Cololight App is an application for intelligent devices control and management provided by HANGZHOU LIFESMART TECHNOLOGY CO.,LTD. (hereinafter referred to as "We").
We attach great importance to protecting user privacy. We will abide by the following principles and do our best to protect the safety and reliability of your Cololight account information: the principle of consistent right and responsibility, choice consent principle, minimum sufficient principle, the principle of ensuring security principle, subject participation principle, openness and transparency principle, etc. We promise that we will take the corresponding security protection measures to protect your Cololight account information in accordance with the legal requirements and the mature security standards in the industry.
1. How do we collect information and how to use it
(1) Registration and login functions
When you use Cololight App to manage smart devices, we need to collect the following information about you: your Cololight account username, binding mobile phone number, binding mailbox, account area, nickname, profile picture. Collecting such information is mainly used to log in to the Cololight account server to authenticate the user's identity, and to obtain the permission of the Cololight App application to access the server. The above information you provide will continue to authorize us to use it during your use of our account.
We will use your information in the following way: the account username and login password you enter will be encrypted and transmitted to the Cololight account server for login authentication. After logging in to the Cololight account, the Cololight App application will automatically obtain the user ID, nickname, avatar, and account area information of the account, and display it on the application page.
To ensure the continuous optimization of the application, it is possible to desensitize part of the information obtained to match other public platforms like Facebook for advertising. This part of the matching information will not involve your personal privacy and anything that may disclose your personal privacy.
You have the right to refuse to provide such information. If you do not provide such information, that is, if you have not registered a Cololight account and have not used a Cololight account, you will not be able to use the functions and services provided by the Cololight App.
(2) Devices connection, control and management
In order to realize the functions of smart device discovery and connection, control and management of devices, we need to collect the following information about you: location information, Wi-Fi information, account information, mobile phone-related information, and smart device-related information. The purpose of collecting such information is to discover and add smart devices, to perform security control of the device, to identify the currently working device and device management, to set device attributes and parameters, to view the working status and history of the device, and to improve the quality and service of the smart device.
The above information is described in detail as follows:
Wi-Fi information: SSID, BSSID.
Account information: Cololight account number, mobile phone number, email address, nickname, avatar, used to login and display nickname and avatar.
Mobile phone related information: hardware device identification (imsi, imei, meid, device hardware serial number, SIM card identification, OAID, Mac address, Android ID), phone model, system version information, system language, country or region set by the mobile phone, App store version number, mobile phone screen size and resolution, CPU and display device related information.
Smart device related information: device name, model, version, manufacturer, device identifier, device hardware information, network connection status, WLAN connection information, MAC address, IP address, device operating status, custom attributes, device configuration parameters, and device Control usage records, devices testing and recorded data;
We will use your information as follows: The above information will be encrypted and saved to transmit the corresponding area of the server, Cololight App will appear in the data from the server and queries based on your license application page in.
You have the right to refuse to provide the above information. If you do not provide such information, you will not be able to use the functions and services provided by Cololight App.
The collection of the above information includes the following devices:
Nest series: Cololight Pro, Cololight Plus
Other devices (we will extend the application of this policy to this new product, when the products applicable to the policy will be listed in this Agreement).
(3) Room management function of intelligent devices
In order to find smart devices quickly, we need to collect the room information under your account. When you have a large number of devices that are difficult to, find, you can quickly locate the device you want to control directly through the room.
We will use your information in the following way: your room information will only be obtained when you log in to your account, the room information will be displayed on the application page, and the information will be stored on the server corresponding to your account.
As the room information is authorized by default when the user logs in to the account, if you do not provide such information, that is, if you do not log in to the account, you will not be able to use the services provided by the Cololight App.
(4) Devices sharing
We support scanning the QR code through WeChat to share your smart device or profile with other users. Once the QR code generated by the application is shared with other users, the shared user can scan the QR code through WeChat to directly control your sharing smart devices. In order to achieve this function, we need to collect the user ID of your, account, the shared smart device or profile information (device name, device, ID, device sharing status).
We will use your information in the following way: The device and profile information you share needs to be manually selected by the users. Such information will only be collected when the user actively provides the QR code to other users.
You have the right to refuse to provide the above information. If you do not provide the above information, you will not be able to use the device sharing function.
(5) Message push function
In order to provide news push services, we need to integrate the push services of third-party platforms such as Apple, Umeng, Google, etc. The push content includes, but is not limited to, the display of business events, device status changes, and operation activity notifications in the notification bar or in the app, so as to provide you with a better user experience and personalized service.
We will use your information in the following way: This function needs to be turned on after you have authorized the notification permission, and you can go to the sidebar> Settings and close Message Notification to close pop-up messages.
If you do not provide the above information, you will not be able to use the message push function.
(6) User feedback
Our application provides user feedback entrance, the user can use the feedback function to feedback your problems when you use our app, when using this feature we need to collect the following information: your feedback to our description of the, problem, the problem phenomenon pictures and videos, feedback, log, And the phone number or email address you filled in. This information will be used to let us better understand the problem you are encountering and contact you to help you solve the problem in time.
We will use your information in the following way: only when the user actively feedbacks a problem through the portal, the relevant information filled in by the user will be collected.
2. Permission instructions
(1) Necessary permissions:
Location permission: In order to authenticate the user's identity when logging in to the Cololight account server, obtain the access permission of the Cololight App application to access the server. Ask for your authorization when starting the app.
(2) Optional permissions:
Networking permission: used for account login and message push function, you need to choose to enable this permission. Get your authorization when the app starts.
Bluetooth permission: used for Bluetooth device connection, such as the smart anti-lost device function, if it is not turned on, you will not be able to connect to the device. You can use the system "Settings " turn off Bluetooth.
Camera permissions: used to scan and take photos. Obtain your authorization the first time you use it.
Access to the album permissions: used to save camera snapshots and modify user avatars. Obtain your authorization the first time you use it.
Microphone permission: For some smart devices to access the microphone function, such as the camera voice intercom function, you need to choose to enable this permission. Obtain your authorization the first time you use it.
Read application list permission: used for users to contact after-sales technical support. Obtain your authorization the first time you use it.
Storage permission: It is used for functions such as user's local data file saving and problem feedback. You need to choose to enable this permission to read files stored on the device. Obtain your authorization the first time you use it.
You can always manage the permissions of the app with your phone system Settings.
3. User experience improvement
In order to evaluate service quality and carry out internal data analysis and, research, we need to collect the following information: such as application name, application version, application page access time, mobile phone model, city, anonymized user identifier, anonymized device identifier, device information such as list, name, type, and log information of smart devices. Your sensitive information will not be recorded in the log.
We will use your information in the following ways: automatically collecting the Cololight App application terminal device information, smart device information and device logs and upload them to the corresponding server, analyze the log information to diagnose the operating status of the devices, identify and locate device faults.
If you do not provide this information, some of the faults involved in the Cololight App may not be discovered and resolved in time, and the user experience cannot be improved in time, but this will not affect the basic functions of the service.
4. Third-party SDK and Services
When users use third-party products that we access or some functions that use third-party services, we need to integrate the software tool development kits of our partners (referred to as "SDK”) or other similar applications can realize the related functions of the device. Third-party SDK and services may have some changes in data types due to version upgrades, policy adjustments, etc., if you encounter related problems during use, please contact us.
We will use your information in the following way: when the user uses the third-party products and functions that are accessed, the relevant information of the user will be collected.
To ensure the normal operation of the application, we will store small data files called Cookies on your mobile device. Cookies usually contain identifiers and some numbers and characters. With the help of, cookies, the app can store your account information and other data.
- Data Storage and Period
The above-mentioned information collected by us will be saved to Cololight servers in the corresponding regions around the world in accordance with relevant laws and regulations and the account area the user has applied for.
We will only retain your data information for the time necessary to achieve the purpose described in this, statement, and delete or anonymize your account information after your following, operations, unless otherwise required by laws and regulations.
In use Cololight App, period, your personal account data information processing and deadlines are as follows:
① For your account, information, when you cancel your, account, our server will permanently delete your account information.
② For storage in Cololight App data applications locally, when you uninstall Cololight App application, program, the local data storage will be deleted immediately.
③ For smart devices and business data stored on the server when you Cololight App remove the device in, time, cloud- stored data will be deleted immediately.
④ For the device history records stored on the, server, generally, the data will be stored on the server under your corresponding account area for 3-7 days. The processing varies depending on the area, server, but the longest will not exceed 7 days.
In addition, when our products or services cease to operate, we will promptly notify you of the incident by email, letter, telephone, push notification, ,etc., and delete your personal account information or anonymize it within a reasonable period of time.
7. Protect your personal account information
(1) We have used security protection measures that comply with industry standards to protect the account data information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your account data information. For example, we will use encryption technology to ensure the confidentiality of data; we will use trusted protection mechanisms to prevent malicious attacks on data; we will deploy access control mechanisms to ensure that only authorized personnel can access account information; and we will conduct security and privacy protection training courses to strengthen employees’ awareness of the importance of protecting user account information.
(2) We will take all reasonable and feasible measures to ensure that irrelevant information is not collected. We will only retain your account data information for the period required to achieve the purpose stated in the, policy, unless the retention period needs to be extended or permitted by law.
(3) The Internet is not an absolutely secure environment, and emails, instant messaging, and communication with other our users are not encrypted. We strongly recommend that you do not send your account information through such methods. Please use a complex password to help us ensure the security of your account.
(4) The Internet environment is not 100% secure. We will try our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of information, resulting in damage to your legitimate rights and interests, we will bear the corresponding legal responsibility.
(5) In the unfortunate event of a user account information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and you can take precautions on your own and suggestions to reduce risks, remedial measures for you, etc. We will promptly inform you about the incident by email, letter, telephone, push notification, etc. If it is difficult to inform each user one by, one, we will make the announcement in a reasonable and effective way.
At the same time, we will also proactively report the handling of account information security incidents in accordance with the requirements of the regulatory authorities.
Without your permission, this app will not disclose your account information to any third, party, except for the following situations:
- This app has obtained the authorization of you or your guardian;
- Judicial or administrative agencies have given legal procedures to request this app Disclosed;
- When this app files a lawsuit or arbitration against users in order to protect its legitimate rights and interests;
- According to the terms of service and application license agreement between you and this app;
- Other circumstances stipulated by laws and regulations.
8. Your rights
In accordance with relevant Chinese laws, regulations, and standards, as well as common practices in other countries and regions, we guarantee that you exercise the following rights with respect to your account information:
(1) Access your account and device information
You have the right to access your account information, except for exceptions provided by laws and regulations. If you want to exercise the right to access data, you can access it yourself in the following ways:
You can log in to the account of your bound smart device, enter the personal profile information page, and view your personal account information, including your user name, user nickname, bound mobile phone number, and bound email ; you can view the device through the device page Status, control device,, view device history and view device information, including device name, current device attributes, room to which the device belongs, device type, device version, device serial number, and device network information .
As long as we do not need to invest too much, we will provide you with other information generated during your use of our products or services. If you want to exercise data access rights, please send an email to email@example.com to describe your detailed request.
(2) Update your account and equipment information
You can modify your account password by logging in to your account and entering the personal profile information page; you can enter the device's three-level page to modify device-related information, including device name, room to which the device belongs, and device attributes; you can upgrade your device in the device management office; you can re-configure the network to modify the device network information.
(3) Delete your account and device information
In the following situations, you can request us to delete account information:
- If our handling of account information violates laws and regulations;
- If we collect and use your account information without your consent;
- If our handling of account data information violates our agreement with you;
- If you no longer use our products or services, or you cancel your account;
- If we no longer provide you with products or services.
If we decide to respond to your deletion request, we will also notify the entities that have obtained your account information from us and ask them to delete them in a timely manner, unless laws and regulations provide otherwise, or these entities obtain your independent authorization.
After you delete information from our service, we may not delete the corresponding information from the backup system immediately, but we will delete the information when the backup is updated.
(4) Change the scope of your authorization
Each business function requires some basic account information to be completed (see the first part of this policy). For the collection and use of additional collected information, you can give or withdraw your authorization and consent at any time. You can perform such operations by sending an email to firstname.lastname@example.org.
After you withdraw your consent, we will no longer process the corresponding account information. However, your decision to withdraw your consent will not affect the previous account information processing based on your authorization. If you do not want to accept commercial advertisements sent to you by us, you can perform such operations by sending an email to email@example.com.
(5) User cancellation of account
You can cancel your previously registered account at any time, and you can perform such operations by sending an email to firstname.lastname@example.org.
After canceling your account, we will stop providing products or services to you, and delete your account information at your request, unless otherwise provided by laws and regulations.
(6) User obtains a copy of account information
You have the right to obtain a copy of your personal account information, and you can perform such operations by sending an email to email@example.com.
Under the premise of technically feasible, such as data interface matching, we can also directly transmit a copy of your account information to a third party designated by you according to your requirements.
(7) Constraint information system automatic decision-making
In some business functions, we may only make decisions based on non-manual automatic decision-making mechanisms including information systems and algorithms. If these decisions significantly affect your legal rights, you have the right to ask us for an explanation, and we will also provide appropriate remedies.
(8) Responding to your above request
To ensure safety, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request.
We will reply within thirty days. If you are not satisfied, you can file a complaint by sending an email to firstname.lastname@example.org.
For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost depending on the circumstances. For those that are unreasonably repeated, require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), bring risks to the legitimate rights and interests of others, or are very impractical (for example, involving information stored on backup tapes) Request, we may refuse.
In the following situations, we will not be able to respond to your request in accordance with the requirements of laws and regulations:
- Related to national security and national defense security;
- Related to public safety, public health, and major public interests;
- Related to criminal investigation, prosecution and trial;
- There is sufficient evidence to show that you have subjective malice or abuse of rights;
⑤ Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations.
- How to transfer your personal account information globally
We provide products or services through resources and servers all over the world. Currently, we have servers deployed in China, Europe, America, Asia Pacific, and Japan. This means that after obtaining your authorization, your account information may be transferred to or be accessed from overseas jurisdictions in the country / region where you use the product or service.
Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we will ensure that your account information is sufficiently and equally protected within the territory of the People's Republic of China. For example, we will request your consent for cross-border transfer of account information, or implement security measures such as data de-identification before cross-border data transfer.
In principle, the account information we collect and generate within the territory of the People's Republic of China will be stored on servers within the territory of the People's Republic of China. However, cross-border transmission is permitted according to the applicable laws of the People's Republic of China.
The personal account information we collect and generate in the Americas will be stored on Cololight Americas servers. However, cross-border transmission is permitted under the applicable laws of the Americas.
The personal account information collected and generated by us in the Asia Pacific region will be stored on the Cololight Asia Pacific server. However, cross-border transmission is permitted under the applicable laws of the Asia-Pacific region.
The personal account information we collect and generate in Japan will be stored on Cololight Japan servers. However, cross-border transmission is permitted under the applicable laws of Japan.
The personal account information we collect and generate in Europe will be stored on the Cololight Europe server. The collection and transfer will be based on the EU standard contract clauses or the security protection mechanism stipulated in the General Data Protection Regulation (GDPR). You have the right to view the detailed copy content through the application's terms of service.
- Resolution of Disputes
We will respond to your feedback and opinions in a timely manner, but when there is a dispute over the performance of this agreement, you can file a lawsuit to the People's Court of Xiaoshan District, Hangzhou City, Zhejiang Province, People's Republic of China in our location. At the same time, the legal laws concerning this Agreement are also relevant laws and regulations of the People's Republic of China.
12. How to contact us
Under normal circumstances, we will reply within 30 days.