General Privacy Policy

Last Updated: May 21, 2026

Welcome to Shenzhen Smart Bay Technology Co., Ltd. ("we," "us," or "our"). We are deeply committed to protecting your personal information and your right to privacy. This General Privacy Policy ("General Policy") serves as our foundational privacy framework, outlining our baseline standards, compliance principles, and organizational commitments regarding the processing of personal data across our entire ecosystem.

This General Policy applies to all personal information processed through our hardware devices, operating systems (including FlowOS), cloud applications, mobile applications, browser environments, creative suites, websites (including https://www.smartbaytech.com), and any related technical support operations or customer services (collectively, the "Services").

1. OUR CORE PRIVACY PRINCIPLES

Regardless of where you reside or which specific Smart Bay product you interact with, our entire software and hardware architecture adheres strictly to the following data protection concepts:

• Lawfulness, Fairness, and Transparency: We process personal details only under verified lawful bases, maintaining absolute honesty with users regarding our baseline technical realities.
• Purpose Limitation: Personal data is collected solely for specified, explicit, and legitimate commercial or operational purposes and is never processed in manners incompatible with those specified thresholds.
• Data Minimization: Our development cycles enforce a strict "privacy-by-design" methodology. We restrict data handling to the absolute minimum necessary to render the core service, optimizing for local device sandbox execution wherever engineering constraints permit.
• Storage Limitation: Personal details are preserved in identifiable formats only for the minimum duration required to execute our specified business services, followed immediately by comprehensive data purging or deep anonymization.

2. GLOBAL DATA SUBJECT PRIVACY RIGHTS

We honor statutory privacy protections across international jurisdictions (including the European Union's General Data Protection Regulation - GDPR). Depending on your geographical region, you may possess the following individual data controls, subject to verified identity matching:

• Right of Access and Portability: The right to obtain comprehensive validation as to whether your data is being processed, and to receive a structured, machine-readable digital copy of your personal data records.
• Right to Rectification: The right to demand the immediate correction or updating of inaccurate or incomplete personal attributes maintained in our active systems.
• Right to Erasure ("Right to be Forgotten"): The right to order the permanent deletion of your profile logs or device identifiers from our infrastructure, subject to legal verification rules.
• Right to Restriction of Processing: The right to freeze active processing pipelines, restricting our backend handling of your files to simple technical preservation under specific dispute scenarios.
• Right to Object: The right to oppose active data processing structures justified by our "legitimate business interests," including an absolute right to halt processing for direct marketing configurations.

3. UNITED STATES REGIONAL PRIVACY PROTECTIONS

For residents of United States jurisdictions enforcing comprehensive state-level frameworks—including California (CCPA/CPRA), Texas (TDPSA), Virginia (VCDPA), Florida (FDBR), Colorado (CPA), and similar state codes—we maintain specialized regulatory alignments:

No Commercial Selling or Data-Broker Laundering

We do not broker, rent, or commercially sell your personal database logs or creative assets to marketing syndicates or data aggregators for financial profit. Automated technical sharing of online metadata identifiers via SDK pipelines for context-behavioral ad management is clearly and itemized in our respective application supplements.

Statutory Protections

1. Right to Opt-Out of Targeted Advertising: Users maintain the persistent legal right to restrict the processing of technical identifiers for cross-context tracking or promotional profiling.
2. Right to Non-Discrimination: We strictly guarantee that exercising your privacy protections will never result in service degradation, tier penalties, or pricing discrimination across our platform.
3. Right to Appeal Negative Determinations: If our compliance team is technically unable to fulfill a data request (e.g., due to an inability to associate an anonymous local device log with a real-world identity string), you maintain an absolute right to launch a formal appeal.

4. DATA SECURITY & INTEGRITY MEASURES

We deploy extensive industrial-grade administrative, operational, and physical protective barriers designed to secure personal datasets against unauthorized alteration, accidental loss, disclosure, or destructive exploitation.

Our infrastructure prioritizes hardware-isolated cryptographic enclaves (such as the Android Trusted Execution Environment - TEE) on our mobile devices to anchor sensitive parameters locally, utilizing advanced TLS/SSL encryption for data in transit to cloud-hosted computational frameworks. However, please recognize that no cloud processing node or public internet network can be structurally guaranteed to achieve absolute 100% security vulnerability immunity.

5. INTERNATIONAL DATA TRANSFERS & LOCALIZATION

Shenzhen Smart Bay Technology Co., Ltd. operates global delivery systems. Personal information captured across international borders may be securely transmitted to, stored in, or processed within cloud servers located outside your home territory (including jurisdictions across the United States, European Economic Area, and China).

When executing cross-border transfers, we enforce adequate legal safeguards—including the execution of the European Commission’s Standard Contractual Clauses (SCCs) and rigorous verification of regional data localization mandates where explicitly required by localized physical infrastructure regulations.

6. CHILDREN'S PRIVACY PROTECTION STANDARDS

Our core portfolio is explicitly engineered as general-purpose productivity, browser, and smartphone systems and is not intentionally targeted at or structured for children under thirteen (13) years of age (or sixteen (16) within specific European economic areas).

We do not knowingly process personal tracking records from children. If we identify that technical identifiers or registration data belonging to a protected child have been collected automatically without verified parental guardian consent, we will execute immediate technical operations to purge that data completely from our active production nodes.

7. MODIFICATIONS AND AMENDMENTS TO THIS NOTICE

We reserve the right to modify or adjust this General Policy at any point to remain fully synchronized with statutory compliance upgrades, architectural adjustments, or shifts in regional privacy regulations.

The "Last Updated" value at the introduction of this document highlights our most recent editorial revision date. We encourage users to inspect this portal periodically to track our operational data integrity standards.

8. HOW CAN YOU CONTACT US? (SINGLE-INBOX INTAKE)

To streamline our operational bandwidth while remaining completely responsive to legal data requests, we enforce a unified, single-inbox support infrastructure. If you have questions about this General Policy, or wish to submit verified deletion requests, data subject access requests (DSAR), or formal statutory appeals, please reach out directly through our consolidated corporate contact gates:

• Consolidated Compliance Email: [email protected]
• Dedicated Data Deletion Request Portal: https://www.smartbaytech.com/data-request
• Official Corporate Support Form: https://www.smartbaytech.com/support

Physical Corporate Headquarters Address:

Shenzhen Smart Bay Technology Co., Ltd.
Room B2703, Building 12, Shenzhen Bay Eco-Technology Park
18 Keji South Road, Yuehai Street, Nanshan District
Shenzhen, Guangdong 518057
China