Kares Privacy Policy

Updated: July 9, 2024

Effective Date: July 9, 2024

Welcome to the services provided by Kares! SIMS Technology (referred to as 简正谦诚（北京）科技有限公司 in this privacy policy, hereinafter also referred to as "we") highly values your privacy and the protection of your personal information. This privacy policy applies to your access to and use of all services provided by Kares through any means.

We will only process the personal information necessary for you to use the basic functional services.

This privacy policy applies to your access and use of our products and services through the Kares web portal, mobile terminals (including but not limited to apps, mini-programs), software development kits (SDKs) and application programming interfaces (APIs) for third-party websites and applications, as well as smart hardware terminals containing the aforementioned products and services (such as watches, wearable devices, etc.).

Kares includes but is not limited to multiple application versions such as iOS, Android, etc. Please choose the version that matches your installed terminal device when using Kares.

This privacy policy aims to help you understand what personal information we collect when you use the basic functional services, why we collect this personal information, what we do with this personal information, and how we protect this personal information. We will collect and use your personal information following the privacy policy but will not forcibly collect all your personal information solely because you authorize this privacy policy. We will strictly comply with legal and regulatory requirements and seek your separate consent in specific circumstances.

According to the "Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications," Kares is a practical tool, instant messaging, and map application. The basic functional services: viewing driving tracks, instant messaging, viewing health information, and schedule management, require processing necessary personal information: location information, health information, calendar, and phone number. If you agree to this basic functional privacy policy, it only means that you agree that we process the necessary personal information when you use the basic functions of Kares. If you use other extended functions of Kares, we will seek your separate consent when you use specific extended functions.

This privacy policy will help you understand the following:

1. The information we collect and the corresponding purposes

1. How we use cookies and similar technologies

2. How we share, transfer, disclose, and entrust the processing of your personal information

3. How we save and protect your personal information

4. Your rights

5. How we handle the personal information of minors

6. Access network method

7. Revisions to the privacy policy

8. How to contact us

We understand the importance of personal information to you and also understand that providing effective protection for your information is the cornerstone of our healthy and sustainable business development. Thank you for using and trusting Kares! We are committed to maintaining your trust by adhering to the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of clear purpose, the principle of choice and consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation, and the principle of openness and transparency.

We solemnly promise that we will take corresponding security protection measures to protect your personal information following mature industry security standards.

1. The Information We Collect and the Corresponding Purposes

We will follow the principles of legality, legitimacy, and necessity to collect and use your personal information. If you provide someone else's personal information, please ensure that you have obtained the authorization of the relevant subject. We reserve the right to verify the legitimate source of such personal information at any time.

For your convenience, we list the basic business functions, processing purposes, and required personal information provided below:

You can create a Kares account using your phone number, and you can improve your account information.

When registering and logging in to the Kares account, you need to provide us with your phone number. You can choose to set an account name, avatar, and login password.

You can also use third-party accounts: such as WeChat, Apple ID (only for iOS users) to log in to Kares. At this time, you will authorize Kares to obtain your public information registered in the third-party account (including your nickname, avatar, and other information you authorize).

When you use camera-related services, based on service needs, we will request camera permissions and album storage permissions of your device system to provide services such as scanning codes.

You can enter the camera function page by clicking the camera button next to the Kares search box to further understand the relevant functional services.

You can cancel the system authorization for Kares to access your camera permissions at any time. After that, you may not be able to use the related services or functions provided based on the above information, but it will not affect your normal use of other business functions of Kares that do not require the above permissions.

Kares provides location-related basic functional services based on location information, including travel recommendations, route records, and trajectory recording services.

When you use the above location-related basic functional services provided by Kares, we may collect and process information about your device (such as device type), location information, and network identity information. Location information includes precise location information obtained through WLAN access points, Bluetooth, and base stations. When you use the following functions, we will request authorization for precise geographic location permissions. You can refuse to authorize precise geographic location permissions or cancel the system authorization for Kares to access your precise location information at any time to stop our collection of your precise geographic location information. After that, you may not be able to use the basic functional services provided based on precise location information, or you may not achieve the intended effect of the basic functional services provided based on precise location information.

When you use Kares, to ensure that you can use Kares services normally, more accurately locate and solve the problems you encounter while using Kares services, improve and optimize the service experience of Kares, and ensure the security of your account, prevent, discover, and investigate fraud, security threats, illegal or violations of our agreements, policies, or rules, to protect the legitimate rights and interests of you, us, our affiliates, partners, and the public, we will collect your device information, including device attribute information (hardware model, supplier identifier IDFV, anonymous device identifier OAID), device parameter and system information (operating system version and system status, device configuration), device connection information (language used, WIFI information), location information, log information, and other information related to the login environment.

Please understand that when you switch Kares on your device screen to run in the background, due to certain device models and system reasons, the information collection behavior generated by your previous use of Kares-related functions may not stop immediately, resulting in a brief background information collection behavior.

Please note: In the following circumstances, collection and use of personal information do not require your prior authorization consent:

• Necessary for the conclusion and performance of a contract to which you are a party;
• Necessary for fulfilling legal duties or legal obligations;
• Necessary for responding to public health emergencies, or in emergency situations for the protection of the life, health, and property safety of natural persons;
• Collecting your personal information that you disclose or other legally disclosed personal information within a reasonable scope following the provisions of laws and regulations;
• Other circumstances stipulated by laws and regulations.

WWithout publicly disclosing and providing your personal information externally, SIMS Technology has the right to mine, analyze, and utilize the user database after anonymization processing (including commercial use). We have the right to conduct statistics on the usage of products/services and share anonymized statistical information with the public/third parties.

During the provision of services, to ensure that you can use product functions normally, we will apply for the following system device permissions of your device. Before applying, we will seek your consent. You can choose to "allow" or "prohibit" permission applications. After your authorization, we will enable the relevant permissions. You can cancel the authorization at any time in the system. Cancelling the authorization will cause you to be unable to use related business functions, but it will not affect your normal use of other business functions of Kares that do not require the permissions. The invocation of system privacy permissions by various business functions is as follows:

You can check the privacy permissions details and close the corresponding permissions in [Kares] under [My] - [Settings] - [Permission Settings]. The display method and closing method of permissions may differ in different devices. Please refer to the instructions or guidelines of the device and system developer.

• Apple Login
• Service Type: Authorized Login
• Privacy Policy Link: https://www.apple.com/legal/privacy/szh/
• WeChat Login
• Service Type: Authorized Login
• Privacy Policy Link:
  https://developers.weixin.qq.com/doc/oplatform/Mobile_App/WeChat_Login/Development_Guide.html
• Mobile Push SDK
• Service Type: Message Push on Mobile Terminal Devices
• Privacy Policy Link:
  https://privacy.qq.com/document/preview/8565a4a2d26e480187ed86b0cc81d727

2. How We Use Cookies and Similar Technologies

Cookies and anonymous identifier tools: A cookie is a mechanism that supports server-side (or script) storage and retrieval of information on the client side. When you use Kares products or services, we will send one or more cookies or anonymous identifiers to your device. When you interact with Kares services, we allow cookies or anonymous identifiers to be sent to Baidu servers. Cookies usually contain identifiers, site names, and some numbers and characters. By using cookie technology, our company can understand your usage habits, remember your preferences, save you from entering duplicate information, and help you determine the security of your account. Cookies can also help us count traffic information and analyze the effectiveness of page design and advertising.

We will not use cookies for any purpose other than those described in this policy. You can manage or delete cookies according to your preferences. For more details, please refer to AboutCookies.org. You can clear all cookies saved on your computer. Most web browsers have the function of blocking cookies. However, if you do so, you need to manually change user settings each time you visit our website, and you may not be able to log in or use the services or functions provided by Kares that rely on cookies.

3. How We Share, Transfer, Disclose, and Entrust the Processing of Your Personal Information and the Third Parties We Access

Unless you have given your prior separate consent or comply with other laws and regulations, we will not share your personal information with third parties other than our company, except for de-identified information that cannot identify specific individuals and cannot be restored.

For companies, organizations, and individuals with whom we share personal information, we will investigate their data security environment, sign strict confidentiality agreements with them, and require them to handle personal information according to legal confidentiality and security measures.

In the following cases, we may share your personal information with the following third parties:

Kares integrates a wealth of third-party services (including third-party mini-programs). When you use the third-party services integrated by Kares, you may need to submit your personal information. We will provide your personal information to third parties providing services to you based on your effective authorization or when necessary for concluding and performing a contract to which you are a party. For details on how third-party services collect and use your personal information, we recommend you refer to the relevant service agreements and privacy policies of the third-party services.

We will not transfer your personal information to any company, organization, and individual other than SIMS Technology, except in the following cases:

• Prior explicit authorization or consent from you;
• To meet the requirements of laws, regulations, legal procedures, or mandatory government requirements or judicial decisions;
• If we or our affiliates are involved in mergers, splits, liquidation, acquisition, or sale of assets or business, your personal information may be transferred as part of such transactions. We will ensure the confidentiality of such information during the transfer and inform you of the name or contact information of the recipient. We will make every effort to ensure that the new company or organization holding your personal information continues to be bound by this privacy policy; otherwise, we will require the company or organization to seek your authorization again.

We will only publicly disclose your personal information in the following circumstances:

• With your separate consent;
• Based on laws, regulations, legal procedures, litigation, or mandatory requirements of government authorities.

When punishing violating accounts or behaviors, we will disclose relevant account information, which inevitably includes account-related authentication information and violation circumstances.

In the following cases, sharing, transferring, and publicly disclosing personal information do not require prior authorization consent from the subject of the personal information:

• Directly related to national security or national defense security;
• Necessary for concluding and performing a contract to which the individual is a party;
• Necessary for fulfilling legal duties or legal obligations;
• Directly related to public safety, public health, or major public interests. For example, necessary for responding to public health emergencies or protecting the life, health, and property safety of natural persons in emergency situations;
• Directly related to criminal investigation, prosecution, trial, and execution of judgments;
• To protect the life, property, and other significant legitimate rights and interests of individuals or other individuals when it is difficult to obtain the individual's consent;
• Within a reasonable range of handling personal information that the individual publicly discloses or other legally disclosed personal information;
• Other circumstances stipulated by laws and administrative regulations.

To adapt to the use of Kares on different mobile devices and third-party platform services, achieve your mobile device identity authentication, mobile device security, receive information push, log in to third-party platform accounts, and share information through third-party platforms, Kares integrates third-party SDKs. Some third-party SDKs may call your device permissions and obtain your relevant information to ensure you can use the corresponding functions normally on different mobile devices or third-party platforms. The types of device permissions called and the information obtained by different third-party SDKs may vary and may include obtaining your location, reading/writing your external storage card, reading your phone status and identity, viewing WLAN connections, retrieving running applications/Bluetooth information, starting on boot, retrieving permissions for ongoing applications.

4. How We Save and Protect Your Personal Information

We will retain your personal information for the period necessary to provide the services. Still, in cases where laws and regulations stipulate a different retention period, you agree to retain it for a longer period, to ensure the security and quality of the service, to achieve the purpose of dispute resolution, or when it is technically difficult to achieve otherwise, we will extend the retention period within a reasonable range as per legal or contractual requirements.

After the retention period, we will delete your personal information or anonymize it according to legal requirements.

We will collect, use, store, and transmit user information based on the principle of "minimization" and inform you of the use purpose and scope of relevant information through user agreements and privacy policies.

We highly value information security. We will conduct security background checks on security management personnel and key security positions. We have established a comprehensive information security management system and internal security incident handling mechanisms. We will take appropriate industry-standard security measures and technical means to store and protect your personal information to prevent loss, unauthorized access, public disclosure, misuse, damage, loss, or leakage of your information. We will take all reasonable and feasible measures to protect your personal information. We will use encryption technology to ensure the confidentiality of data. We will use trusted protection mechanisms to prevent malicious attacks on data.

We will cultivate data security awareness and provide training and assessment on security capabilities for our employees to enhance their awareness of the importance of protecting personal information. We will authenticate the identity and control the authority of employees processing personal information and sign confidentiality agreements with employees and partners who have access to your personal information, clarify job responsibilities and behavior guidelines, and ensure that only authorized personnel can access personal information. If any violation of the confidentiality agreement occurs, the cooperation relationship with the company will be immediately terminated, and relevant legal responsibilities will be pursued. Confidentiality requirements are also put forward for personnel in contact with personal information upon departure.

We remind you to be aware that the internet is not an absolutely secure environment. When you interact with other users through the embedded SMS in Kares, it is uncertain whether third-party software encrypts the information transmission completely. Please ensure the security of your personal information.

Please understand that due to technical limitations and the rapid development of the internet industry and various malicious attack methods, even if we do our best to strengthen security measures, it is impossible to guarantee absolute information security at all times. Please understand that the system and communication network you use to access our products and/or services may encounter security issues beyond our control.

According to our security management system, incidents involving personal information leakage, damage, or loss are classified as major security incidents. Once they occur, the highest-level emergency plan will be activated, and a joint emergency response team composed of the security department, public affairs department, legal department, and other departments will handle the incident.

We will formulate network security incident emergency plans, promptly handle security risks such as system vulnerabilities, computer viruses, network attacks, and network intrusions. In the event of incidents endangering network security, we will immediately activate the emergency plan, take corresponding remedial measures, and report to the relevant competent authorities as required.

Personal information leakage, damage, and loss are classified as major security incidents at the company level. We will regularly organize workgroup members for security plan drills to prevent such security incidents. If, unfortunately, they occur, we will activate the emergency plan with the highest priority, form an emergency response team, trace the cause in the shortest time, and minimize losses.

In the unfortunate event of a personal information security incident, we will promptly inform you of the basic situation and possible impact of the security incident, the handling measures we have taken or will take, suggestions for you to prevent and reduce risks autonomously, and remedial measures for you as required by laws and regulations. We will promptly inform you of the event-related situation through the contact information you have provided via internal notifications, SMS, phone calls, or emails. If it is difficult to inform each individual, we will take reasonable and effective ways to issue an announcement. At the same time, we will proactively report the handling of personal information security incidents to the regulatory authorities as required. Please understand that if the measures we take can effectively avoid the harm caused by information leakage, tampering, and loss, we may choose not to notify you of the personal information security incident unless required by regulatory authorities.

5. Your Rights

Following relevant Chinese laws, regulations, standards, and common practices in other countries and regions, we guarantee that you can exercise the following rights regarding your personal information. If you have any questions or claims about the exercise of these rights, you can also contact us through the methods in [How to Contact Us]:

When you find that the personal information we process about you is incorrect or incomplete, you have the right to make corrections or supplementations to the incorrect or incomplete information, provided that the verification of your identity and that the correction does not affect the objectivity and accuracy of the information. You can submit your correction or supplementation application to us through feedback and error reporting methods.

You can request the deletion of personal information in the following cases:

• If we violate laws and regulations or agreements with you in processing your personal information;
• If our processing purposes have been achieved, cannot be achieved, or are no longer necessary for achieving the processing purposes;
• If we cease to provide products or services, or the retention period has expired;
• If you withdraw consent;
• Other circumstances stipulated by laws and administrative regulations.

After you delete the information from our services, we may not immediately delete the corresponding information in the backup system, but we will delete this information when the backup is updated. Please understand that if the retention period stipulated by laws, administrative regulations, or this privacy policy has not expired, or it is technically difficult to delete personal information, we will stop processing it except for storage and taking necessary security measures.

Each business function requires some basic personal information to be completed. For the collection and use of additional personal information, you can give or withdraw your consent at any time.

You can directly turn off precise location information, contacts, camera, microphone, album permissions, and other system permissions in the device system to change the scope of consent or withdraw your authorization.

After you withdraw your consent, we cannot continue to provide the corresponding services based on the withdrawn consent and will no longer use your corresponding personal information. However, your decision to withdraw consent will not affect the personal information processing previously conducted based on your consent.

Each business function requires some basic personal information to be completed. For the collection and use of additional personal information, you can give or withdraw your consent at any time.

You can also delete your Kares account through the following path: [My] - [Settings] - [Account Deletion].

Once you delete your Kares account, you will not be able to use the services of Kares products, so please operate carefully. Unless otherwise provided by laws and regulations, after deleting the account, we will stop providing products and services and delete your personal information as requested.

When you authorize login to Kares through a third-party account (such as WeChat, Apple ID), you need to apply to the third party to delete the account.

Kares is willing to accompany you all the time. If, for special reasons, Kares products cease operations, we will notify you within a reasonable period through the main page of the product or service, internal notifications, emails, or other appropriate ways that can reach you, and stop collecting your personal information. We will delete or anonymize the collected personal information according to legal requirements.

You have the right to request us to explain and clarify the rules for processing personal information. You can contact us through the contact information in the eighth part.

In the following cases, we may not respond to your request for access, correction, supplementation, deletion, copying, portability, knowledge, and decision-making:

• Directly related to national security or national defense security;
• Directly related to public safety, public health, or major public interests;
• Directly related to criminal investigation, prosecution, trial, and execution of judgments;
• There is sufficient evidence that you have subjective malice or abuse of rights (e.g., your request will endanger public safety and the legitimate rights and interests of others, or your request exceeds the scope that can be covered by general technical means and commercial costs);
• Responding to the request of the subject of personal information will cause serious damage to the legitimate rights and interests of you or other individuals, organizations;
• Involving trade secrets;
• Other circumstances stipulated by laws and administrative regulations.

To ensure safety, you may need to provide a written request or prove your identity in other ways. We may first ask you to verify your identity and then process your request. After verification, we will respond within fifteen working days. If you are not satisfied, you can also complain through the following channels: support@auroraKare.com.

For your reasonable requests, we will not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost according to the situation. For those unreasonably repeated, requiring excessive technical means (e.g., needing to develop new systems or fundamentally change current practices), bringing risks to others' legitimate rights, or very impractical (e.g., involving information stored on backup tapes), we may refuse them.

6. How We Handle Minors' Personal Information

Our company attaches great importance to the protection of minors' information.

If you are a minor under 14 years old, please ask your parents or other guardians to carefully read this privacy policy before using Kares products and services, or use our products and services under the supervision and guidance of your parents or other guardians, and provide us with information with their consent.

7. Revisions to the Privacy Policy

Our privacy policy may change.

Without your explicit consent, we will not reduce the rights you are entitled to under this privacy policy. We will publish any changes to this privacy policy on this page.

For significant changes, we will notify you through the main exposure page of the product or service, internal notifications, emails, or other appropriate ways that can reach you. If you disagree with such changes, please stop using Kares products and services immediately.

The significant changes referred to in this policy include but are not limited to:

• Significant changes in our service model, such as changes in the purpose of processing personal information, the type of personal information processed, and the way personal information is used;
• Significant changes in our ownership structure, organizational structure, etc., such as changes in ownership due to business adjustments, bankruptcy mergers, etc.;
• Major changes in the main objects of personal information provision, transfer, or public disclosure;
• Significant changes in your participation in personal information processing and how you exercise your rights;
• Changes in the department responsible for handling personal information security, contact methods, and complaint channels;
• When personal information security impact assessment reports indicate high risks.

8. How to Contact Us

The growth of Kares cannot be achieved without the joint efforts of users and experts from all sides. We greatly appreciate your contributions to Kares data updates, usage feedback, and helping us optimize product functions and services to make our products and services more convenient for more users.

If you have any questions, comments, or suggestions about this privacy policy, please send them to support@auroraKare.com.

We will review the emails as soon as possible and respond within fifteen working days.

Appendix: Definitions

• Personal Information: refers to various information recorded electronically or otherwise related to identified or identifiable natural persons, excluding anonymized information. Personal information includes names, birth dates, contact information, account passwords, travel trajectories, health and physiological information, etc.
• Sensitive Personal Information: refers to personal information that, if leaked or illegally used, is likely to lead to the infringement of the dignity of natural persons or the safety of persons and property, including biometric information, travel trajectories, etc.
• Device: refers to devices that can be used to use Kares products and/or services, such as desktop devices, tablets, or smartphones.
• Device Information: refers to device attribute information (e.g., hardware model, supplier identifier IDFV, OAID, hardware serial number, etc.), device parameters, and system information (e.g., operating system version and system status, device configuration, external storage directory), device connection information (e.g., language used, WIFI information) of your terminal device used to install and run Kares.
• Log Information: refers to the request sent by your server automatically recorded by our server when you visit Kares, such as your IP address, browser type and language used, hardware device information, operating system version, network operator information, the date, time, and duration of your access to the service, and the information you provide, form, or retain when using our products or services.
• Cookie: refers to a mechanism that supports server-side (or script) storage and retrieval of information on the client side, extending client/server applications based on the web by adding simple and persistent client status. The server sends a status message to the client when returning an HTTP object, which is saved by the client. The status message specifies the valid URL range under this status. After that, all HTTP requests within the specified range initiated by the client will return the current value of the status message to the server from the client. This status message is called a cookie.
• Location Information: refers to precise location information obtained through GNSS information, WLAN access points, Bluetooth, base stations, and other sensor information.