Privacy Agreement

Effective Date: 2026-05-13. This agreement applies to all websites, web services, mini-programs, and mobile applications published by Henan Ruiyou Information Technology Co., Ltd.

1. Company Identity and Contact

Controller: Henan Ruiyou Information Technology Co., Ltd

Office Address: Room 03, 16th Floor, Unit 2, Building 16, Shenye Century Village, Southeast Corner of Ping yuan Road and Xinzhong Avenue Intersection, Hongqi, Xinxiang, 453700, CN

Website: ruiyouit.com

Business Support: support@ruiyouit.com

Key Account: fengguangbin1@ruiyouit.com

2. Data Categories and Purposes

  • Identity Data: name, account identifier, role information for account provisioning and support.
  • Contact Data: email, company and communication records for service delivery and customer success.
  • Technical Data: device model, OS version, app version, network indicators, crash logs for reliability and security.
  • Usage Data: session events, feature interactions, ad engagement and conversion events for analytics and product optimization.
  • Transaction Data: licensing, subscription, and service invoices for legal and accounting compliance.

3. App Store and Advertising Compliance

Our applications may integrate monetization SDKs and mediation stacks in accordance with Google Play, Apple App Store, and local legal requirements.

Platform / SDKTypical Data SignalsPolicy / Opt-Out
Google AdMobAdvertising ID, IP, app interaction events, diagnosticsGoogle Ads Settings, app consent controls
Google Ad ManagerBid requests, ad performance metricsGoogle privacy controls
Facebook Audience NetworkDevice signals, campaign attribution dataMeta ad preferences and in-app settings
AppLovin MAXAd request telemetry and engagement eventsCMP consent and platform privacy controls
Unity AdsDevice and interaction telemetryUnity privacy options
ironSource LevelPlayMediation logs, ad waterfall and fill dataIn-app consent and provider controls
ChartboostImpression and click-level dataProvider privacy pages and app controls
Liftoff / VungleDevice diagnostics and attribution eventsProvider privacy controls
PangleAd impression/click metadataProvider controls and in-app consent
InMobiDevice and network data for ad servingInMobi opt-out channels
MintegralAttribution and anti-fraud signalsCMP-based opt-in/opt-out
AdColonyAd session and reward eventsProvider-level privacy options
Start.ioAdvertising and engagement metricsProvider privacy choices
FyberMediation logs and ad quality signalsCMP controls and provider tools
SmaatoBidstream and measurement eventsProvider privacy controls

Supported ad formats include Splash Ads, Rewarded Video Ads, Interstitial Ads, and Banner Ads.

4. Regional Legal Mapping and Age Rules

RegionPrimary LawLegal Basis / RightsTypical Digital Consent Age
European Union / EEAGDPR + ePrivacyConsent, contract, legitimate interest; access, deletion, portability, objection13-16 by member state
United KingdomUK GDPR + PECREquivalent GDPR rights and consent rules13
United States (California)CCPA / CPRANotice, access, delete, correct, opt-out of sale/sharing13 (COPPA below 13)
United States (Other States)VCDPA, CPA, CTDPA, UCPA and othersAccess, deletion, portability and targeted advertising controlsVaries, often 13+
CanadaPIPEDA + provincial actsMeaningful consent, access and correction rightsGenerally 13+ depending on context
AustraliaPrivacy Act + APPsCollection notice, purpose limitation, correction rights13
JapanAPPIPurpose specification and cross-border disclosure transparency15 (typical platform practice)
South KoreaPIPAStrict consent, security controls and transfer transparency14
SingaporePDPAConsent and purpose-based processing with access rights13+ typical platform threshold
BrazilLGPDLawful basis, transparency, access, correction and deletionUnder 13 requires guardian consent

5. Children and Teen Protection

We do not knowingly process personal data from children in violation of applicable law. Where required, we request verifiable parent or guardian authorization. For child-directed contexts, ad personalization is disabled and restricted data processing modes are enforced.

6. Data Transfers, Retention and Security

  • Cross-border transfers use contract protections such as Standard Contractual Clauses where required.
  • Retention is limited to business, legal, and security necessity windows.
  • Security controls include encryption in transit, access control, logging, and incident response procedures.

7. How to Exercise Your Rights

Submit privacy requests to support@ruiyouit.com with sufficient verification details. Enterprise requests may also be coordinated through fengguangbin1@ruiyouit.com.

8. Data Subject Request Handling Timeline

Request TypeValidation RequirementTarget Processing Window
Access RequestIdentity and account verificationWithin applicable legal deadline
Correction RequestProof of inaccuracy where neededWithin applicable legal deadline
Deletion RequestIdentity verification and legal-basis checkWithin applicable legal deadline
Processing ObjectionJurisdiction and legal-basis assessmentWithin applicable legal deadline
Portability RequestScope eligibility verificationWithin applicable legal deadline

9. Cookies, SDKs, and Tracking Controls

  • We use essential, analytics, and service-improvement technologies subject to regional legal requirements.
  • Where required, consent is requested before non-essential tracking or personalized advertising activation.
  • Users can update choices through in-app or site-level privacy controls when available.
  • SDK-level switches for advertising IDs, personalization, and limited-data processing are applied according to policy.

10. Incident Response and Notification

We maintain incident response procedures, containment playbooks, and post-incident remediation workflows. Where required by applicable laws, authorities and affected users are notified within required timeframes.

11. Policy Updates

This Privacy Agreement may be updated to reflect legal, technical, or business changes. Material updates are communicated through website notices, in-product messaging, or contractual channels as appropriate.

12. Lawful Basis by Processing Purpose

Processing Purpose Typical Lawful Basis Examples
Service Provision and Account Management Contract performance User authentication, account setup, service delivery workflows
Security and Fraud Prevention Legitimate interests / legal obligations Threat detection, abuse prevention, incident investigation
Analytics and Product Improvement Legitimate interests or consent where required Feature usage statistics, reliability analysis, quality optimization
Marketing and Ad Personalization Consent where required by law Personalized ad delivery, campaign measurement, attribution
Financial and Compliance Records Legal obligations Invoice records, tax documentation, statutory retention

13. Retention Schedule

Data Category Retention Logic Typical Duration
Account and Identity Data Retained while account is active and for post-closure legal/security handling Up to 24 months after account closure, unless law requires longer
Support and Communication Records Retained for service quality, dispute handling, and continuity 12-36 months depending on case type
Technical Logs and Security Events Retained for incident response, diagnostics, and risk analysis 90-365 days, extended where required for active investigations
Financial and Transaction Records Retained to satisfy accounting and statutory obligations As required by applicable law (often multiple years)
Advertising and Attribution Data Retained under platform rules, consent settings, and legal obligations Platform-dependent with policy-based deletion/aggregation

14. International Data Transfers and Safeguards

  • We apply transfer safeguards such as Standard Contractual Clauses (SCCs), contractual commitments, and technical controls where required.
  • For cross-border service operations, access is restricted to authorized roles under least-privilege principles.
  • Transfer risk assessments are performed where required by regional legal standards.
  • Where local laws mandate localization or additional safeguards, service design follows those requirements.

15. Subprocessor and Partner Categories

Category Role Control Mechanisms
Cloud and Infrastructure Providers Host systems and support core service availability Contractual controls, access restrictions, technical hardening
Analytics and Monitoring Providers Enable performance measurement and diagnostics Data minimization, pseudonymization where feasible, retention limits
Advertising and Mediation Providers Support monetization operations in apps Consent governance, policy gates, SDK-level privacy settings
Customer Communication Tools Support support-ticket and business communication workflow Access controls, audit logging, contractual confidentiality clauses

16. Automated Decisions, Profiling, and Do Not Track

  • We do not use solely automated decisions that produce legal or similarly significant effects without required safeguards.
  • Where profiling is used for ad relevance or analytics, consent and regional legal requirements are respected.
  • Browser-level privacy controls and in-app preference mechanisms are honored to the extent required by applicable law and platform capability.

17. Complaints and Supervisory Authority Rights

Depending on your jurisdiction, you may have the right to lodge a complaint with a competent supervisory authority or regulator. We encourage users and clients to contact us first so we can address concerns quickly and transparently.