Privacy Policy

Last updated: May 1, 2026
简体中文 English
Terms Privacy Cookie Policy

1. Scope

This Privacy Policy applies to our processing of personal information when you access, register for, log in to, purchase, trial, or use the Huoshui Yunchuang Operating System and related websites, applications, APIs, customer support, notifications, and other services. If a specific function has separate instructions, service terms, authorization pages, or supplemental policies, those materials form part of the rules governing personal information processing between you and us.

Personal information means all kinds of information recorded electronically or otherwise that relates to an identified or identifiable natural person, excluding information that has been anonymized.

2. Types of Personal Information We Process

  • Account and identity information, such as name, nickname, email address, mobile number, account identifiers, login credentials, password hashes, referral information, and account-opening information.
  • Entity and collaboration information, such as operating entities you create, member names, roles, permission configuration, invitations, organization affiliation, approval relationships, and collaboration records.
  • Business and operating data, such as revenue and expense records, budgets, account data, reports, operating analysis, invoice or voucher materials, notes, and other business management data that you enter, import, synchronize, generate, or export.
  • Device and log information, such as device identifiers, browser type, operating system, IP address, access time, page operation traces, error logs, API logs, performance logs, and operation audit records.
  • Security and risk-control information, such as captcha verification records, failed login records, abnormal access records, risk labels, anti-attack logs, and data related to account security.
  • Customer support and communication information, such as inquiries, feedback, email correspondence, service desk records, notification delivery records, and customer support information.

3. Purposes, Methods, and Legal Bases

  • To provide core functions such as account registration, login authentication, session maintenance, permission control, member collaboration, operating data management, budget management, report display, analysis assistance, reminders, and customer support.
  • To maintain service security and stable operation, including identity verification, abnormal access detection, attack prevention, troubleshooting, audit trails, and security incident handling.
  • To comply with legal obligations, respond to lawful requests from judicial or administrative authorities, handle complaints and reports, resolve disputes, and exercise or protect lawful rights.
  • Where permitted by applicable law, we may process personal information based on your consent, necessity for contract formation or performance, compliance with legal obligations, emergency protection of life, health, or property, or other lawful bases provided by applicable law.

4. Third-Party Personal Information You Import

In enterprise, team, family, or collaboration scenarios, you may enter, import, synchronize, or share information involving other natural persons, such as member information, customer information, supplier contact information, counterparty information, invoice information, or other business-related personal information. For such third-party personal information:

  • You must ensure that you have a lawful, sufficient, and valid processing basis and necessary authorization, and that the processing purpose, scope, and method comply with applicable laws and regulations.
  • You are responsible for notifying relevant individuals, obtaining consent, establishing internal authorization, signing agreements, or completing other compliance obligations as required.
  • If your importing, processing, or sharing of third-party personal information causes complaints, disputes, infringement claims, regulatory investigations, or penalties, you are responsible for those matters and must compensate us for losses caused thereby.
  • If you breach any provision of this policy and cause losses to us or any third party, you shall bear full compensation liability.

5. Sharing, Entrusted Processing, and Disclosure

  • We do not sell your personal information.
  • Where necessary to provide the service, we may entrust cloud services, storage services, email services, SMS services, customer support, payment services, security protection, monitoring and audit services, AI capabilities, or other technical providers to process necessary information, and require them to process information according to agreements, laws, and security requirements.
  • When you initiate member collaboration, invitations, sharing, export, download, copying, public display, or authorize third-party access, relevant information may be provided to corresponding recipients according to your operation. You should independently assess necessity and risks.
  • Where required by laws and regulations, lawful requests from judicial or administrative authorities, protection of users or platform rights, complaint and dispute handling, security audits, or prevention of unlawful risks, we may provide, disclose, or retain relevant information according to law.

6. Current Main Third-Party Processing Scenarios

For clarity, the following summarizes main third-party processing scenarios currently integrated or reserved in the code and product structure. Actual enablement depends on environment configuration, feature flags, and business scenarios. If a capability is not enabled, the corresponding third-party processing will not occur.

AI analysis services

When you actively use AI analysis, AI chat, intelligent suggestions, or similar functions, prompts, conversation content, operating data snippets, account identifiers, or necessary context may be sent to third-party model providers. Current code-level supported providers include DeepSeek and Doubao (Volcengine Ark / ByteDance).

Object storage attachments

When you upload screenshots, files, or attachments in the service desk or similar scenarios, files are stored in S3-compatible object storage. The current implementation uses private access and temporary links by default to avoid long-term public exposure. If your deployment uses Tencent Cloud COS or another S3-compatible storage provider, file metadata and access logs may be processed by that provider.

Payment and order capabilities

For institutional or company customer orders, payments, invoicing, and reconciliation, order numbers, payment amounts, transaction status, invoice information, and necessary identity information may need to be processed by payment channels, tax service providers, or related providers.

Email, notifications, and operations alerts

The system code reserves configuration for Postmark, Resend, Amazon SES, Slack, and similar email or notification services. If enabled, email addresses, message content snippets, delivery status, and necessary logs may be processed by the corresponding providers for notifications, verification codes, bills, service desk reminders, or internal operations alerts.

7. Storage, Retention, and Cross-Border Processing

  • We retain personal information for the shortest period necessary to achieve the purposes described in this policy, unless laws and regulations, regulatory retention requirements, dispute handling, security audits, or your separate authorization require otherwise.
  • When the retention period expires or the processing purpose has been achieved, cannot be achieved, or is no longer necessary, we will delete, anonymize, or otherwise lawfully dispose of relevant information according to applicable law and actual circumstances.
  • If system deployment, cloud service architecture, third-party service capabilities, or business arrangements involve cross-border transfer, overseas access, or overseas processing, we will perform corresponding obligations under applicable law and handle the matter through separate instructions, individual notices, or other lawful methods.

8. Security Measures and Risk Notice

We adopt technical and administrative measures appropriate to business risks, including access control, permission isolation, identity verification, transmission encryption, log audits, backup and recovery, security monitoring, vulnerability remediation, and abnormal access protection, to reduce risks of leakage, tampering, damage, loss, or unauthorized access.

However, no network environment or technical measure can guarantee absolute security. For risks caused by hacking, technical faults, communication line issues, third-party service exceptions, force majeure, poor credential management, misoperation, improper authorization, or improper sharing by users, we will take reasonable measures according to law, but do not guarantee risks beyond our reasonable control.

9. Your Rights

  • Subject to laws, regulations, and technical feasibility, you have the right to query, access, correct, and supplement your personal information.
  • Where applicable law provides, you may request deletion of personal information, account cancellation, withdrawal of certain authorizations, or export of data that you are entitled to obtain.
  • Withdrawal of authorization, deletion, or cancellation may cause some or all functions to become unavailable. Processing performed before withdrawal based on your authorization is not affected, unless laws and regulations provide otherwise.
  • For third-party personal information you enter in collaboration scenarios, if a rights request involves ownership verification, subject identification, business permissions, or legal obligations, we may require you to complete necessary verification or handle the matter through lawful channels first.

10. Cookies and Similar Technologies

We use cookies and similar technologies for identity recognition, session maintenance, and experience optimization. See the Cookie Policy for details.

11. Contact and Policy Updates

We may update this policy based on business changes, laws and regulations, regulatory requirements, or risk-control needs. If material changes occur, we will provide notice through page announcements, in-site notifications, email, or other reasonable methods. If you do not agree to the changes, you have the right to terminate the service agreement at any time, apply to cancel your account, and request deletion of all information retained by us.

If you have questions about this policy, personal information processing, or related rights requests, you may contact us through the contact page.