1. Introduction
Shenzhen Eleven Dimension Technology Co.,LTD.and its subsidiaries fully respect your privacy and recognize the importance of privacy and personal data to our customers. We are committed to maintaining your trust and adhering to the following principles to protect your personal information: consistency of rights and responsibilities, clear purpose, opt-in consent, minimum necessary, ensuring security, subject participation, and openness and transparency. We also promise to implement appropriate security measures in accordance with established industry standards to protect your personal information.
This Privacy Policy is designed to help you understand how we collect, use, disclose, protect, store, and transfer your personal data, as well as how you can update, manage, export, and delete your data. Please take the time to read and understand this Privacy Policy carefully.
This Privacy Policy applies to users who choose Mainland China as their Service Area, and the personal data we collect and process through our Services.
When installing our app, by clicking "Agree" in the "I have read and agreed to the User Agreement and Privacy Policy" section, you are fully aware of the entire content of this Privacy Policy and voluntarily and explicitly consent to our processing of your personal information in accordance with this Privacy Policy and applicable laws. You also agree to be bound by the terms and conditions of this Privacy Policy.
If you do not agree to the terms contained herein, please do not use our services.
2. What data do we collect?
2.1 Haleo Device Data
Your Haleo device collects monitoring data to measure various metrics: sensor data; we use this data to calculate and generate heart rate, heart rate variability, respiratory rate, sleep stages, steps, stress level, and all-day activity intensity. When your Haleo device is synced with our app or software, the data recorded on your device is transmitted from the device to our servers. We collect Haleo device monitoring data to calculate, analyze, and display your exercise and health data in the app, and to provide you with monitoring alerts when abnormal heart rate or low device battery are detected.
In addition, we will collect information about the Haleo device you use for synchronization, including its unique identifier, firmware version, Bluetooth information, etc. The purpose is to search for Haleo devices and perform binding, activation, updates, bug resolution, product optimization, or unbinding.
2.2 Application Data
When you access or use our services, we collect application activity data, including information about your interactions with our services:
- 2.2.1 Device information, mobile terminal device information on which the application is installed (including device and application identifiers), browser type information, and system language information
- 2.2.2 Application activity: application interaction information, in-app search history, content generated by other users, and other user activity information
- 2.2.3 Application Information and Performance: Crash Logs, Application Performance Diagnostic Information, and Other Application Performance Data
Some of our integrated third-party SDKs may collect mobile device parameters and system information, application log information, map location information (depending on the location permissions you grant us), etc. during their normal operation. For information on information collection by third-party SDKs, please refer to "13. SDK Applications" in this Privacy Policy.
Some of our integrated third-party SDKs may collect device MAC addresses and software installation list information during their normal operation. However, please note that we have not authorized or required these SDKs to collect such information.
2.3 Location Data
If you choose to access or use our location-based services, such as enabling GPS-based activity tracking through your apps, we may process your device's approximate or precise location while the service is active. This data may be obtained through your device's service provider network ID, GPS, and/or Wi-Fi data.
We collect location permissions only to ensure the normal connection of Bluetooth devices, your device search and data transmission, and the normal use of some third-party SDKs.
We will not process this location data without your permission. You can disable this location processing at any time by using the location permission settings of your mobile device.
2.4 Data You Provide
To create an account on our services, you may provide us with data including: your user name, date of birth, gender, height, weight, email address, and Google account number. This is the data you must provide to create an account with us. You may also choose to provide other types of information, such as a profile photo.
When you choose to enable the "Female Menstrual Period Prediction" feature, and provided you have fully read and agreed to this Privacy Agreement and Privacy Statement, you agree to provide us with the following data:
2.5 Data from Third Parties
If you access our services using a Google or Apple account, we will collect your account name and profile picture.
To build a female menstrual cycle prediction model, upon first use, you will be required to complete a questionnaire and proactively provide: your date of birth (for age verification), basic menstrual cycle data (including average cycle length, cycle duration, cycle regularity, and the date of your most recent period); record notes and other information; and authorize us to collect basic vital sign data (such as heart rate) collected by your Haleo device and device-generated metrics related to menstrual cycle analysis.
You consent to our collection of this data in order to provide you with comprehensive services. If you do not consent to our collection of the above data, please do not enable the "Female Menstrual Cycle Prediction" feature and decline our privacy notice. If you disagree with any of the above terms, you may still use the other basic features of this app.
If you enable the "Auto-Monitor" feature in the app and agree to our privacy notice, you agree to provide us with the following data: height, weight, age, BMI, gender, sleep quality, and other data; use the sleep quality information you provide to generate assessment reports; and authorize us to collect measurement data and generate metric data collected by your Haleo device. You consent to our collection of this data so that we can provide comprehensive services. If you do not agree to our collection of this data, please do not enable the "Auto-Monitor" feature and decline our privacy notice.
If you contact us or participate in surveys, contests, or promotions, we will collect the data you submit, such as your name, contact information, and message.
2.5 Data from Third Parties
If you access our services from a Google or Apple account, we will collect your account name and profile picture.
3. How We Use Your Data
3.1 Providing and Maintaining Our Services
We process personal data to provide our services. For example, we can provide you with a daily summary of your heart rate variability, sleep, and activity.
Self-launched or linked-launched behaviors may occur (depending on the notification permissions you grant us). These are primarily used to send notifications, including reminders and other information related to app features, to provide a better user experience and ensure you receive important information promptly.
3.2 Improving and Developing Our Products and Services
We use third-party SDKs to optimize our products and services, including implementing features such as app crash detection, push notifications, third-party account login, location, maps, and navigation. Please refer to the "13. SDK Application" section of this Privacy Policy for details about the privacy policies of third-party SDKs.
If you consent to our access to your location data and you agree to enable location, maps, and navigation features in this app, we will use third-party map SDKs to provide you with related services. These third-party map SDKs will collect data such as your location information, device information, device parameters, and system information.
3.3 Providing Customer Service
We process personal data to provide customer service and manage communications with customers. If you contact us regarding your application data, we may use the data provided to answer and resolve any questions you may have.
3.4 Fulfilling Legal Duties or Obligations
In some cases, we must process certain data when required by applicable laws and regulations. Such legal duties or obligations may be related to public interest claims, legal claims, or other legal purposes.
4. Legal Basis for Data Processing
4.1 Contract
When processing personal data to provide services, we do so based on the user contract, which is formed when you create an account and accept our terms and conditions.
4.2 Consent
Your health-related data will only be processed with your consent. Please note that some of the personal data we process, including any data related to your health, will be considered special or sensitive personal data. Under applicable law, we will only process such data with your consent.
4.3 Legitimate Interests
We process your personal data based on our legitimate interests to market our products and services, provide customer service, and improve our products and services. When we use your data based on our legitimate interests, we carefully balance our interests with your privacy rights, subject to applicable laws.
4.4 Legal Obligations
We must process certain information to comply with legal obligations. The collection, processing, storage, and transfer of your personal data will be governed by the data protection laws of the People's Republic of China (Mainland China).
5. Children's Privacy
Our products, websites, and services are primarily intended for adults. Individuals under the age of 18, or the equivalent age specified by law, may not create a Haleo Health account without parental or guardian consent. If we learn that we have collected personal data from children under the minimum age (18) without parental or guardian consent, we will take steps to delete it as quickly as possible. Parents who believe their children have submitted personal data to us and wish to have it deleted may contact us (see "How to Contact Us" below).
When collecting children's personal information with the consent of their parents or guardians, we will only use or disclose this information when permitted by law, with the explicit consent of their parents or guardians, or when necessary to protect the child.
Although laws or customs may define children differently, we consider anyone under the age of 18 to be a child.
6. How We Share and Disclose Data
We do not sell our users' personal data. We will not share your personal information with any company, organization, or individual outside of our company unless we have your explicit consent. Currently, we will ask for your consent to share your personal information in the following circumstances:
6.1 External Processing
We share your personal data with trusted partners, including our affiliates, service providers, and other partners, so that we can provide you with services and operate our business. (For information about the affiliates, service providers, and other partners currently involved in this context, please refer to Section 13. SDK Applications of this Privacy Policy.) We require our partners to process your personal data in accordance with our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures. We also require these partners to protect your personal data to at least the same standards as we do.
The external services we use include:
- (1) Storing our users' data;
- (2) Providing user services;
- (3) Managing and organizing our marketing activities. We only share website usage data with online advertising partners for the purpose of analyzing and optimizing our marketing. We do not share health-related data or other sensitive personal data with third-party advertisers;
- (4) Analyzing information about the use of our online services to improve service quality.
6.2 When You Agree or Request Us to Share
You can direct us to disclose your information to others. For example, when you grant access to your data to a third-party application (such as Apple Health), we may share your data with that third party at your request. Please remember that their use of your data will be governed by their privacy policy and terms. Please review their most current policies and terms carefully. You can revoke your permission for third-party applications to sync your data in your account settings. We reserve the right to disclose personal data with your explicit consent.
6.3 Legal Reasons
We reserve the right to disclose personal data to protect our legal rights and assets and to comply with applicable legal regulations.
We may preserve or disclose data about you as necessary to comply with laws, regulations, litigation, legal proceedings, or mandatory requests from governmental authorities; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the personal or property safety of any person.
We may share aggregated, non-personal data that cannot reasonably be used to identify an individual, whether or not combined with other information. We may disclose this data publicly and to third parties, for example, to public reports on training and activities provided to our contracted partners or as part of community benchmark data we provide to subscribers of our services.
We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:
- a) Transfer with explicit consent: We will transfer your personal information to other parties with your explicit consent;
- b) In the event of a merger, division, dissolution, bankruptcy, acquisition, or asset sale, we will continue to take measures to protect the confidentiality of personal data and notify affected users before transferring any personal data to the new entity. If personal information is transferred, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require the company or organization to obtain your consent again.
7. Data Storage, Transfer, and Retention
By submitting your consent to this Privacy Policy, you authorize us to store your data:
If you use our services, personal information collected and generated within the People's Republic of China will be stored on servers within the People's Republic of China. Currently, we use cloud servers deployed in mainland China to process personal data.
By submitting your consent to this Privacy Policy, you agree to enable third-party SDK services (see "13. SDK Applications" in this Privacy Policy). We will store, transfer, and retain collected personal and non-personal data in accordance with the third-party's privacy policy.
The retention period for your personal data generally depends on the lifecycle of your Haleo account. Your personal data will be deleted when it is no longer necessary for the purpose for which it was originally collected, unless we are legally obligated to retain it for a longer period. For example, we only store your sleep, stress, and activity monitoring data while your Haleo health account is active. If you wish, you can contact cc.li@intelliagile.com to request deletion of your Haleo account.
If you have any objections to our data practices, please contact us at cc.li@intelliagile.com.
8. How We Protect Your Data
We use technical and organizational safeguards to ensure the security of your data. Where appropriate, these safeguards include anonymization or pseudonymization of personal data, strict access controls, and the use of encryption to protect the data we process. We also use industry-standard data protection measures to safeguard all domestic transfers of personal data through data protection agreements with our service providers. However, no method of transmitting or storing data is completely secure. If you have security-related questions, please contact us as described in the "How to Contact Us" section.
We also ensure that our employees receive appropriate training to ensure that personal data is processed only in accordance with our internal policies and consistent with our obligations under applicable laws.
We regularly test our services, systems, and other assets for security vulnerabilities. We also regularly update the Haleo app and HaleoRing device firmware. We recommend that you always install the latest versions of the app and firmware to maximize the protection of your data.
9. Your Rights
9.1 Your Rights Under Applicable Law
You have rights and choices regarding your data under applicable law. Some of these rights apply generally, while others apply only in specific circumstances. These rights may be subject to certain limitations depending on the circumstances. Please note that by exercising some of your rights below, such as withdrawing your consent to our Privacy Policy, we may not be able to continue to provide you with our services.
You may choose to exercise the following rights regarding your data:
You can ask us to confirm whether your data is being processed, or request access to your data and a copy of the personal data we collect and store about you.
You can update, correct, or change your data in the account settings of the App. If the data is inaccurate, you can request that we update, correct, or change your data.
Under applicable law, you have the right to request that we delete, destroy, or anonymize your personal data. Under certain circumstances, you may request that we stop providing your personal data to third parties, subject to applicable law.
You may request us to delete your personal information in the following circumstances:
- a. If our processing of personal information violates laws and regulations;
- b. If we collect and use your personal information without your consent;
- c. If our processing of personal information violates our agreement with you;
- d. If you no longer use our products or services or cancel your account;
- e. If we no longer provide you with products or services.
If we decide to respond to your deletion request, we will also notify the entities that obtained your personal information from us and require them to delete it promptly, unless otherwise provided by laws and regulations or such entities have obtained your independent authorization.
When you delete information from our services, we may not immediately delete the corresponding information from our backup systems, but we will delete the information when the backup is updated.
Where we rely on contractual necessity and consent as our legal basis, you have the right to data portability. This means you have the right to receive your data in a structured, commonly used, and machine-readable format and to share it with third parties.
Each business function requires some basic personal information to be completed. You can grant or withdraw your consent for the collection and use of additional personal information at any time. You may withdraw your consent for the processing of your personal data at your own will, unless such withdrawal is restricted by law or contract. However, such withdrawal will not affect the lawfulness or validity of our processing of your personal data based on your consent before the withdrawal.
You can do this yourself in the following ways:
- a. You can withdraw your consent in your App account settings;
- b. If you wish to unsubscribe from e-newsletters, please check the notification settings under your App account settings to control the marketing information we send you.
In certain circumstances, you have the right to object to or restrict our processing of your data based on legitimate interests or the public interest, as required by applicable law. For example, under applicable law, you may request that we cease or refrain from processing your personal data for direct marketing purposes. Under applicable law, in certain circumstances, you may object to decisions based solely on automated processing related to your personal data.
When submitting an objection or restriction request, you should explain the specific processing activities you object to or should restrict, and the reasons why you should cease the processing. If we do not have compelling legitimate grounds to continue the processing or do not need it to pursue legal claims, we will cease the specific processing.
You may cancel your previously registered account at any time. You can do this by going to: My > Account Security > Cancel Account. After account cancellation, we will cease providing you with products or services and, upon your request, delete your personal information, unless otherwise required by law or regulations.
In certain business functions, we may make decisions solely based on non-human automated decision-making mechanisms, including information systems and algorithms. If these decisions significantly affect your legal rights, you have the right to request an explanation from us, and we will provide an appropriate solution.
9.2 How to Exercise Your Rights
You can exercise these rights by logging into your account and using your account settings, or by contacting us in writing as specified in the "How to Contact Us" section, or by other means permitted by applicable law. We will respond within the legally prescribed timeframe.
We will ensure that you can exercise your rights in accordance with applicable law. Under applicable law, we may deny your request in certain circumstances, such as when the denial is pursuant to a court order or when exercising your rights would adversely affect the rights and freedoms of others.
For security reasons, when you need to exercise your rights, we may ask you to verify your identity, for example, through your Haleo account or by other means. We may ask you to verify your identity before processing your request.
Generally, you do not need to pay us when exercising your rights under applicable law; however, we reserve the right to charge you a reasonable fee for processing any data access or correction requests, repeated requests, requests that exceed reasonable limits, or other circumstances where applicable law permits charging fees. We may deny requests that are unreasonably repetitive, require excessive technical effort (for example, requiring the development of new systems or fundamental changes to existing practices), or pose a risk to the legitimate rights and interests of others.
We will be unable to respond to your request in the following circumstances:
- a. Related to the Personal Information Controller's fulfillment of its obligations under laws and regulations;
- b. Directly related to national security or national defense security;
- c. Directly related to public safety, public health, or major public interests;
- d. Directly related to criminal investigation, prosecution, trial, and enforcement of judgments;
- e. Where the Personal Information Controller has sufficient evidence to demonstrate subjective malice or abuse of rights by the Personal Information Subject;
- f. Where the Personal Information Subject's request is for the purpose of protecting the life, property, or other major legitimate rights and interests of the Personal Information Subject or other individuals, but obtaining their consent is difficult;
- g. Where responding to the Personal Information Subject's request would result in serious damage to the legitimate rights and interests of the Personal Information Subject, other individuals, or organizations;
- h. Involving Trade Secrets.
If you have any questions about this Privacy Policy or exercising your rights, you may send your written request to the email address provided in the "How to Contact Us" section below.
10. Updates to This Privacy Policy
We will notify you before making material changes to this Policy and provide you with an opportunity to review the revised Policy before deciding whether to continue using the Services. You can review previous versions of this Policy on our website https://www.haleoring.com.
We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any changes to this Policy on this page.
For significant changes, we will also provide more prominent notice (including, for certain services, email notifications explaining the specific changes to our Personal Information Protection Policy).
Major changes referred to in this Policy include, but are not limited to:
- a. Significant changes to our service model, such as the purpose of processing personal information, the types of personal information processed, and how personal information is used;
- b. Significant changes to our ownership structure, organizational structure, etc. Such as changes in ownership due to business adjustments, bankruptcy, mergers and acquisitions, etc.;
- c. Changes in the primary recipients of personal information sharing, transfer, or public disclosure;
- d. Significant changes in your rights regarding personal information processing and how they are exercised;
- e. Changes in the department responsible for handling personal information security, contact information, and complaint channels;
- f. When a personal information security impact assessment report indicates a high risk.
11. Severability
If any part of this Privacy Policy is held by any court or other competent authority to be invalid, illegal, or unenforceable, then that part shall be severed from the remaining provisions of this Privacy Policy, which shall continue to be valid and enforceable to the fullest extent permitted by law.
12. Language
This Privacy Policy is available in Chinese and English. The English and Chinese versions are equally binding. In the event of any discrepancy between the two versions, the Chinese version shall prevail.
13. SDK Applications
We may use or partner with mobile SDKs to collect information, such as mobile IDs and information about mobile devices and how their users interact with our apps. SDKs are codes that app developers embed in their apps to collect data and provide related services.
| SDK | SDK Features | Collected Data | SDK Vendor | SDK Privacy Policy |
|---|---|---|---|---|
| Alibaba Cloud OSS Service | Upload a user profile picture for display on the personal information interface | User Profile Picture | Alibaba Cloud Computing Co., Ltd. | View |
| Google Maps Location SDK, Navigation SDK, Map SDK | Implements map display and search, walking and cycling navigation, and motion trajectory display | Location information, device information, device identification information, etc. | Google Inc. | View |
| Google Open Platform SDK | Login authorization, obtaining user nickname, profile picture, and other information, and redirecting to third-party links | User nickname, profile picture, and user identification information | Google Inc. | View |
| firebase | Log exception collection | Using logs | Google Inc. | View |
14. How to Contact Us
Shenzhen Eleven Dimension Technology Co.,LTD.
101,102, Building F14, F518 Fashion Creative Park,No. 1065 Baoyuan Road, Laodong Community, Xixiang Street, Baoan District, Shenzhen
We have established a dedicated department for personal information protection (or a personal information protection specialist). If you need help exercising your privacy rights, please send an email to cc.li@intelliagile.comContact our Data Protection Officer.