AutoWhisper Privacy Policy
Last Updated: January 19, 2025
Effective Date: January 19, 2025
Important Notice: This Privacy Policy describes how AutoWhisper collects, uses, stores, and shares your personal information. Please read this policy carefully. By using our Services, you agree to the information collection and use practices described in this policy. If you do not agree to this Privacy Policy, please do not use our Services.
Table of Contents
- 1. Introduction
- 2. Scope of Application
- 3. Information We Collect
- 4. How We Use Your Information
- 5. AI Technology and Use of User Content
- 6. How We Share Your Data
- 7. Cookies and Tracking Technologies
- 8. Data Retention
- 9. Data Security
- 10. International Data Transfers
- 11. Your Privacy Rights
- 12. Biometric Information
- 13. Children's Privacy
- 14. Social Features and Third-Party Integrations
- 15. Business Changes
- 16. Additional Disclosures for California and Other US State Residents
- 17. Additional Information for EU, UK, and Swiss Residents
- 18. Policy Changes and Complaints
1. Introduction
AutoWhisper is an AI-powered marketing content generation and distribution platform. We understand the importance of privacy to you and respect the privacy of everyone who visits our website and uses our platform.
This Privacy Policy describes how AutoWhisper (Shanghai) Information Technology Co., Ltd. (hereinafter referred to as "AutoWhisper", "we", "us", or "the Platform") collects, uses, and discloses personal information about you when you use our website (autowhisper.xyz), mobile applications, APIs, and other services (collectively, the "Services").
Company Information:
- Company Name: AutoWhisper (Shanghai) Information Technology Co., Ltd.
- Registered Address: People's Republic of China
- Contact Email: xnjiang@qumge.com
1.1 Data Controller and Processor
For the purposes of this Privacy Policy:
- We act as a data processor: When we process personal data on behalf of our enterprise customers according to their instructions (e.g., when enterprise customers use our Services to generate marketing content for their businesses).
- We act as a data controller: When we process data for our own legitimate purposes (e.g., marketing, service improvement, regulatory compliance).
1.2 Definitions
In this policy:
- "You", "User": Refers to you, the individual using the Services and accepting the Terms.
- "Personal Information" or "Personal Data": Information that can identify or relate to a specific individual.
- "User Content": All information and materials you upload, input, or otherwise provide to the Services.
- "Generated Content": Output content generated by our AI technology based on your User Content.
2. Scope of Application
2.1 This Policy Applies To
- Users accessing Services through our website (autowhisper.xyz)
- Users using our mobile applications
- Users accessing our Services through APIs
- Individuals accessing and using Services on behalf of enterprise customers
2.2 This Policy Does Not Apply To
- Enterprise Customer Data: Information we process on behalf of business or commercial customers, which is governed by our contracts with those customers. If you have questions about how an enterprise customer uses information, please contact that customer directly.
- Third-Party Websites and Services: This policy does not apply to third-party websites or platforms linked through our Services (whether the links are provided by us or shared by other users), nor to third-party content, data, applications, or materials. We are not responsible for the privacy or security of these websites or platforms. We recommend that you review their privacy policies before providing any information to third-party websites or platforms.
3. Information We Collect
We collect certain information about you from different sources, as described in this section.
3.1 Information You Provide Directly
Certain features of the Services may require you to provide information directly to us. You may choose not to provide this information, but doing so may prevent you from using or accessing these features. Depending on your use of the Services, we may collect some or all of the following information about you:
a. Account and Contact Information
When you create an account, we collect:
- Name
- Email address
- Account password (encrypted storage)
- Phone number (optional)
- Company/business name and job title (optional)
- Mailing address (optional)
- Social media accounts (optional)
b. Payment Information
Depending on your subscription plan, we may collect payment information and transaction history. All payment data is stored and processed by Stripe. We do not directly store complete credit card information. You can learn more in the Stripe Privacy Policy.
c. User Input Content
When you use our Services, we collect personal information you provide, including:
- Text, scripts, product descriptions
- Images, photos, videos
- Audio, voice recordings
- Website links and competitor information
- Metadata related to input content
Important Notice: Certain Service features require us to process facial or body parts in videos or photos, which may include facial images and voice data. We use this information to create and personalize digital avatars. For more information on how we process biometric information, please see Section 12 below.
d. Information Posted to the Services
Certain features of the Services may enable you to share templates with other users or make your videos and other content available to other users. We collect information you choose to share or provide ("User Generated Content" or "UGC"), and we or others may store, display, reproduce, publish, or otherwise use UGC (including your name and email address), and may or may not attribute it to you. Other users may also access UGC and may share it with third parties.
e. Communication Information
We collect the name, email address, and other information you provide when you communicate with us, including through a "Contact Sales" page or by interacting with our online chatbot.
3.2 Automatically Collected Information
We automatically collect certain information about your interactions with the Services through Cookies, web beacons, and other technologies ("Tracking Technologies") (collectively, "Usage Data"), including:
a. Device Information
- Device type (mobile, tablet, computer)
- Operating system and version
- Unique device identifiers
- IP address
- Browser type and version
b. Location Information
- Approximate location based on IP address (country, city level)
c. Usage Information
- Date and time stamps
- Referring website (which website brought you to our Services)
- Types of content you view or interact with
- Features you use
- Other actions you perform on the Services
- Clickstream data
- Websites you exit to
For more information about how we use Tracking Technologies and your choices, please see the "Cookies and Other Tracking Technologies" section below.
3.3 Information from Third Parties
We may obtain information about you from external sources, including:
- Integration Partners: Information we receive when you connect AutoWhisper to integrated services (such as X/Twitter, Facebook, Instagram, YouTube, Xiaohongshu, Douyin, TikTok, WeChat Channels).
- Login Integrations: Information we receive when you choose to access Services through a login integration or single sign-on (SSO) service.
- Social Media Platforms: Information we receive from these platforms when you interact with us on social media platforms.
- Public Sources: Supplemental information from publicly available databases or third-party data providers.
4. How We Use Your Information
We use your personal information to provide you with the best products and services. Depending on your country/region, we only process your personal data based on valid legal bases.
Generally, AutoWhisper acts as a data processor when processing personal data on behalf of enterprise customers according to their instructions. However, when processing personal data for purposes such as marketing, service improvement, and regulatory compliance, AutoWhisper acts as a data controller.
Processing Purposes and Legal Bases:
| Processing Purpose | Legal Basis |
|---|---|
| Provide and manage your account and access to and use of the Services | Performance of contract (Terms of Service) |
| Personalize and customize your Service experience, including providing recommendations and generating video content | Performance of contract |
| Provide customer support, respond to your communications, send account-related notifications | Performance of contract |
| Train and improve AI models that power our products and services | Legitimate interests (You can opt out by contacting privacy@xxx.com) |
| Understand Service usage, trends, and preferences; improve and fix errors; develop new products and features | Legitimate interests |
| Enhance Service security, conduct troubleshooting, data analysis, testing, and system reporting | Legitimate interests (security and safety) |
| Comply with applicable legal obligations, enforce our contracts and policies | Legal obligation |
| Protect or defend the Services, our rights, and the rights of users or others | Legitimate interests (protecting legitimate interests) |
| Send marketing communications, including news and offers for products or services | Consent (You can unsubscribe at any time) |
| Verify identity to prevent fraud and abuse (including processing biometric data) | Explicit consent (You can withdraw consent) |
Marketing Communications: Unless permitted by law, we will not send you unsolicited marketing communications. We will also take all reasonable steps to ensure that we comply with obligations imposed by applicable email marketing laws. You can unsubscribe from our emails at any time using the unsubscribe feature in the email. Upon receiving such a request, we will remove your email address from the subscriber list.
5. AI Technology and Use of User Content
Important Notice: AI Model Training
As an AI-powered service, we use your User Content to train and improve our AI models. Please read this section carefully to understand how we use your content and your choices.
5.1 License You Grant Us
By submitting User Content to the Services, you grant us a worldwide, royalty-free, non-exclusive, transferable, sublicensable, and irrevocable license to:
- Access, use, store, reproduce, modify, adapt, process, transmit, display, and distribute your User Content to operate, provide, improve, and promote the Services
- Use User Content to train and improve our AI models and machine learning systems
- Create derivative works of User Content (i.e., Generated Content)
This license survives the termination of this Privacy Policy and the Terms of Service.
5.2 Ownership and Nature of Generated Content
- You own the Generated Content: To the extent permitted by law, we assign to you all rights we may have in the Generated Content.
- Generated Content may not be unique: Due to the nature of AI technology, other users may generate similar or substantially identical content from their independent use. Output generated for other users is not considered your Generated Content, and our assignment of rights in Generated Content to you does not extend to rights in other users' output.
- Accuracy Disclaimer: You expressly acknowledge and agree that AI-generated content may contain errors, inaccuracies, outdated information, or inappropriate content. It is your responsibility to evaluate whether Generated Content is appropriate for your use case, including whether human review is appropriate, before using or sharing it. Factual assertions in Generated Content should not be relied upon without independently checking their accuracy, as they may be false, incomplete, misleading, or not reflect recent events or information.
5.3 Opt-Out of AI Model Training
You have the right to choose not to have your data used to train our AI models.
If you wish to opt out, please contact us by:
- Sending an email to: xnjiang@qumge.com
- Including "Opt-Out of AI Training" in the email subject
- Providing your account email address for verification
Please note: Opting out may affect the Services' ability to provide you with personalized content and improvement suggestions, but will not affect core Service functionality.
5.4 Third-Party AI Models
Our Services integrate third-party AI model providers (such as HeyGen, OpenAI, Anthropic, etc.). When you use these features, your input content may be sent to these third parties for processing. These third parties' data processing practices are governed by their respective privacy policies. We have data processing agreements with all AI model providers requiring them to process data only according to our instructions and to implement appropriate security measures.
6. How We Share Your Data
We only disclose your personal information as described in this Privacy Policy. Except as otherwise stated, we will never sell your personal information to anyone for monetary gain. You always remain in control of your personal information.
In certain circumstances, we may disclose your personal information to third parties for the purposes described in this Privacy Policy, including:
6.1 Vendors and Service Providers (Sub-processors)
We may contract with third parties who help us provide the Services, including:
Key Sub-processor List:
- • HeyGen (USA) - AI video generation and digital avatar creation
- • OpenAI/Anthropic (USA) - Large language models and content generation
- • Cloudflare R2 (USA) - Cloud storage services
- • Stripe (USA) - Payment processing
- • Google Analytics (USA) - Website analytics
- • Datadog (USA) - System monitoring and analytics
- • Meta/Facebook (USA) - Advertising delivery and analytics
A complete sub-processor list is available by contacting us.
In some cases, these third parties may need to access some or all of your information. We will take all reasonable steps to ensure that your information is handled securely, such as through data protection agreements. In some cases, we may be legally responsible for such subsequent transfers to third parties.
6.2 At Your Direction or with Your Consent
We may also disclose information to third parties when you request, instruct, or consent to our doing so, including to other users of the Services, such as when you use login integrations and social media widgets or, with your consent, make your output or other content available to others.
6.3 Affiliates
We may disclose information to our affiliates or other parties within our corporate group.
6.4 Legal Reasons
In certain situations, we may be legally required to share certain data we hold (which may include your personal information), such as when we are involved in legal proceedings, or when we cooperate with or comply with requirements from legislation, court orders, government agencies, or law enforcement. We may also disclose information to comply with applicable laws, enforce our contractual arrangements and policies, or protect or defend the Services, our rights, and the rights of users or others.
In some cases, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
6.5 Anonymized and Aggregated Data
We may also compile statistical data about use of our Services, including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymized and will not contain any personally identifying information. We may occasionally share such data with third parties (such as potential investors, affiliates, partners, and advertisers). Data is only shared and used to the extent permitted by law.
7. Cookies and Tracking Technologies
As mentioned above, the website and Services may use certain Tracking Technologies to collect Usage Data, including first-party Tracking Technologies (placed by us directly and used only by us) and third-party Tracking Technologies (placed by websites, services, and/or parties other than us).
7.1 Types of Tracking Technologies We Use
| Type | Purpose | Examples |
|---|---|---|
| Essential Cookies | Login status, security, basic functionality | Session management, authentication tokens |
| Analytics Cookies | Understand Service usage, improve features | Google Analytics, Datadog |
| Marketing Cookies | Targeted advertising, retargeting marketing | Meta Pixel, Google Ads |
| Functional Cookies | Remember preferences, enhance experience | Language selection, theme settings |
7.2 Why We Use Tracking Technologies
We use Tracking Technologies because it serves our legitimate interests to:
- Facilitate, improve, and customize your experience with the Services
- Conduct analytics and debugging
- Provide and improve our products and services
- Understand the user experience (e.g., time spent on pages, features used, links clicked, etc.)
- Conduct advertising-related purposes, including retargeting marketing and delivering targeted advertisements to you
- Analyze and measure the effectiveness of our advertising
7.3 Third-Party Tracking
The following third-party Tracking Technologies may be used on our Services:
- Google Analytics: Used for website analytics. Privacy Policy
- Datadog: Used for performance monitoring and user experience analytics. Privacy Policy
- Meta Pixel: Used for ad targeting and performance tracking. Privacy Policy
- Google Ads: Used for ad delivery and retargeting. Privacy Policy
7.4 Your Choices
Most browsers will automatically accept Cookies, but you can control how your device allows the use of Tracking Technologies:
- Browser Settings: You can disable or delete Cookies in your internet browser at any time. Most internet browsers also allow you to choose whether to disable all Cookies or only third-party Cookies. For details, please refer to your browser's help menu or the documentation that came with your device.
- Google Analytics Opt-Out: You can use the Google Analytics Opt-out Browser Add-on
- Meta Ad Settings: You can change your Facebook ad display options in your Facebook account
- Industry Opt-Out Tools: You can visit Your Online Choices or Digital Advertising Alliance
Please note: Disabling or deleting Cookies may cause certain parts of the Services to malfunction, and you may lose any information that enables you to access our website more quickly and efficiently, including login and personalization settings.
Do Not Track: While your browser may allow you to transmit a "Do Not Track" signal or other opt-out preference mechanism, like many websites, our website is not designed to respond to such signals.
8. Data Retention
We retain your personal information only for as long as necessary to provide the products and services described in this Privacy Policy, and/or for as long as you permit us to retain it. In determining how long to retain information, we consider various criteria, including:
- Whether we need the information to continue managing your account, providing Services, maintaining your generated output and content
- Resolving disputes, enforcing our contractual agreements
- Preventing harm, promoting safety, security, and integrity
- Protecting ourselves, including our rights, property, and products
- Complying with legal and regulatory requirements (such as tax and accounting requirements)
8.1 Specific Retention Periods
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account activity + 30 days after account deletion |
| User Content and Generated Content | Until you delete it or within 30 days after account termination |
| Backup data | For disaster recovery purposes, then automatically permanently deleted |
| Marketing consent data | Until you withdraw consent |
| Transaction and payment records | As required by tax and accounting laws (typically 3-7 years) |
| Log and usage data | Typically no more than 12 months |
8.2 Deletion Requests
If you submit a request to delete information, we endeavor to take steps to delete the information within 72 hours of receiving your request, unless we are required or permitted to retain such information under applicable law. For more information, please see the "Your Privacy Rights" section below.
After you delete information or your account, it remains in backups for disaster recovery purposes, and is then automatically permanently deleted.
9. Data Security
Data security is very important to us. To protect your personal information, we have implemented appropriate physical, electronic, and administrative procedures to safeguard and secure the personal information collected through our website.
9.1 Security Measures We Implement
- ✓ Transmission Encryption: TLS/SSL encryption to protect data in transit
- ✓ Storage Encryption: Encrypted storage for data at rest
- ✓ Access Controls: Role-based permissions management and principle of least privilege
- ✓ Authentication: Strong password policies and multi-factor authentication (MFA)
- ✓ Security Audits: Regular security assessments and vulnerability scanning
- ✓ Employee Training: All employees receive data protection and security training
- ✓ Physical Security: Strict physical access controls at data centers
- ✓ Incident Response: Data breach emergency response plans in place
- ✓ Vendor Management: Data protection agreements with all data processors
9.2 Your Security Responsibilities
Despite any security measures we take, it is important to remember that transmission of data over the internet may not be completely secure, and we cannot guarantee the collection, transmission, and storage of data is always secure.
If you choose to register an account with us, it is your responsibility to keep your account credentials secure. We recommend that you do not share your access details with anyone. If you believe your account has been compromised, please contact us immediately.
9.3 Data Breach Notification
If a data breach occurs that affects your rights and freedoms, we will notify you and relevant regulatory authorities within 72 hours of discovery, as required by applicable law (including GDPR). The notification will include:
- The nature of the breach and possible consequences
- Remedial measures we have taken or plan to take
- Steps you can take to mitigate potential adverse effects
10. International Data Transfers
By using our Services, you understand that your personal information may be processed, stored, and transferred to third parties on servers in countries outside your country of residence (including the United States).
10.1 Cross-Border Transfers
Personal information you provide to us and that we collect from you will be transferred to, stored in, or processed in countries outside your country of residence, such as the United States. Your personal information is also processed by staff operating outside the European Economic Area (EEA), the UK, or Switzerland who work for us or for our third-party service providers or partners.
We process personal information you provide to us in countries outside your country of residence in order to provide our Services, fulfill our contracts with you, and provide the functionality of our website.
10.2 Data Transfer Safeguards
To ensure your personal information is adequately protected when transferred internationally, we implement the following measures:
- Standard Contractual Clauses (SCCs): For transfers of personal information to third countries, we use Standard Contractual Clauses approved by the European Commission, unless the country has been determined to provide adequate protection for individuals' rights and freedoms.
- Data Processing Agreements (DPA): We sign data processing agreements with all third parties who receive personal data, requiring them to comply with data privacy framework principles.
- Appropriate Technical and Organizational Measures: Ensure that recipients implement appropriate security measures to protect your data.
10.3 Primary Data Transfer Destinations
- United States: HeyGen (AI video generation), OpenAI/Anthropic (large language models), Cloudflare (cloud storage), Stripe (payment processing)
- China: Primary servers and operations team
- Other Regions: Cloud service providers selected as needed
11. Your Privacy Rights
Depending on your location, you may have certain privacy rights regarding your personal information. Below is an overview of rights that apply in most regions. Residents of specific regions may have additional rights (see Sections 16 and 17 below).
11.1 General Privacy Rights
| Right | Description |
|---|---|
| Right of Access | Request a copy of personal information we hold about you |
| Right to Rectification | Update or correct your personal information |
| Right to Erasure ("Right to be Forgotten") | Request deletion of your personal information (certain exceptions apply) |
| Right to Restrict Processing | Request that we temporarily or permanently stop processing some or all of your personal information |
| Right to Data Portability | Receive your personal information in a structured, commonly used, and machine-readable format |
| Right to Object | Object to our processing of your personal information based on legitimate interests |
| Right to Withdraw Consent | Withdraw your consent at any time when we process based on your consent |
| Right to Object to Automated Decision-Making | Request not to be subject to decisions based solely on automated processing (including profiling) |
| Right to Complain | Lodge a complaint with your local regulatory authority |
11.2 How to Exercise Your Rights
To exercise any of these rights, please contact us by:
- Email: xnjiang@qumge.com
- Subject: Privacy Rights Request - [Specific right, e.g., "Right of Access", "Right to Erasure"]
- Provide Information: Your name, registered email address, and request details
Response Time: We will respond to your request within 30 days, which may be extended to 60 days in some circumstances (we will notify you of any such extensions).
Identity Verification: To protect your privacy and security, we may need to verify your identity before processing your request.
11.3 Limitations and Exceptions
In certain circumstances, we may be unable to fully comply with your request, such as when:
- Required to comply with legal obligations or cooperate with law enforcement
- Necessary to exercise or defend legal claims
- Necessary to protect vital interests of you or others
- The request is manifestly unfounded, repetitive, or excessive
If we refuse your request, we will explain why and inform you of your rights regarding further appeal or complaint.
12. Biometric Information
Important Notice: Biometric Data Processing
Our Services use AI technology to process facial images and voice data to generate digital avatar videos. This may involve processing your biometric information.
12.1 What is Biometric Information
Biometric information consists of individual physiological, biological, or behavioral characteristics that can be used alone or in combination to uniquely identify an individual, including but not limited to:
- Facial Features: Facial geometry, facial landmarks
- Voiceprint Characteristics: Voice patterns, intonation, rhythm
- Other Characteristics: Other unique characteristics extracted from photos or videos you upload
12.2 How We Collect Biometric Information
We may collect biometric information when you use the following features:
- Create Custom Digital Avatars: When you upload your photos or videos to create a personalized AI digital avatar
- Clone Voice: When you record or upload audio samples to generate an AI clone of your voice
- Generate Digital Avatar Videos: When we process your input to generate video content
12.3 How We Use Biometric Information
We use biometric information for purposes including:
- Creating and personalizing digital avatars
- Generating realistic AI video content
- Improving our AI models and algorithms (You can opt out)
- Verifying identity to prevent fraud and abuse
- Complying with legal obligations
12.4 Legal Basis and Consent
Processing biometric information requires your explicit consent. By uploading content containing biometric data (such as photos, videos, or audio), and explicitly choosing to use these features, you consent to our processing of your biometric information in accordance with this policy.
You may withdraw your consent at any time by:
- Deleting your custom avatar and voice data
- Contacting us to request deletion of your biometric information
After consent is withdrawn, we will delete your biometric information within 30 days, unless we are legally required to retain it.
12.5 Biometric Data Retention and Deletion
- Automatic Deletion: When you delete your account or related content, we will permanently delete your biometric information within 30 days
- Retention Period: No more than 3 years maximum, unless you actively use related features or law requires a longer retention period
- Secure Destruction: We use secure methods to permanently destroy biometric information, making it unrecoverable
12.6 Sharing Biometric Data
We do not sell or rent your biometric information. We may share biometric information with:
- AI Service Providers (HeyGen, etc.): For processing and generating video content. All service providers are bound by strict data protection agreements.
- Cloud Storage Providers: For secure storage (encrypted storage)
- Legal Requirements: In response to legal process or law enforcement requests
12.7 Special Notice for Illinois Residents (BIPA)
If you are an Illinois resident, under the Biometric Information Privacy Act (BIPA), you have additional rights:
- We will notify you in writing and obtain your written consent before first collecting or otherwise obtaining your biometric information
- We will provide a written, publicly available policy establishing our biometric information retention schedule and destruction guidelines
- We will not sell, lease, trade, or otherwise profit from your biometric information
- We will not disclose your biometric information to third parties without your consent or as permitted by law
- We store, transmit, and protect biometric information in the same or more rigorous manner as we protect other confidential and sensitive information
13. Children's Privacy
The Services are not directed at children. We do not knowingly collect personal information from children under 13 (or under 16 in some jurisdictions).
If you are under 18 years old, you may only use the Services under the consent and supervision of a parent or guardian. If you are a parent or guardian and discover that your child has provided us with personal information without your consent, please contact us.
If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information and terminate the child's account.
14. Social Features and Third-Party Integrations
14.1 Social Media Platform Integrations
Our Services allow you to connect to the following social media platforms:
- X (Twitter)
- YouTube
- Xiaohongshu
- Douyin
- TikTok
- WeChat Channels
- Substack
When you connect these platforms:
- Information We Collect: Platform account information, public profile, access tokens, follower lists (if you authorize)
- How We Use It: Post content on your behalf, retrieve analytics data, manage your social media activities
- Third-Party Policies: These platforms' data processing practices are governed by their respective privacy policies
- Revoke Access: You can revoke access at any time on our settings page or directly on the platform
14.2 Third-Party Login
You may choose to log in through third-party services (such as Google, Facebook). When you do so:
- We may receive your name, email address, profile picture, and other public profile information
- You can control the information shared in the third-party service
- The third party's privacy policy applies to their use of your information
14.3 User Generated Content and Public Areas
If you post content in public areas of the Services or share materials with other users through the Services:
- Publicly Visible: Content you share may be visible to other users and the public
- Share Carefully: Do not share sensitive personal information you do not want to be public
- Limited Control: Once content is shared, we cannot control how others use that content
15. Business Changes
If we or our assets are acquired by or merged with another company, or if we reorganize or sell any or all of our business or assets, your information may be disclosed and/or transferred to the buyer or other successor as part of that transaction. In any such transaction, your personal information will continue to be protected in accordance with this Privacy Policy and applicable law requirements.
We will notify you before any change in ownership or material change in how your personal information is used (via email and/or a prominent notice on our Services).
16. Additional Disclosures for California and Other US State Residents
16.1 California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, under the California Consumer Privacy Act (CCPA) and its amendments (CPRA), you have the following additional rights:
California Privacy Rights:
- Right to Know: Learn about the categories of personal information we collect, use, disclose, and sell
- Right of Access: Request specific information we have collected about you in the past 12 months
- Right to Delete: Request deletion of personal information we have collected from you (certain exceptions apply)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of "sale" or "sharing" of your personal information
- Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of sensitive personal information
- Right to Non-Discrimination: Not be discriminated against for exercising CCPA rights
Categories of Personal Information We Collect
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email, IP address, account name | ✓ |
| B. Personal Information (CA Customer Records Act) | Name, address, phone number, payment information | ✓ |
| C. Protected Classification Characteristics | Age, gender, nationality | ✗ |
| D. Commercial Information | Purchase records, consumption history | ✓ |
| E. Biometric Information | Facial features, voiceprints | ✓ |
| F. Internet/Network Activity | Browsing history, search history, website interactions | ✓ |
| G. Geolocation Data | Approximate location (country, city) | ✓ |
| H. Sensory Information | Audio, video | ✓ |
| I. Professional/Employment Information | Company name, job title | ✓ |
| J. Inferences | Preferences, tendencies, behavior | ✓ |
| K. Sensitive Personal Information | Account credentials, precise geolocation | ✓ |
Disclosure of "Sale" or "Sharing" of Personal Information
As defined by the CCPA, we do not "sell" your personal information for monetary gain. However, we may "share" certain information with third parties for targeted advertising purposes, which may be considered a "sale" or "sharing" under the CCPA.
In the past 12 months, we may have shared the following categories of personal information with the following categories of third parties for targeted advertising purposes:
- Identifiers: Shared with advertising networks (Meta, Google Ads)
- Internet Activity: Shared with analytics providers (Google Analytics, Datadog)
Opt Out of Targeted Advertising:
- Click the "Do Not Sell or Share My Personal Information" link on our website
- Send an email to xnjiang@qumge.com with subject "CCPA Opt-Out"
How to Exercise Your California Privacy Rights
To exercise the above rights, please:
- Send an email to xnjiang@qumge.com
- Note the specific rights request in the subject (e.g., "CCPA Access Request")
You may also authorize an agent to make a request on your behalf. We may need to verify your identity and the agent's authorization.
16.2 Other State Privacy Laws (Virginia, Colorado, Connecticut, etc.)
If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states that have implemented similar consumer privacy laws, you may have rights similar to those under the CCPA, including rights of access, correction, deletion, and opting out of targeted advertising.
To exercise these rights, please use the same contact methods described in the California section above.
17. Additional Information for EU, UK, and Swiss Residents
17.1 General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), the UK, or Switzerland, under the General Data Protection Regulation (GDPR) and similar laws, you have the privacy rights described in Section 11 above.
17.2 Legal Bases for Processing
We process your personal data based on the following legal bases (as described in Section 4 above):
- Performance of Contract: Necessary to provide Services to you
- Consent: You have explicitly consented to the processing
- Legitimate Interests: Our legitimate business interests (e.g., improving Services, preventing fraud), provided they do not override your rights
- Legal Obligation: Necessary to comply with applicable law
17.3 International Data Transfer Mechanisms
When we transfer your personal data from the EEA, the UK, or Switzerland to third countries, we use the following safeguards:
- Standard Contractual Clauses (SCCs): Data transfer contracts approved by the European Commission
- Adequacy Decisions: Transfer to countries the European Commission has determined provide adequate protection
- Supplementary Measures: Additional technical and organizational security measures
17.4 Right to Complain to Regulatory Authorities
If you have concerns about how we process your personal data, you have the right to lodge a complaint with the data protection authority in your country:
- EU: European Data Protection Board Members List
- UK: Information Commissioner's Office (ICO)
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
While you have the right to complain to regulatory authorities, we encourage you to contact us directly first so that we can do our best to address your concerns.
18. Policy Changes and Complaints
18.1 Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Service improvements. When we make material changes:
- Notice: We will notify you by email (sent to the email address specified in your account) and/or a prominent notice on the Services
- Effective Date: The updated policy will become effective on the date shown in the "Effective Date"
- Your Choices: If you do not agree with the changes, you may stop using the Services and delete your account before the new policy takes effect
- Continued Use: Your continued use of the Services after the new policy takes effect indicates your acceptance of the updated policy
We recommend that you review this Privacy Policy regularly to stay informed about how we protect your information.
18.2 Contact Us and Complaints
If you have any questions, comments, or complaints about this Privacy Policy, or wish to exercise your privacy rights, please contact us by:
Contact Information:
- Company Name: AutoWhisper (Shanghai) Information Technology Co., Ltd.
- Privacy Email: xnjiang@qumge.com
- Registered Address: Shanghai, People's Republic of China
- Response Time: We will respond to your inquiry or request within 30 days
Complaint Handling Process:
- Submit Complaint: Submit your complaint to us via the above contact methods, and provide detailed information
- Acknowledgment: We will acknowledge receipt of your complaint within 3 business days
- Investigation: We will conduct an internal investigation and may request more information from you
- Resolution: We will provide you with a substantive response and solution within 30 days
- Escalation: If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your jurisdiction