privacy-policy-en-us – DWARFLAB APP

Privacy Policy

Last Updated: Dec. 24, 2024

Tinyphoton (Wuhan) Technology Co., Ltd. (hereinafter referred to as “Tinyphoton” or “we”) is a limited liability company established under the laws of the People’s Republic of China. We attach great importance to maintaining and protecting users’ personal information, and have formulated the “DWARFLAB Privacy Policy” (hereinafter referred to as “this Policy”) applicable only to the DWARFLAB App (hereinafter referred to as “this App”).

Before using our products or services, please carefully read and fully understand this Policy. By tapping “I agree” or using this software or service, you are deemed to have read and agreed to all the terms of this Policy.

This Policy will help you understand:

How we collect and use your personal information
How we use SDK(Software Development Kit)s
How we share, transfer and publicly disclose your personal information
How we protect your personal information
Your rights
How we handle children’s personal information
How your personal information is stored and transferred globally
How this Policy is updated
How to contact us

We understand the importance of personal information to you and will do our best to protect the security and reliability of your personal information. We are committed to maintain your trust in us and abide by the following principles to protect your personal information: the principle of consistent authority and responsibility, the principle of clear purpose, the principle of choice of agreement, the principle of minimum sufficient, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency. At the same time, we promise that we will take Appropriate safety protection measures to protect your personal information in accordance with the mature safety standards in the industry.

1.How we collect and use your personal information

Personal information refers to various information recorded electronically or by other means that can identify a specific individual’s identity either alone or in combination with other information, or reflect specific activities of a particular individual.

We will only collect and use your personal information for the purposes stated in this Policy:

1.1 Connecting DWARF hardware products

DWARF Device Information. If you use this App to connect to a wireless local area network on an Android device, you may need to manually enter the DWARF device password. For your convenience, we provide a “Copy Device Password” button to allow you to copy the device password to the phone clipboard. By choosing to use the copy device password function, you understand and agree that this App will access your clipboard to copy the password. We have taken strict security measures to ensure that this App only accesses the clipboard when you actively choose to copy the password, and does not read the contents of the clipboard. The copied device password text will be stored in the system storage of your mobile device. We recommend that you delete the password information after use to ensure password security.

Region Information. In order to ensure that this App runs normally in different countries and regions, and complies with local wireless communications, we may read your mobile device’s country code to get an approximate location, usually the country or region name. In order to ensure the connection between your mobile device and our hardware products, we may read your settings on DWARFLAB (such as the name and password of the hardware device, the Wi-Fi IP address). These setting information will be stored in the internal storage of this App.

To ensure the stability of network connections between your mobile device and our hardware products, as well as to maintain proper functionality, we may request access to your Wi-Fi status/parameters and WLAN access point information (such as SSID, BSSID, RSSI, etc.). This data collection is solely for the purpose of network status detection and will not be used for user identification or data storage.

1.2 Device Permission Calls

In order to ensure the normal implementation of this App’s product functions, we may apply for or use access permissions for your mobile device:

Downloaded files using storage and album permissions will be saved to the internal storage of your mobile device. Calling other permissions in the table does not involve data storage.

1.3 Services and Support

Log Information. When you report bugs or suggestions to us, in order to provide solutions promptly, we may need to collect your DWARF product usage log records (including timestamps, error messages, user operations, notification information, key running records of App functions, running status of hardware products, hardware products names and passwords，and phone system version and phone model information). To facilitate contacting you, we may need to collect your email address. By using the ‘Log Upload’ feature, you understand and agree that this App obtains your log records and email address.

1.4 Atlas Sensor Mode

When you point your mobile device towards the sky, the star atlas automatically aligns with the device’s orientation. To enable this functionality, we may utilize your device’s sensors, including the accelerometer, magnetometer, and gyroscope. This sensor data is exclusively used to determine the device’s orientation and position, facilitating the automatic alignment feature of the star map. It is important to note that this data is not used for personal identification purposes. Furthermore, the use of this feature does not disclose your specific direction or location. All data is processed temporarily and is not stored on any medium.

1.5 App Updates

To detect the version status of our application and provide upgrade services, we may access information about installed applications on your device when you attempt to navigate to the app marketplace for an update. This process is solely to confirm whether the target application is installed and to verify its version. This operation is exclusively used to facilitate the upgrade functionality and will not be utilized for any other purposes. We do not collect or store any personal information during this process.

1.6 Registration and Login

To complete account registration or login, you may need to provide us with the following information: phone number, email address, created username, and password. During registration, to verify your identity, we will send a verification code to your phone number or email for verification. After registering an account, you may choose to provide your nickname, avatar, and gender. Except for circumstances explicitly specified in this agreement, we will not share, transfer, or disclose your personal information.

Please note that refusing to provide the above information will not affect account usage. If you choose not to register an account, you can still use the App to control DWARFLAB telescopes.

1.7 Exceptions with authorized consent

You fully acknowledge that in the following circumstances, we have the right to collect and use your personal information without your authorization or consent:

(1) Directly related to national security and defense.

(2) Directly related to public safety, public health, and significant public interest.

(3) Directly related to crime investigation, prosecution, trial and execution of judgments, etc.

(4) For the protection of your or other individuals’ life, property and other significant legitimate rights and interests but it is difficult to obtain your consent.

(5) Where the personal information collected from you is disclosed to the public by you.

(6) Your personal information collected from legitimate public disclosures, such as legitimate news reports, government information disclosure and other channels.

(7) Necessary for the conclusion or performance of contracts and other written documents at your request.

(8) Necessary for maintaining the safe and stable operation of the products and/or services provided, such as the detection and disposal of product and/or service failures.

(9) Personal information controller is a news organization and necessary for the public interest its in the conduct of legitimate news reporting.

(10) Academic research institutions based on the public interest to carry out statistical or academic research necessary, and when providing the results of academic research or description to the public, de-identification or anonymization of the personal information contained in the results.

(11) Other circumstances specified by laws and regulations.

2. How we use SDK(Software Development Kit)s

To provide and optimize our services, third-party SDKs may be embedded in our App. While these third-party SDKs help us provide you with more comprehensive services, they may collect your personal information. We will take necessary measures to control such third parties’ collection and use of your personal information to ensure that your personal information is effectively protected. For details on the identity of third parties, the purpose of collection, links to third-party privacy policies, etc., please refer to Appendix 1 of this Policy – Description of Third Party SDKs

3. How we share, transfer and publicly disclose your personal information

3.1 Sharing

We will not share your personal information with any other companies, organizations and individuals, except for the following cases.

(1) Sharing with explicit consent. We will share your personal information with other parties after obtaining your explicit consent.

(2) We may share your personal information with external parties in accordance with laws and regulations, or as mandated by government authorities.

3.2 Transfer

We will not transfer your personal information to any company, organization, or individual, except for the following.

(1) Transferring with express consent. We will transfer your personal information to other parties after obtaining your explicit consent.

(2) In the event of a merger, acquisition or bankruptcy and liquidation involving the transfer of personal information, we will then require the new company or organization holding your personal information to continue to be bound by this policy, or we will require the company or organization to seek your authorized consent again for the new privacy policy.

3.3 Public Disclosure

We will only disclose your personal information publicly when.

(1) After obtaining your explicit consent.

(2) Disclosure based on law. We may publicly disclose your personal information when compelled to do so by law, legal process, litigation or government authorities.

3.4 Exceptions to prior authorized consent for sharing, transferring, or publicly disclosing information

Please understand that, in accordance with laws and regulations and relevant national standards, we are not required to obtain your authorized consent for sharing, transferring, or publicly disclosing your personal information in the following cases.

(1) Directly related to national security and national defense security.

(2) Directly related to public safety, public health, and significant public interests.

(3) Directly related to crime investigation, prosecution, trial and execution of judgments, etc.

(4) For the protection of your or other individuals’ life, property and other significant legitimate rights and interests but it is difficult to obtain your consent.

(5) Information that you disclose to the public on your own.

(6) Gathered from lawful public disclosures, such as lawful news reports, government information disclosure and other channels.

4. How we protect your personal information

We have used security measures that meet industry standards to protect the personal information you provide against unauthorized access, public disclosure, use, modification, damage or loss of personal information.

We will take all reasonable and practicable steps to ensure that no unrelated personal information is collected. We will only retain your personal information for as long as necessary to achieve the purposes described in this policy, unless an extended retention period is required or permitted by law.

The Internet is not an absolutely secure environment, we will do our best to ensure the security of any information you sendus. Even if we make great efforts and take all reasonable and necessary measures, it may still be impossible to prevent your personal information from being illegally accessed, illegally stolen, illegally tampered with or destroyed, resulting in damage to your legitimate rights and interests, please understand the above-mentioned risks of information networks and voluntarily assume them.

After the unfortunate occurrence of personal information security incident, we will inform you in a timely manner in accordance with the requirements of laws and regulations: the basic situation of the security incident and the possible impact, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce the risk, the remedial measures for you, etc. We will promptly inform you of the event-related situation by email, letter, telephone, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also take the initiative to report the disposition of personal information security incidents in accordance with the requirements of the regulatory authorities.

5. Your rights

5.1 Deletion of your personal information

You can request us to delete your personal information in the following cases.

(1) If we handle personal information in violation of laws and regulations.

(2) If our handling of personal information violates our agreement with you.

When you make a deletion request to us, we may require you to verify your identity to safeguard your account. When you delete information from our service, we may not immediately delete the corresponding information from our backup system because of Applicable laws and security technology, and we will store your information securely until the backup can be erased or anonymized. However, your decision to delete will not affect our previous processing of personal information based on your authorization.

5.2 Alter Your Consent Authorization

You may at any time grant or withdraw your consent to the collection and use of personal information that has been gathered. And you may reconfigure your consent regarding the use of your personal information by accessing the authorization page within this App.

Upon your withdrawal of consent, we will cease the processing of the relevant personal information. However, your decision to withdraw consent will not affect any personal information processing conducted previously based on your authorization.

5.3 Automatic Information System Decision Making

In some business functions, we may make decisions based solely on automated, non-human decision-making mechanisms, including information systems and algorithms. If these decisions significantly affect your legal rights, you have the right to request an explanation from us and we will provide Appropriate remedies.

5.4 To respond to your request above

For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before we process your request.

For your reasonable requests, we do not charge a fee in principle, but for requests that are repeated several times and exceed reasonable limits, we will charge a cost fee depending on the circumstances. We may deny requests that are unwarrantedly repetitive, require excessive technical means (for example, requiring the development of new systems or fundamental changes to current practices), pose a risk to the legal rights of others, or are highly impractical. Please also understand that we may not be able to respond to some of your requests due to safety and security concerns, requirements of relevant laws and regulations, or technical limitations, such as the following.

(1) Related to the personal information controller to fulfill the obligations under laws and regulations.

(2) Directly related to national security and national defense security.

(3) Directly related to public safety, public health, and significant public interest.

(4) Directly related to crime investigation, prosecution, trial and execution of judgments, etc.

(5) Where the controller of personal information has sufficient evidence of subjective malice or abuse of rights by the subject of personal information

(6) For the purpose of safeguarding the life, property and other significant legitimate rights and interests of the subject of personal information or other individuals but where it is difficult to obtain the consent of the person.

(7) Responding to the request of the subject of personal information will lead to serious damage to the legitimate rights and interests of the subject of personal information or other individuals or organizations.

(8) Where commercial secrets are involved.

6. How we handle children’s personal information

Our products, websites and services are intended for adults only. We recommend that children use this App and related services under the accompaniment of their parents or guardians.

In cases where children’s personal information is collected with the consent of parents and guardians, we will only process such information when permitted by law and with parents’ or guardians’ explicit consent, or when necessary to protect children. When processing children’s information, we will handle it in accordance with laws and special personal information rules.

Although local laws and customs define children differently, we consider anyone under the age of 14 to be a child.

If we find out that we have collected personal information of children without first obtaining verifiable parental consent, we will try to delete the relevant data as soon as possible.

7. How your personal information is stored and transferred globally

Apart from the User account and logs information you actively upload, other personal information collected during the use of this App (as detailed in Part 1 of this policy) will be stored within the internal storage of your mobile device, and we are unable to transfer this portion of information.

Currently, personal information collected and generated within the territory of the People’s Republic of China (excluding Hong Kong, Macau, and Taiwan regions) will be stored on Tencent Cloud Object Storage servers in the Nanjing region. Personal information collected and generated outside the territory of the People’s Republic of China and in Hong Kong, Macau, and Taiwan regions of the People’s Republic of China will be stored on Amazon S3 Object Storage servers located in the US-EAST-1 region (Northern Virginia) in the United States. We have signed confidentiality agreements with the relevant information storage providers and will implement strict confidentiality measures for the aforementioned personal information. The information will be stored for a period within 14 days, after which the system will automatically delete it. The above information does not involve domestic or cross-border transfer scenarios. If transfer is required due to judicial procedures, government actions, or other demands from state organs, we will confirm whether transfer is necessary according to the laws of both the transferring and receiving countries.

8. How this Policy is updated

Our Privacy Policy may change. We will post any changes made to this Policy on this page. For major changes, we will provide more prominent notices.

Major changes referred to in this Policy include but are not limited to:

（1）Major changes in our service model, such as the purposes of personal information processing, types of personal information processed, and ways in which personal information is used;

（2）Major changes in the main objects of sharing, transferring, or publicly disclosing personal information;

（3）Your rights regarding participation in personal information processing and the ways in which those rights are exercised undergo major changes.

By continuing to use this App and services after the updated Policy takes effect, you indicate that you have fully read, understood and accepted the updated Policy and are willing to be bound by the updated Policy.

9. How to contact us

If you have any questions, comments or suggestions about this policy, or wish to withdraw personal information that you have authorized us to use (cancel your account, cancel your authorization but it will result in some functions not working properly), you can contact us by Email: support@dwarflab.com.

If you are dissatisfied with our response, especially if our personal information processing behaviors have infringed upon your lawful rights and interests, you may also file complaints or reports to regulatory authorities such as cyberspace, telecommunications, ministry of public security, and business, etc.

Appendix 1

To ensure the stable operation of DWARFLAB or realize related functions, we may also access software development kits (SDKs) provided by third parties to achieve the aforementioned purposes. We list the accessed third-party SDKs in the following list. You can view the data usage and protection rules of third parties through the links or paths provided in the directory. Please note that the types of personal information processing by third-party SDKs may change due to reasons such as version upgrades and policy adjustments. Please refer to the official standards published by them.

End.