Version:Alivia AI V1.0
Effective date: May 6th, 2023
Thank you for following Whale's products and services! This app and its in-app services are for Whale's enterprise clients or their authorized persons (hereinafter referred to as “you”) and are not open to general consumers. If you are not an enterprise client or authorized person in a cooperative relationship with Whale, please stop using the Alivia AI app immediately.
We recommend that our clients download and install this app with a device and a mobile phone number/account number that belongs to their company and that authorized persons download and install this app with a device and a mobile phone number/account number that is dedicated for work purposes.
We understand the importance of Personal Information (PI) to our clients (and their authorized employees). To help you learn about how the app protects your PI, you can read this Alivia AI Product Privacy Policy (hereinafter referred to as “this Policy”) before using our Alivia AI products or services. We strive to be clear and concise and to use bold text to alert you to the clauses of this policy that are significantly relevant to your rights and interests.
You can jump to relevant chapters via the index below and learn further about this Policy.
I. Definition
II. How we fulfill our responsibilities of PI protection
III. Use of cookies
IV. How we update this Policy
V. How to contact us
1. Personal Information (or "PI" in this Policy) refers to all kinds of information, recorded in electronic or other forms as specified in relevant laws, that, independently or when combined with other information, allows for personal identification or reflects activities of a specific natural person. You know and understand that any individual piece of device information, daily record, keyword search, or other information/data that cannot directly lead to identifying a specific person is not regarded as PI.
2. Sensitive Personal Information (or "Sensitive PI" in this Policy) refers to PI that, once leaked, illegally provides, abuses, or damages personal reputation or health or leads to discriminatory treatment.
3. Personal Information Handler (or "PI Handler" in this Policy) refers to an organization or person, as specified in relevant laws, capable of deciding the purposes and methods of handling PI.
4. Personal information Subject (or "PI Subject" in this Policy) refers to a natural person that certain PI identifies or is associated with.
5. Other terms and definitions related to PI in this Policy, unless otherwise specified or agreed, are in accordance with the “Information Security Technology—Personal Information Security Specification” (GB/T 35273-2020).
6. “Whale” in this Policy refers to legal entities that provide you with relevant services and bear corresponding liabilities. They include Whale Jiangxin Tech (Hangzhou) Co., Ltd., Hangzhou Zuotoujing Tech Co., Ltd., Shenzhen Xujing Tech Co., Ltd., and Shanghai Yuanjing Tech Co., Ltd.
1. Whale strictly abides by China's laws and regulations related to PI and firmly observes the following principles in handling PI: balancing rights with responsibilities, clear purpose, consent, minimum necessary, security, participation of PI subjects, and transparency.
2. When a client uses functions on Alivia AI via a client front end such as a mobile phone or a computer for business purposes, relevant services only involve limited PI of the client or the authorized employees to fulfill functions such as product registration, robot dialogue, AI painting, and etc. We promise that, in accordance with relevant laws and regulations and having consulted mature security standards in the industry, we will make every effort to keep PI safe and under control when our clients and their authorized employees use the app.
(1) How we collect PIa. Registration, login, and authentication
To comply with laws and regulations, and to secure safe services to authorized employees of our clients, we require a cell phone number, password, and verification code during registration for our products and services. If you refuse to provide these, you cannot complete registration.
b. Alivia AI technology
In order to provide users and their employees with Alivia AI's technology, we require all users to enter cell phone numbers and email addresses for registration, login, customer service consultation and other services.
c. Security services
To meet legal requirements and to provide you with stable services that are protected from viruses, Trojan horses, or other malicious programs and websites, we need to record your activities in terms of service categories and methods, as well as device brands, models, names, software versions, and service-related information.
d. Device information we may collect
In order to provide the following functions, we need to access to your device with your camera permissions:
Take and upload pictures on AI drawing page;
Save the pictures generated by AI drawing to local album;
Save the pictures from Note to the local album;
Take or select a picture from album as user avatar.
Refusing to grant camera access may result in failure to use such functions as workflows and saving pictures.
e. Please understand that the services we provide are constantly being developed and updated. If you use services not specified above that require the collection of your personal information, we will inform you of the collection scope and purposes via page reminders, interactive processes, or agreements to obtain your consent. We will use, store, provide, and protect your information in accordance with this Policy and the corresponding user agreement. If you choose not to provide the aforementioned information, you may not be able to use all or part of certain services, though you may still be able to use other services we provide.
f. To ensure certain functions and stability of the Alivia AI app, we may grant third-party SDKs access to the app. Third-party SDKs vary according to the version. We will strictly monitor the security of SDKs that access PI to ensure data security. To learn more about the purposes, ways, scope, and other information about how SDKs handle PI, please read the SDK Information List。。
(2) Exceptions to obtaining consentAccording to relevant laws and regulations, we do not have to obtain your consent for collecting and using your PI in the following cases:
Related to national security or national defense;
Related to public security, public health, or major public interests;
Related to criminal investigations, prosecutions, trials, or execution of court decisions;
For the purpose of safeguarding the life, property, or other significant legitimate rights and interests of the PI Subjects or other individuals, and where it is hard to obtain consent from the PI Subjects;
The PI involved is disclosed to the public by the PI Subject;
The PI is collected from legally and publicly disclosed information, such as legal news reports and government information disclosure;
(The collection and use of PI are) essential to the signing and performing of a contract requested by the PI Subject; or
Other cases specified by laws and regulations.
(3) How we use your PI• a. To fulfill the purposes specified in “How we collect PI” in this Policy; Your PI may be displayed to you when the app is in use. Please be careful not to leak any information when using the app.
• b. To inform you of the status of the services you use, in which case we will send a service reminder or notification;
• c. To report to relevant government departments in accordance with laws and regulations; and
• d. Other purposes with your permission.
(4) How we share, transfer, publicly disclose, and entrust others to process your PIa. Entrusted processing
To increase efficiency, reduce costs, or improve the accuracy of data processing, Whale, as a PI Controller, may, within the scope of obtained authorization, entrust a competent affiliated company or another professional organization to process the information on our behalf. The entrusted company, organization, or individual will be required to sign a strict non-disclosure agreement and process PI in accordance with our requirements and any other relevant confidentiality and security measures.
b. Sharing
We will not share your PI with companies, organizations, or individuals outside of Whale except in the following cases:
With your explicit consent or authorization;
When requested by the authorities such as an administrative or judicial organ in accordance with relevant laws and regulations;
When used for core functions of relevant products and services (this includes sharing with our affiliate companies or partners); or
When used for social public interests in accordance with relevant laws and regulations.
c. Transfer
We will not transfer your PI to any company, organization, or individual except in the following cases:
•With your prior explicit consent;
•As stipulated by laws, regulations, legal procedures, or the mandatory requirements of administrations or judiciaries;When the transfer of PI is involved in a(n) merger, acquisition, or bankruptcy liquidation, we will notify you and require the new company or organization to which your PI is transferred to continue to be bound by this Policy. We will require the new company or organization to seek your explicit consent again if their stated goals or use of personal information changes.
d. Disclosure
•We will not publicly disclose your PI except in the following cases:
•After acquiring your explicit consent;
•Statutory disclosure: we may publicly disclose your PI as stipulated by laws, legal procedures, prosecutions, or the mandatory requirements of government agencies.
(5) How we protect your PIa.We have employed security protection measures according to industry standards to protect your PI and prevent unauthorized access to or disclosure, use, modification, damage, and loss of data. To ensure the security of your information, we are committed to using a variety of security technologies and supporting management systems to minimize the risk of your information being leaked, damaged, misused, altered, accessed, or disclosed without authorization. For example, we employ encrypted transmission and storage of data with SSL; we prevent any unauthorized or malicious access with Whale's service authentication and firewall; we strictly limit access to our data center by establishing a unified role permission control system; we adopt security measures including encryption, permission control, de-identification, and anonymization when transmitting and storing PI.
b. We have obtained Class 2 Certification of Class-based Information Security Protection and certifications of ISO 27001 Information Security Management System, ISO 27701 Privacy Information Management System, and ISO 9000 Quality Management System.
c. Our data security competency: We have established a department responsible for PI protection, which will carry out PI security impact assessments on the collection, use, sharing, and entrusted processing of PI. Meanwhile, we have established an internal control system to handle tasks, including but not limited to creating emergency response plans for personal information security incidents, organizing emergency response trainings and emergency drills on a regular basis, managing and controlling permissions and behaviors of employees with access to personal information, training on laws, regulations, and practices related to information security protection, and organizing examinations on security for all employees.
d. In the case of an unfortunate PI security incident, we will, in a timely manner and in accordance with laws and regulations, inform you of the basic conditions and possible impacts of the security incident, response measures that are already taken or to be taken by us, and suggestions for remedial measures you can take regarding self-preservation and risk mitigation. We will inform you of such information by email, letter, telephone, and/or push notification, and when it becomes difficult to notify each personal information subject individually, we will properly and effectively issue a public notice.
e. The internet is not 100% secure. We will do our utmost to ensure or guarantee the security of any information you send to us. If your legal rights and interests are adversely affected due to unauthorized access to, disclosure, tampering, or damage of your PI resulting from damage of our physical, technical, or management protection facilities, we will assume legal liabilities accordingly. At the same time, we will also take the initiative to report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.
f. Please keep your login name and other identity factors properly protected. When you use our services, we will identify you with your login name and other identity factors. Once you leak the above information, you may suffer from losses and other adverse impacts. If you find that your login name and/or other identity factors may have been leaked, please contact us immediately, so that we can take appropriate measures to avoid or reduce related losses.
(6) How we store PIa. PI collected and generated within the territory of the People’s Republic of China will be stored in China in accordance with laws and regulations.
b. We will only retain your PI for the period necessary to provide Whale products and to fulfill their purposes, and will strictly abide by the requirements of laws and regulations during the storage period.
(7) Your rights to manage your PIAccording to relevant laws, regulations, and standards in China, we ensure the following rights to your personal information:
a. Access and editing of PI
You have the right to access your PI by logging into the platform. If you have trouble accessing or editing your PI, you can contact us at any time by the means we provide in this Policy for assistance.
b. Delete PI
Under the following circumstances, you can request deletion of your personal information:
If our treatment of your PI violates any law or regulation;
If we collect and use your PI without your consent;
If our treatment of your PI breaks our agreement with you;
If you delete your account; or
If we terminate our services and operation.
c. Change scope of consent
Every business function requires some PI to work. When it comes to the collection and use of additional personal information, you can give or revoke your consent at any time. After you revoke your consent, we will stop processing the relevant personal information. However, your revocation does not affect any previous personal information handling under your authorization.
d. To de-register an account
You can de-register an account at any time. We will stop providing the products and services to you and delete your personal information as you request unless otherwise specified by laws and regulations.
Currently, you cannot de-register your account by yourself on the client side. You can contact us at any time bythe means we provide in this Policy and we will de-register your account for you within 7 days.
e. In the following cases, we cannot respond to your request:
• When related to the fulfilment of obligations under laws and regulations by the PI Controller;
• When directly related to national security or national defense;
• When directly related to public security, public health, or major public interests;
• When directly related to criminal investigations, prosecutions, trials, or execution of court decisions;
• When the PI Controller has ample evidence to show a PI Subject's malicious intent or abuse of rights;
• For the purpose of safeguarding the life, property, or other significant legitimate rights and interests of the PI Subjects or other individuals, and where it is hard to obtain consent from the PI Subjects;
• When responding to a PI Subject’s request will bring about grave harm to the legitimate rights and interests of the PI Subject, other individuals, or organizations; or
• When trade secrets are involved.
(8) How we handle PI of minorsOur products and services are mainly for enterprises or their authorized employees (adults). Due to limitations of current technologies and our business model, if a minor's PI has been collected without a parent or guardian's consent, please contact us as soon as possible to delete the data. Children’s personal information that is collected with a parent's consent will only be used or publicly disclosed when it is permitted by laws and explicitly consented to by their parents or guardians, or when is essential to protecting the children.
(1) To ensure normal functioning of our app and services, we may use your cookies to allow you convenient login or use of services/functions dependent on cookies.
(2) You have the right to accept or decline cookies. You can decline cookies by changing your browser settings. However, if you decline cookies, you may not be able to log in or use services/functions dependent on cooki
We may revise or change this Policy from time to time. We will not reduce your rights under this Policy without your explicit consent. We will post any changes to this policy on this page. If changes are significant, we will provide a more prominent notice (including, for certain services, email notification of change details).
If you have any questions, comments or suggestions regarding this Policy, you can contact us by phone: 400-655-1213 or email: hello@whale.im We have designated personal information protection specialists, and you can get in touch with them through email or mail. Our address is: Building A7, Zhejiang University Alumni enterprise headquarters economic park, No. 397 Cang Xing Street, Cangqian Subdistirct, Yuhang, Hangzhou, Zhejiang.