Kiwiphone Co., Ltd Privacy Policy

Effective Date: [Date - e.g., April 1, 2025]

Last Updated: [Date - e.g., April 1, 2025]

1. Introduction

Welcome to Kiwiphone Co., Ltd ("we," "us," "our"). We provide a cloud phone service that utilizes virtualization technology on ARM servers to simulate an Android operating system environment, offering users 7x24 access to mobile functionalities globally (the "Service").

Protecting your privacy is paramount to us. This Privacy Policy explains how we collect, use, disclose, transfer, and protect your Personal Data when you use our Service, website (https://kiwiphone), and related applications or interactions. "Personal Data" means any information relating to an identified or identifiable natural person.

By registering for, accessing, or using our Service, you acknowledge that you have read, understood, and agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

We collect information to provide and improve our Service, process payments, ensure security, and comply with legal obligations. The types of information we collect include:

a. Information You Provide Directly:

• Account Information: When you register for an account, we collect information such as your name, email address, password (stored in hashed form), country of residence, and potentially your phone number for verification or contact.
• Payment Information: To process payments for subscriptions or other services, we (or our third-party payment processors) collect payment details, such as credit card information or other financial account information, and billing address. We typically only receive transaction confirmation and limited payment details from our processors.
• Communications: When you contact us for support, provide feedback, or otherwise communicate with us, we collect the content of those communications and any associated contact information.

b. Information Collected Automatically Through Your Use of the Service:

• Usage Data: We collect information about how you interact with our Service management interface (not the content within the virtual environment itself, unless specified otherwise below), such as features accessed, session duration, times and dates of access, interaction patterns, crash reports, and performance metrics.
• Device and Connection Information: We collect information about the device you use to access our Service management portal (e.g., your computer or mobile device), including IP address, operating system type and version, browser type and version, device identifiers (where applicable), and language settings. Your IP address may be used to estimate your approximate geographic location.
• Service Performance Data: We collect technical data related to the performance of the cloud phone instance allocated to you, such as CPU usage, memory usage, and network bandwidth consumption, primarily for service optimization and resource allocation.

c. Information Related to the Cloud Phone Environment:

Option 1 (Minimal Access Focus): "We are committed to user privacy within the virtualized Cloud Phone Environment. Under normal operating conditions, we do not access, monitor, view, or store the specific content, files, applications (beyond metadata needed for security/performance), or communications you create, upload, install, or transmit within your individual Cloud Phone Environment. Your virtual instance is designed as your private space."

Option 2 (Necessary Access Acknowledged): "While designed for user privacy, maintaining the security, stability, and legal compliance of our platform may require limited and controlled access to certain data related to your Cloud Phone Environment under specific circumstances. This may include:"

• "Metadata & System Information: We may collect metadata about installed applications (e.g., package names for security scanning), system logs within the virtual environment for troubleshooting initiated by you or required for platform stability, and network traffic metadata (e.g., data volume, connection source/destination IPs for abuse detection) but generally not the content of the traffic."
• "Security & Abuse Prevention: We may employ automated systems to scan for malware, phishing activities, resource abuse (e.g., cryptomining), or other violations of our Acceptable Use Policy. This scanning is primarily automated and designed to identify patterns indicative of misuse without routinely accessing personal content."
• "User-Initiated Support: If you request technical support that requires accessing your Cloud Phone Environment, we will only do so with your explicit permission and only to the extent necessary to resolve the issue."
• "Legal Compliance: We may be required to access or disclose data within your Cloud Phone Environment if compelled by a valid legal order, subpoena, or warrant from a competent authority."

"We will never access your personal files, communications content, or sensitive application data within the Cloud Phone Environment for purposes like advertising or marketing."

d. Cookies and Similar Technologies:

We use cookies and similar tracking technologies (like web beacons, pixels) to operate and administer our website and Service management portal, gather usage data, and improve your experience. Please see Section 7 ("Cookies and Similar Technologies") for more details.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain the Service: Operate, deliver, secure, and manage the cloud phone service you requested, including account management and processing subscriptions.
• To Process Payments: Manage subscriptions, process transactions, and prevent fraudulent transactions (often via third-party processors).
• To Improve the Service: Analyze usage patterns, troubleshoot issues, gather feedback, and develop new features and functionalities.
• For Security and Fraud Prevention: Monitor for suspicious activity, enforce our Terms of Service and Acceptable Use Policy, protect our rights and the safety of our users and the public, detect and prevent malware, spam, abuse, and security incidents.
• For Customer Support: Respond to your inquiries, provide technical assistance, and resolve issues.
• To Communicate With You: Send you essential service-related communications (e.g., account verification, billing notifications, technical updates, security alerts, changes to policies). We may also send promotional or marketing communications if you opt-in, and you can opt-out at any time.
• For Legal Compliance: Comply with applicable laws, regulations, legal processes (like court orders or subpoenas), and governmental requests.
• For Aggregated Analytics: Create aggregated, anonymized, or de-identified data for statistical analysis, research, and reporting, which does not identify you personally.

4. Legal Basis for Processing Personal Data (Applicable to GDPR and similar regimes)

If you are located in the European Economic Area (EEA), Switzerland, or the UK, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only:

• Where we need the Personal Data to perform a contract with you (e.g., to provide the Service you requested).
• Where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., for security, service improvement, fraud prevention).
• Where we have your consent to do so (e.g., for marketing communications or non-essential cookies).
• Where we need to process your Personal Data to comply with a legal obligation.

If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

5. How We Share and Disclose Information

We do not sell your Personal Data. We may share your information only in the following circumstances:

• Third-Party Service Providers: We engage trusted third-party companies and individuals to perform services on our behalf, such as infrastructure hosting (e.g., cloud providers like AWS, Google Cloud, Azure), payment processing, data analytics, customer support tools, email delivery, and security services. These providers only have access to the Personal Data necessary to perform their tasks and are contractually obligated to protect your data and use it solely for the purposes for which it was disclosed. We maintain Data Processing Agreements (DPAs) with these providers where legally required.
• Legal Requirements and Law Enforcement: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or valid legal process (e.g., subpoena, court order); (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.
• Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data may be shared or transferred as part of such a transaction, subject to standard confidentiality arrangements.
• With Your Consent: We may share your information with third parties when we have your explicit consent to do so.
• Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, reporting, or other purposes.

Regarding Data Within the Cloud Phone Environment: We apply particular scrutiny to any potential sharing of data originating from within your Cloud Phone Environment. Unless required by valid legal process (as described above) or explicitly initiated/consented to by you (e.g., for support), we do not share the specific content or application data from your virtual instance with third parties. Metadata necessary for security scanning or abuse detection may be processed by specialized security partners under strict confidentiality and purpose limitations.

6. Cookies and Similar Technologies

We use cookies (small text files placed on your device) and similar technologies (like web beacons, pixels, and ad tags) on our website and Service management portal to:

• Enable essential functions (e.g., login sessions, maintaining settings).
• Analyze performance and usage (e.g., understand how users navigate the site).
• Remember your preferences (e.g., language).
• Potentially support marketing and advertising efforts (where applicable and with consent where required).

You can control cookies through your browser settings and potentially through a consent management tool provided on our website. Note that disabling essential cookies may impact the functionality of the Service management portal. For more detailed information about the cookies we use, please see our [Link to separate Cookie Policy, if applicable, otherwise detail here].

7. Data Security

We implement appropriate technical and organizational measures designed to protect the security of your Personal Data from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:

• Encryption of data at rest and in transit where appropriate.
• Firewalls and network segmentation.
• Access controls and authentication mechanisms.
• Regular security assessments and vulnerability management.
• Employee training on data security and privacy.

However, please be aware that no security system is impenetrable. While we strive to protect your Personal Data, we cannot guarantee its absolute security. You are also responsible for maintaining the security of your account credentials.

8. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The duration of your active account and use of our Service.
• The need to comply with our legal obligations (e.g., tax, accounting, legal holds).
• The need to resolve disputes or enforce our agreements.
• The operational needs of our business.

When we no longer need your Personal Data for these purposes, we will securely delete or anonymize it. Data within inactive Cloud Phone Environments may be deleted after a defined period, as specified in our Terms of Service.

9. International Data Transfers

Our Service is global, and your Personal Data may be transferred to, stored, and processed in countries other than your own, including [List key processing countries, e.g., the United States, Singapore, Ireland], where our servers or those of our third-party service providers are located. These countries may have data protection laws that are different from the laws of your country.

When we transfer your Personal Data internationally, we take steps to ensure that your information is protected in accordance with this Privacy Policy and applicable data protection laws. This may include relying on:

• Adequacy decisions adopted by relevant authorities (e.g., the European Commission).
• Standard Contractual Clauses (SCCs) approved by relevant authorities (e.g., the European Commission or UK Information Commissioner's Office).
• Your explicit consent for the transfer.
• Other legal mechanisms permitted under applicable law.

By using our Service, you consent to the transfer of your Personal Data to countries outside your country of residence, including those listed above.

10. Your Privacy Rights

Depending on your location and applicable data protection laws (such as GDPR in the EEA/UK, CCPA in California, PIPL in China), you may have certain rights regarding your Personal Data. These rights may include:

• Right to Access: Request access to the Personal Data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure (Right to be Forgotten): Request deletion of your Personal Data under certain conditions.
• Right to Restrict Processing: Request limitation of how we process your Personal Data under certain conditions.
• Right to Data Portability: Request a copy of your Personal Data in a structured, commonly used, and machine-readable format, and potentially transmit it to another controller.
• Right to Object: Object to our processing of your Personal Data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw your consent at any time (this will not affect the lawfulness of processing before withdrawal).
• Right to Lodge a Complaint: You have the right to lodge a complaint with a relevant data protection supervisory authority.
• Right to Non-Discrimination (e.g., under CCPA): We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights: You can typically manage some of your information directly through your account settings. To exercise other rights, please contact us using the details provided in Section 14 ("Contact Us"). We may need to verify your identity before processing your request. We will respond to your request within the timeframes required by applicable law. Please note that these rights are not absolute and may be subject to legal limitations.

11. Children's Privacy

Our Service is not directed to individuals under the age of [Specify age, e.g., 16 or 18, depending on target market regulations like GDPR and COPPA]. We do not knowingly collect Personal Data from children under this age. If we become aware that we have inadvertently collected Personal Data from a child under the specified age without verifiable parental consent (where required), we will take steps to delete such information promptly. If you believe we might have any information from or about a child under the specified age, please contact us.

12. Third-Party Links and Services

Our Service or website may contain links to third-party websites or services that are not operated by us. Furthermore, you may choose to install or access third-party applications or services within your Cloud Phone Environment. This Privacy Policy does not apply to the practices of these third parties. We encourage you to review the privacy policies of any third-party service you interact with. We are not responsible for the privacy practices or content of such third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you as required by applicable law, such as by posting the updated policy on our website, sending an email notification, or providing notice through the Service, and we will update the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us at:

Kiwiphone Co., Ltd
service@kiwiphone.com