Xingluo Cat logo Henan Xingluo Cat Start a Project
Legal

Privacy Agreement

Effective date: 2026-05-15. This Privacy Agreement applies to our website, software services, and mobile applications published through app stores including Google Play and Apple App Store.

1. Scope and Controller Information

This Privacy Agreement is issued by Henan Xingluo Cat Technology Co., Ltd. It applies to the domain xingluocat.com, associated subpages, and mobile applications released in app stores. Controller details:

  • Company Name: Henan Xingluo Cat Technology Co., Ltd
  • Office Address: No. 1102, 11th Floor, Unit 2, South Hanghai Road and West Yinying Road, Guancheng Hui District, Zhengzhou, 450000, CN
  • Website: xingluocat.com
  • Business Support Email: support@xingluocat.com
  • Key Account Email: wangsaisai1@xingluocat.com

2. Data We Collect

Depending on product and legal requirements, we may collect the following categories:

  • Identity and contact data: name, email, company, support request context.
  • Account and profile data: login identifiers, role, permissions, and preference settings.
  • Technical and device data: device model, OS version, language, timezone, app version, network type, crash logs, and diagnostics.
  • Usage data: feature interactions, session events, conversion events, and in-app behavior metrics.
  • Transaction and service data: service configuration, support communications, integration logs, and delivery records.
  • Advertising and attribution data: ad impression events, ad click events, rewarded completion events, campaign identifiers, and fraud prevention signals.
  • Compliance records: consent status, legal basis evidence, age gate status, privacy selections, and regulatory request logs.

3. Data Sources

  • Data provided directly by users and enterprise customers.
  • Automatically collected telemetry from websites and mobile apps.
  • Data from app stores and measurement providers (for example install source and campaign performance data when permitted).
  • Data from advertising, analytics, anti-fraud, and cloud infrastructure service providers used in compliance with applicable law.

4. Purposes and Legal Bases

We process data for service delivery, support, security, quality improvement, legal compliance, and ad monetization operations. Legal bases include:

  • Contract necessity for product and service performance.
  • Legitimate interests such as reliability, fraud prevention, and analytics, where allowed.
  • User consent for tracking, advertising personalization, and optional data activities.
  • Compliance with legal obligations and regulatory requests.

5. App Store Specific Rules

For applications published in Google Play and Apple App Store, we align data handling with platform obligations:

  • Google Play Data Safety disclosures and policy declarations are maintained accurately.
  • Google Play Families policies are applied where child-directed or mixed-audience use cases exist.
  • Apple privacy nutrition labels are maintained for relevant data categories.
  • Apple App Tracking Transparency prompts are used before cross-app tracking where required.
  • Regional consent signals are collected and transmitted through compliant consent frameworks where applicable.

6. Advertising and Monetization Compliance

Our applications may integrate ad monetization services, including but not limited to Google AdMob, Google Ad Manager, Meta Audience Network, Unity Ads, AppLovin MAX, ironSource LevelPlay, Mintegral, Pangle, Chartboost, InMobi, Liftoff Monetize (Vungle), Fyber DT Exchange, Smaato, and Amazon Publisher Services.

Ad formats commonly used include app open ads, rewarded video ads, interstitial ads, and banner ads. Native ads may be used in selected products with proper labeling.

  • Consent management is implemented for personalized advertising where legally required.
  • Ad identifiers are processed according to regional legal and platform rules.
  • Users may opt out of targeted advertising where required by law or platform capabilities.
  • Anti-fraud and invalid traffic controls may process technical signals to protect ecosystem integrity.
  • Ad provider data handling is also governed by each provider's privacy terms and policies.

7. Country and Region Policy Mapping

We map privacy operations to local legal frameworks including but not limited to:

  • European Economic Area: GDPR, ePrivacy rules, and local supervisory authority guidance.
  • United Kingdom: UK GDPR and Data Protection Act 2018.
  • Switzerland: Federal Act on Data Protection.
  • United States: CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), and other applicable state privacy laws.
  • Canada: PIPEDA and applicable provincial privacy laws.
  • Brazil: LGPD.
  • Mexico: LFPDPPP.
  • Japan: APPI.
  • South Korea: PIPA.
  • Singapore: PDPA.
  • India: Digital Personal Data Protection Act (DPDP), where applicable.
  • Australia: Privacy Act and Australian Privacy Principles.
  • New Zealand: Privacy Act 2020.
  • South Africa: POPIA.
  • Turkey: KVKK.
  • United Arab Emirates, Saudi Arabia, and other jurisdictions with applicable data protection rules.

Where laws conflict, we apply the stricter standard to protect users unless local law requires otherwise.

8. Age and Child Protection

  • Our services are generally intended for users who meet minimum legal digital consent age in their jurisdiction.
  • For child-directed or mixed-audience features, we apply age screening, restricted processing, and non-personalized ad controls as required.
  • We align with COPPA, GDPR-K principles, Google Play Families requirements, and Apple child-related policy expectations where applicable.
  • Parents or legal guardians may contact us to request review, deletion, or restrictions for child-related data processing.

9. Sharing and Disclosure

We may share data with processors and partners strictly for defined business purposes:

  • Cloud infrastructure and hosting providers.
  • Analytics and crash reporting vendors.
  • Advertising, mediation, and attribution partners where enabled by service configuration and legal basis.
  • Security providers and anti-fraud services.
  • Professional advisors, auditors, and legal authorities when required by law.

We do not sell personal data in a manner prohibited by applicable law. Where a jurisdiction classifies some disclosures as sharing or targeted advertising, users can exercise opt-out rights where required.

10. Cross-Border Transfers

Data may be processed in multiple countries. We apply safeguards such as contractual protections, transfer impact assessments, and supplementary technical or organizational controls where required by law.

11. Data Retention

Data retention periods are set according to service necessity, contractual obligations, legal requirements, dispute handling, and security needs. Data is deleted or de-identified when retention is no longer justified.

12. Security Controls

  • Access controls and role-based permissions.
  • Encryption in transit and security hardening of service endpoints.
  • Monitoring, logging, and incident response controls.
  • Supplier due diligence and contractual data protection obligations.

No security program can provide absolute protection. Users should also keep credentials secure and report suspected incidents promptly.

13. Your Rights

Depending on jurisdiction, users may have rights to access, correction, deletion, objection, restriction, portability, withdrawal of consent, and complaint to competent supervisory authorities. We respond within legally required timelines.

14. Cookies and SDK Technologies

Web and app services may use cookies, local storage, software development kits (SDKs), pixels, and equivalent technologies for authentication, analytics, performance, and advertising purposes. Consent is collected where required by applicable laws.

15. SDK and Third-Party Service Transparency

Depending on product configuration, our apps may integrate third-party SDKs and APIs for analytics, monetization, security, attribution, and cloud operations.

Service Type Example Providers Typical Purpose
Advertising and Mediation AdMob, Google Ad Manager, AppLovin MAX, ironSource LevelPlay, Meta Audience Network Ad delivery, monetization optimization, and campaign performance
Analytics and Measurement Internal analytics modules and approved measurement services Usage insights, product quality, and conversion analysis
Security and Infrastructure Cloud and security service providers under contractual safeguards Hosting reliability, abuse prevention, and incident handling

16. Automated Decision-Making and Profiling

We may use rule-based or model-assisted processing for fraud detection, content safety, ad delivery optimization, and service reliability. We do not use automated decision-making for legally significant decisions without required safeguards where applicable law restricts such processing.

17. Rights Request Workflow

  • Submit requests through support@xingluocat.com with sufficient account or transaction context.
  • We verify request authenticity to protect account security.
  • Responses are provided within statutory timelines based on the applicable jurisdiction.
  • Complex requests may require additional time where legally permitted, with notice.
  • Authorized agents may submit requests where local law allows representation.

18. Incident Response and Notification

We maintain incident response procedures for detection, containment, investigation, remediation, and legal assessment. Where required by law, supervisory authorities and affected users are notified within mandated timeframes.

19. Policy Changes

We may update this agreement due to legal, technical, or operational changes. Material changes are announced through website updates, app notices, or other suitable channels.

20. Contact Details

For privacy inquiries, regulatory requests, or rights exercise:

  • Email: support@xingluocat.com
  • Key Account Escalation: wangsaisai1@xingluocat.com
  • Address: No. 1102, 11th Floor, Unit 2, South Hanghai Road and West Yinying Road, Guancheng Hui District, Zhengzhou, 450000, CN
  • Website: xingluocat.com