1. Scope & Controller
This Privacy Policy (the “Policy”) is issued by Beijing Tianrun Hengyuan Technology Co., Ltd. (the “Company”, “we”, “us”, “our”), a company incorporated under the laws of the People's Republic of China, with its registered office at:
1011, 9th Floor, Building 15, Xinzhaojia Garden,
Chaoyang District, Beijing, 100000, CN
This Policy applies to: (a) the Company's corporate website located at tianrunhy.com and all sub-domains (the “Website”); (b) all mobile applications published by the Company on any application distribution platform (each an “App” and collectively the “Apps”); and (c) any related services, APIs or hosted backend (the “Services”).
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR, the Company acts as the data controller for data it determines the purposes and means of; for limited technical data the Company acts as a data processor on behalf of publishing partners.
2. Definitions
- Personal Data — any information relating to an identified or identifiable natural person.
- Processing — any operation performed on Personal Data (collection, storage, transmission, erasure, etc.).
- End-User — the natural person installing or using any of the Apps or Services.
- IAA — In-App Advertising, the free-to-user ad-supported monetization model.
- IAP — In-App Purchase, including consumables, non-consumables and auto-renewing subscriptions.
- Ad Identifier — the Google Advertising ID (AAID / GAID) or Apple Identifier for Advertisers (IDFA) when permitted.
- SDK — a third-party software development kit integrated into our Apps.
3. Data We Collect
We operate under the principle of minimum necessity. The following table enumerates, for each category, what we collect, why, where it lives, and how long it stays.
| Category | Specific Data | Source | Purpose | Storage |
|---|---|---|---|---|
| Account (optional) | Email, display name, password hash | User input | Optional cloud sync | EU-Frankfurt |
| Device | OS version, locale, screen size, IP-derived country | Automatic | Crash diagnostics, locale routing | Aggregated after 90 days |
| Diagnostics | Anonymous stack traces, performance counters | Automatic | Stability, crash triage | Aggregated after 90 days |
| Usage | Feature counters (no PII) | Automatic | Roadmap prioritization | Aggregated after 12 months |
| In-App Content | Routes, journal entries, item scans, habit logs, workouts, receipts | User input | Core product functionality | 100% on-device by default |
| Purchases | Purchase token, product ID, country (via store) | Google / Apple | Receipt verification, restore | EU-Frankfurt |
| Support | Email content, optional attachments | User input | Customer support | EU-Frankfurt, 24 months |
Design choice: The Apps are designed as offline-first. In-App Content that the End-User creates lives on the device until they explicitly choose to sync it. Data stays local is a default, not an option.
4. How We Use Data
- Service delivery — to install, configure, maintain and protect the Apps.
- Improvement — aggregated metrics to inform engineering priorities.
- Support & communication — to respond to user-initiated support requests.
- Legal & compliance — to comply with applicable law and enforce terms.
- Advertising — to display advertising under the IAA model, as further detailed in Section 7.
- Security — to detect fraud, abuse and anomalies.
We do not use Personal Data for automated decision-making that produces legal or similarly significant effects, except in narrowly defined fraud-prevention contexts disclosed in-app.
5. Legal Basis for Processing
Where the GDPR, UK GDPR or analogous regulations apply, we rely on the following legal bases:
- Performance of a contract — when the End-User enters into our End-User License Agreement (EULA) by installing or using the Apps.
- Legitimate interest — for narrowly defined security, fraud-prevention and aggregated analytics, balanced against user rights and freedoms.
- Consent — for non-essential cookies, advertising measurement, push notifications and any optional diagnostic sharing beyond crash data.
- Legal obligation — where applicable law requires us to retain or disclose data (e.g., tax, anti-money-laundering).
Under the CCPA/CPRA “right to limit” framework, End-Users may opt out of any “sale” or “sharing” as those terms are defined under California law; see Section 11.
7. Advertising, IAA & Ad Mediation
The Apps integrate third-party advertising SDKs for ad-supported monetization (the “IAA model”). The Company uses AppLovin MAX as its primary mediation layer; the ad networks listed below are waterfalled and bid in real time. Each network operates as an independent controller of the data it receives.
7.1 Ad Formats Implemented
- Open-screen / Splash ads — shown on cold launch; skippable after 3 seconds; never superimposed on top of authentication or payment flows. Frequency-capped at 1 per user per session.
- Rewarded video ads — always opt-in, always granting an in-app reward (hint, export credit, theme); never required to access core functionality.
- Interstitial ads — shown at natural break points between screens; capped at 1 per user per 3 minutes; suppressed for users under age 13 and in “child-directed" contexts.
- Banner (adaptive) ads — anchored bottom-only; hidden during active gameplay, fitness logging or document editing.
7.2 Ad Mediation Platforms & Networks
The Apps currently integrate the following ad platforms. Each is contractually required to honour our COPPA, GDPR-K and TCF v2.2 signals.
| # | Provider | Privacy / Opt-out Link | Data Processed |
|---|---|---|---|
| 1 | Google AdMob | policies.google.com/privacy | AAID/IDFA, device info, contextual |
| 2 | Meta Audience Network | facebook.com/privacy/policy | Hashed email (optional), device info |
| 3 | AppLovin MAX Mediation | appLovin.com/privacy | AAID, session info |
| 4 | Unity Ads | unity.com/legal/privacy-policy | Device ID, country |
| 5 | ironSource (now Unity) | ironsrc.com/privacy-policy | AAID, device info |
| 6 | Vungle (now Liftoff) | vungle.com/privacy | Device ID, demographics |
| 7 | Chartboost (now Zynga) | chartboost.com/privacy | Device ID, performance |
| 8 | AdColony (now Digital Turbine) | adcolony.com/privacy-policy | AAID, location (coarse) |
| 9 | InMobi | inmobi.com/privacy-policy | AAID/IDFA, location |
| 10 | Tapjoy | tapjoy.com/legal/privacy | AAID, reward events |
| 11 | StartApp | startapp.com/privacy | Device ID, app inventory |
| 12 | Pinterest Ads | policy.pinterest.com/privacy | Hashed email (optional) |
| 13 | TikTok Ads (Pangle) | ttpolicy.ttweb-en.com/privacy | Device ID, behaviour |
| 14 | Snap Ads (Snapchat) | snap.com/privacy/privacy-policy | Device ID, action IDs |
| 15 | Reddit Ads | reddit.com/policies/privacy | Device ID, interest categories |
| 16 | Twitter/X Ads | twitter.com/privacy | Hashed email (optional) |
| 17 | LinkedIn Ads | linkedin.com/legal/privacy-policy | Hashed email, employment |
| 18 | Microsoft Advertising (UET) | privacy.microsoft.com | Device ID, conversion events |
| 19 | Yahoo Gemini / Verizon Media | verizonmedia.com/privacy | Device ID, audience |
| 20 | Amazon Publisher Services (APS) | amazon.com/privacy | Device ID, contextual |
| 21 | Criteo | criteo.com/privacy | Hashed email, retargeting |
| 22 | Taboola | taboola.com/privacy-policy | Device ID, content recs |
| 23 | Outbrain | outbrain.com/legal/privacy | Device ID, content recs |
| 24 | BidMachine | bidmachine.io/privacy | Device ID, performance |
| 25 | Smaato | smaato.com/privacy | Device ID |
| 26 | Pubmatic | pubmatic.com/legal/privacy | Device ID, contextual |
| 27 | OpenX | openx.com/privacy | Device ID |
| 28 | Index Exchange | indexexchange.com/privacy | Device ID |
| 29 | Yandex Ads (where territory permits) | yandex.com/legal/privacy | Device ID |
| 30 | Mintegral | mintegral.com/en/privacy | Device ID, geo (coarse) |
7.3 Consent & User Controls
End-Users in the EEA, UK and Switzerland are presented with a Google-certified Consent Management Platform (CMP) in accordance with the IAB Europe TCF v2.2 framework. Choices are re-confirmable in Settings �?Privacy �?Ad Choices.
For End-Users in the United States, we honour Global Privacy Control (GPC) and provide the California “Do Not Sell or Share My Personal Information” link in every App's settings menu.
End-Users may reset their AAID/IDFA at any time via their device settings. Detailed opt-out instructions for each network are listed in the in-app “Ad Choices” menu.
8. In-App Purchases (IAP)
The Apps offer two monetization models in parallel: IAA (advertising) and IAP (purchases). The IAP model includes:
- One-time unlocks (non-consumable) — e.g., premium feature pack.
- Consumables — e.g., single OCR export credits.
- Auto-renewing subscriptions — e.g., pro tier monthly/annual.
Payments are processed by the platform store: Google Play Billing v6 on Android and Apple StoreKit 2 on iOS. Subscription management is performed by the End-User via their store account. Receipt verification uses Google Play Developer API and Apple App Store Server Notifications, with cryptographic signatures validated on our backend before entitlements are issued.
In-app purchases are clearly disclosed prior to confirmation and the offer screen complies with each store's UI guidelines (Google Play UI guidelines, Apple Human Interface Guidelines). Refund policies follow the platform's standard terms (Google Play refund window: 48 hours; Apple: report-a-problem flow).
For EU End-Users, the 14-day right of withdrawal under the Consumer Rights Directive 2011/83/EU is waived where the End-User has begun to use digital content, in accordance with Article 16(m). For subscriptions, we send a clear reminder at least 7 days before renewal, in compliance with Section 4.6 of the EUMA (EU).
9. Data Retention
We retain Personal Data only as long as necessary to provide the Services and comply with legal obligations. Specific retention periods:
- On-device user content — until the End-User deletes it, uninstalls the App, or 36 months of inactivity.
- Optional account data — until account deletion + 30 days for propagation across backups, then permanently erased.
- Purchase receipts — 10 years (tax law).
- Crash & performance diagnostics — aggregated after 90 days.
- Support correspondence — 24 months from last contact.
- Server logs — 30 days; aggregated after.
10. International Data Transfers
The Company is headquartered in Beijing but operates an EU-FR2 (Frankfurt) data residency by default. Where Personal Data is transferred outside the EEA, UK or Switzerland, we rely on:
- Standard Contractual Clauses (Commission Decision 2021/914), supplemented by transfer impact assessments.
- The UK International Data Transfer Addendum to the SCCs.
- EU-US Data Privacy Framework where a recipient is certified.
- China's Standard Contract for Cross-Border Transfer (CAC, 2023) for transfers from the PRC.
- APEC Cross-Border Privacy Rules (CBPR) for transfers among APEC economies.
11. Your Rights
Depending on jurisdiction, you may have the following rights:
- Access — request a copy of the Personal Data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure / “Right to be forgotten” — request deletion under the conditions of GDPR Art. 17 / CCPA §1798.105.
- Restriction — limit the processing of your data.
- Portability — receive data in a structured, commonly used format (GDPR Art. 20).
- Objection — object to processing based on legitimate interest (GDPR Art. 21).
- Withdraw consent — at any time, without retroactive effect.
- Lodge a complaint with a supervisory authority — e.g., the Irish DPC, the UK ICO, or your local data protection authority.
For End-Users in California, you have the additional rights of: limit (CPRA §1798.121), opt-out of sale or sharing (§1798.120), and non-discrimination (§1798.125). We do not sell Personal Data for money.
To exercise these rights, see Section 22.
12. Age & Children
We take age protection very seriously. Our Apps apply a tiered age-gate:
- Under 13 (EU: under age of digital consent per Member State): The App operates in “Designed for Families / child-directed” mode. No personalized advertising, no IAP that is not first-gated by a neutral age-screen, no data collection beyond what is strictly necessary for the core function.
- 13–15 (EU) / 13–16 (Italy, France, Spain, Netherlands): Parental consent flow triggered via Knowledge-Based Authentication or a consent receipt per the EU Audiovisual Media Services Directive and the Digital Services Act.
- 16/18+: Full features available.
We apply COPPA (Children's Online Privacy Protection Act, 16 CFR Part 312) requirements globally for users under 13, even outside the United States. We apply COPPA-2 / KOSA-style enhanced verification in jurisdictions where local law requires it.
We do not knowingly collect Personal Data from children without verifiable parental consent. If you believe a child has provided us data in violation of these protections, contact us for prompt deletion.
13. App Store & Marketplace Policies
13.1 Google Play
All Apps comply with the Google Play Developer Policy, Google Play Console User-Data Policy, Google Play Families Policy, and the Google Play Ads Policy. Specific commitments include:
- All required Data safety form fields are completed and accurate.
- Permissions are scoped to user-visible purpose; dangerous permissions include an in-context rationale screen.
- Ad SDKs are whitelisted — we do not use the deprecated or disallowed networks.
- The App's Privacy policy URL in the Play Console points to this document.
13.2 Apple App Store
Our iOS Apps (where available) comply with the App Store Review Guidelines, in particular Guideline 5.1.1(ix) (privacy), Guideline 5.1.2 (data minimization) and Guideline 2.1 (app completeness). We file accurate App Privacy Labels on App Store Connect, including:
- Data used to track user across apps/websites: Only if consent is granted.
- Data linked to user identity: declared.
- Required reason for each data category.
13.3 Huawei AppGallery
Compliance with the Huawei Developer Service Agreement, HMS Privacy & Security Specification, and local PRC regulations including the Personal Information Protection Law (PIPL), Data Security Law (DSL), and Measures on the Administration of Mobile Internet Application Information Services.
13.4 Amazon Appstore & Amazon Ads
Compliance with Amazon Appstore Developer Agreement and Amazon Advertising Acceptance Policy. Use of Amazon Publisher Services subject to the Amazon DSP Program Requirements.
13.5 Samsung Galaxy Store & Samsung Ads
Compliance with Samsung Galaxy Store Developer Policy and the Samsung Privacy Policy for Developers. We provide a Samsung Ads opt-out link in the in-app “Ad Choices” menu.
13.6 Microsoft Store (Mobile & Windows)
Compliance with Microsoft Store Policies and Microsoft Advertising Policies. UET / Microsoft Clarity tags used only where the End-User has provided consent.
13.7 Other Distribution Channels
Where the Apps are distributed through alternative channels (e.g., Aptoide, F-Droid mirrors, direct APK), the same protections described in this Policy apply, and the channel's own terms are treated as additive.
14. Country & Region Policies
Below is a non-exhaustive enumeration of the regional regulations we observe:
| Region | Regulation | Key Requirement | How We Comply |
|---|---|---|---|
| European Union | GDPR, ePrivacy Directive, DSA, DMA, AI Act | Lawful basis, data subject rights, AI transparency | CMP, DPIA, Art. 50 disclosures |
| United Kingdom | UK GDPR & DPA 2018, ICO Age-Appropriate Design Code | DPIAs, AADC | Same as EU + AADC A-Z checklist |
| United States (Federal) | COPPA, CAN-SPAM, GLBA | Verifiable parental consent | Age gate, neutral age-screen |
| United States (CA) | CCPA, CPRA, CalOPPA, SB-362 (Delete Act) | Opt-out of sale/share, sensitive PI limits | In-app toggle, GPC honour |
| United States (VA, CO, CT, UT, IA, IN, TN, MT, OR, TX) | State comprehensive privacy laws | Opt-out, DPA registration | Universal opt-out signals |
| Brazil | LGPD (Lei 13.709/2018) | Consent, DPO, ANPD registration | DPO contact + LGPD-specific consent |
| Canada | PIPEDA, Quebec Law 25, Alberta PIPA | Consent, breach notification to OPC | Express opt-in, breach SOPs |
| Mexico | LFPDPPP, Federal Telecommunications Law | ARCO rights, INAI compliance | ARCO request form |
| Argentina | PDPA Argentina (Law 25.326) | Data registry | Registry where applicable |
| Chile | Chile Data Protection Law | Consent, registry | Compliance flows |
| Colombia | Law 1581/2012, SIC Decrees | SIC registration | Registration on file |
| Peru | Law 29733 | Consent | Opt-in flows |
| South Africa | POPIA, ECTA | Information officer | Information officer appointed |
| Kenya, Nigeria | Kenya DPA 2019, Nigeria NDPR | Registration | Local filings where applicable |
| Egypt | Egypt PDPL No. 151/2020 | Consent + localization | Egypt-resident storage |
| UAE / Saudi Arabia | UAE PDPL, KSA PDPL | Consent, cross-border controls | MENA-compliant storage |
| Israel | Privacy Protection Law, Amendment 13/14 | Database registration | Registration on file |
| Turkey | KVKK | VERBIS registration | VERBIS records |
| Russia | Federal Law 152-FZ | Data localization | Russia-resident storage |
| Switzerland | nFADP, FADP | Equivalent to GDPR | Same controls |
| Norway, Iceland, Liechtenstein | EEA equivalent | Equivalent to GDPR | Same controls |
| Australia | Privacy Act 1988 + 13 APPs, OAIC guidelines | Notifiable data breaches | OAIC SOPs |
| New Zealand | Privacy Act 2020 | OPC notifications | OPC SOPs |
| Singapore | PDPA, MAS guidelines | DNC, consent | DNC register |
| Malaysia | PDPA 2010 | Registration | JPDP registration |
| Thailand | PDPA Thailand | Consent, DPO | Local representative |
| Indonesia | UU PDP | Consent, DPO | Local representative |
| Philippines | Data Privacy Act 2012 | Registration | NPC registration |
| Vietnam | PDPD Decree 13/2023 | Cross-border consent | Consent flow |
| India | DPDP Act 2023, SPDI Rules | Significant data fiduciary | Data Protection Officer |
| Japan | APPI, APSC | Consent, cross-border | Opt-in consent |
| South Korea | PIPA, KISA guidelines | Consent, KISO accreditation | Local representative |
| Taiwan | PDPA | Consent | Opt-in flows |
| Hong Kong | PDPO (Cap. 486) | Six data principles | PCPD compliance |
| Macau | Personal Data Protection Act | Equivalent to PDPO | Equivalent compliance |
| Mainland China | PIPL, DSL, CSL, Minor Protection Provisions | Cross-border SCC + security assessment | Cyberspace Administration filings |
| Saudi Arabia (additional) | NDMO, SAMA Cyber Security Framework | Local data residency | KSA-resident storage |
15. Data Security
We implement layered technical and organizational measures (TOMs), aligned with ISO/IEC 27001, ISO/IEC 27701 and SOC 2 Type II control objectives:
- Encryption in transit — TLS 1.3 with HSTS, OCSP stapling, AEAD ciphers only.
- Encryption at rest — AES-256-GCM for all stored Personal Data; envelope keys rotated quarterly.
- Key management — AWS KMS / Google Cloud KMS, hardware-backed where available.
- On-device encryption — Android Keystore / iOS Keychain protection for sensitive user content.
- Access control — least privilege, MFA-required, hardware-key for production.
- Vulnerability management — weekly SAST scans, dependency SCA, annual pen-tests by CREST-accredited vendors.
- Backups — encrypted, immutable, 3-2-1 redundancy.
- Incident response — 24/7 rota, NIST CSF 2.0 alignment.
- Vendor risk — SIG-lite questionnaires and DPA for every processor.
- Employee training — mandatory quarterly privacy & security modules.
17. Data Processing Agreements & Standard Contractual Clauses
Customers, publishers and white-label partners that integrate our Apps act as controllers in their own right. We will, on request, execute Data Processing Agreements (DPAs) that incorporate:
- EU SCCs (Module 2, Controller-to-Processor) by default.
- UK International Data Transfer Addendum for UK-restricted data.
- China Standard Contract or Security Assessment for outbound transfers from PRC.
- APEC CBPR & PRP certifications.
- A list of sub-processors with a 30-day change-notification commitment.
To request a DPA, contact our Data Protection Officer at .
18. Personal Data Breach Notification
In the unlikely event of a Personal Data breach, we will notify:
- The competent supervisory authority within 72 hours under GDPR Art. 33.
- Affected End-Users without undue delay under GDPR Art. 34 where the breach poses a high risk.
- The Irish DPC, UK ICO, U.S. state attorneys-general, OAIC, OPC, NDPC, CAC and other authorities as applicable.
Notification contains: nature of the breach; categories and approximate number of data subjects; likely consequences; measures taken or proposed.
19. Do Not Track / Global Privacy Control
We honour the Global Privacy Control (GPC) browser signal as a valid opt-out of “sale”/“sharing” under CCPA/CPRA. We also honour legacy DNT:1 headers where received. End-Users may also configure their device's “Limit Ad Tracking” (iOS) or “Opt out of Ads Personalization” (Android) at any time.
20. AI, Automated Decision-Making & the EU AI Act
When any of the Apps use AI features (on-device OCR, on-device LLM, ML-based recommendations), we:
- Disclose the AI nature prominently in the feature UI.
- Process inference on-device by default; any cloud fallback is opt-in.
- Comply with EU AI Act Article 50 transparency obligations and any applicable risk-classification review.
- Avoid using AI to make decisions producing legal or similarly significant effects on natural persons.
- Provide explanation & human review options for any high-impact AI feature.
- Comply with the EU Digital Services Act recommender-system transparency rule.
21. Updates to this Policy
We may update this Policy from time to time. Material changes will be notified in-App and on the Website at least 30 days before taking effect, unless the change is required by law on a shorter timeline. The “Effective” date at the top of the document reflects the latest version. Previous versions are available on request.
22. Contact & Data Protection Officer
For any privacy question, complaint, data-subject request or DPA inquiry, please contact our Data Protection Officer:
Data Protection Officer — Beijing Tianrun Hengyuan Technology Co., Ltd.
Postal address: 1011, 9th Floor, Building 15, Xinzhaojia Garden, Chaoyang District, Beijing, 100000, CN
Email:
Operational email: support@tianrunhy.com
EU representative (Art. 27 GDPR): appointed — details provided on request
UK representative: appointed — details provided on request
We aim to acknowledge all requests within 5 working days and resolve them within 30 calendar days (extendable to 90 under GDPR Art. 12(3) for complex requests, with notice).
Supervisory authority: If you are unsatisfied with our response, you may lodge a complaint with your local supervisory authority. For End-Users in the EEA, a list is maintained at edpb.europa.eu/about-edpb/about-edpb/members.