology so as to better protect personal information. If third-party developers and/or end-users have objections to the handling of personal

information by third parties or find that these third parties are at risk, please contact us in the manner described in Article 9 of this Statement.

In the event that our affiliates, partners and third parties wish to change the purposes for which personal information is processed, we will again seek the consent of the third-party developer and/or end user.

2. Transfers

We do not transfer the personal information of third party developers and/or end users to any companies, organizations, and individuals, with the following exceptions:

• 2.1 Obtain prior express consent or authorization from the third party developer and/or end user;
• 2.2 In cases involving mergers, acquisitions, asset transfers or similar transactions that involve the transfer of personal information, we will require the new company or organization holding personal information of third party developers and/or end users to continue to be bound by this Privacy Statement, or else we will require that company or organization to re-solicit authorization consent from the third party developers and/or end users.

3. Public disclosure

We do not publicly disclose personal information about third-party developers and/or end users unless:

• 3.1 With the express consent of the third party developer and/or end user;
• 3.2 In the case of laws and regulations, legal proceedings, litigation or mandatory requirements by governmental authorities.

4. Exceptions to obtaining prior authorized consent for the sharing, transfer, or public disclosure of personal information

Please understand that in the following cases, in accordance with laws and regulations and national standards, we share, transfer, and publicly disclose the personal information of third-party developers and/or end-users without prior authorized consent from the third-party developers and/or end-users:

• 4.1 Relating to the fulfillment of obligations imposed by laws and regulations by the controller of personal information;

• 4.2 Related to national security and defense security;

• 4.3 Directly related to public safety, public health, and significant public interest;

• 4.4 Directly related to criminal investigations, prosecutions, trials and sentence enforcement;

• 4.5 For the purpose of safeguarding the third party developer and/or the end user or other individuals' life, property and other significant legitimate interests but it is difficult to obtain my consent;

• 4.6 Personal information disclosed to the public by third party developers and/or end users on their own initiative;

• 4.7 Where personal information is collected from lawful publicly disclosed information, such as lawful news reports, government information disclosure and other channels.

Please be aware that if the information we collect does not individually or in combination with other information identify third-party developers and/or end-users as individuals, it is not personal information in the legal sense, and such processed data may be shared, transferred, or publicly disclosed without separate notification to and consent from third-party developers and/or end- users.

IV. How to store personal information of third-party developers and/or end-users

1. Storage modalities and duration

We store third-party developer and/or end-user information in secure ways, including local storage, databases, and server logs.

In general, we will only store personal information of third-party developers and/or end-users for the shortest period of time necessary to achieve the purposes described in this statement or under the conditions/scope stipulated by applicable laws and regulations or otherwise authorized and agreed to by the subject of the personal information.

We may extend the period of storage of personal information if otherwise provided by law or regulation, or if otherwise authorized by third-party developers and/or end users.

2. Storage geography

We will store personal information collected within China in accordance with laws and regulations.

If imoo needs to transfer or store personal information across borders for the provision of services, we will inform the third-party developers and/or end-users of the purpose of the exit of personal information, the recipients, the safety assurance measures and the safety risks, and obtain the consent of the third party developers and/or end users.

If a third-party developer uses imoo's products or services and applies them outside of the mainland of the People's Republic of China, and needs to provide personal information outside of the People's Republic of China, the third-party developer should comply with the relevant provisions of the " Personal Information Protection Law of the People's Republic of China " regarding the cross-border transfer of personal information, and comply with local laws, regulations and regulatory requirements regarding the cross-border transfer of data transfers.

V. How to protect the personal information security of third-party developers and/or end-users

1. Security protection measures

We have implemented industry-standard security measures to protect personal information provided by third-party developers and/or end-users from unauthorized access, public disclosure, use, modification, destruction, leakage or loss of data.

We utilize industry-leading technical protection measures. The technical means we use include, but are not limited to, firewalls, encryption (e.g., SSL), de-identification or anonymization, and access control measures. In addition, we continually enhance the security of SDK integrations to third parties.

We have established a management system, process and organization dedicated to safeguarding the security of personal information. We also review such management systems, processes and organizations to prevent unauthorized access, use or disclosure of user information by unauthorized persons.

2. Security incident response measures

In the event of a security incident such as leakage, destruction or loss of personal information, we will activate our emergency response plan to stop

the security incident from expanding. After a security incident occurs, we will promptly inform third-party developers and/or end-users in the form of push notifications, emails, etc., of the basic situation of the security incident, the disposal and remedial measures that we are about to take or have already taken, as well as our suggestions to third-party developers and/or end-users to cope with the situation.

VI. How third-party developers and/or end users manage their personal information

We attach great importance to the management of personal information by third-party developers and/or end-users, and make every effort to provide the relevant rights of inquiry, access, modification, deletion, complaint reporting, and setting up of privacy functions of personal information, in order to enable the third-party developers and/or end-users to have the ability to safeguard their own privacy and information security.

1. For third-party developers

Given that third-party developers are directly obligated to respond to end- user requests for personal information, third-party developers should: Depending on the functionality of the developer platform used by the end user, the end user is provided with and clarified with regard to the means of accessing, copying, modifying, deleting personal information, withdrawing

consent, transferring personal information, restricting the processing of personal information, obtaining a copy of personal information, and logging out of the account.

If, in the course of using the imoo SDK product, an end-user makes a request to manage his or her personal information, and the third-party developer has determined that the request involves personal information handled by the imoo SDK product and requires our assistance in handling it, you should promptly contact us in the manner described in Article 9 of this Statement, and attach the necessary written evidence of the end-user's request. We will verify the relevant materials in a timely manner, and in accordance with relevant laws and regulations, as well as this statement and other legal texts in the clear rules, for the end user to exercise the rights of the request to provide appropriate support and cooperation.

2. For third-party end-users

Since third-party end users are not our direct users, we recommend:

• 2.1 In order to protect the realization of end-users' rights, we have asked third-party developers to commit to providing user-friendly ways to realize their rights. If end-users need to access, copy, modify, delete their relevant personal information, withdraw consent, restrict the processing of personal information, obtain copies of personal information, and cancel their accounts, they may request the third-party developers to provide the

above mentioned ways of realizing their rights. Please note that it is difficult for us to control the behavior of the third-party developers, if the third-party developers do not provide as promised, the end-user can contact us through the way in Article 9 of this statement, and we will try our best to coordinate, support and protect the realization of the rights of end-users;

• 2.2 In order to better protect the end-user's relevant account security and personal information security, when the end-user claims the rights of the subject of personal information directly to us, should provide the necessary supporting documents, we will also verify the identity of the end-user. We will respond to the end user's request after verifying the end user's identity with the third party developer to ensure the security of the end user's third party account;
• 2.3 When an end-user asserts subject matter rights to Personal Information directly to us, and in accordance with a third party developer's privacy policy or Personal Information Protection Statement, we may also send requests relating to the End User's Personal Information directly to that third party developer for processing and/or for assistance.

3. Respond to reasonable requests from third-party developers and/or end users

We will respond to reasonable requests from third-party developers and/or end-users as described above, charging a fee for costs incurred, as appropriate, for requests that are repeated more than reasonably necessary, or for requests that are unduly repetitive, require disproportionate technical skill (e.g., require the development of a new system or a fundamental change in existing practices), pose a risk to the legal rights of others, or are highly impractical (e.g., involve backing up information stored on disk), and we may deny requests that do not involve the use of a computer or other technology. We may deny requests that are not reasonably duplicative (e.g., require development of a system or change in current practice), pose a risk to the legitimate interests of others, or are highly impractical (e.g., involve backing up information stored on disks).

We may not be able to respond to requests from third-party developers and/or end users in the following situations:

• 3.1 Related to the fulfillment of our obligations under laws and regulations;

• 3.2 Directly related to national security and national defense security;

• 3.3 Directly related to public safety and public health, significant public interest;

• 3.4 Directly related to the investigation, prosecution, adjudication and enforcement of sentences for crimes;

• 3.5 Where we have sufficient evidence of subjective malice or abuse of rights by third party developers and/or end users;

• 3.6 For the purpose of safeguarding the third-party developers and/or end-users or other individuals who have significant legitimate rights and interests, such as life, property, etc., but it is difficult to obtain the consent of the person himself/herself;

• 3.7 Responding to requests from third-party developers and/or end-users will result in serious damage to the legitimate rights and interests of third- party developers or other individuals or organizations;

• 3.8 Where trade secrets are involved.

If third-party developers and/or end-users have questions about the realization of the above rights, they may contact us in the manner described in Article 9 of this Statement.

VII. How to handle children's personal information

Third Party Developers are requested to ensure that they are 18 years of age or older. Third party developers are requested to understand that if the third party is targeting users who are children under the age of 14 (and third party developers are aware that there are users under the age of 14 who are not adults), third party developers are requested to ensure that they have specific provisions for the handling of personal information and that the parents or other guardians of the third party's end-users (children) have read and agreed

to the third party's Privacy Policy as well as this document, and that the parent or other guardian of the third-party end user (child) has read and agreed to the third-party's privacy policy and this document, and that he or she has separately agreed to provide the child's personal information to us in order to fulfill the third-party's functionality as described in the privacy policy. If a third party developer's third party is designed and developed for children and for child users, please make sure that the third party developer has specific provisions for handling personal information and make sure that the parents or other guardians of such third party's end users (children) have read and agreed to the third party's privacy policy/personal information protection statement as well as to this statement and have given their separate consent to provide the children's personal information to us in order to fulfill the functions of the third party.

If we unknowingly collect personal information from children, we will promptly delete it, unless we are required by law or regulation to retain such information. If a third-party developer and/or a parent or other guardian of an end-user (child) believes that we have incorrectly or accidentally collected information from a child, please contact us promptly in the manner described in Section 9 of this Statement. If we discover that a third party developer has not obtained the consent of the child's parent or other guardian to provide us with the child's personal information, we will delete the child's personal information as soon as possible and ensure that it is not further processed. If

the guardian of a minor has any questions regarding the handling of personal information of the minor under his/her guardianship, or wishes to access, copy, change, withdraw consent to, or delete the personal information of the minor in question, he/she may contact the third-party developer or contact us through the contact information provided in Article 9 of this Statement.

Please note, however, that if an End User and/or the End User's (Child's) parent or other guardian requests that we delete a specific Child's Personal Information, it may result in the End User (Child) not being able to continue to utilize our Products and Services or certain specific business features of the Products and Services.

VIII. How to change and update this statement

We may revise this Statement from time to time in order to provide better service to third party developers and as the Platform's products and/or services continue to evolve and change.

When the terms and conditions of this statement are changed, we will notify you by means of pop-up windows and website announcements when the version is updated, and state the effective date. In addition, if the updated version of this statement affects the rights of third-party end-users, it is necessary to ask the third-party developer to update the third-party's privacy policy in due course.

For major changes, we will also provide more prominent notice (including, for certain services, notices by e-mail or postal mail or by bulletin stating the specific changes to this Statement). Accordingly, please review and be aware of the contents of this Statement at all times. If third-party developers and/or end-users do not agree to be bound by this Statement, please stop integrating the imoo SDK.

IX. How to contact us

If third-party developers and/or end users have questions about this statement or matters related to personal information, please contact us by email at dpo@okii.com, or call our customer service hotline at 400-610-3999.

In order to ensure that we efficiently handle your questions and provide you with timely feedback, we may require you to submit proof of identity, valid contact information and written requests and related evidence, we will verify the identity of the requestor as soon as possible after the review of the issues involved, and respond within fifteen working days.

X. Other

The headings in this Privacy Policy are for convenience and readability only and do not affect the meaning or interpretation of any provision of this Privacy Policy.

This Privacy Policy is copyrighted by the Company and the Company reserves the right of final interpretation and modification to the extent permitted by law. If you have any questions or concerns about our privacy policy or practices, Please contact our Data Protection Officer at dpo@okii.com..