Privacy Policy

Effective date: 1 March 2026  ·  Last updated: 1 March 2026  ·  Applies to: All Jingrui Xinyuan apps, the Jingrui Console mobile management platform, and www.jingruixy.com

Table of Contents

  1. Scope & Data Controller
  2. Definitions
  3. Data We Collect (and Don't)
  4. Legal Basis for Processing
  5. How We Use Information
  6. Sharing & Disclosure
  7. Advertising & Ad Networks
  8. In-App Purchases & Billing
  9. Google Play & App Store Distribution
  10. Children, Age Ratings & Family
  11. International Data Transfers
  12. GDPR (EU/EEA/UK)
  13. CCPA / CPRA (California, USA)
  14. COPPA (USA Children)
  15. PIPEDA (Canada)
  16. LGPD (Brazil)
  17. PIPL (Mainland China)
  18. UK GDPR & PECR
  19. APPI (Japan)
  20. PIPA (South Korea)
  21. Privacy Act (Australia)
  22. DPDP Act (India)
  23. Data Security
  24. Data Retention
  25. Your Rights
  26. Cookies & Tracking Technologies
  27. Do Not Sell or Share
  28. Automated Decision-Making
  29. Changes to this Policy
  30. Contact & DPO

1. Scope & Data Controller

This Privacy Policy applies to all mobile applications published by Beijing Jingrui Xinyuan Technology Co., Ltd ("Jingrui Xinyuan", "we", "us"), to the Jingrui Console mobile management platform, and to the corporate website at www.jingruixy.com.

For the purpose of the EU General Data Protection Regulation (GDPR), the UK GDPR, the Brazilian Lei Geral de Proteção de Dados (LGPD) and similar laws, the data controller is:

Beijing Jingrui Xinyuan Technology Co., Ltd
Building 6, Courtyard 2, 60 meters west of Wanggezhuang Village, Shilibao Town, Miyun District, Beijing, 100000, People's Republic of China
Email: lixujing@jingruixy.com (business enquiries)  |  support@jingruixy.com (privacy & data requests)

2. Definitions

3. Data We Collect (and Don't)

Our guiding principle is "Data Stays Local": wherever technically possible, your content is processed and stored on your device and never transmitted to our servers, which we do not operate for user-generated content. Where transmission is technically necessary, the data is encrypted in transit (TLS 1.3) and minimised.

3.1 Data we DO NOT collect

3.2 Data we may collect

CategoryExamplesSourceLawful basis
Account data (optional)Email address (if you create an account for cross-device sync or IAP)YouContract
Purchase dataReceipt of in-app purchase, subscription status, anonymised transaction IDGoogle Play BillingContract / Legal obligation
Support correspondenceEmails you send to support@jingruixy.com, including attachments you choose to includeYouLegitimate interest
Aggregated, non-identifying analyticsApp version, country (derived from IP), device class, language, anonymous install UUIDDeviceConsent (opt-out available)
Crash & diagnosticsStack trace, app state at crash, OS versionDeviceLegitimate interest
Server logs (Website only)IP address (truncated), user agent, referrerBrowserLegitimate interest

Under the GDPR and similar laws, we rely on the following legal bases:

5. How We Use Information

6. Sharing & Disclosure

We do not sell Personal Data, and we do not share it for cross-context behavioural advertising. We share information only with the following categories of recipients, and only to the extent strictly necessary:

  1. App stores (Google LLC, Apple Inc., Huawei, Samsung, Amazon and other stores where our apps are published) — for distribution, IAP processing and store-level security. Their own privacy policies apply.
  2. Ad Networks — for the delivery of non-personalised advertising (see §7). You may opt out of personalised ads at any time via the in-app "Privacy" menu.
  3. Payment processors (Google Play Billing, Apple StoreKit, Stripe and regional providers) — for the sole purpose of processing IAP.
  4. Cloud infrastructure providers (Google Cloud, Cloudflare, Amazon Web Services, region-specific providers) — for hosting, content delivery and email. All transfers are encrypted and protected by data processing agreements.
  5. Professional advisors (auditors, lawyers, accountants) under confidentiality.
  6. Government authorities — only when we have a legal obligation or a valid legal order. We publish an annual transparency report on the number of government requests received.
  7. Corporate transactions — in the event of a merger, acquisition or asset sale, with notice to you.

7. Advertising & Ad Networks

Some of our Apps monetise through In-App Advertising (IAA). To operate advertising responsibly and to comply with Google Play's Families Policy, GDPR, CCPA/CPRA and the ePrivacy Directive, we integrate the following ad networks, mediation platforms and bidding solutions, each of which has been vetted for compliance:

7.1 First-tier ad networks & mediation platforms

7.2 Ad format compliance

Our Apps display the following ad formats, all of which are designed to comply with Google Play's Ad Policy, the Better Ads Standards, and local consumer-protection law:

7.3 Children & advertising

For users we know (or have reason to believe) are under 13, we serve only contextual, non-personalised advertising via Google Play Families Policy compliant SDKs. No interest-based or behavioural targeting is performed.

7.4 Consent management

For users in the EEA, the UK and Switzerland, we integrate the Google User Messaging Platform (UMP) and/or a TCF v2.2 compliant Consent Management Platform (CMP) to collect explicit, granular consent for:

You may revisit your choices at any time via the in-app "Privacy" menu or via the Google "My Ad Center".

7.5 Ad network opt-outs

Beyond the in-app "Privacy" menu, you may also opt out of personalised advertising at the industry level:

8. In-App Purchases & Billing

Our Apps support In-App Purchases (IAP) via the official app store billing systems. We do not operate any third-party payment processor for IAP, in compliance with Google Play's billing policy and the Apple App Store's IAP rules.

Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period. You can manage and cancel subscriptions in your store account settings. We support grace period and account hold behaviour consistent with Google Play's billing policy.

Per the EU's Digital Markets Act (DMA) and Digital Services Act (DSA), users in the EU have the right to use an alternative, external payment method where the store permits it, and the right to a 14-day "cooling-off" withdrawal on digital content purchases, unless the content has been fully consumed with the user's prior express consent.

9. Google Play & App Store Distribution

Our Apps are published on Google Play under the publisher name "Beijing Jingrui Xinyuan Technology Co., Ltd". We are also distributed, where appropriate, on the following app stores:

Each store acts as an independent data controller for the data it processes. Please review their privacy policies.

10. Children, Age Ratings & Family

We do not knowingly collect personal data from children under the age of 13 (or older, where required by local law — e.g. under 14 in the UK, under 16 in some EU member states, under 14 in South Korea, under 18 in Mainland China for certain processing). We do not direct our Apps at children.

10.1 Age ratings

Our Apps are classified on Google Play under the ESRB and PEGI rating systems and the IARC generic international rating. The default rating we apply is "Everyone" / "PEGI 3" or above. For Apps that include simulated gambling, violence, mild language, or user-generated content, we apply the appropriate higher rating.

10.2 Google Play Families Policy

For Apps we have designated as "Designed for Families", we comply with the Google Play Families Policy in full, including:

10.3 Family Library

Our IAP subscriptions support the Google Play Family Library feature. Family managers may share eligible subscriptions with up to 5 other family members.

10.4 Verifiable parental consent

If we ever collect personal data from a child under 13, we obtain verifiable parental consent via Google Play's Family Link or equivalent mechanism. Parents may review, delete and request cessation of processing of their child's data at any time by emailing support@jingruixy.com.

11. International Data Transfers

Our company is headquartered in Mainland China. Where Personal Data is transferred outside its country of origin, we rely on the following legal mechanisms:

You may request a copy of the relevant transfer mechanism by emailing support@jingruixy.com.

12. GDPR (EU / EEA / UK)

If you are in the European Economic Area, the United Kingdom or Switzerland, you have the following rights under the GDPR / UK GDPR:

  1. Right of access (Art. 15 GDPR)
  2. Right to rectification (Art. 16)
  3. Right to erasure / "right to be forgotten" (Art. 17)
  4. Right to restriction of processing (Art. 18)
  5. Right to data portability (Art. 20)
  6. Right to object (Art. 21)
  7. Right not to be subject to a decision based solely on automated processing (Art. 22)
  8. Right to lodge a complaint with a supervisory authority (Art. 77)
  9. Right to withdraw consent at any time (Art. 7(3))

To exercise any of these rights, email support@jingruixy.com. We respond within 30 days. We will not charge you for exercising your rights, except where a request is manifestly unfounded or excessive.

Our EU representative under Art. 27 GDPR can be reached at support@jingruixy.com (subject line: "EU Representative").

13. CCPA / CPRA (California, USA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

To exercise these rights, visit the "Do Not Sell or Share" link in our website footer, or email support@jingruixy.com. You may designate an authorised agent to submit a request on your behalf.

We will respond within 45 days. If we need more time, we will notify you within the initial 45 days and explain the reason for the delay.

14. COPPA (USA Children)

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have collected information from a child under 13 in violation of COPPA, please email support@jingruixy.com and we will promptly delete the information.

For Apps we have designated as "Designed for Families" on Google Play, we also comply with the Google Play Families Policy described in §10.

15. PIPEDA (Canada)

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25. Canadian users have the right to access, correct and request deletion of their personal information, and to file a complaint with the Office of the Privacy Commissioner of Canada.

16. LGPD (Brazil)

We comply with the Lei Geral de Proteção de Dados (LGPD). Brazilian users have the rights set out in Art. 18 of the LGPD, including the rights of access, correction, anonymisation, portability, deletion, and information about sharing. You may exercise these rights by emailing support@jingruixy.com. Our Data Protection Officer (DPO) can be contacted at the same address with the subject line "DPO".

17. PIPL (Mainland China)

We comply with the Personal Information Protection Law of the People's Republic of China (PIPL), the Data Security Law (DSL) and the Cybersecurity Law (CSL). We act as a "personal information handler" (个人信息处理者). The following rights are guaranteed to users in Mainland China:

Cross-border transfer of personal information out of Mainland China is performed only after we have entered into a Standard Contract for Cross-Border Transfer of Personal Information with the recipient, or have otherwise satisfied the requirements of Articles 38–40 of the PIPL.

18. UK GDPR & PECR

For users in the United Kingdom, the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) apply. We integrate the IAB Europe TCF v2.2 framework and accept the UK Age-Appropriate Design Code. Our UK representative can be reached via support@jingruixy.com with the subject line "UK Representative".

19. APPI (Japan)

We comply with the Act on the Protection of Personal Information (APPI) of Japan. Japanese users have the right to access, correct and request cessation of use of their personal information. We will not transfer personal information to a third party in a foreign country without first obtaining consent or ensuring an equivalent level of protection.

20. PIPA (South Korea)

We comply with the Personal Information Protection Act (PIPA) of South Korea. Korean users have the rights of access, correction, deletion and cessation of processing. We have appointed a local representative as required by Art. 32(2) of PIPA. Contact support@jingruixy.com with subject "Korea Representative".

21. Privacy Act (Australia)

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Australian users may request access, correction or complaint handling by contacting support@jingruixy.com. Complaints may be escalated to the Office of the Australian Information Commissioner (OAIC).

22. DPDP Act (India)

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. Indian users have the rights of access, correction, erasure, grievance redressal and the right to nominate another individual to exercise their rights in case of death or incapacity.

23. Data Security

We implement industry-leading technical and organisational measures to protect your data, including:

24. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

25. Your Rights

To exercise any of the rights described in this Policy, you may:

  1. Use the in-app "Privacy" menu to access, export, or delete your data.
  2. Email support@jingruixy.com with a clear description of your request. Please include a copy of a government-issued ID if required for identity verification.
  3. Write to us at the postal address in §1.

We respond to all verified requests within 30 days (45 days for California residents). If we cannot fulfil a request, we will explain why and outline the available remedies, including the right to lodge a complaint with a supervisory authority.

26. Cookies & Tracking Technologies

The Website uses the following categories of cookies and similar technologies:

You can manage your cookie preferences via our in-page cookie banner or by adjusting your browser settings. For EU/UK visitors, we use a TCF v2.2 compliant consent management platform.

27. Do Not Sell or Share

We do not sell Personal Data, and we do not share Personal Data for cross-context behavioural advertising. As such, the "Do Not Sell or Share My Personal Information" link in our footer is a courtesy — and clicking it will set a "Global Privacy Control" (GPC) signal on your browser that we honour. If you have visited a page with advertising, your GPC signal is propagated to the integrated Ad Networks (see §7).

28. Automated Decision-Making & Profiling

We do not perform automated decision-making with legal or similarly significant effects on you (Art. 22 GDPR). Personalised advertising does not constitute "automated decision-making" in the legal sense, but you can always opt out via the in-app "Privacy" menu or industry-level opt-out tools (§7.5).

29. Changes to this Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date at the top, post a notice on our Website, and — for material changes — notify you via in-app notification or email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

30. Contact & DPO

For any questions, complaints or data subject requests, please contact us:

Beijing Jingrui Xinyuan Technology Co., Ltd
Data Protection Officer
Building 6, Courtyard 2, 60 meters west of Wanggezhuang Village, Shilibao Town, Miyun District, Beijing, 100000, CN
Email: support@jingruixy.com (Subject: "Privacy")
Business: lixujing@jingruixy.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority: