Heiman Privacy Policy

Shenzhen Heiman Technology Co., Ltd. (hereinafter referred to as "Heiman" or "we") respects and protects the privacy of all users of our services. To provide you with more accurate and personalized services, Heiman will use and disclose your personal information in accordance with the provisions of this Privacy Policy. However, Heiman will treat this information with a high degree of diligence and prudence. Except as otherwise provided in this Privacy Policy, Heiman will not disclose or provide this information to third parties without your prior permission. Heiman will update this Privacy Policy from time to time. By agreeing to the Heiman Service Agreement, you are deemed to have agreed to the entire content of this Privacy Policy. This Privacy Policy is an integral part of the Heiman Service Agreement.

Contact Information:

Phone: +86-755-84193930

Email: heimanapp2@heiman.com.cn

Special Notice for Minors and Children: If you are under 18 years old, please read this policy carefully with your parents or legal guardians and use our services or provide us with information with their consent. If you are under 14 years old (or the specified age in your country/region), please be sure to read the "Heiman Children's Privacy Protection Statement" carefully before using our services and obtain written consent from your parents or legal guardians in advance.

This Privacy Policy will help you understand the following:

• I. What personal information do we collect?
• II. Purpose and legal basis for processing personal information
• III. Who do we share your personal information with?
• IV. Transfer of collected information
• V. Rights related to personal information
• VI. Information security safeguards
• VII. Information retention period
• VIII. Protection of children's personal information
• IX. Statement on policy changes
• X. Contact us

I. What personal information do we collect?

Definition

Affiliated companies: refers to companies that have a controlling relationship, are controlled by, or are under common control with Shenzhen Heiman Technology Co., Ltd.

Personal information: refers to various information recorded electronically or otherwise that can identify a specific natural person alone or in combination with other information, including but not limited to natural person's name, date of birth, ID number, personal biometric information, address, telephone number, email address, etc.

Personal sensitive information: refers to personal information that, once leaked, illegally provided or misused, may endanger personal and property safety and easily lead to damage to personal reputation, physical and mental health, or discriminatory treatment, including ID numbers, personal biometric information, bank account numbers, communication records and contents, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information, etc. Children under 14 years old (or the specified age in your country/region) personal information is also personal sensitive information.

1. Information we collect based on your authorization

To provide you with our basic services, you need to provide the following information. If you refuse to provide corresponding information, you will not be able to use our services normally:

Account information: When you register for a Heiman account, we will collect your mobile phone number or email address and password. You can also improve your account information, such as the nickname and time zone you set for your Heiman account. We collect this information to help you complete the Heiman account registration, protect your account security, and provide you with account-related services.

Additional services based on specific permissions: When you use specific functions of our products, we may collect your information based on specific permissions to provide you with corresponding services. You can choose whether to enable these permissions in the device system settings. When you turn off permissions, the corresponding functions cannot be used normally, but it will not affect your normal use of other functions. We provide the following additional services based on different permissions:

1. Location information: When you use device networking and geofencing functions, we will request your location permission to obtain your location information for device networking and geofencing services. You can turn off location permission in [My] - [Settings] - [Privacy Permission Settings] - [Location Information] or in the device system settings.
2. Camera/Camcorder: When you use the scan code to add device function, we will request camera permission to scan QR codes to add devices. You can turn off camera permission in [My] - [Settings] - [Privacy Permission Settings] - [Camera/Camcorder] or in the device system settings.
3. Photo Album: When you use the problem reporting function, we will request photo album permission to select pictures from your photo album for uploading. You can turn off photo album permission in [My] - [Settings] - [Privacy Permission Settings] - [Photo Album] or in the device system settings.
4. Microphone: When you use voice functions (such as voice control, voice messages), we will request microphone permission to collect your voice information. You can turn off microphone permission in [My] - [Settings] - [Privacy Permission Settings] - [Microphone] or in the device system settings.
5. Storage permission: For Android system stability, we will request storage permission to read and write necessary files. You can turn off storage permission in [My] - [Settings] - [Privacy Permission Settings] - [Storage Permission] or in the device system settings.
6. Message notifications: When you use service alarm functions, we will request notification permission to push alarm messages to you. You can turn off notification permission in [My] - [Settings] - [Privacy Permission Settings] - [Message Notifications] or in the device system settings.
7. Floating window: When you use camera real-time screen functions, we will request floating window permission to display camera screens. You can turn off floating window permission in [My] - [Settings] - [Privacy Permission Settings] - [Floating Window] or in the device system settings.
8. Bluetooth: When you use device control and networking functions, we will request Bluetooth permission for device communication. You can turn off Bluetooth permission in [My] - [Settings] - [Privacy Permission Settings] - [Bluetooth] or in the device system settings.
9. Face ID: When you use iOS password-free login function, we will request Face ID permission for identity verification. You can turn off Face ID permission in [My] - [Settings] - [Privacy Permission Settings] - [Face ID] or in the device system settings.
10. Fingerprint: When you use Android password-free login function, we will request fingerprint permission for identity verification. You can turn off fingerprint permission in [My] - [Settings] - [Privacy Permission Settings] - [Fingerprint] or in the device system settings.

2. Information we automatically collect

Mobile device information: When you interact with our products, to ensure your normal use of our services, maintain normal operation of our services, improve and optimize our service experience, and protect your account security, we will automatically collect mobile device information, including mobile device model, login IP address, wireless connection information, operating system type and version, application version number, push notification identifier, log files, and mobile network information. At the same time, we will collect your software version number. To ensure the security of the operating environment or provide necessary services, we will collect information about mobile applications and other software you use, as well as application installation lists (used for application performance monitoring).

Service log information: When you use our applications, to provide you with a better user experience and improve and optimize our services, system and exception logs will be uploaded for analysis, including your IP address, usage language habits, operating system version, access date or time, usage information, so that we can accurately identify problems and help you solve problems encountered during service use.

Please note that individual mobile device information and service log information cannot identify specific natural persons. If we combine this non-personal information with other information to identify specific natural persons, or combine it with personal information, during the combined use period, this non-personal information will be treated as personal information. Except with your authorization or as otherwise provided by laws and regulations, we will de-identify this information.

3. Smart device related information

When you use smart devices, we collect information inherent to the smart devices themselves and information generated during your use of smart devices.

Smart device basic information: When you use smart devices connected to our products or services, we will collect basic information about smart devices, including smart device names, device IDs, online status, activation time, firmware versions, and upgrade information.

Information collected during smart device connection: When using Heiman APP and services, to facilitate device identification/activation/control, conduct data statistics and analysis, and ensure network access and service operation security and quality, we will receive and record device-related information you use based on your specific operations when using products and the types of smart devices you need to connect. We will collect the following information when entering the add device homepage for automatic discovery and search of devices to be networked and when you actively perform device networking:

Wi-Fi information (SSID, BSSID, Wi-Fi Mac address, Wi-Fi password), device Mac address, device ID, device IP, device Bluetooth Mac address.

Information reported by smart devices: Based on different smart devices you choose to connect with our products or services, we will collect information reported by your smart devices. To help you better understand our services, the following smart devices are used as examples, and their reported information only applies when you use such services:

a. Gateway related information. Including: night light switch, color, brightness data; alert timing setting data, alarm trigger device list information, alert delay effective time, gateway alarm ringtone list information, alarm volume, alarm red light flashing duration, linkage alarm list data, alarm messages and logs; gateway language, gateway volume; induction night light settings; timed colored light settings; sub-device list information. We collect this data to provide you with remote viewing of night lights, alert status, query alarm history records, control night lights and alert switches, set alerts, induction night lights, timed colored lights and other functions.

b. Sub-device information. We may collect information and related records generated by connected sub-devices to provide you with related sub-device functions. For specific protocol information, please go to the "Device Privacy Policy" in the settings of the device details page.

c. Mobile phone related information. Hardware device identifiers (imsi, imei, meid, device hardware serial number, SIM card identifier, OAID, Mac address, Android ID), carrier, IDFV, phone model, device name, system version information, system language, country or region set by phone, phone screen size and resolution, CPU and display device related information;

d. Information collected during smart device connection. Based on the type of smart device you need to connect, we may collect: Smart devices connected via Wi-Fi: Wi-Fi information (SSID, BSSID, Wi-Fi Mac address, Wi-Fi password), device Mac address, device ID; Smart devices connected via Bluetooth after establishing local connection, then connected via Wi-Fi: Wi-Fi information (SSID, BSSID, Wi-Fi Mac address, Wi-Fi password), device Mac address, device Bluetooth Mac address; Smart devices connected via Bluetooth: device Bluetooth Mac address, device ID; Smart devices connected via ZigBee/RF: device Mac address, device ID.

Device-related historical records will be uploaded to servers and stored on servers. You can clear historical records through the App.

In addition to the above device information, we will also collect smart device names, manufacturers, models, firmware versions, serial numbers, software system data to calculate the number of activated devices and networked devices, used for analyzing firmware versions and pushing firmware update notifications.

When devices need to connect to networks for use, we will also collect Wi-Fi names and passwords you enter for device networking. At the same time, we need to select optimal networking methods for devices by determining IP, network signals, Mac addresses to ensure device networking stability and conduct rough statistics on geographical locations of connected devices. We may use network information and device time zone data to analyze device network status to help solve problems you encounter in use.

4. Providing automation and scene functions for you

You can set automation and add scenes in the App. At this time, we will collect your specific settings and related automation and scene execution logs. To enjoy this function, we may collect your set home location information and precise location information set in geofencing functions to provide you with the above services. Smart automation scenes need to be actively set by you. After setting, smart automation scenes will take effect. If you do not set them, the data we collect or functions will not automatically make any decisions that affect device operation for you.

You can use AI data intelligent services: daily reports, family summaries, low-carbon living, proactive intelligent services. We will remind you that this service will obtain your family data within 6 months, including: family names, room names, automation execution times, scene execution times, Xiao Qiao voice conversation times, device energy consumption values, temperature and humidity sensor device values, human body sensor data, switch lighting device data, device online and offline status, operation logs, device status, family status, and current weather information of the family location, to ensure complete provision of the following services:

• a. Daily report service: Will focus on your daily life, based on smart device data and AI prediction capabilities, present visualized data reports from the previous day or week from multiple dimensions including environment, energy consumption, routine, device status, smart execution, and provide reasonable optimization suggestions.
• b. Family summary service: Will provide refined and focused visualized summary cards based on your device data and usage behavior preferences, so you can more easily understand important family information. We will extract key data from multiple dimensions including energy consumption information, environmental information, routine conditions, smart execution, device status, device anomalies, user activity, to present a clear and intuitive family overview, helping you better manage devices and understand device conditions, making your life more convenient and intelligent.
• c. Low-carbon living service: Will use smart sensors to count the completion of low-carbon behaviors in your family, comprehensively evaluate low-carbon points from four aspects: behavioral energy saving, awareness energy saving, device energy saving, device configuration, helping you understand how to further make behavioral operations beneficial to energy saving.
• d. Proactive intelligent service: Will provide some reminder services and usage suggestions by deeply analyzing your daily usage habits and preferences, based on smart device data and AI prediction capabilities, making your life more comfortable and convenient. For example, when controlling some devices through Xiao Qiao voice, it can provide lifestyle suggestions based on weather and routine conditions, and can proactively recommend automation based on devices and times users frequently use.

II. Purpose and legal basis for processing personal information

We process your information for the following purposes:

To provide services to you: We process your account information, mobile device information, usage information, location information, and smart device related information to provide products and services you request. The legal basis for such processing is to fulfill our contract with you according to our "User Agreement".

To improve our services: We process your mobile device information, usage information, location information, and smart device related information to ensure functionality and security of our products, develop and improve our products and services, analyze our operational efficiency, and prevent and track fraudulent or improper use. The legal basis for such processing is to fulfill our contract with you according to our "User Agreement".

Function experience upgrade plan: To enable you to better enjoy the convenient life brought by smart devices, we analyze your use of Heiman services or smart devices, analyze products or usage scenarios related to you so that you can better enjoy the convenience brought by our products. We will use your bound smart device information to recommend other smart devices that can intelligently link with your bound devices (smart device recommendation service). If you do not agree to our analysis of your data, you can enter the privacy settings of Heiman App ([My] - [Settings] - [Privacy Permission Settings] - [Function Experience Upgrade Plan]) to turn off your choice. The legal basis for such processing is based on your consent.

Compliance: We only process your personal information when laws require us to disclose information, or when we consider it necessary or appropriate:

1. (a) Comply with applicable laws and regulations, legal procedures, or requests from public institutions and government authorities;
2. (b) Fulfill our terms of use and other agreements, policies, or standards, including investigating any potential violations;
3. (c) Protect the rights, privacy, security, or property of us and/or other users including you;
4. (d) And seek available detection, prevention, remedial measures, or limit damages we may need to provide or resolve security, fraud, or technical issues.

We also use your personal information collected in other ways. When collecting, we will provide specific notice and obtain your consent as required by applicable law. If the purpose of processing your personal information changes, we will notify you of such changes via email and/or prominent notice on our website and inform you about choices regarding personal information.

III. Who do we share your personal information with?

Heiman only shares your personal information in ways you know about. We will share your personal information with the following participants:

Disclose your personal information to third-party service providers who provide certain business-related services to us, including website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support services, email delivery services, and other similar services, to ensure they can provide services to us.

Disclose your personal information to customers and other business partners who directly or indirectly provide you with smart devices and/or networks and systems you use to access and use our websites and services.

When reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock occurs (including but not limited to the above situations related to any bankruptcy or similar procedures), disclose your personal information to affiliated companies or other third parties. In such cases, you will receive clear notice about ownership changes, incompatible new uses of personal information, and choices regarding personal information via email and/or our website.

For the following necessary or appropriate situations, we will reasonably and legally share your personal information:

1. (a) Comply with applicable laws and regulations, legal procedures, policies and/or standards, or requests from corresponding public institutions and government authorities;
2. (b) Fulfill our terms of use and other agreements, policies, and standards, including investigating any potential violations;
3. (c) Protect our operations, business, and systems;
4. (d) Protect the rights, privacy, security, or property of us and/or other users including you; and
5. (e) Risk management, detection, and identification of illegal, fraudulent, deceptive, or malicious activities.
6. (f) Disclose your personal information to subsidiaries or affiliated companies under the company to regularly conduct business activities.

Except for the above third parties, we do not rent, sell, or provide personal data to third parties, and only disclose your personal information to other third parties with your consent.

Please be aware that we will not collect your personal information through third parties under any circumstances.

When you use services provided by third parties, we will share corresponding information after ensuring third parties obtain your authorized consent and in other circumstances that comply with laws and regulations. You can understand what personal information third parties will collect and how they process this information through the relevant information listed in this list. We will also strictly constrain third parties' acquisition of personal information to protect your personal information security. Please click "Third-party Information Sharing and SDK Service List" to view details of third-party information sharing.

IV. Transfer of collected information

Heiman operates globally, so personal information we collect according to this policy may be transmitted, stored, and processed between different countries or regions. Laws and regulations applicable to countries or regions where we operate may differ from applicable laws in your country/region of residence, but we will strictly comply with laws, regulations, and requirements related to personal information protection (please click to view Heiman's global data center and storage conditions). Therefore, within the framework of personal information protection, to facilitate our operations, we may transfer personal information to countries or regions where we conduct business. Regardless of where your information is stored, our privacy and security practices are designed to provide global protection for your personal information.

Including, the European Commission has determined mechanisms by which certain countries/regions outside the European Economic Area (EEA), the United Kingdom, or Switzerland can adequately protect personal information. When personal information of European Economic Area, Switzerland, or United Kingdom users is transferred to recipients located in countries/regions outside the European Economic Area, Switzerland, or the United Kingdom that are not considered to have adequate information protection levels, we will ensure compliance with "EU Standard Contract Clauses" for information transmission. You can click here to view agreements reached under "EU Standard Contract Clauses" approved under Article 46 of GDPR.

Specifically, personal information collected and generated during operations within mainland China will be stored and processed in data centers in mainland China, except as permitted by applicable law for cross-border transmission.

If you want to learn more about our security safeguards, you can contact us directly through this policy.

V. Rights related to personal information

We respect your rights while also managing your personal information.

You do not need to pay any fees to exercise your personal rights. According to local information protection law requirements, if your account service is in mainland China, we will complete verification and processing of your needs within 15 working days; if your account service scope is outside mainland China, we will respond to your needs within 30 days.

If you decide to send us requests via email, please specify what information you want to change, whether you want your personal information deleted from our database, or what restrictions you want us to have when using your personal information. Please note that for security reasons, we will require you to verify your identity before further processing your request.

You can exercise your rights related to personal information through the following specified paths:

Personal information access right: If you request access to personal information we process related to you (i.e., apply to us for copies of your personal information), you can obtain information through [My] - [Settings] - [Privacy Policy Management] - [Personal Information Export] in the application;

Personal information modification right: If you request us to correct inaccurate or incomplete personal information related to you, you can modify information through the following 2 methods:

1. Modify "registered account" (email/mobile phone number): [My] - [Settings] - [Account and Security] - [Mobile Phone Number/Email] - [Change Mobile Phone Number/Email];
2. Modify "nickname and/or time zone": [My] - [Personal Profile];

Personal information deletion right: If you request deletion of your personal information, you can go to [My] - upper right corner [Settings] - [Account and Security] - [Cancel Account], according to the prompts, you can cancel your account and further delete your personal information;

Personal information processing restriction right: When requesting temporary or permanent restriction of our processing of part or all of your personal information, please contact us through [My] - [Settings] - [Account and Security] to delete accounts or [My] - [Common Questions and Feedback] in the application, or submit your application through heimanapp2@heiman.com.cn;

Personal information processing withdrawal right: When we use your personal information based on your consent or our legitimate interests, choose to object to or refuse our use of your personal information, please refer to the following "withdrawal of consent" processing methods to cancel your consent processing decision:

1. As mentioned above, you can change device permission settings through [My] - [Settings] - [Privacy Permission Settings] in the application and then in device system settings to withdraw your consent, including location, camera/camcorder, photo album (picture library/video library), microphone, Bluetooth settings, message notification push and other related functions;
2. For non-marketing communications you consent to, turn off your choice through [My] - [Message Center] - [Settings];
3. When you consent to data being used for analysis and functional optimization services related to you, turn off your choice through [My] - [Settings] - [Privacy Permission Settings] - [Function Experience Upgrade Plan];
4. In personalized push services you consent to, turn off your choice through [My] - [Settings] - [Privacy Permission Settings] - [Personalized Push Service];
5. By unbinding smart devices through the application, information about your use of smart devices will not be collected;
6. By using the application's login-free/guest mode and exiting use of location information related services, we will not collect personal information about you at this time;
7. If you previously voluntarily agreed to associate your Heiman account with third-party services, such as third-party health platforms, please unbind on that third-party platform.

When you withdraw consent or authorization, it results in our inability to continue providing you with services corresponding to the withdrawn authorization part. However, your withdrawal of consent or authorization does not affect personal information processing previously conducted based on your consent.

If you still have more questions, please contact us through [My] - [Common Questions and Feedback] in our application, or send an email to heimanapp2@heiman.com.cn

VI. Information security safeguards

We adopt commercially reasonable physical, administrative, and technical safeguards to maintain the integrity and security of your personal information. Heiman provides multiple security strategies to effectively ensure user and device information security.

In device access, we use Heiman proprietary algorithms to ensure data isolation, access authentication, and authorization applications.

In data communication, we support using secure algorithms and transmission encryption protocols as well as commercial-grade information encryption transmission based on dynamic keys for communication.

In data processing, we adopt strict data filtering and verification as well as complete data audit processes.

In data storage, all confidential user information will undergo secure encryption processing for storage.

In addition to the above technical-level security safeguards, at the institutional and control level, Heiman has also established a series of security safeguards, including fixed positions and responsibilities, holding security and privacy protection training courses, strengthening employee data protection awareness, controlling access permissions and other measures to prevent data loss, illegal use, unauthorized access or leakage, tampering, or destruction.

If you believe for any reason that your interaction with us is no longer secure (for example, you believe the security of your Heiman account has been compromised), please immediately notify us by sending an email to heimanapp2@heiman.com.cn as described below.

If a security incident occurs that affects your personal information security, we will notify you immediately through your reserved email address, phone number, message center push and other methods, and inform you of suggestions to reduce or prevent related risks. When necessary, we will promptly take corresponding remedial measures according to internal security incident emergency plans and report to relevant competent authorities as required.

VII. Information retention period

We will process your personal information for the shortest period to achieve the purposes described in this policy or as required by laws and regulations, unless longer retention is required according to specific legal requirements. We will determine appropriate retention periods based on the quantity, nature, and sensitivity of personal information. After the retention period ends, we will destroy your personal information.

1. According to the "User Agreement" and this policy to meet products and services you request;
2. When you explicitly request deletion of your personal information, we will set this as a task and no longer retain your personal information.

When we confirm on the basis of 1) that personal information has completed collection and processing purposes, or after we confirm your deletion or cancellation application according to 2), or after we terminate operation of corresponding products or services, we will stop retention and delete your personal information. Generally, once the specified information retention period is reached, we will no longer retain your personal information. If we cannot destroy information for technical reasons, resulting in personal information retention exceeding the storage period, we will take appropriate measures to prevent your personal information from being further used, including de-identification processing.

VIII. Protection of children's personal information

Heiman attaches great importance to the protection of children's personal information. If you are under 14 years old (or the specified age in your country/region), before using our services, you must carefully read the "Heiman Children's Privacy Protection Statement" and obtain written consent from your parents or legal guardians in advance. Heiman protects children's personal information according to relevant laws and regulations of various regions, countries, or areas. Please note that if we discover we have collected children's personal information without first obtaining verifiable parental or legal guardian consent, we will try to delete the relevant personal information as soon as possible.

IX. Statement on policy changes

We will update this policy at least once a year based on changes in information practices. If we make any significant changes, we will notify you via email (sent to the email address specified in your account) or post a notice in this application before the changes take effect. We recommend you regularly browse this application to obtain the latest information about privacy practices.

X. Contact us

If you have any comments or questions about this privacy policy, or if you have any questions about our collection, use, or disclosure of your personal information, please contact us through [My] - [Common Questions and Feedback] in the Heiman application or the following provided methods, and specify "Privacy Policy". For your rights requests and question consultations related to personal information, we have professional privacy and security teams to solve your problems. If your question itself involves relatively major matters, we may require you to provide more information to confirm the nature and scope of impact of the matter. If you are not satisfied with the reply you receive, you can transfer the complaint to the corresponding regulatory authority. When you consult us, we will provide information about relevant complaint channels that may be used based on your actual situation and will complete verification and processing of your needs within 15 working days.

Contact information and contact address:

Shenzhen Heiman Technology Co., Ltd.

Mailing address: No. 101, Building 4, Dafu Industrial Zone, Kukeng Community, Guanlan Street, Longhua District, Shenzhen

Email: Privacy Office heimanapp2@heiman.com.cn; Customer Service Team heimanapp1@heiman.com.cn

Contact phone: +86-755-84193930