YogaVision Privacy Policy

Effective Date: [2026.03.22] (Please fill in the actual effective date, which is recommended to be consistent with the Google Play launch date)

Data Controller: Qinhuangdao Xilaoqiao Technology Co., Ltd. (hereinafter referred to as "we" or "us")

Registered Address: Room 602, Unit 2, Building 9, Daqin Zuo'an, Gangcheng Street Subdistrict, Haigang District, Qinhuangdao City, Hebei Province, China

Contact Email: olanralerandyruigley@gmail.com (for handling user privacy-related inquiries, complaints, and right requests)

Data Protection Officer (DPO): [Please fill in the DPO's name; if not designated, fill in "Not designated yet, please send relevant matters to the above contact email"]

DPO Contact Email: olanralerandyruigley@gmail.com (consistent with the official contact email for convenient unified communication with users)

This Privacy Policy (hereinafter referred to as "this Policy") applies to the Android application YogaVision — AI Yoga Pose Image Creator (hereinafter referred to as "this Application") developed by us. This Application is only available to adult users aged 18 and above. When you first open this Application, you need to check and confirm your consent to this Policy and the User Terms. You can use all functions of this Application in full without registration, login, or binding any account.

This Policy strictly complies with the requirements of Google Play Store's Privacy Policy and is also consistent with major global data protection regulations, including but not limited to the European Union's General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Brazil's General Data Protection Law (LGPD), France's Data Protection Act (FADP), and South Korea's Personal Information Protection Act (PIPA). It aims to fully and transparently inform you of all the ways we collect, use, store, share, and protect your personal data, as well as all the rights you enjoy as a data subject, including additional privacy rights in specific regions. Please carefully read and fully understand all terms of this Policy before using this Application. Any of your usage behaviors (including opening the Application, checking to agree, and using various functions) shall be deemed as your full awareness and consent to all contents of this Policy, including our agreements on the handling of personal data and all rights and obligations.

If you are under 18 years of age, please do not use this Application; if you find that a minor has used this Application by mistake, please immediately notify us via the above contact email, and we will promptly take measures such as deleting data and restricting usage to protect the privacy and security of minors.

I. Scope, Methods, and Detailed Description of Data Collection

We strictly adhere to the principles of "data minimization", "legality, propriety, and necessity", and only collect personal data that is necessary to realize the core functions of this Application, ensure the normal operation of the Application, and optimize the user experience. We do not collect any redundant data irrelevant to the services. All data collection behaviors are carried out with your explicit authorization. Without your active authorization, we will not collect or obtain your personal data in any form. Data collection methods are divided into two categories: "actively provided by users" and "automatically collected". The specific details are as follows:

(I) Personal Data Actively Provided by Users

Such data is provided by you voluntarily. You can decide whether to provide it according to your own needs. Not providing such data will only affect the use of the corresponding functions, but not the normal operation of other core functions of this Application.

1. Image Data: Various images such as yoga pose images, pet pose images, and scene reference images that you actively take with your mobile phone camera or select and upload from your album when using the "Upload Reference Photo" function of this Application. Such data is only used as a visual benchmark for AI image generation — AI will analyze elements such as poses, compositions, and tones in the images, combined with your text descriptions, to generate high-quality yoga/pet yoga images that meet your expectations. It will not be used for AI model training, data sharing, or any other purposes unrelated to image generation. Uploaded images will be preferentially stored on your local device, and only temporarily cached in the cloud (for a maximum of 72 hours) for real-time preview and effect adjustment during image generation. After the cache expires, it will be automatically and completely deleted without leaving any copies.

2. Audio Data: Voice content that you actively record and submit when using the voice feedback function on the "Feedback Page" of this Application. Such data is only used to receive your product suggestions, function complaints, usage questions, and other feedback information. We will arrange relevant staff to listen to and sort out the feedback content to optimize the function design of this Application, fix usage problems, and improve service experience. Voice feedback data will be automatically deleted within 15 working days after your feedback is processed. Once deleted, it cannot be recovered and will not be used for voice recognition model training, commercial promotion, or other purposes.

3. Text Data: Including but not limited to text descriptions you enter when using the "Text Description to Generate Image" function (such as descriptions related to yoga moves, scenes, styles, character features, pet breeds, etc.), text feedback submitted through the in-app feedback portal, and consultation/complaint text information sent to our contact email. Such data is only used to realize AI image generation (text descriptions will be converted into AI-recognizable instructions for generating corresponding images) or to handle your feedback requests. Text description data will be bound to the generated images and stored on your local device, with no retention in the cloud; feedback-related text data will be deleted within 15 working days after processing.

(II) Automatically Collected Device and Usage Data

When you use this Application, with your authorization of relevant permissions, we will automatically collect necessary device information and usage data through application programming interfaces (APIs), system sensors, and other methods. Such data is non-identifiable data (or has been anonymized), which cannot identify your personal identity alone or in combination with other information. It is only used to ensure the normal operation of the Application, optimize function experience, deliver compliant advertisements, and conduct data analysis. Specifically including:

1. Device Identification Information: Including Advertising Identifier (AAID, Android Advertising ID), device model, operating system version, Android ID, device manufacturer, hardware serial number, device screen resolution, processor model, memory size, etc. Among them, the Advertising Identifier is only used to comply with Google Play advertising policies, deliver compliant personalized advertisements, and count advertising display effects. We will not associate the Advertising Identifier with your personal identity information; other device identification information is only used to adapt to application functions (such as adjusting image generation speed according to device performance, adapting interface display to different screen sizes), troubleshoot application faults, and count device usage to ensure the compatibility and stability of the Application on different Android devices.

2. Application Usage Information: Including application launch time, exit time, usage duration, function usage records (such as the number of image generations, preferences for pose library/scene presets, style filter selection records, export/share operation records), and operation logs (such as click positions, operation steps, error prompt information), etc. Such data is only used to analyze user usage habits, optimize application function design (such as optimizing the sorting of the pose library according to users' commonly used poses, adjusting the default options of style filters according to user preferences), fix application vulnerabilities, and improve application operating efficiency. It will not be used to identify personal identity or push irrelevant content.

3. Storage and Application Information: Including external storage access records (only used to read the reference images you uploaded and save the generated high-resolution images), and installed application list (only used to identify the social platform applications installed on your device to support you to directly share the generated images to the corresponding platforms). We will not read or collect other files in your external storage (such as documents, videos, irrelevant images, etc.), nor will we use the installed application list for commercial promotion or data sharing.

4. Network and Environment Information: Including IP address, network type (WiFi/mobile network/5G), network signal strength, time zone, language settings, and device location (located based on IP address, only accurate to the city level, not obtaining specific geographic coordinates). Such data is only used to ensure stable network connection (such as adjusting the resolution and transmission speed of image generation according to network type), adapt to regional language preferences (such as switching the application interface language according to device language settings), and prevent network fraud and malicious attacks to ensure the security of the Application and user data.

(III) Permission Application and Detailed Usage Description

This Application strictly complies with Google Play permission application specifications. All permissions are "optional authorization" with no mandatory authorization requirements. You can choose "Allow" or "Deny" when using the corresponding function for the first time, and you can also enable/disable any permission at any time through the "Settings - Apps - YogaVision - Permissions" page on your mobile phone. Disabling permissions will only affect the normal use of the corresponding functions, not the operation of other functions of this Application. We will not restrict your use of irrelevant functions because you deny a certain permission. The specific permissions and detailed usage purposes are as follows:

Note: This Application will not apply for any permissions irrelevant to the services (such as calls, text messages, location, address book, etc.), and strictly adheres to the principle of minimizing permissions on Google Play to protect user privacy and security.

II. Purposes of Data Collection and Use (Detailed Description)

All personal data we collect is strictly limited to the scope of realizing the core functions of this Application, ensuring the normal operation of the Application, optimizing user experience, and complying with operations. Without your additional written consent, we will never use the data for any purposes other than those agreed in this Policy, nor will we use the data beyond the requirements of Google Play policies and relevant regional data protection regulations. The detailed descriptions of specific usage purposes are as follows:

1. Realize the core function of AI image generation: This is the core service purpose of this Application. We will analyze and process the reference images you uploaded (visual benchmark), the text descriptions you entered (demand instructions), combined with the built-in yoga pose library and scene presets of the Application, through the AI generation engine (DhyanaEngine) to generate high-quality yoga/pet yoga images that meet your expectations; at the same time, optimize the generated images according to the style filters and color adjustment options you selected to ensure that the visual effect of the images meets your aesthetic needs. In this process, only the images and text descriptions you provided will be used, and no other irrelevant data will be used.

2. Ensure the normal operation of the Application and troubleshoot faults: By collecting device identification information, network information, operation logs, and other data, we can timely discover faults during the operation of the Application (such as crashes, freezes, image generation failures, etc.), troubleshoot the causes of faults (such as device compatibility issues, network connection issues, algorithm vulnerabilities, etc.), fix program vulnerabilities, and optimize application performance (such as improving image generation speed, optimizing interface fluency), ensuring that all functions such as image generation, export, sharing, and in-app purchases can operate stably, providing you with a smooth user experience. At the same time, operation logs are only used for fault troubleshooting and performance optimization, not for other purposes.

3. Handle user feedback and requests: Through the voice/text feedback data you submitted, we can timely understand the problems you encountered and the suggestions you put forward when using this Application, arrange staff to handle them (such as fixing function vulnerabilities, optimizing function design, answering usage questions), and feedback the results to you via email or in-app notification after processing, continuously improving the service quality of this Application to meet your usage needs.

4. Provide content sharing and community interaction services: Based on the app information reading permission, we support you to directly share the generated yoga/pet yoga images to social platforms such as Instagram, Pinterest, Weibo, and WeChat, facilitating your social sharing, teaching dissemination, or brand promotion; at the same time, through the community interaction layer (SanghaHive), provide users with functions such as work display, likes, and comments, and build a community of yoga enthusiasts. In this process, only the images and interactive operation data you actively share will be used, and your personal privacy will not be disclosed.

5. Deliver compliant advertisements and conduct data analysis: Through the Advertising Identifier and application usage data, we will deliver personalized advertisements that comply with Google Play policies and do not infringe on user privacy. The advertisement content will be related to yoga, fitness, pets, etc., to avoid delivering irrelevant advertisements; at the same time, by analyzing user usage data (such as function usage preferences, image generation style preferences), we can understand user needs, provide data support for application function iteration, pose library updates, and scene preset optimization, and improve the practicality and user experience of the Application. It should be specially noted that we will not use data for precise positioning of personal identity, nor will we deliver illegal, irregular, or vulgar advertisements.

6. Realize in-app purchases and value-added services: Record data such as your free generation times, virtual currency purchase records, and subscription activation records to ensure the normal operation of the in-app purchase function (such as verifying the validity of purchases, restoring purchase records), provide you with value-added services such as high-definition export, batch generation, and ad-free, and retain in-app purchase records in accordance with the requirements of relevant payment regulations for verifying transaction records, handling refund requests, and protecting your legitimate rights and interests.

7. Comply with laws, regulations, and Google Play policies: To comply with applicable laws and regulations, judicial judgments, arbitral awards, or respond to the legitimate requirements of the Google Play platform and data protection regulatory authorities (such as the European Union's EDPB, California AG, Brazil's ANPD, etc.), use your relevant data when necessary to ensure that the application operation is compliant and avoid non-compliance risks.

We promise that we will not use your personal data for AI model training, data sales, commercial promotion (except for compliant advertisements agreed in this Policy), third-party cooperation, or other irrelevant purposes, and strictly adhere to the "purpose limitation" principle of data use.

III. Data Storage and Protection (Strengthening Security Details)

We attach great importance to the security of your personal data, strictly comply with Google Play data security requirements, adopt industry-leading technical protection, management protection, and third-party protection measures, and establish a sound data security management system to ensure that your personal data is not leaked, tampered with, lost, or accessed and used without authorization; at the same time, clarify the data storage period and storage location, adhere to the "storage minimization" principle, only store data for the necessary period, and timely delete or anonymize it after the expiration. The specific details are as follows:

(I) Detailed Description of Data Storage

1. Storage Period: We only store your personal data for the period necessary to achieve the usage purposes agreed in this Policy. After the expiration, we will automatically and completely delete it or anonymize it (delete information that can identify personal identity, only retain anonymous data that cannot identify personal identity for data analysis). The specific storage periods are as follows:
        

￮ Reference images, text descriptions, and generated images: Preferentially stored on your local device (you can delete them at any time through device functions), and only temporarily cached in the cloud. The maximum cache period is 72 hours, which is used for image generation and real-time preview. After the cache expires, it will be automatically and completely deleted without leaving any copies; if you actively upload images to the application community, the storage period will end on the day you actively delete the images.

￮ Voice/text feedback: Stored until 15 working days after your feedback is processed. After processing, it will be automatically and completely deleted. Once deleted, it cannot be recovered and no backup will be retained.

￮ Device identification information, application usage information, and operation logs: Stored for 12 months from the date of data collection. After expiration, it will be automatically anonymized (delete device identification, operation records, and other information that can identify personal identity). The anonymized data is only used for application performance analysis and function optimization and cannot be associated with any individual.

￮ In-app purchase records and payment-related data: Stored for 3 years from the date of transaction completion in accordance with Google Play payment policies and relevant regional payment regulations, used for verifying transaction records, handling refund requests, and responding to audits and regulatory inspections. After 3 years, information that can identify personal identity will be automatically deleted, and only anonymized transaction statistics will be retained.

￮ Data related to user right requests (such as records of requests to access, correct, or delete data): Stored until 6 months after the request is processed for future reference, and automatically deleted after expiration.

2. Storage Location:
        

￮ Local Storage: Core data such as your reference images, generated images, and text descriptions are preferentially stored locally on your Android device. The storage path is Internal Storage/YogaVision folder. You can view and delete them at any time through the device file management function, and we will not interfere with your management of local data.

￮ Cloud Storage: Temporarily cached data (such as reference image cache, temporary files during image generation) is stored on our authorized cloud servers that meet Google Play data security requirements. The server is located in [Please fill in the country/region where the server is located, such as Singapore, the United States, the European Union, etc.] to ensure that data storage complies with the requirements of relevant regional data protection regulations.

￮ Cross-border Data Transmission: If cross-border data transmission is involved (such as data transmission between cloud servers and your local device, or data transmission from servers in one region to another), we will strictly comply with the requirements of relevant regulations such as GDPR, LGPD, and CCPA, and take necessary compliance measures, including but not limited to signing Standard Contractual Clauses (SCCs), adopting AES-256 encrypted transmission, and desensitizing data, to ensure the security and compliance of cross-border data transmission, and simultaneously file with relevant regional data protection regulatory authorities (such as the European Union's EDPB).

3. Storage Method: Local storage adopts encrypted storage, encrypting your images, text, and other data to prevent data leakage after the device is rooted or cracked; cloud storage adopts distributed storage and redundant backup technology to ensure that data will not be lost due to server failures, natural disasters, etc. At the same time, stored data is encrypted at different levels, and different types of data adopt different encryption levels to improve data security.

(II) Data Protection Measures (Detailed and Compliant with Google Play Requirements)

We have established a comprehensive and multi-level data security protection system to protect your personal data from technical, management, third-party cooperation, and other dimensions. The specific measures are as follows:

1. Technical Protection Measures:
        

￮ Data Transmission Encryption: All personal data during transmission (such as between local devices and cloud servers, between applications and third-party SDKs) is encrypted and transmitted using the AES-256 encryption algorithm to prevent data from being stolen, tampered with, or intercepted during transmission.

￮ Data Storage Encryption: Data stored locally and in the cloud is encrypted. Sensitive data (such as user feedback, reference images) is double-encrypted. The key is independently managed by us and regularly updated to ensure that even if the data is illegally obtained, it cannot be decrypted.

￮ Access Permission Control: Establish a strict access permission management system. Only authorized staff (such as technical personnel, customer service personnel) can access the necessary personal data, and access permissions are graded by position. Technical personnel can only access data used for fault troubleshooting and function optimization, and customer service personnel can only access data used for handling user feedback; at the same time, all access behaviors are recorded in real time (including access personnel, access time, access content, access purpose), and the records are retained for 1 year for audit and traceability.

￮ Vulnerability Protection and Detection: Regularly scan and detect security vulnerabilities in applications and cloud servers, adopt industry-leading vulnerability protection technologies, and timely fix known vulnerabilities; at the same time, establish a real-time monitoring system to monitor data access, transmission, storage, and other links in real time. When abnormal behaviors (such as unauthorized access, data leakage) are found, an early warning mechanism is triggered immediately, and measures such as blocking access, deleting leaked data, and troubleshooting causes are taken to prevent the expansion of risks.

￮ Data Desensitization: Desensitize information that can identify personal identity (such as device identification, IP address), delete or replace sensitive fields to ensure that data cannot be associated with specific individuals; at the same time, only use anonymized data in data analysis, and do not use any information that can identify personal identity.

2. Management Protection Measures:
        

￮ Establish a sound data security management system: Formulate a series of systems such as the Data Security Management Measures, Personal Data Processing Specifications, and Data Leakage Emergency Response Plan, clarify the operation specifications and responsibility division for each link of data collection, use, storage, sharing, and deletion, and ensure that the entire process of data processing is compliant.

￮ Staff Training and Assessment: Regularly train all staff on data protection regulations (such as GDPR, CCPA), Google Play policies, and data security knowledge, and they can only take up their posts after passing the assessment; at the same time, sign a Data Confidentiality Agreement with staff to clarify confidentiality obligations. If staff leak user data in violation of the agreement, they will bear corresponding legal responsibilities and liability for breach of contract.

￮ Data Leakage Emergency Response: Establish a data leakage emergency response team and formulate a detailed emergency response plan. If a data leakage incident occurs, the plan will be activated immediately, and measures such as blocking leakage, deleting leaked data, troubleshooting the cause of leakage, notifying affected users and relevant regulatory authorities will be taken. In accordance with the requirements of regulations such as GDPR, relevant regulatory authorities and affected users will be notified within 72 hours, and timely remedial measures will be taken to reduce user losses.

￮ Regular Audit and Evaluation: Regularly audit personal data processing behaviors, evaluate data security risks, and rectify problems in a timely manner; at the same time, in accordance with GDPR requirements, conduct a Data Protection Impact Assessment (DPIA) for high-risk data processing activities (such as AI image generation, cross-border data transmission) to ensure that data processing behaviors are compliant and secure.

3. Third-Party Cooperation Protection Measures: If it is necessary to entrust third-party service providers (such as AI image generation SDK providers, payment service providers, advertising service providers, cloud storage service providers) to process personal data, we will strictly screen third-party service providers to ensure that they have corresponding data protection qualifications and comply with Google Play policies and relevant regional data protection regulations; at the same time, sign a Data Processing Agreement (DPA) with third parties to clarify the scope, purpose, period, and security responsibilities of third-party data processing, conduct full supervision and audit of third-party data processing behaviors, and require third parties to adopt the same level of security protection measures as us. If a third party leaks user data in violation of the agreement, we will pursue its liability for breach of contract, require it to bear corresponding legal responsibilities, and take timely measures to protect user data security.

IV. Data Sharing, Transfer, and Public Disclosure (Supplementary Details, Explicitly Prohibiting Sales)

We strictly adhere to the basic principle of "no sharing, no transfer, no disclosure". We will never sell, rent, or lend your personal data to any third party. Only in the following limited scenarios, with your explicit consent or the requirements of laws, regulations, and Google Play policies, will we share your personal data. During the sharing process, strict encryption and desensitization measures will be taken, and only the minimum necessary data range to achieve the purpose will be provided to ensure the security of your personal data. The specific details are as follows:

(I) Data Sharing

We will only share your personal data in the following scenarios, and all sharing behaviors comply with relevant regulations and Google Play policy requirements:

1. Entrusting Third Parties to Process Data: To realize the core functions of this Application (such as AI image generation, payment, advertising delivery, cloud storage), we will entrust third-party service providers with data protection qualifications to process relevant data, as follows:
        For all entrusted third-party service providers, we will sign a Data Processing Agreement (DPA) to clarify their data protection responsibilities, conduct full supervision and audit of their data processing behaviors, and regularly check their security protection measures. If a third party is found to have illegally processed data in violation of the agreement, we will immediately terminate the cooperation and require it to bear corresponding legal responsibilities.
        

￮ AI Image Generation SDK Provider: Only share the reference images you uploaded and the text descriptions you entered to realize the AI image generation function. The third party can only process the data in accordance with our instructions, and shall not use the data for AI model training, data sharing, or any other purposes. After processing, the relevant data must be deleted in a timely manner.

￮ Payment Service Provider (such as Google Play Payment): Only share your in-app purchase records (such as purchase time, purchase amount, product name) to complete payment transactions, verify the validity of purchases, and handle refund requests. The third party does not store your sensitive payment information such as bank card numbers and payment passwords, and strictly complies with Google Play payment security policies.

￮ Advertising Service Provider: Only share your Advertising Identifier, device model, and application usage preferences (anonymized) to deliver compliant personalized advertisements and count advertising effects. The third party shall not use the data to track user cross-application behavior or identify personal identity.

￮ Cloud Storage Service Provider: Only share your temporarily cached data (such as reference image cache) to realize cloud temporary storage and image generation preview. The third party must take strict encryption protection measures to ensure data security, and the cache will be automatically deleted after expiration.

2. Complying with Laws, Regulations, and Regulatory Requirements: Disclose your personal data in accordance with applicable laws and regulations, judicial judgments, arbitral awards, or in response to the legitimate requirements of the Google Play platform and data protection regulatory authorities (such as the European Union's EDPB, California AG, Brazil's ANPD, France's CNIL, etc.). Such disclosure is only used to fulfill legal obligations, and we will notify you as much as possible before disclosure (unless prohibited by laws and regulations).

3. Protecting Legitimate Rights and Interests: To protect the legitimate rights and interests such as personal and property safety of us, you, or third parties, in emergency situations (such as handling fraudulent behaviors, preventing network attacks, protecting user personal safety), your personal data may be disclosed. Such disclosure is only carried out within the necessary scope, and you will be notified in a timely manner after the event (if circumstances permit).

4. Active User Sharing: Your act of actively sharing the generated yoga/pet yoga images to social platforms, third-party applications, or publishing works in the application community through the sharing function of this Application is decided by you independently, and we will not interfere. The use of relevant data is regulated by the privacy policy of the third-party platform, and we are not liable for it.

(II) Data Transfer

In the event of corporate merger, acquisition, asset transfer, bankruptcy liquidation, etc., your personal data will be transferred as part of corporate assets. We will notify you in advance through in-app pop-ups, emails, and other methods (at least 30 days in advance), specifying the name, contact information, data processing purpose, and security protection measures of the transferee; the transferee will continue to abide by the provisions of this Policy and perform data protection obligations. If the transferee changes the purpose of data use, it will re-obtain your explicit written consent, otherwise, it shall not change the purpose of data use.

(III) Public Disclosure of Data

We will not publicly disclose any of your personal data unless we obtain your explicit written consent. If you agree to public disclosure (such as publicly sharing works in the application community), we will desensitize the disclosed content, delete information that can identify personal identity (such as device identification, personal photos, etc.), and only disclose the images and relevant text descriptions you actively choose to share to ensure that your personal privacy is not leaked.

(IV) Special Note on Data "Sale"

In accordance with the requirements of regional regulations such as CCPA/CPRA and VCDPA, we clearly state: We have never sold your personal data to any third party, and will not use your personal data for legally defined "sale" behavior in the future without your explicit written consent.

You have the right to choose not to allow your personal data to be "sold" (if such behavior exists in the future). You can send a written request to us at any time through the contact email agreed in this Policy (olanralerandyruigley@gmail.com), clearly requesting to opt out of the sharing or sale of your personal data. We will complete the processing within 7 working days after receiving the request and feedback the processing result to you via email. After processing, we will no longer use your personal data for any sharing or sale behavior.

V. User's Personal Data Rights (Supplementary Regional Special Rights, Clarifying Exercise Methods)

In accordance with global regional data protection regulations, including but not limited to the European Union's General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Brazil's General Data Protection Law (LGPD), France's Data Protection Act (FADP), and South Korea's Personal Information Protection Act (PIPA), you, as a data subject, enjoy full personal data rights. We will respond to your right requests in a timely and efficient manner in accordance with the requirements of relevant regulations and Google Play policies, and provide you with convenient methods to exercise your rights.

(I) General Rights (Applicable to Users in All Regions)

1. Right of Access: You have the right to request us to access all your personal data, including but not limited to the images, text descriptions, voice feedback, device identification information, application usage records, in-app purchase records, etc., collected by us, as well as relevant information such as the scope of data collection, purpose of use, storage period, sharing objects, and security protection measures. We will provide you with a copy of your personal data in a clear and easy-to-understand format for your review.

2. Right to Rectification: If you find that the personal data we collected and stored about you is inaccurate or incomplete (such as incorrect in-app purchase records, incorrect entry of feedback information, etc.), you have the right to request us to correct and supplement the relevant data. We will correct and supplement it in a timely manner after verification and confirmation, and feedback the processing result to you.

3. Right to Erasure (Right to Be Forgotten): You have the right to request us to delete your personal data in the following circumstances. After verification and confirmation, we will delete your relevant personal data (including data stored locally and cached in the cloud) in a timely and thorough manner, which cannot be recovered after deletion:
        

￮ The purpose of data collection has been achieved, the storage period has expired, or there is no need to store it anymore;

￮ You have withdrawn your authorization for data collection and use;

￮ We collected or used your data in violation of this Policy or relevant regulations;

￮ You no longer use this Application and request to delete all personal data;

￮ Other circumstances where data should be deleted in accordance with laws and regulations.

4. Right to Withdraw Authorization: You have the right to turn off relevant permissions at any time through the "Settings - Apps - YogaVision - Permissions" page on your mobile phone to withdraw your authorization for data collection and use; you can also send a request to withdraw authorization to us via the contact email. After withdrawing the authorization, we will immediately stop collecting and using the corresponding personal data, but it will not affect the legality of data processing behaviors carried out based on your authorization before the withdrawal (that is, we do not need to delete the data processed before the withdrawal of authorization, but will not continue to use it).

5. Right to Data Portability: You have the right to request us to export your personal data (such as generated images, text descriptions, in-app purchase records, etc.) in a structured, common, and machine-readable format (such as JPG, TXT, CSV, etc.) to facilitate you to transfer the data to other data controllers (such as other image generation applications). We will provide data export services within the specified time limit after verification and confirmation, free of charge.

6. Right to Restrict Processing: You have the right to request us to restrict the processing of your personal data in the following specific circumstances. After verification and confirmation, we will suspend the processing of the relevant data (except for processing necessary to protect legitimate rights and interests). During the restriction period, we will only process the data to protect the legitimate rights and interests of you, us, or third parties, and will not use it for other purposes.
        

￮ You have raised an objection to the accuracy of the data and it is under review;

￮ We used your data in violation of regulations or this Policy, and you request to restrict processing instead of deletion;

￮ The data is no longer necessary for use, but you request to retain the data to respond to legal claims;

￮ Other circumstances where processing should be restricted in accordance with laws and regulations.

(II) Additional Rights in Specific Regions (Supplementary Detailed Clauses to Adapt to Regional Regulations)

1. European Union and European Economic Area (GDPR):

￮ Right to Object: You have the right to object to our processing of your personal data based on "legitimate interests" (such as data analysis, advertising delivery). If you raise an objection, we will stop the relevant processing behavior unless we can prove that there are legitimate interests that take precedence over your rights and interests, or the processing behavior is to fulfill legal obligations.

￮ Right to Object to Automated Decision-Making: If we conduct profiling analysis on you through automated decision-making (such as AI image generation algorithms, user preference analysis), and the decision will have a significant impact on you (such as restricting your use of certain value-added services), you have the right to object to the automated decision-making, request us to conduct manual intervention, and explain the basis and reasons for the decision to you.

￮ Right to Protection of Sensitive Data: If your personal data belongs to sensitive data as defined by GDPR (such as health information, biometric data), we will take stricter protection measures. We will only process such data with your explicit written consent and legitimate reasons, and you have the right to withdraw your consent at any time.

￮ Right to Complain: You have the right to file a complaint with the data protection regulatory authority of your member state (such as Germany's BfDI, France's CNIL, the UK's ICO, etc.), requesting the regulatory authority to supervise and investigate our data processing behaviors.

2. California, USA (CCPA/CPRA):
        

￮ Right to Opt Out of Data Sale: You have the right to opt out of the "sale" of your personal data (legally defined sale behavior). We have never sold your personal data. If such behavior exists in the future, we will provide you with a convenient opt-out method (such as email request, in-app entrance), and the opt-out behavior will not affect your use of any functions of this Application, nor will you be charged any fees.

￮ Right to Data Disclosure: You have the right to request us to inform you of the categories, sources, purposes of use, and sharing objects of your personal data collected by us in the past 12 months, as well as whether there is any data sale behavior (if any, the objects and purposes of the sale need to be informed).

￮ Right to Restrict the Use of Sensitive Data: In accordance with the requirements of CPRA, you have the right to restrict our use of your sensitive personal data (such as biometric data, health information). We will only use such data with your explicit consent.

￮ Right to Correction: You have the right to request us to correct inaccurate personal data. We will correct it in a timely manner after verification and confirmation and inform you of the correction result.

3. Virginia, USA (VCDPA):
        

￮ Right to Object to Targeted Advertising: You have the right to object to our use of your personal data for targeted advertising and user profiling. If you raise an objection, we will immediately stop using your data for such purposes, and it will not affect your use of the Application's functions.

￮ Strengthened Right to Data Deletion: After you submit a data deletion request, we will complete the processing within 15 working days and feedback the processing result to you; if it cannot be completed within 15 working days, it can be extended to 30 working days, but we need to inform you of the reason for the extension in advance.

￮ Optimized Right to Data Portability: You have the right to request us to export your personal data to other data controllers designated by you. We will complete the data export within 20 working days to ensure that the data format is compatible.

4. Brazil (LGPD):
        

￮ Right to Request Anonymization of Personal Data: You have the right to request us to anonymize your personal data. The anonymized data will not be able to identify your personal identity. We will anonymize it in a timely manner after verification and confirmation and feedback to you.

￮ Right to Object to Cross-border Data Transmission: If you object to the cross-border transmission of your personal data, we will immediately stop the cross-border transmission, take corresponding measures (such as storing the data on servers within Brazil), and file with Brazil's data protection authority (ANPD) at the same time.

￮ Right to Compensation for Damages: If our illegal data processing behavior causes damage to you, you have the right to request us to bear liability for compensation. We will compensate you for your losses in accordance with the requirements of LGPD.

5. France (FADP):
        

￮ Right to Strengthened Privacy Protection: You have the right to request us to take stricter protection measures for your personal data, especially data related to your privacy and dignity. We will strengthen data security protection in accordance with the requirements of France's data protection authority (CNIL).

￮ Response Period for Right Requests: We will respond to all your right requests within 1 month. Complex requests can be extended to 2 months, but we need to inform you of the reason for the extension in advance and file with CNIL.

6. South Korea (PIPA):
        

￮ Right to Inquire About Personal Information: You have the right to inquire about the collection and use of your personal information by us at any time. We will provide the inquiry result within 7 working days.

￮ Right to Delete Personal Information: After you submit a deletion request, we will complete the deletion within 7 working days and feedback the processing result to you; if the data is shared with third parties, we will notify the third parties to delete it together.

Privacy Policy (English Translation)

  （III）Methods of Exercising Rights (Detailed, Convenient, and Compliant with Google Play Requirements)

1. Local Operations (Fastest Method):

• Withdraw Authorization/Disable Permissions: You can enable or disable any permissions such as camera, photo gallery, and microphone at any time through "Settings - Apps - YogaVision - Permissions" on your mobile phone to withdraw authorization for data collection.

• Delete Local Data: You can directly delete local data such as uploaded reference images and generated images through your mobile phone's file management function by accessing the "Internal Storage/YogaVision" folder; you can delete all generated images through the "My Works" page in this app.

2. Written Request (Applicable to All Rights):

• You may send a written request to us via the contact email specified in this Agreement (olanralerandyruigley@gmail.com) to exercise the aforementioned rights (access, correction, deletion, data portability, restriction of processing, etc.).

• The request must include the following information to enable us to verify your identity quickly: device model, Android ID (queryable through mobile phone settings), app installation time, specific request (e.g., "Request to access my personal data", "Request to delete all my reference images and generated images"), your contact information (it is recommended to fill in your commonly used email address), and you may attach relevant supporting documents (such as in-app purchase receipts) if available.

• We will review and process your request within the time limit required by relevant laws and regulations after receiving it: GDPR requires a response within 1 month (which can be extended to 2 months for complex requests), CCPA requires a response within 45 days (which can be extended by 15 days), LGPD requires a response within 15 working days, and VCDPA requires a response within 15 working days. After the processing is completed, we will feedback the processing result to you via email (e.g., providing a copy of the data, notifying the deletion progress, exporting data files, etc.).

3. Opt Out of Data Sharing/Sale:

If you wish to refuse the sharing or legally defined "sale" of your personal data, you may send an opt-out request to us via the aforementioned contact email. The request must include your device information and contact details. We will complete the processing within 7 working days after receiving the request and feedback the result to you via email. After the processing is completed, your personal data will no longer be used for any sharing or sales activities.

IV. Right to Complain (Clear Complaint Channels)

If you believe that our personal data processing activities violate this Agreement, Google Play policies, or relevant data protection laws and regulations, you have the right to complain through the following channels:

1. Complain to our DPO or official email: Send a complaint email to olanralerandyruigley@gmail.com, detailing the complaint matter, your demands, and contact information. We will accept the complaint within 3 working days and provide a handling opinion within 15 working days.

2. Complain to the local data protection supervisory authority: You may file a complaint with the data protection supervisory authority in your region (such as EDPB in the EU, California AG, ANPD in Brazil, CNIL in France, etc.), requesting the supervisory authority to supervise and investigate our data processing activities. We will actively cooperate with the supervisory authority's investigation.

3. Complain to the Google Play platform: If you believe that our app has privacy violations, you may complain to the Google Play platform through the "App Complaint" channel in the Google Play Store, and we will rectify in accordance with the requirements of the Google Play platform.

VI. Legal Basis for Data Processing (Detailed Explanation, Compliant with Regional Laws and Regulations)

We collect, use, store, and share your personal data based on the following legal bases, which comply with Google Play policies and global regional data protection laws and regulations (such as GDPR, CCPA/CPRA, VCDPA, LGPD, FADP, etc.), ensuring that data processing activities are legal, legitimate, and necessary:

1. Explicit Consent of the User (Core Legal Basis): When you first open this app and check to confirm your consent to this Agreement and the User Terms, it means you agree to our collection and use of your personal data; when you use the corresponding functions, authorize permissions such as camera, photo gallery, and microphone, and actively upload images, input text, or record voice, all constitute explicit consent to data processing. This consent is free, specific, informed, and explicit, and you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the legality of data processing activities conducted based on consent prior to the withdrawal.

2. Performance of Contractual Obligations: There is an implied service contract relationship between you and us—you use various functions of this app (such as AI image generation, export, sharing, etc.), and we provide you with corresponding services. To perform this service contract, we need to collect and use necessary personal data (such as reference images, text descriptions); otherwise, the core service functions cannot be realized. Such data processing activities comply with the requirements of relevant laws and regulations.

3. Legitimate Interests: On the premise of not harming your legitimate rights and interests or invading your privacy, we will process necessary personal data to realize our legitimate business interests, including:
        We have conducted a balanced consideration between legitimate interests and your privacy rights and interests to ensure that the realization of legitimate interests will not harm any of your legitimate rights and interests. If you believe that our legitimate interests have harmed your rights and interests, you have the right to object, and we will stop the relevant data processing activities.

￮ Optimize app performance, fix faults, and improve user experience;

￮ Deliver compliant advertisements to obtain advertising revenue for app function iteration and service upgrading;

￮ Analyze user usage habits to optimize the posture library, scene presets, and style filters, and improve app practicality;

￮ Prevent cyber fraud and malicious attacks to ensure the security of the app and user data.

4. Compliance with Legal Obligations: To comply with applicable laws and regulations, judicial judgments, arbitral awards, or respond to legitimate requests from the Google Play platform and data protection supervisory authorities, we need to process your personal data. Such data processing activities are necessary measures for us to perform legal obligations and comply with the requirements of relevant laws and regulations.

5. Protection of Legitimate Rights and Interests: To protect the legitimate rights and interests such as personal and property safety of us, you, or a third party, in emergency situations (such as handling fraudulent activities, preventing cyber attacks), we may process your personal data. Such data processing activities comply with the exemption requirements of relevant laws and regulations.

For sensitive data as stipulated by GDPR (such as health information, biometric data), we will only process such data if we obtain your explicit written consent and have a legitimate reason, strictly following the requirements of Article 9 of GDPR; for sensitive personal data as stipulated by CCPA/CPRA, we will take stricter protection measures, limit the scope of data use, and ensure compliance.

VII. Third-Party SDKs and Services (Supplemented Detailed List, Compliant with Google Play Requirements)

To realize core functions and value-added services, this app integrates some third-party SDKs that have data protection qualifications and comply with Google Play policy requirements. The personal data processing activities of third-party SDKs are regulated by their own privacy policies. We have signed a Data Processing Agreement (DPA) with all third-party SDK providers, clarifying their data protection responsibilities, and conducting full-process supervision and auditing of their data processing activities to ensure that they strictly comply with the requirements of this Agreement and relevant laws and regulations, and do not disclose or abuse user data.

The following is a detailed list of third-party SDKs integrated in this app, their purposes, and data processing status. We will update it in real time on the "Settings - About Us - Third-Party SDK Description" page of this app, which you can view at any time; if you wish to refuse data collection by third-party SDKs, you can disable the corresponding permissions through device settings or stop using the corresponding functions. The third-party SDKs integrated in this app and their data processing status are as follows:

1. AI Image Generation SDK: Used to implement AI yoga/pet yoga image generation functions. It only collects the reference images you upload and the text descriptions you input. Data processing follows its privacy policy and is only used for image generation, not for other purposes.

2. Advertising SDK: Used to implement compliant advertising delivery functions. It only collects your advertising identifier, device model, and usage data. Data processing follows the advertising platform's privacy policy and is only used for personalized advertising delivery, without disclosing personal identity information.

3. Sharing SDK: Used to implement social platform sharing functions. It only collects your app information reading records and sharing operation logs. Data processing follows the sharing platform's privacy policy and is only used to implement the sharing function.

We will update the list of third-party SDKs and links to their privacy policies in real time on the About page of this app, which you can view at any time; if you wish to refuse data collection by third-party SDKs, you can disable the corresponding permissions through device settings or stop using the corresponding functions.

VIII. Update and Notification of the Agreement

We have the right to modify and update this Agreement in accordance with the update of laws and regulations and the iteration of this app's functions. The modified Agreement will be prominently displayed in this app (such as pop-up window on the homepage, About page) for a period of not less than 7 days, and will take effect officially after the display period expires.

If the update of the Agreement involves your core rights (such as the scope of data collection, purpose of use, user rights), we will separately notify you through in-app pop-up window + email. You can choose to continue using this app (deemed as consent to the updated Agreement) or stop using it (deemed as refusal to the updated Agreement).

The update of this Agreement does not affect the legality of data processing activities conducted based on the original Agreement prior to the update. You can view the latest version of the Agreement at any time through the "Settings - Privacy Policy" page of this app.

IX. Disclaimer

We shall not be liable for the leakage, loss, tampering, or other situations of your personal data under the following circumstances, which comply with the exemption requirements of relevant data protection laws and regulations:

1. Personal data leakage caused by your own actions, such as lending your device to others, disclosing device information, failing to properly keep local data, etc.;

2. Abnormal data processing caused by force majeure, such as natural disasters, wars, network failures, server crashes, etc.;

3. Data leakage caused by illegal acts of third parties, such as third-party hacking, phishing, malware, etc., and we have taken reasonable remedial measures in a timely manner after discovery;

4. Consequences arising from the disclosure of your personal data in accordance with the requirements of laws and regulations;

5. Risks caused by improper privacy protection measures of third-party platforms when you actively share your personal data to third-party platforms.

X. Other Terms

1. Governing Law: The conclusion, performance, interpretation, and dispute resolution of this Agreement shall be governed by globally applicable data protection laws and regulations and the relevant laws of the place where this app is operated.

2. Dispute Resolution: Any dispute arising between you and us in connection with this Agreement shall first be resolved through friendly negotiation; if negotiation fails, you may file a lawsuit with the court having jurisdiction in the place where this app is operated, or apply for mediation with the local data protection supervisory authority.

3. Independence of Terms: If any term of this Agreement is deemed invalid or unenforceable, it shall not affect the validity and enforceability of the other terms.

4. Entire Agreement: This Agreement constitutes the complete agreement between you and us regarding personal data protection, replacing any oral or written agreement reached by both parties on this matter prior to this Agreement.

If you have any questions, suggestions, or objections to this Agreement, you may contact us through the following methods:

• Data Protection Officer (DPO) Email: olanralerandyruigley@gmail.com

• Official Contact Email: olanralerandyruigley@gmail.com

We will reply to you within 3 working days after receiving your information to solve the relevant problems for you.

Qinhuangdao Xilaoqiao Technology Co., Ltd. 【2026.03.22】