Legal & Compliance Center

GlobalPrivacy Policy

Last Updated: October 26, 2023. Effective Date: January 01, 2023. This policy outlines our rigorous commitment to transparency, data sovereignty, and user-centric privacy protection across all our global operations.

Policy Quick Navigation

1. Overview & Philosophy 2. Data Taxonomy 3. Tracking Technologies 4. Legal Processing Grounds 5. Minor Protection 6. Third-Party Governance 7. Security TOMs 8. Data Rights & DSR

1. OVERVIEW & PHILOSOPHY

Beijing Zhishenglongcheng Information Technology Co., Ltd. ("ZHISHENG," "we," "us," or "our") is a specialized global technology organization providing high-performance mobile applications and immersive digital entertainment. We operate on a foundation of "Privacy by Design," ensuring that data protection is not an afterthought but a core component of our technical architecture. This philosophy governs our entire lifecycle, from initial R&D to global operational scaling.

This Global Privacy Policy is a comprehensive disclosure of our data practices. We recognize that our users span multiple legal jurisdictions; therefore, this document is engineered to meet and exceed the requirements of the **EU General Data Protection Regulation (GDPR)**, the **California Consumer Privacy Act (CCPA/CPRA)**, the **UK Data Protection Act**, and the **Personal Information Protection Law (PIPL)** of the People's Republic of China. This policy applies to all interactions with our website (zhishenglc.com), our mobile software, R&D showcases, and B2B engagement channels.

We are committed to providing you with clear and accessible information about our data processing. If you have any questions or concerns regarding our practices, we provide direct access to our Data Protection Office as detailed in Section 11.

2. TAXONOMY OF DATA COLLECTION

Our systems categorize data collection into three distinct tiers to ensure clarity and purpose-limitation. We only collect the minimum amount of data necessary to provide a high-quality service and ensure platform security.

2.1 Voluntary Information Disclosure

Information you provide directly to us when engaging our professional services, participating in surveys, or creating digital profiles:

  • Identity & Professional Data: Full legal name, professional title, corporate affiliation, and industry sector. This is collected primarily during B2B strategic docking and partner onboarding processes to verify professional standing.
  • Communication Channels: Verified business email addresses, telephone numbers, and authorized social identifiers used for project management, technical support, and critical service notifications.
  • Account Metadata: Usernames, encrypted authentication tokens, and profile preferences within our mobile applications.
  • Financial Metadata: Where applicable for B2B transactions or high-tier enterprise services, we may collect billing addresses and tax identification numbers. We do not store full credit card numbers; these are handled by PCI-DSS compliant third-party payment gateways.

2.2 Automated Technical Telemetry

To maintain 99.9% uptime, optimize performance for diverse global hardware, and ensure zero-trust security, our backend servers automatically capture technical metadata from your device:

  • Unique Hardware Identifiers: We process **UDID**, **IMEI**, and **MAC addresses** hashed via SHA-256 strictly for security auditing, fraud prevention, and to mitigate bot-net activity in our gaming environments.
  • Mobile Advertising IDs: We access Apple’s **IDFA** and Google’s **GAID** strictly subject to platform-level consent (e.g., App Tracking Transparency). These identifiers are used solely to measure the efficacy of our global user acquisition (UA) funnels and attribution.
  • Usage Analytics: Granular clickstream data, feature activation sequences, session heatmaps, and precise application state logs recorded during crash events to facilitate rapid R&D iteration.
  • Network Diagnostics: IP address (obfuscated at the last octet), Internet Service Provider (ISP), connection type (5G/4G/Wi-Fi), and approximate geographic data derived from IP headers.

3. COOKIE & TRACKING ARCHITECTURE

We implement a transparent, tiered cookie management system. Our website does not use tracking technologies for "profiling" users across non-affiliated domains without explicit, affirmative consent.

Tier Technical Function & Purpose
Tier 1: Essential Mandatory for secure session maintenance, CSRF protection, and high-availability load balancing across our global nodes. These cannot be disabled.
Tier 2: Functional Persistence of UI preferences, localized language selection, and regional regulatory compliance states.
Tier 3: Analytical Aggregated, anonymized heatmapping and navigation analysis to optimize our R&D showcases and documentation flow.
Tier 4: UA/Marketing Attribution tokens used strictly to measure the ROI of our professional partnership campaigns on platforms like LinkedIn and Google.

4. LEGAL JUSTIFICATION FOR DATA PROCESSING

ZHISHENG operates under strict legal pillars defined by international law for all data processing activities. We never process data without a clear, documented purpose.

  • Performance of Contract: Processing is essential to deliver the mobile services, gaming features, and technical R&D milestones agreed upon in our Master Service Agreements (MSA) or Terms of Service.
  • Legitimate Business Interests: Monitoring network security to prevent DDoS attacks, identifying IP theft, optimizing engine performance for low-end devices, and managing global server infrastructure to ensure 24/7 availability.
  • Consent-Based Processing: For non-essential tracking, marketing correspondence, and personalized advertising where the user has provided an explicit, informed opt-in.
  • Statutory & Regulatory Compliance: Retaining data for mandatory tax auditing, fulfilling anti-money laundering (AML) requirements, and responding to valid governmental or judicial subpoenas.

5. PROTECTION OF MINORS & GLOBAL AGE POLICY

We maintain a "Privacy First" protocol for minor users, strictly adhering to **COPPA** (USA) and **GDPR-K** (EU) standards. Our services are not engineered for, nor targeted at, individuals under the age of 13 (or 16 in certain EEA jurisdictions). We do not knowingly collect personal data from children without verifiable parental consent.

Minor User Safety Protocol & 24-Hour Purge

If our neutral age-gate identifies a user as a minor, we immediately engage "Safe-Mode": All behavioral tracking is severed, personalized advertising is disabled, and social features are restricted to prevent PII (Personally Identifiable Information) leakage.

The 24-Hour Purge Guarantee: If we identify that minor data has been collected inadvertently without verifiable parental consent, we commit to a mandatory deletion process across our active production clusters within 24 hours of discovery. Parents may initiate this process via support@zhishenglc.com.

6. DATA SOVEREIGNTY & THIRD-PARTY GOVERNANCE

We share data only with audited service providers who maintain technical and organizational security standards equal to or higher than our own. ZHISHENG does not engage in the sale of user data for monetary profit.

  • Infrastructure Partners: AWS (US/Asia/EU) and Google Cloud for resilient, encrypted storage and serverless computing.
  • Monetization Partners: AdMob, Unity Ads, and AppLovin. These partners process anonymized device tokens to deliver age-appropriate ad content. We audit their SDKs regularly for privacy compliance.
  • Strategic Analytics: Firebase, Adjust, and AppsFlyer. These tools process event-based data to help us refine game balance, app utility, and user journey optimization.

7. SECURITY TOMs (TECHNICAL & ORGANIZATIONAL MEASURES)

ZHISHENG employs military-grade security to protect the integrity, confidentiality, and availability of your data. Our technical backbone is built with a zero-trust mindset.

  • Encryption: Mandatory **AES-256** for data at rest and **TLS 1.3** for all data in transit. We utilize hardware security modules (HSMs) for key management.
  • Access Isolation: Production data is siloed from development environments with strict multi-factor authentication (MFA) and biometric requirements for all technical staff.
  • Anonymization & Pseudonymization: We utilize salt-based hashing (**SHA-512**) for all user identifiers before they enter our analytical data lake, ensuring that raw PII is never used for research purposes.
  • Continuous Auditing: Regular penetration testing and vulnerability scanning are performed by independent third-party security firms.

8. DATA SUBJECT RIGHTS & DSR PROCEDURES

Regardless of your geographic location, ZHISHENG respects your fundamental right to control your digital identity. We provide a formal **Data Subject Request (DSR)** process to handle the following rights:

  • Right of Access & Portability: Request a structured, machine-readable export of all data associated with your device or account.
  • Right of Rectification: Request correction of inaccurate professional or personal metadata.
  • Right of Erasure ("Right to be Forgotten"): Permanent deletion of your account and all associated identifiers across our global production clusters.
  • Right to Object & Restrict: Limit processing activities while your data accuracy is being verified or object to processing based on legitimate interests.
  • Right to Withdraw Consent: Revoke permissions for marketing and non-essential cookies at any time without penalty.

To exercise these rights, please email support@zhishenglc.com with the subject line **"DSR Request"**. To protect your security, we will require verification of your device ID or account ownership through a secondary authentication method. We will provide a formal resolution within **30 calendar days** of verification.

9. INTERNATIONAL DATA TRANSFERS

ZHISHENG is a global organization. Your information may be transferred to and processed in countries other than your own, including China, the United States, and Singapore. We ensure that such transfers are conducted under the protection of **Standard Contractual Clauses (SCCs)** and adequacy decisions where applicable, ensuring your data receives a level of protection consistent with global best practices.

10. UPDATES, AMENDMENTS & NOTIFICATIONS

We reserve the right to amend this Privacy Policy at any time to reflect changes in our Services, technical architecture, or global legal requirements. Significant changes affecting your fundamental rights will be notified via prominent in-app notifications, push alerts, or via the primary email address on file. Continued use of our Services after an update constitutes informed acceptance of the revised terms. We encourage you to review this page periodically to stay informed about our data sovereignty efforts.

11. CONTACT OUR GLOBAL PRIVACY OFFICE

For formal legal inquiries, data protection impact assessments (DPIA), compliance audits, or complex privacy queries, please contact our global privacy lead:

Global Data Protection Office (DPO)

Beijing Zhishenglongcheng Information Technology Co., Ltd.

Attn: Privacy Compliance & Legal Affairs

Data Protection Officer: David Wu

Primary Compliance Email: support@zhishenglc.com

Strategic Partnership Inquiry: liunian@zhishenglc.com

Registered Global Headquarters: 4B06, 4/F, Bldg C3, World Flower Holiday Plaza, Jiujingzhuang Road, Daxing District, Beijing, China