Xo Hub Privacy Policy
Effective Date: March 27, 2026
Data Controller: Aether Circle
Contact Address: 1214 Wood Rd, Wan Chai, Hong Kong (HK)
Contact Email: christinekenne39@gmail.com
Data Protection Officer (DPO) Contact Email: christinekenne39@gmail.com (Please indicate "DPO + Specific Matter" in the email subject)
Welcome to Xo Hub (hereinafter referred to as the "App"), developed and operated by Aether Circle (hereinafter referred to as "we", "us" or "our company"). This Privacy Policy (hereinafter referred to as the "Policy") clarifies the methods, purposes and scope of our collection, use, storage, sharing, transfer and deletion of users' personal data, and informs users of their rights to personal data and the ways to exercise such rights. This Policy complies with the Google Play Privacy Policy, the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), Brazil's General Data Protection Law (LGPD), the United Arab Emirates' Federal Data Protection Law (FADP) and other relevant regional laws, regulations and industry norms, so as to protect the security and legitimate rights and interests of users' personal data.
This App is only provided to users aged 18 and above. Users can access all functions of the App after checking and agreeing to this Privacy Policy and the Xo Hub Terms of Service. The App has no registration or login function, and does not collect users' account numbers, passwords or other similar identity information, nor set up an age verification link. Please read and fully understand all terms of this Policy carefully, especially those involving the collection, use and sharing of personal data, as well as terms related to your rights. Your act of checking "Agree" shall be deemed as your full reading, understanding and acceptance of all contents of this Policy; if you do not agree to this Policy, please do not use the App.
I. Definitions and Interpretations
1.1 Personal Data
Refers to any information related to an identified or identifiable natural person, including but not limited to device information, image/video information, audio information, usage behavior information, in-app purchase data, etc. It excludes data that cannot identify a specific natural person after anonymization (anonymized data is not deemed as personal data and may be freely used by us for App optimization, statistical analysis and other legitimate business purposes).
1.2 Data Controller
The subject with the right to determine the purpose and method of personal data processing. The data controller of this App is Aether Circle, with the contact information as stated at the beginning of this Policy.
1.3 Data Protection Officer (DPO)
We have appointed a dedicated Data Protection Officer (DPO) who is responsible for supervising the compliance of the App's personal data processing activities and handling users' requests, complaints and consultations related to personal data. The DPO's contact email is the same as the official contact email of the company, with the email subject marked as required (see the beginning of the Policy). Response Time Limit: We will complete verification and reply within 15 working days upon receiving the request; the maximum response time for complex matters shall not exceed 30 working days.
1.4 Data Processing
Refers to any operation performed on personal data, including but not limited to collection, recording, storage, use, analysis, transmission, sharing, transfer, deletion, destruction and other related behaviors.
1.5 Data Sale
Refers to the act of us providing users' personal data to third parties in any form (including but not limited to sale, lease, exchange, authorization for use, etc.) to obtain direct or indirect economic benefits. This does not include the legal data sharing behavior carried out to realize the core functions of the App, provide in-app purchase services and perform legal obligations.
1.6 In-app Purchase Data
Refers to the transaction-related information generated by users in the App's in-app purchase service, including but not limited to purchase behavior records, consumption amount, payment method type (excluding full payment account information) and purchase content information.
II. Collection and Use of Personal Data
2.1 Collection Principles
We strictly follow the principles of legality, legitimacy, necessity and transparency in collecting users' personal data. We only collect personal data necessary for realizing the core functions of the App (including in-app purchase services), and will not collect data beyond the necessary scope or irrelevant to the App's functions. All data collection behaviors are based on users' voluntary authorization, and users can withdraw their authorization at any time (the withdrawal of authorization does not affect the validity of data processing activities carried out based on the prior authorization).
2.2 Scope and Purpose of Collection
The App has no registration or login function and does not collect users' personal identity information such as name, physical address, phone number, ID number or bank account details. Only after user authorization, we collect the following personal data related to the App's functions, and all data is only used for the purposes agreed in this Policy and no other purposes:
1. Device Information: Including but not limited to device model, device ID (such as IMEI, Android ID, OAID), operating system version, network type, IP address, device operating status, battery level, etc.
Purpose: Ensure the normal operation of the App, optimize App performance, fix technical bugs, count user usage data, analyze user usage habits, and provide users with a stable and smooth user experience; identify abnormal device behaviors, prevent malicious use risks (such as fake accounts, malicious access), and ensure the security of the App, users' data and in-app purchase transactions.
2. Camera Permission-related Data: Only after the user actively authorizes the camera permission, we collect the real-time video stream and static pictures captured by the user through the camera.
Purpose: Realize the App's core functions of one-on-one video chat and real-time interactive video; support users to take pictures to submit feedback on problems and suggestions encountered in the use of the App and in-app purchase services, helping us optimize product functions and service quality.
3. Album Permission-related Data: Only after the user actively authorizes the album permission, we collect the pictures and video clips selected by the user from the album (the user has full control over the selection scope).
Purpose: Support users to share picture/video content with other users in real-time chat and video interaction; facilitate users to upload existing pictures/videos to submit feedback on the App, and enrich the content forms of user interaction.
4. Microphone Permission-related Data: Only after the user actively authorizes the microphone permission, we collect the audio information recorded by the user through the microphone (including real-time voice and recorded audio).
Purpose: Realize the App's core functions of real-time voice chat, video chat voice intercom and voice message sending; support users to record audio to submit feedback on the App and in-app purchase services, improve feedback efficiency and help us quickly locate and solve problems.
5. External Storage Permission-related Data: Only after the user actively authorizes the external storage permission, we read and store files related to the App, including but not limited to pictures, audio and video files submitted by users for feedback, video/audio cache files generated by the App during use, and in-app purchase transaction record cache files.
Purpose: Save the feedback content submitted by users to ensure the normal submission and viewing of feedback information; save the video/audio cache generated by the App to facilitate users to view, edit and share interactive content; cache in-app purchase transaction records to facilitate users to check their consumption history at any time.
6. App Information Reading Permission-related Data: Collect relevant information about the apps installed on the user's device (only read the app name and version number, and will not access any other data or content in the third-party apps).
Purpose: Judge the App's operating environment, troubleshoot compatibility problems with other apps, ensure the normal operation of the App's core functions and in-app purchase services, and avoid functional abnormalities and transaction risks caused by app conflicts.
7. Usage Behavior Data: Including but not limited to the functions used by users in the App (such as video chat, text chat, intelligent matching, likes, comments, sharing, feedback, in-app purchase, etc.), usage duration, operation records, interactive objects, interest tags (generated based on users' browsing and interactive behaviors), and in-app purchase behavior preferences.
Purpose: Optimize the App's function layout and intelligent matching algorithm, provide personalized content and user matching recommendations (such as pushing users with similar interests in the matching function), analyze user needs and improve the overall user experience; count popular interactive content and create a "Hot List" to enrich the App's social ecology; optimize the in-app purchase service page and product recommendation, and provide users with more personalized consumption suggestions.
8. Advertising IDs: That is, advertising identifiers (such as Google Advertising ID). We only collect this identifier when the user's device has the advertising identifier permission enabled during the use of the App.
Purpose: Launch compliant advertising services in the App (such as pushing ads related to social, lifestyle and other themes), optimize the accuracy of advertising push, avoid pushing irrelevant ads and improve user experience; count advertising exposure, clicks and other data to analyze advertising effects and provide a basis for advertising service optimization. We promise not to associate Advertising IDs with users' personal data or in-app purchase information, nor use them for any illegal purposes. Users can turn off the advertising identifier permission through the device system settings, and we will immediately stop collecting this identifier after the closure, which will not affect the normal use of the App's core functions and in-app purchase services.
9. In-app Purchase Data: Automatically collect the user's in-app purchase behavior records, consumption amount, payment method type (excluding full payment account information) and purchase content information when the user initiates and completes an in-app purchase in the App (no additional authorization is required for this collection, which is a necessary condition for providing in-app purchase services).
Purpose: Complete the in-app purchase transaction process, verify the transaction validity, provide purchase record inquiry services for users, and handle after-sales problems related to in-app purchase (such as transaction failure, content non-delivery). We will never collect the user's full payment account information, and all payment processes are completed through the official Google Play payment channel to ensure transaction security.
2.3 Instructions on Permission Use
All permissions of the App are non-mandatory, and users can freely choose to authorize or refuse authorization. Refusing a certain permission only affects the use of the corresponding function, and will not affect the normal use of other core functions of the App (unless otherwise specified):
• Refusing to authorize camera, album and microphone permissions: Affects the use of video chat, real-time voice chat, voice message, picture/video sharing and other interactive functions, as well as the picture/audio/ video submission function of the feedback template, but does not affect the use of text chat, intelligent matching, in-app purchase and other functions.
• Refusing to authorize external storage permission: Affects the saving of user feedback content, the caching of App-generated video/audio files and the caching of in-app purchase transaction records. Users can still use video chat, text chat, intelligent matching and in-app purchase services normally, but cannot save interactive content locally, and the feedback content and transaction records cannot be cached and viewed offline.
• Refusing to authorize app information reading permission: May affect the compatibility troubleshooting of the App. If there is a conflict with other apps, we may not be able to locate and solve the problem in a timely manner, but it will not affect the use of the App's basic functions and in-app purchase services.
• Turning off the advertising identifier permission: Only stops the App's advertising push optimization function, and will not affect the use of all core functions and in-app purchase services of the App.
• Users can withdraw the authorized permissions at any time through the device system settings. After withdrawing the permissions, we will immediately stop collecting the personal data corresponding to the permissions, and the collected relevant data will be processed in accordance with this Policy (such as deletion or anonymization).
2.4 Data Collection Methods
We collect users' personal data through the following methods, and all collection behaviors are based on user authorization or the necessary conditions for providing core services:
1. Active Authorization Collection by Users: During the use of the App, users actively check the privacy policy and grant relevant permissions (such as camera, album, microphone, etc.), and we collect corresponding data based on user authorization.
2. Automatic Collection: When users use the App, the device automatically sends device information, usage behavior information and in-app purchase data (if any) to us. This type of data collection does not require additional operations by users, and only starts after users check and agree to this Policy.
3. Active Submission by Users: The pictures, audio, video and text feedback information actively submitted by users through the App's feedback template, as well as the content information actively released and shared by users in the interactive function. We only collect the content actively submitted and released by users.
III. Storage of Personal Data
3.1 Storage Location
We store users' personal data in cloud servers that meet the requirements of the Google Play Privacy Policy and relevant regional data protection laws and regulations. The storage locations are all located in compliant overseas data centers that meet the data protection standards of GDPR, CCPA/CPRA, VCDPA, LGPD, FADP and other regional regulations, to ensure that data storage complies with the requirements of overseas listing and regional data protection laws.
3.2 Storage Period
We follow the principle of minimum necessary storage and only store users' personal data for the period necessary to achieve the purposes agreed in this Policy. The specific storage periods are as follows:
1. Device Information and Usage Behavior Data: Stored for 12 months from the date when the user stops using the App (judged by the last login time of the device). The data will be automatically anonymized after the expiration, and the anonymized data can be used for App optimization, statistical analysis and in-app purchase service improvement, and will no longer be associated with any specific user.
2. User Feedback Related Data (Pictures, Audio, Video, Texts): Stored for 6 months from the date when we complete the problem handling and reply to the user, and will be automatically deleted after the expiration to ensure the timely processing and cleanup of user feedback information.
3. Video/Audio/Image Cache Data Generated by the App: Stored until the user actively deletes the cache, uninstalls the App, or 30 days from the date of cache data generation, and will be automatically cleaned up after the expiration to release the user's device storage resources.
4. In-app Purchase Data: Stored for 3 years from the date of the completion of the in-app purchase transaction, in accordance with the requirements of international trade and payment regulations, to facilitate the handling of after-sales problems, transaction verification and regulatory inquiry. The in-app purchase data will be anonymized after the expiration, and the personal identification information will be completely erased.
5. Advertising IDs: Stored for the duration of the user's use of the App, and will be immediately deleted after the user turns off the advertising identifier permission or stops using the App for more than 3 months.
6. In case of active data deletion request by users: We will verify the user's identity after receiving the request (since the App has no registration or login function, we will verify through the device information and feedback contact information provided by the user). We will delete the relevant personal data within 7 working days after the verification is passed, and the deleted data cannot be recovered. For in-app purchase data, we will only anonymize the personal identification part and retain the transaction information in accordance with regulatory requirements (the retained information cannot be associated with the specific user).
3.3 Storage Security
We take industry-leading security protection measures to ensure the security of users' personal data and in-app purchase data, and prevent risks such as data leakage, tampering, loss and unauthorized access. The specific measures include but are not limited to:
1. Technical Protection: Adopt high-level encryption technologies (such as SSL/TLS 1.3 encryption) to transmit and store personal data and in-app purchase data, preventing data from being illegally intercepted and tampered with during transmission and storage; deploy multi-layer firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) to prevent network attacks and ensure server security; adopt data desensitization technology for sensitive data such as device ID and in-app purchase amount, and only retain the necessary information for business processing.
2. Management Protection: Establish a strict data security management system, clarify the hierarchical permission of data processors, and only authorize relevant personnel to access the necessary data for work; conduct regular professional data security training and assessment for all employees involved in data processing, and strictly prohibit unauthorized personnel from accessing and using users' personal data; conduct regular security inspections and vulnerability tests on data storage systems and App systems, and timely fix potential security risks.
3. Transaction Security Protection: For in-app purchase data, we cooperate with the official Google Play payment channel to complete all payment processes, and will never store the user's full payment account information, bank card details or payment verification codes; adopt transaction signature and anti-fraud algorithms to verify the validity of each in-app purchase transaction, preventing malicious transactions and fake payment behaviors.
4. Emergency Response: Establish a perfect data security emergency response mechanism. If a personal data leakage, tampering, loss or other security incident occurs (including in-app purchase data security incidents), we will immediately activate the emergency plan, take remedial measures (such as stopping data transmission, freezing the affected server) to prevent the expansion of harm, and in accordance with the requirements of relevant regional laws and regulations, timely notify the affected users (if contactable) and relevant regulatory authorities, and fully cooperate with the regulatory authorities in investigation and handling work. For data leakage incidents involving the EU region, we will complete the notification within 72 hours of discovering the incident in accordance with GDPR requirements.
IV. Sharing, Transfer and Sale of Personal Data
4.1 Data Sharing
We promise not to arbitrarily share users' personal data and in-app purchase data. Only in the following specific circumstances, with user authorization or in accordance with laws and regulations, we will share the minimum necessary personal data with third parties. Before sharing, we will clearly inform users of the purpose, scope and recipient of the sharing through App pop-ups, in-app messages and other methods, and users have the right to refuse sharing (refusing sharing does not affect the use of the App's core functions and in-app purchase services):
1. To Realize the Core Functions of the App and In-app Purchase Services: We only share necessary personal data (such as device information, usage behavior information, in-app purchase transaction status) with third-party service providers that provide us with technical support, server hosting, data analysis, payment settlement and advertising services. We will sign a strict data security protection agreement with all third-party service providers, clarify their responsibilities and obligations, require them to use users' personal data only within the scope of providing services for us, and not use the data for any other purposes or share it with other third parties. We will conduct regular supervision and assessment on the service behavior and data security protection measures of third-party service providers; if a third party is found to have illegally used or leaked data, we will immediately terminate the cooperation with it, pursue its legal liabilities in accordance with the agreement, and notify the affected users in a timely manner.
2. Active Sharing by Users: Users share their interactive content (such as pictures, videos, text messages) and in-app purchase content with other users in the App or mainstream social platforms (such as Instagram, Facebook, TikTok) through the App's sharing function. Such sharing behavior is independently initiated by users, and we only provide technical sharing channels and do not actively share users' personal data to any third-party platforms.
3. Sharing in Accordance with Laws and Regulations: Due to the requirements of relevant regional laws and regulations, judicial organs or administrative organs (such as court subpoenas, administrative investigation orders, regulatory inquiry notices), we need to share users' personal data with relevant institutions. We will strictly provide only the necessary data within the scope specified by law in accordance with legal requirements, and will not provide any data beyond the legal scope, especially the user's complete in-app purchase data and sensitive device information.
4.2 Data Transfer
We will not transfer users' personal data and in-app purchase data to any third party unless the following circumstances occur. Before the transfer, we will take reasonable and sufficient data security protection measures (such as data encryption, desensitization) to ensure the security of users' data, notify the affected users through App pop-ups, in-app messages and other methods (if contactable), and users have the right to request the deletion of relevant data:
1. In the event of merger, division, dissolution, bankruptcy or other major asset changes of our company, users' personal data will be transferred to the successor as part of the company's assets. The successor will continue to perform the privacy protection obligations agreed in this Policy in full. If the successor cannot perform the relevant privacy protection obligations, we will delete all users' personal data in advance (except for the in-app purchase data that needs to be retained in accordance with regulatory requirements).
2. With the user's written explicit consent (including email confirmation with the user's device information and signature), we will transfer the user's personal data to a third party. Before the transfer, we will clearly inform the user of the name, contact information, purpose and scope of data use of the third party through a separate notice, and the user has the right to revoke the consent at any time before the transfer. If the user does not agree, we will not transfer any of the user's personal data.
4.3 Data Sale
We clearly and unconditionally promise that we will not actively sell users' personal data and in-app purchase data to any third party for any economic benefits, and users have the unshakable right to choose not to allow their personal data to be sold in any form. The specific instructions are as follows:
1. Users have the right to request us to stop any behavior that may involve the sale of personal data at any time, and have the right to refuse their personal data and in-app purchase data to be used for any sales-related purposes by us or any third party.
2. Opt-out of Data Sharing/Sale: If the user wishes to opt out of the sharing or sale of their personal data (including but not limited to refusing the data to be shared with third parties for sales purposes, refusing the data to be used by us for any sales-related behaviors), the user can send an opt-out request through our official contact email (christinekenne39@gmail.com), with the email subject indicating "Opt Out of Data Sharing/Sale + Device Information" (the device information can be viewed in the "My - About - Device Information" page of the App). We will verify the user's identity within 3 working days after receiving the request, process the opt-out request within 7 working days after the verification is passed, immediately stop the relevant data sharing or potential sales behavior, and delete the relevant sensitive data (if necessary). We will reply to the user via email after the processing is completed, and inform the user of the processing result and the remaining data status.
3. Future Business Adjustment Notice: If we plan to carry out any activities involving the use of user personal data that may be deemed as "data sale" under relevant regional laws and regulations due to major business adjustments in the future, we will notify all users through App pop-ups, in-app top announcements and official email notifications 30 days in advance, clearly inform the purpose, scope, recipient and economic benefits of the relevant data use. Users have the absolute right to choose to refuse the relevant behavior; if the user refuses, we will never use or transfer the user's personal data for the above purposes; if the user does not clearly express the refusal within the notice period, it shall not be deemed as the user's agreement, and we will reconfirm the user's intention before any relevant operation.
V. Users' Rights to Personal Data
In accordance with the requirements of the Google Play Privacy Policy and the laws and regulations of relevant regions such as the EU GDPR, US CCPA/CPRA, VCDPA, Brazil LGPD and UAE FADP, users have the following comprehensive rights to their personal data and in-app purchase data, and we will provide convenient, efficient and free channels for users to exercise their rights (no additional fees will be charged for users to exercise their legitimate rights):
5.1 Right to Know
Users have the right to know all the circumstances of our collection, use, storage, sharing, transfer and sale of their personal data, including but not limited to the scope, purpose, method, storage period, sharing object, transfer situation and sales status of data collection, as well as the specific use of in-app purchase data. We clearly inform users of the above information through this Policy, App in-app announcements, "My - Privacy Settings" page and other methods. If users have any questions about the above information, they can consult us through the official contact email at any time, and we will give a detailed and clear reply within the specified time limit.
5.2 Right of Access
Users have the right to request us to provide a complete copy of their personal data and in-app purchase data collected by us, and understand the specific content, storage location and processing status of the data. Users can send an access request through the official contact email, with the email subject indicating "Access Personal Data + Device Information" and attaching the relevant device information for verification. We will verify the user's identity within 10 working days after receiving the request, and provide the user with a copy of the relevant data in a structured, commonly used and machine-readable format (such as CSV, PDF) free of charge after the verification is passed. For in-app purchase data, we will provide a detailed transaction record including purchase time, amount, content and status.
5.3 Right to Rectification
If the user finds that the personal data and in-app purchase data collected and stored by us is incorrect, incomplete or outdated (such as wrong in-app purchase transaction records, incorrect interest tags), the user has the right to request us to rectify and supplement the relevant data. Users can send a rectification request through the official contact email, with the email subject indicating "Rectify Personal Data + Device Information", attaching the relevant supporting materials (such as in-app purchase payment screenshots, device information screenshots) and the correct data content. We will verify the request and supporting materials within 10 working days after receiving them, complete the rectification and supplement of the relevant data in a timely manner after the verification is passed, and reply to the user via email to inform the rectification result and the updated data content.
5.4 Right to Erasure (Right to be Forgotten)
Users have the right to request us to delete their personal data and in-app purchase data (the transaction information that needs to be retained in accordance with regulatory requirements is excluded), including but not limited to the feedback information actively submitted by users, device information, usage behavior information, advertising IDs and cache data. The specific applicable circumstances include:
1. The purpose of data collection has been achieved, cannot be achieved or is no longer necessary;
2. The user withdraws the authorization for data collection and use;
3. We collect and use data in violation of this Policy or relevant regional laws and regulations;
4. The user stops using the App and requests to delete all personal data;
5. Other circumstances that require data deletion in accordance with relevant regional laws and regulations.
Users can send a deletion request through the official contact email, with the email subject indicating "Delete Personal Data + Device Information". We will verify the user's identity within 7 working days after receiving the request, delete the relevant data in accordance with the request after the verification is passed (the deleted data cannot be recovered), and reply to the user via email to inform the deletion result and the retained data (if any). For in-app purchase data, we will only retain the transaction information that needs to be kept in accordance with regulatory requirements after anonymization and desensitization.
5.5 Right to Refuse
Users have the absolute right to refuse us to collect, use, share, transfer and sell their personal data and in-app purchase data, and have the right to withdraw the authorized permissions at any time through the device system settings or the App's "Privacy Settings" page. After the user refuses or withdraws the authorization, we will immediately stop the relevant data processing behavior, but it will not affect the validity of the data processing activities carried out based on the prior authorization, nor will it affect the user's use of the App's core functions and in-app purchase services (except for the functions that require the corresponding permissions). We will never discriminate against users who exercise the right to refuse (such as restricting function use, reducing matching priority, increasing in-app purchase prices).
5.6 Right to Opt Out of Sharing/Sale
Users have the right to opt out of the sharing or sale of their personal data and in-app purchase data at any time, and the specific exercise method is detailed in Section 4.3 of this Chapter IV. We will promptly respond to the user's opt-out request within the specified time limit, stop the relevant data sharing or sale behavior, and ensure that the user's data is not used for any unauthorized purposes.
5.7 Right to Complain
If the user believes that our personal data processing behavior violates this Policy, the Google Play Privacy Policy or relevant regional laws and regulations, or has objections to the processing result of the user's data request (such as access, rectification, deletion), the user has the right to complain to our DPO through the designated contact email, and also has the right to complain to the personal data regulatory authorities of the relevant regions and the Google Play official complaint channel. We will actively cooperate with the regulatory authorities and Google Play in the investigation and handling work, rectify the relevant problems in a timely manner, and feed back the handling result to the user and the regulatory authorities.
5.8 Additional Rights for Users in Specific Regions
For users in different regions, in accordance with the local data protection laws and regulations, users also have the following additional exclusive rights (including but not limited to). We will strictly comply with the relevant regional laws and regulations to protect the additional rights of users in the corresponding regions:
1. EU Region (GDPR):
○ Right to data portability: Users have the right to request us to provide their personal data in a structured, commonly used and machine-readable format, and have the right to request us to transmit the data directly to other data controllers designated by the user (if technically feasible).
○ Right to restriction of processing: Users have the right to request us to restrict the processing of their personal data under the circumstances specified by GDPR (such as the user disputes the accuracy of the data, the processing is illegal).
○ Right to object to automated decision-making: If we make automated decisions (including profiling) based on users' personal data (such as intelligent matching algorithm recommendation), users have the right to object to the above decisions and request us to conduct manual intervention and review, and we will not make decisions that have a major impact on users based solely on automated processing.
○ Data leakage notification: If a personal data leakage incident occurs involving EU users, we will notify the EU data protection regulatory authority (DPA) and the affected users (if contactable) within 72 hours of discovering the leakage, and provide a detailed incident report including the cause, scope and remedial measures.
2. California, USA (CCPA/CPRA):
○ Right to disclosure: Users have the right to request us to disclose the specific categories and contents of personal data collected, used, shared and sold (if any), as well as the name, contact information and purpose of the third parties with whom the data is shared.
○ Right to non-discrimination: We will never discriminate against users who exercise their rights under CCPA/CPRA (such as restricting the use of App functions, reducing service quality, increasing in-app purchase prices, refusing to provide in-app purchase services).
○ Right to access sales records: Users have the right to request us to provide a complete record of the sale of their personal data (if any), including the categories of data sold, the name and contact information of the buyer, and the economic benefits obtained from the sale.
○ Right to complain to the California Attorney General's Office: If users believe that our data processing behavior violates CCPA/CPRA, they have the right to file a complaint with the California Attorney General's Office directly.
3. Virginia, USA (VCDPA):
○ Right to object to targeted advertising: Users have the right to object to us using their personal data for targeted advertising purposes, and we will immediately stop using the user's data for advertising push optimization after receiving the objection request.
○ Right to claim compensation: If users suffer losses due to our violation of VCDPA regulations in the processing of personal data, users have the right to claim compensation for the actual losses from us in accordance with the law.
○ Right to disclosure of data collection: Users have the right to request us to disclose the collection scope, purpose, storage period and sharing object of their personal data, and we will provide a detailed written disclosure report free of charge.
4. Brazil (LGPD):
○ Right to object to unreasonable data processing: Users have the right to object to our unreasonable processing of their personal data (such as processing data beyond the necessary scope), and we will review the objection request within 15 working days and stop the relevant processing behavior if the objection is established.
○ Right to claim compensation for losses: If we violate the LGPD regulations and cause damage to users due to the illegal processing of personal data, users have the right to claim compensation for material and spiritual losses from us in accordance with Brazilian law.
○ Right to data portability for in-app purchase data: Users have the right to request us to provide their in-app purchase data in a machine-readable format, and transmit the data to other service providers designated by the user.
5. United Arab Emirates (FADP):
○ Right to data security protection: Users have the right to request us to take necessary and sufficient technical and management measures to ensure the security of their personal data, and we will provide a detailed explanation of the data security protection measures adopted by us at the user's request.
○ Data leakage mandatory notification: If a personal data leakage incident occurs involving UAE users, we are obligated to notify the UAE Federal Data Protection and Privacy Commission (FDPPC) and the affected users immediately after discovering the incident, and take all possible remedial measures to reduce the loss of users.
○ Right to request data correction and deletion: Users have the right to request us to correct or delete their incorrect or unnecessary personal data at any time, and we will complete the relevant operation within the specified time limit without any additional fees.
VI. Legal Basis for Data Processing
We process users' personal data and in-app purchase data in strict accordance with the following legal basis to ensure that all data processing behaviors are legal, compliant and in line with the requirements of the Google Play Privacy Policy. The legal basis is applicable to different regions and complies with the relevant regional data protection laws and regulations:
1. User's Explicit Consent: When the user checks and agrees to this Privacy Policy and grants relevant permissions through the device system or the App, it is deemed that the user has given explicit consent to our collection, use and storage of their personal data. This consent is the core legal basis for our data processing behavior, and the user has the right to withdraw the consent at any time.
2. Performance of Contractual Obligations: To provide users with the core functions of the App (such as video chat, text chat, intelligent matching) and in-app purchase services, we need to collect and use relevant personal data and in-app purchase data, which is the necessary obligation for us to perform the service contract with users (the user's act of checking the agreement and using the App shall be deemed as the establishment of a service contract relationship between the user and us).
3. Protection of Legitimate Interests: On the premise of not damaging the legitimate rights and interests of users, for the legitimate interests of ensuring the normal operation of the App, preventing malicious use risks, protecting the security of in-app purchase transactions and the legitimate rights and interests of users and our company (such as troubleshooting App faults, handling user complaints, preventing fraudulent transactions, blocking malicious users), we need to collect and use relevant personal data.
4. Fulfillment of Legal Obligations: In accordance with the requirements of relevant regional laws and regulations, judicial organs, administrative organs or regulatory authorities (such as court subpoenas, administrative investigation orders, regulatory inquiry notices), we need to collect, store and provide users' personal data to fulfill the legal obligations stipulated by the law.
5. Legitimate Business Purposes: For the legitimate business purposes of optimizing App functions, improving user experience, analyzing user needs, optimizing in-app purchase services and conducting statistical analysis (on the premise of anonymizing the data), we may collect and use the personal data before anonymization, and such legitimate business purposes take precedence over the user's minor privacy interests without damaging the user's core rights and interests.
6. Specific Regional Legal Basis: Our data processing behavior is also based on the specific provisions of the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), Brazil's General Data Protection Law (LGPD), the United Arab Emirates' Federal Data Protection Law (FADP) and other relevant regional data protection laws and regulations, as well as the Google Play Developer Program Policies and Google Play Privacy Policy issued by Google.
VII. Instructions on Third-Party Services
The App may integrate third-party services to realize the core functions and improve the service quality, including but not limited to server hosting, data analysis, payment settlement, advertising push, social platform sharing and technical support services. The third-party service providers may collect some of the users' personal data (only the minimum necessary data for providing the corresponding services) in the process of providing services. We have strictly screened all third-party service providers and only cooperate with service providers that meet the international data security protection standards and the requirements of relevant regional laws and regulations.
We will sign a strict Data Processing Agreement (DPA) and data security protection agreement with all third-party service providers, clarify their responsibilities and obligations in data processing, require them to strictly comply with this Policy, the Google Play Privacy Policy and relevant regional data protection laws and regulations, not collect and use users' personal data beyond the necessary service scope, and not share, transfer or sell users' personal data to any other third parties without our written consent and the user's explicit authorization. We will conduct regular supervision and assessment on the data processing behavior and data security protection measures of third-party service providers, and immediately terminate the cooperation and pursue legal liabilities if any violation is found.
The privacy policies of third-party service providers are independent of this Policy, and we are not responsible for the data processing behavior of third-party service providers. Users can view the official privacy policies of third parties through the links provided in the App or the official websites of third parties to understand their data collection, use and storage rules. If users do not agree to the third parties collecting and using their personal data, they can refuse to use the corresponding third-party services through the App's settings or device system settings; if the third-party service is a necessary condition for the core functions of the App, users can choose to stop using the App.
VIII. Modification and Update of the Policy
1. We have the right to modify and update this Policy in accordance with the update of the Google Play Privacy Policy and Developer Program Policies, the revision of relevant regional data protection laws and regulations, the iteration of the App's functions and the changes in data protection needs (including the update of in-app purchase service rules).
2. Major Modifications: If there are major modifications to this Policy (including but not limited to adjustments to core clauses such as data collection scope, purpose of use, sharing method, user rights, legal basis and in-app purchase data processing rules), we will notify all users through App pop-ups, in-app top announcements and persistent message reminders at least 30 days in advance of the effective date of the modified Policy. The modified Policy shall take effect from the date of the announcement; if the user does not agree to the modified Policy, the user shall immediately stop using the App. The user's continued use of the App after the effective date of the modified Policy shall be deemed as the user's full reading, understanding and acceptance of the modified Policy.
3. Non-major Modifications: If there are non-major modifications to this Policy (such as optimization of text expression, update of contact information, adjustment of data security protection measures and minor changes to feedback processing rules), we will publish the updated Policy text on the "My - About - Privacy Policy" page of the App at least 7 days in advance of the effective date. The modified Policy shall take effect from the date of publication, and the user's continued use of the App after the effective date shall be deemed as the user's acceptance of the modified Policy.
4. We recommend that users check the latest version of the Privacy Policy regularly through the App's "My - About - Privacy Policy" page to understand the latest privacy protection agreement and data processing rules. If users have any questions about the modified Policy, they can contact our DPO through the designated contact email for consultation at any time, and we will give a detailed and clear reply.
IX. Complaints and Contact Information
9.1 Official Complaint and Contact Channels
If the user believes that our personal data processing behavior violates this Policy, the Google Play Privacy Policy or relevant regional laws and regulations, or has any questions, suggestions or requests regarding personal data and in-app purchase data (such as accessing, rectifying, deleting data, opting out of data sharing/sale, consulting data processing rules), the user can contact us through the following official channels, and we will process the user's request in a timely and professional manner:
• General Contact Email: christinekenne39@gmail.com (for general questions, suggestions and feedback)
• DPO Special Contact Email: christinekenne39@gmail.com (for data-related requests, complaints and consultations, please indicate "DPO + Specific Matter" in the email subject)
• Postal Address: 1214 Wood Rd, Wan Chai, Hong Kong (HK) (for written complaints and requests)
9.2 Response Time Limit
We will receive and review the user's complaint, consultation and request within 3 working days after receiving it, complete the identity verification and issue a preliminary reply to the user; we will complete the full verification and processing of the user's request within 15 working days and give a detailed and clear final reply to the user via email or written notice. For complex matters (such as large-scale data deletion, cross-regional data portability, in-app purchase data correction involving multiple third parties), the maximum response time shall not exceed 30 working days, and we will inform the user of the processing progress and expected completion time during the processing period.
9.3 Complaint to Regulatory Authorities and Google Play
If the user is not satisfied with our handling result, or believes that our data processing behavior seriously violates the relevant regional data protection laws and regulations and the Google Play Privacy Policy, the user has the right to file a complaint with the personal data regulatory authorities of the relevant regions and the official Google Play complaint channel. We will actively cooperate with the regulatory authorities and Google Play in the investigation and handling work, rectify the relevant problems in a timely manner, and feed back the handling result to the user and the relevant authorities. The main regulatory authorities for different regions are as follows:
• EU Region: Local Data Protection Authority (DPA)
• California, USA: California Attorney General's Office
• Virginia, USA: Virginia Attorney General's Office
• Brazil: Brazilian Data Protection Authority (ANPD)
• United Arab Emirates: Federal Data Protection and Privacy Commission (FDPPC)
• Google Play Official Complaint Channel: Google Play Developer Support (https://play.google.com/support/)
X. Disclaimer
1. This App is only for users aged 18 and above. If a minor under 18 accidentally uses the App without the consent of a legal guardian, the legal guardian shall bear full responsibility for all consequences arising therefrom. We shall not be liable for any personal data-related risks and liabilities caused by minors using the App, but we will actively cooperate with the legal guardian to delete all relevant personal data of the minor and stop all data collection behaviors immediately upon receiving the guardian's request and relevant proof materials.
2. We shall not be liable for the leakage, tampering, loss or damage of users' personal data and in-app purchase data caused by force majeure (such as natural disasters, extreme weather, network failures, server paralysis, third-party service interruptions, Google Play system failures and other factors beyond our reasonable control), but we will take all possible remedial measures in a timely manner after the occurrence of force majeure to minimize the damage to users, and notify the affected users of the incident and remedial measures through App in-app messages, email and other methods (if contactable).
3. We shall not be liable for personal data security risks and losses caused by the user's own operational errors (such as leaking device information, sharing App account information with others, actively leaking personal data to third parties, operating the device in violation of the App's usage rules) and third-party illegal behaviors (such as third-party service providers illegally using or leaking data without our authorization, network hacker attacks, phishing scams, malicious software invasion). However, we will provide necessary technical assistance and relevant proof materials for users to safeguard their legitimate rights and interests, and cooperate with the relevant authorities to investigate and deal with the illegal acts of third parties.
4. We process users' personal data and in-app purchase data in strict accordance with this Policy and relevant regional laws and regulations. The consequences such as App function abnormalities, data loss, in-app purchase record viewing failure and matching function restriction caused by users exercising their rights (such as deleting data, withdrawing authorization, opting out of data sharing) shall be borne by the users themselves, and we shall not be liable for any direct or indirect losses arising therefrom.
5. Anonymized user data (data that cannot identify a specific natural person after processing) is no longer deemed as personal data in accordance with relevant regional laws and regulations, and we can freely use, share, transfer and analyze the anonymized data for App optimization, statistical analysis, in-app purchase service improvement and other legitimate business purposes without assuming any privacy protection liability.
6. We only provide technical support and service channels for the App's in-app purchase services, and all payment processes are completed through the official Google Play payment channel. We shall not be liable for any payment failures, fund losses and transaction disputes caused by Google Play payment system failures, third-party payment platform problems, the user's own payment account issues and other factors beyond our control. We will actively cooperate with users and Google Play to handle relevant after-sales problems and provide necessary transaction proof materials.
XI. Other Terms
1. This Policy is an integral part of the Xo Hub Terms of Service and a supplementary agreement with equal legal effect. If there is any inconsistency between this Policy and the Xo Hub Terms of Service, this Policy shall prevail; if there is no relevant agreement in this Policy, the relevant provisions of the Xo Hub Terms of Service shall apply.
2. If any clause of this Policy is deemed invalid or unenforceable by a competent court or regulatory authority in accordance with relevant regional laws and regulations, the invalidity or unenforceability of the clause shall not affect the legal effect of other clauses of this Policy, and the other clauses shall continue to be strictly performed by both parties.
3. The conclusion, performance, interpretation and dispute resolution of this Policy shall all be governed by the relevant data protection laws and regulations of the user's region of residence and the data storage location. If any dispute arises between the user and us due to this Policy or the data processing behavior, both parties shall first resolve it through friendly negotiation; if the negotiation fails, either party has the right to institute legal proceedings in the competent court of the user's region of residence (or the competent court of the data storage location if the user's region of residence is not clear).
4. This Policy shall take effect from the date when the user checks and agrees to it, and shall remain in effect until the date when the App ceases operation or the user stops using the App and deletes all personal data. If we decide to cease the operation of the App for any reason, we will notify all users through App pop-ups, in-app announcements, email and other prominent methods 30 days in advance, and properly handle all users' personal data (including full deletion or anonymization) in accordance with this Policy and relevant regional laws and regulations, and terminate all data processing behaviors and in-app purchase services.
5. Aether Circle reserves the final interpretation right of this Policy. The interpretation of this Policy shall comply with the relevant regional data protection laws and regulations, the Google Play Privacy Policy and the principle of protecting the legitimate rights and interests of users. If there is any ambiguity in the interpretation of the Policy, it shall be interpreted in a manner that is beneficial to the user.
Data Controller: Aether Circle
Contact Address: 1214 Wood Rd, Wan Chai, Hong Kong (HK)
Contact Email: christinekenne39@gmail.com
Effective Date: March 27, 2026