Privacy Policy

Updated: January 5, 2023

Effective Date: January 5, 2023

Version update tips:

We have updated the Privacy Policy of eSign, which mainly includes the following:

1. In order to improve your readability, we have adjusted the overall structure of the Privacy Policy, but have not added restrictive restrictions on your rights terms. For example, we display the terms and conditions of the APP's processing of your personal information at the end of the agreement, and if you are not a user of the eSign APP, you can choose whether to read these terms or not.

2. We emphasize the terms of personal information processing when you apply for product trial and receive promotion and marketing.

3. We have detailed the communication channels and response time limits when you make a request for personal information processing to us.

4. We have re-clarified the notification method for major updates to the Privacy Policy of eSign.

Welcome to use the electronic signature service of Hangzhou eSign Information Technology Co., Ltd. (hereinafter referred to as "eSign" or "we"), this Privacy Policy applies to the products and services provided by eSign, as well as the promotion and marketing behavior of eSign.

eSign respects and protects your privacy. When we process the information you provide, we will collect, store, use, transmit, provide, disclose, delete and transfer your personal information in accordance with this Privacy Policy. At the same time, we explain to you through this Privacy Policy that we provide you with channels and time limits for accessing, copying, correcting, supplementing, and requesting deletion of this information. In addition, we separately explain to you through this Privacy Policy how our app handles your personal information.

WE RECOMMEND THAT YOU CAREFULLY READ AND UNDERSTAND THIS PRIVACY POLICY, ESPECIALLY THE TERMS IN BOLD, AND PROVIDE THE CORRESPONDING INFORMATION AFTER CONFIRMING YOUR FULL UNDERSTANDING AND CONSENT, USE OUR PRODUCTS AND SERVICES OR ESTABLISH CONTACT WITH US BEFORE PROVIDING INFORMATION TO US. BY CONTINUING TO USE OUR PRODUCTS AND SERVICES AFTER THIS PRIVACY POLICY IS UPDATED, OR CONTINUING TO ACCEPT ESIGN'S MARKETING AND PROMOTION ACTIVITIES, IT MEANS THAT YOU AGREE TO THE CONTENT OF THIS PRIVACY POLICY (INCLUDING THE UPDATED VERSION) AND AGREE THAT WE WILL PROCESS YOUR RELEVANT INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY. IF YOU DO NOT FIND BOLD AND UNDERLINED CLAUSES IN THE WHOLE TEXT WHEN READING THIS AGREEMENT, IT MEANS THAT THE TERMINAL DEVICE YOU USE TO READ THIS AGREEMENT HAS THE PROBLEM OF IMPROPER ADAPTATION, AND IN ORDER TO PROTECT YOUR RIGHTS AND INTERESTS, IT IS RECOMMENDED THAT YOU READ THIS AGREEMENT ON THE OFFICIAL WEBSITE OF ESIGN. Our updated Privacy Policy will be published on the official website of eSign in a timely manner, and you can check it through it’s URL:

 https://www.esign.cn/gw/fwxy. In addition, you can view the historical version of the Privacy Policy and the corresponding update effective time.

IF YOU HAVE ANY QUESTIONS, COMMENTS OR SUGGESTIONS ABOUT THE CONTENT OF THIS PRIVACY POLICY, OR HAVE SPECIFIC PROCESSING APPEALS FOR ANY INFORMATION YOU PROVIDE, ESPECIALLY YOUR PERSONAL INFORMATION, YOU CAN CONTACT US THROUGH THE MANUAL CUSTOMER SERVICE CHANNEL OF CUSTOMER SERVICE TELEPHONE 400-087-8198, AND WE WILL RESPOND IN A TIMELY MANNER AND ANSWER YOUR DOUBTS AND HANDLE YOUR APPEALS WITHIN 15 WORKING DAYS.

This Privacy Policy will help you understand the following and meanwhile would help you understand how the eSign APP handles your personal information:

I. HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION;

II. HOW WE STORE YOUR PERSONAL INFORMATION;

III. HOW WE SHARE, TRANSFER AND DISCLOSE YOUR PERSONAL INFORMATION;

IV. HOW WE PROTECT YOUR PERSONAL INFORMATION;

V. YOUR RIGHTS IN PERSONAL INFORMATION PROCESSING ACTIVITIES;

VI. PROTECTION OF MINORS' PERSONAL INFORMATION;

VII. HOW THIS PRIVACY POLICY IS UPDATED.

I. HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION

We collect the information required to realize product functions or provide you with services in accordance with the principles of legality, propriety, necessity and good faith, and will make reasonable use of the collected information, and we will do our best to ensure that personal information processing activities can protect your personal information rights and interests.

We will collect and use your information in the following circumstances, and the purpose, method and scope are as follows:

(I) Registration and Login

When you register and login to the "eSign" account, you can complete it through Third-party platform authorization, SMS or Email OTP, Password, etc. If you register or log in by a third-party platform authorization, you need to fill in your mobile phone number or email address to associate your account with the corresponding account ID and relevant information provided by the authorized third-party platform. If you register or log in by means of OTP or password, you need to fill in your mobile phone number or email address as the account log in name. We use the aforementioned information to create an account for you, to ensure that you can log in on the eSign platform, use the services of eSign, and manage the electronic data and information generated by you on the eSign platform.

(II) Identity Authentication

2.1 If you are as an individual to do the identity authentication, you need to provide your name, face recognition video and photo (only some authentication methods need to be collected), bank card number (only some authentication methods need to be collected), identity mobile phone number (only part of the authentication method needs to be collected) or other authentication information you provide according to the identity authentication method you choose.

2.2 If you are as an enterprise (including other organizations) to do the identity authentication, you need to provide your name, certificate number, legal representative's name, legal representative's ID number (only part of the authentication method needs to be collected), legal representative's identity mobile phone number (only part of the authentication method needs to be collected), bank account information (only part of the authentication method needs to be collected), enterprise Alipay account number (only part of the authentication method needs to be collected) or other authentication information provided by you.

2.3 If you are an individual who performs identity authentication for an enterprise (including other organizations), you need to obtain the authorization of the enterprise (including other organizations) to provide enterprise information. If you cause damage to others due to the information you provide, you will be solely responsible. At the same time, if the party expresses a contrary opinion or expressly indicates to us that it does not want to be bound by this Privacy Policy, we will delete the relevant information.

2.4 We collect identity authentication information to meet the requirements of the identity system of relevant laws and regulations, if you refuse, you will not be able to complete identity authentication and sign electronic documents with your authenticated identity. You can choose the specific method of identity authentication according to your wishes, and the information required during the identity authentication process will be clearly informed to you on the submission page, and you submit the corresponding materials to represent that you have agreed. eSign accounts that do not have a identity authentication can still be used in other basic services of eSign products.

(III) Use the eSign service

3.1 You can upload electronic documents and fill in information as needed during the use of eSign service. The aforementioned data and information are your business data, and we will operate according to your instructions, including adding, deleting, modifying, querying, etc.

3.2 Provided that you provide the personal information of others, you need to confirm that you have obtained the authorization of the party and ensure that the party also knows and agrees to be bound by this Privacy Policy, and you will be solely responsible for the damage caused by the information you provide. At the same time, if the party expresses a contrary opinion or expressly indicates to us that it does not want to be bound by this Privacy Policy, we will delete the relevant information.

3.3 With your explicit authorization, we will collect your personal information through the cooperative customers of eSign, if you authorize the cooperative customers of eSign to provide your name, ID number, mobile phone number, email address, and signed electronic documents to eSign, you can view and download the information or documents on this platform on the eSign platform at the same time. We collect your aforementioned information to help you complete your electronic signature.

3.4 In order to ensure the availability, continuity and security of our services, we will collect the following information from you:

3.4.1 Device information: device model, operating system version, unique device identifier.

3.4.2 Software information: version number and browser type of the software.

3.4.3 Device permission: Contacts permission, which is used to facilitate you to select the contact of the address book as the signer when signing, and send relevant signing notices. Camera permissions for specific service scenarios such as face recognition. The photo access permission is used for selecting the pictures that you need to upload and save in your album in specific service scenarios. You can choose the status of turning these permissions on/off through your device's app permissions. We can only obtain the aforementioned permissions if you actively enable it.

3.4.4 Service log information: the way, type and status, login time, operation logs, service logs and other log information related to the "eSign" service when you use our services.

3.4.5 IP and Location Information. For example, we may obtain your geographic location information through means such as IP address, GPS, WiFi or base station. You can choose to turn on or off the authorization of location information, if you turn off authorization, location-related functions may not be available and relevant verification may not be completed.

3.5 Other personal information collected by the eSign APP and the permission to obtain it. When you use the eSign APP, the personal information that the APP needs to collect separately is explained to you separately at the end of this Privacy Policy "How does the eSign APP handle your personal information".

(IV) COOKIE TECHNOLOGY

When you use our products or services, our platform automatically receives and records information on your browser and computer, including your IP address, software and hardware feature information, as well as web page records you demand, information in cookies, etc. In order to ensure the proper functioning of the website, we will store small data files called cookies on your computer or mobile device. Provided that you do not refuse to accept cookies, the cookies will be sent to your browser and stored on your computer's hard drive. We use cookies to store data about your visit to our website, so that we can identify you when you visit or return to our website and provide you with better and more services through analysis data. You have the right to choose to accept or refuse to accept cookies. You can refuse to accept cookies by modifying your browser's settings, but we would like to remind you that refusal to accept cookies, you will not be able to use some of the convenient functions that rely on cookies.

(V) Other circumstances

5.1 When you apply to try the products and services of eSign, we will collect your name, contact information, company name and other information through telephone communication, information filling, etc. We use the aforementioned information to contact you and provide you with product trial services.

5.2 When you accept the promotion and marketing of eSign, we will collect your name, contact information, company name and other information through telephone communication, information filling, etc., according to the specific promotion and marketing content we may collect your other information in order to recommend our products and services for you in a targeted manner, but you can decide whether to provide it to us according to your wishes. We use the aforementioned information to recommend eSign products and service that are suitable for you.

5.3 If you contact us through the contact information provided by us during use for consultation, complaint or product use feedback, we will collect your information to verify your identity, verify whether the content of your complaint is true and inform you of the handling result.

5.4 The content listed in this privacy agreement cannot completely list and cover all functions and business scenarios that may be achieved in the future, we will collect your information for other specific purposes not specified in this Privacy Policy, but we will seek your consent in advance and update our Privacy Policy from time to time.

5.5 According to relevant laws and regulations, the collection of your personal information does not require your authorization and consent under the following circumstances:

5.5.1 Related to our performance of obligations under Laws and Regulations;

5.5.2 Directly related to National Security and National Defense Security;

5.5.3 Directly related to Public Safety, Public Health, and Major Public Interests;

5.5.4 Directly related to Criminal Investigation, Prosecution, Trial and Execution of Judgments;

5.5.5 In order to protect the life, property and other major legitimate rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the authorization and consent of the person;

5.5.6 The personal information collected is disclosed to the public by yourself;

5.5.7 Necessary for the conclusion and performance of the personal data subject as a party to the electronic document;

5.5.8 Collecting personal information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels;

5.5.9 Other circumstances stipulated by laws and administrative regulations.

II. INFORMATION STORAGE

(I) The personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China. Provided that it is necessary to transfer relevant personal information collected in China to overseas institutions in order to handle cross-border business, we will do so in accordance with laws, administrative regulations and the provisions of relevant regulatory authorities. We will ensure that your personal information is adequately protected, such as anonymization, secure storage, etc.

(II) We will only store your personal information within the period necessary to achieve the purpose of eSign services and within the time limit required by laws and regulations. In accordance with the requirements of the Cyber Security Law of the People's Republic of China, we will retain relevant network logs for your use of the eSign service for at least six months, and in accordance with the provisions of the Electronic Signature Law and relevant regulations, we will retain your personal information for at least five years, and cooperate with the inquiries of the competent authorities in accordance with the law during the retention period. After your personal information exceeds the retention period, unless otherwise provided by laws and regulations for specific information retention periods or other agreements between you and us, we will delete or anonymize your information, and we will no longer use or provide you with the personal information under the account.

(III) Under the following circumstances, we may change the storage time of personal information due to legal requirements:

3.1 To comply with applicable laws and regulations;

3.2 To comply with the requirements of court judgments, rulings or other effective legal documents;

3.3 To comply with the requirements of relevant government agencies or legally authorized organizations.

(IV) If we cease to operate the products or services of "eSign", we will cease to process your personal information in a timely manner, notify you of the notice of cessation of operation in the form of delivery or announcement one by one, and delete or anonymize the personal information stored by us.

(V) When you request us to delete the information you provide through the communication channels specified in this Privacy Policy, we will contact you to communicate the pre-deletion matters. Please understand that the services provided by "eSign" are electronic signature services, the electronic documents you cooperate to sign have legal effect, and your expression of intention has had an impact on the relying party, so the deletion of your personal information needs to go through the necessary legality review and obtain the consent of the relying party. We will stop using your information immediately upon receipt of your appeal and guide you to follow-up matters.

III. HOW WE SHARE, TRANSFER AND DISCLOSE YOUR PERSONAL INFORMATION

(I) Sharing

We will not share your personal information with any company, organization or individual, except in the following cases:

1.1 We may share your personal information externally in accordance with laws and regulations, the needs of litigation and dispute resolution, or the mandatory requirements put forward by the competent authorities in accordance with the law.

1.2 Sharing with partner organizations: In order to achieve the purpose of electronic signature or other services provided by eSign, our following services will be jointly provided by us and partner organizations. We will share some of your personal information with partners in accordance with laws, regulations and agreements.

1.2.1 Your personally identifiable information needs to be transmitted to an electronic certification service authority, which will issue you a digital certificate. The use of digital certificates is a necessary condition for you to be able to sign electronically, so if you use eSign's electronic signature service, you need to apply for a digital certificate from the  electronic signature service agency cooperating with eSign. You should read the service agreement of the electronic certification service authority by yourself, and use the electronic signature service under the premise of agreeing to be bound by it. In order to ensure the orderly progress of electronic certification services, electronic certification service authority are supervised by the Ministry of Industry and Information Technology, and their service rules are filed with the Ministry of Industry and Information Technology, and providing you with electronic certification services in accordance with the recorded service rules can protect your legitimate rights and interests.

1.2.2 Your personal identity information shall be transmitted to the identity authentication service provider cooperating with eSign, and the identity authentication service provider will provide you with some of the services for identity authentication on eSign. We will sign a data processing agreement with the aforementioned service provider to ensure that they process your personal information within the scope of your authorization.

1.2.3 Your personal information and the hash value of signed electronic documents shall be transmitted to notary offices, judicial expertise center and Ant Blockchain, and the aforementioned institutions shall provide corresponding deposit services and issue corresponding certification documents.

1.2.4 If you use the services of eSign through the third-party service provider platform, in order to ensure that you can use the services of the third-party service platform, eSign needs to share your personal information and signature information with the third-party service provider.

1.2.5 Information shared by the eSign APP through SDK: The personal information that the APP needs to share is explained to you separately at the end of this policy, "How does the eSign APP handle your personal information".

1.3 Sharing your personal information with signatory relying parties. If you use our signing service to sign electronic documents, according to the electronic authentication business rules, we need to share part of your personal information with the party relying on the signing of the electronic documents to prove your true identity as a signer, and the shared personal information includes the name, certificate number, digital certificate related information, identity authentication related information, signing intention and signing document related information you provide through the eSign service. IF YOU ARE THE CORRESPONDING OPERATOR OF THE ENTERPRISE (INCLUDING OTHER ORGANIZATIONS) IN THE SIGNING APPROVAL PROCESS NODE SET UP ON THE ESIGN  PLATFORM, WE ALSO NEED TO PROVIDE YOUR AFOREMENTIONED PERSONAL INFORMATION TO THE PARTY RELYING ON THE SIGNING TO PROVE THE AUTHENTICITY OF YOUR ENTERPRISE (INCLUDING OTHER ORGANIZATIONS) EXPRESSING THE INTENTION TO SIGN.

1.4 In order to provide you a better experience, improve our services or other purposes with your consent, we may use the information collected through certain services for our other services under the premise of complying with relevant laws and regulations, but we will anonymize it. For example, the information when you use one of our services is used for services such as user research analysis and statistics.

1.5 In order to ensure the security of the service and help us better understand the operation of our application, we may record relevant information or use the collected information for big data analysis, such as the frequency of your application, failure information, overall usage, performance data or analysis to form a Urban thermal map or industry insight report that does not contain any personal information. We may disclose and share anonymized information with our partners to understand how users use our services or to let the public know about general usage trends of our services.

1.6 We will enter into strict data processing agreements with the counterparty with whom we share the data. We also recommend that you check the Privacy Policy of the respective service through the official website of our partners.

(II) Assignment

We will not transfer your personal information to any other company, organization or individual, except in the following circumstances:

2.1 With the development of the "eSign" , we and our affiliates may enter into mergers, acquisitions, asset transfers or other similar transactions. If the relevant transaction involves the transfer of your personal information, we will require the company, organization and individual that newly holds your personal information to continue to be bound by this policy, otherwise we will require the company, organization and individual to obtain your authorization and consent again.

2.2 With your explicit consent, we will transfer the personal information we have obtained to other parties.

(III) Disclosure

We will only disclose your personal information in the following circumstances:

3.1 Your explicit consent has been obtained；

3.2 We may disclose your personal information as required by the competent authority；

3.3 Other circumstances stipulated by laws and regulations.

IV. HOW WE PROTECT YOUR PERSONAL INFORMATION

(I) We have used industry-standard security protection measures to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information. The technical means we use include but are not limited to firewalls, TLS/SSL certificate encrypted transmission, de-identification or anonymization, access control measures, etc.

(II) We have obtained the following certifications: ISO/IEC 27701 privacy information management system certification, ISO/IEC 27001 information security management system certification, ISO/IEC 27018 public cloud personal information protection management system certification, trusted cloud service certification, Ministry of Public Security information system security level protection level three certification and other domestic and foreign authoritative certification. We actively comply with domestic and foreign laws and regulations related to information security and privacy protection, continuously improve our information security and privacy protection standards through high-strength authentication and high-density encryption protection, and continuously improve our products and services.

(III) For companies, organizations and individuals with whom we share personal information, we will sign strict data protection clauses with them, requiring them to process personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.

(IV) In order to ensure the security of your information, after we collect your information, we will take various measures necessary to isolate and protect your information. We store de-identified information separately from information that can be used to restore identification of an individual to ensure that the individual is not re-identified in subsequent processing of de-identified information. We have established a management system, process and organization to ensure the security of personal information. We require all employees to sign confidentiality agreements, regularly carry out information security and privacy protection series training, and continuously improve employees' awareness of information security and privacy protection. Unified deployment of DLP data leakage prevention system in employees' internal systems to monitor, track and audit sensitive and private data sending, printing and copying.

(V) We recommend that you keep your personal information properly, and we will not be responsible for the leakage of personal information due to the leakage of the account password due to your personal reasons, but we will actively cooperate with you to retrieve the password or change the password.

(VI) In the unfortunate event of a user information security incident (leakage, loss, etc.), we will activate the emergency plan to prevent the expansion of the security incident. In accordance with the requirements of laws and regulations, we will promptly inform you: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions that you can independently prevent and reduce risks, and remedial measures for you. We will promptly inform you of the relevant circumstances of the incident by email, letter, telephone, push notification, etc., and when it is difficult to inform the user information subject one by one, we will issue an announcement in a reasonable and effective manner. At the same time, we will also take the initiative to report the handling of personal information security incidents in accordance with the requirements of regulatory authorities.

V. YOUR RIGHTS IN PERSONAL INFORMATION PROCESSING ACTIVITIES

(I) Access, copy, correct, and supplement your personal information

You have the right to manage your personal information, except for exceptions provided by laws and regulations. You can access, copy, correct, supplement the profile information in your account, change your password, and add security information by logging in to your eSign account in the client.

If you need to access other personal information, you can contact us at any time through the manual customer service channel of calling the customer service number 400-087-8198. We will respond to your request in a timely manner and within 15 working days.

(II) Delete your personal information

You can apply to delete your personal information through the manual customer service channel of customer service hotline 400-087-8198.

You have the right to request "eSign" to delete your personal information when the following situations occur:

2.1 We have collected your personal information without your explicit consent;

2.2 Our processing of your personal information violates the requirements of laws and regulations;

2.3 We process your personal information in violation of our agreement with you;

2.4 You no longer use our products or services, or cancel your "eSign" account;

2.5 We cease to provide services to you and have exceeded the minimum retention period of personal information required by laws and regulations.

Based on the needs of the business, in order to safeguard the interests of multiple parties to the transaction, we will still retain your personal information directly related to identity authentication, willingness authentication, and signing business under the circumstances of paragraph 2.4 of this article.

If you still want to delete this part of the information, you need to authorize and agree with the relying party, and we will delete your personal information involved in the business after receiving the joint deletion order between you and the relying party.

When you or we assist you in deleting the relevant information, due to applicable laws and security technologies, we may not be able to immediately delete the corresponding information from the backup system, and we will store your personal information securely and avoid any further processing until the backup can be erased or anonymized.

(III) Request an explanation of handling rules

You can contact us at any time through the customer service channel of customer service hotline 400-087-8198 and ask us to explain the rules of this Privacy Policy. We will respond to your request in a timely manner and within 15 working days.

VI. PROTECTION OF MINORS' PERSONAL INFORMATION

IF YOU ARE A MINOR UNDER THE AGE OF 14, YOU SHALL PROVIDE US WITH YOUR PERSONAL INFORMATION WITH THE CONSENT OF YOUR GUARDIAN. PLEASE UNDERSTAND THAT THE SERVICES WE PROVIDE ARE MAINLY FOR ADULTS, IF YOU ARE A MINOR UNDER THE AGE OF 18, BEFORE USING OUR PRODUCTS AND RELATED SERVICES, YOU SHOULD READ AND AGREE TO THIS PRIVACY POLICY UNDER THE SUPERVISION AND GUIDANCE OF YOUR GUARDIAN.

We protect the personal information of minors in accordance with the relevant laws and regulations of the state, and will only process the personal information of minors when permitted by law, with the explicit consent of guardians or necessary to protect minors; If we find that the personal information of minors has been collected without the prior consent of a verifiable guardian, we will try to delete the relevant information as soon as possible.

If you are the guardian of a minor, when you have questions about the personal information of the minor under your guardianship, you can contact us at any time through the manual customer service channel of the customer service telephone 400-087-8198. We will respond to your request in a timely manner and within 15 working days.

VII. HOW THIS PRIVACY POLICY IS UPDATED

(I) We may revise the content of this Privacy Policy in a timely manner. We will post any changes to this Privacy Policy on this page.

(II) For major changes, we will also inform you of the latest Privacy Policy content by sending a website letter to your e-signature account. The material changes referred to in this Privacy Policy include, but are not limited to:

2.1 Our service model has undergone significant changes. Such as the purpose of processing personal information, the type of personal information processed, the way personal information is used, etc；

2.2 We have undergone significant changes in our ownership structure, organizational structure, etc. Such as changes in owners caused by business adjustments, bankruptcy mergers and acquisitions, etc；

2.3 Changes in the main objects of personal information sharing, transfer or public disclosure；

2.4 When there is a change in our responsible department, contact information and complaint channels for handling personal information security；

2.5 When the personal information security impact assessment report indicates that there is a high risk.

(III) If the business functions of our products and services are updated, involving an increase in the scope of personal information collected, we will immediately inform you through the Privacy Policy update. If you refuse the changed Privacy Policy, we will continue to provide you with services within the original business scope, except for the information collection authority of new business functions that replace the original business functions in the changed Privacy Policy.

HOW THE ESIGN APP HANDLES YOUR PERSONAL INFORMATION

I. BASIC PRINCIPLES AND OTHER APPLICABLE TERMS

The processing of your personal information by the eSign APP is also subject to this Privacy Policy. Due to the characteristics of the APP application, some functions of the APP may process more of your personal information and will process your personal information through third-party SDKs. In accordance with the requirements of relevant laws and regulations, we hereby separately explain to you how the eSign APP handles your personal information.

II. PERSONAL INFORMATION COLLECTED BY THE APP AND ITS PURPOSE AND NECESSITY

(I) Android system

1.1 Registration/Login

Type of personal information collected: mobile phone number/email address

Purpose and necessity: Personal information that must be collected by users who register with mobile phone number/email address is used to register/log in to create accounts and improve network identity

1.2 Message push

Type of personal information collected: de-identified device information (e.g., IMEI, AndroidId)

Purpose and necessity: The information that must be collected by the signing and approval functions is used to sign/approve the push of business process nodes, and the push object is the signer/approver

1.3 Operation and Safety

Types of personal information collected: device information, including phone model, system version, IMEI, AndroidId, OAID (application anonymous identification), software version number, operation, service logs

Purpose and necessity: to ensure the security of user accounts (such as whether the device is abnormal login) and message push

1.4 User Feedback

Type of personal information collected: user feedback questions, pictures, contact information (relevant data desensitization and encryption have been done)

Use and necessity: contact the feedback person and verify the authenticity of the feedback problem

(II) iOS system

2.1 Registration/Login

Type of personal information collected: mobile phone number/email address

Purpose and necessity: Personal information that must be collected by users who register with mobile phone number/email address is used to register/log in to create accounts and improve network identity

2.2 Message push

Type of personal information collected: de-identified device information (such as UUID, mobile phone model, system version, software version number)

Purpose and necessity: The information that must be collected by the signing and approval functions is used to sign/approve the push of business process nodes, and the push object is the signer/approver

2.3 Operation and Safety

Types of personal information collected: device information, including phone model, system version, UUID (application anonymous identification), software version number, operation, service logs

Purpose and necessity: to ensure the security of user accounts (such as whether the device is abnormal login) and message push

2.4 User Feedback

Type of personal information collected: user feedback questions, pictures, contact information (relevant data desensitization and encryption have been done)

Use and necessity: contact the feedback person and verify the authenticity of the feedback problem

III. USER PERMISSIONS THAT THE APP NEEDS TO OBTAIN

(I) Android system

1.1 ACCESS_NETWORK_STATE

Permission feature description: Allows the app to detect the network status

Usage scenario and purpose: Determine whether the network can be used or weak when requesting data

Necessity: The permissions required for basic functions, the APP needs to adjust the request for data and the loading of documents according to the network status

1.2 INTERNET

Permission feature description: Allows the app to send data requests

Usage scenario and purpose: Request server data

Necessity: Permissions required for basic functions, without the network, you will not be able to log in to your account

1.3 CAMERA

Permission function description: Use to take photos and videos and complete the QR code scan

Usage scenario and purpose: Take a photo to generate a file, record a face authentication video, or scan the QR code to open the signature link

Necessity: The permissions required for basic functions cannot be completed without authorization; It is not possible to upload files by taking photos; You cannot scan the QR code to open the signature page or scan the code to log in

1.4 WRITE_EXTERNAL_STORAGE

Permission function description: Provides the function of writing to external storage

Usage scenario and purpose: Allow the APP to write/download/save/modify/delete information such as pictures, files, and crash logs

Necessity: The permissions required for basic functions, without authorization APP will not be able to save files to the local computer, such as downloading files that have been signed successfully; Save the Mobile Phone Shield digital certificate to your local computer

1.5 READ_EXTERNAL_STORAGE

Permission function description: Provides the function of reading data in the storage space of the mobile phone

Usage scenario and purpose: Allows the APP to read pictures, files and other content in storage, mainly for uploading files to initiate signing, and reading and recording crash log information locally

Necessity: Permissions required for basic functions, without authorization APP will not be able to read local files for upload and initiate the signing process; The local digital certificate cannot be read to complete the Mobile Shield service

1.6 READ_PHONE_STATE

Permission function description: Provides information such as reading the identity IMEI of mobile phone devices

Usage scenarios and purposes: Read the device identification code, identify the mobile device ID, and use it for main functions such as message push and account security

Necessity: Basic functions and permissions required for account security, without authorization APP will not be able to push signing and approval messages, and account security cannot be determined by whether you change your mobile phone

1.7 ACCESS_WIFI_STATE

PERMISSION FUNCTION DESCRIPTION: ALLOWS THE APPLICATION TO OBTAIN THE MAC ADDRESS AND WIFI STATUS

Usage scenario and purpose: Generate a unique device identification based on MAC address and device identification code, which is used for main functions such as message push and account security assurance

Necessity: Basic functions and permissions required for account security, without authorization APP will not be able to generate a unique identification code to ensure the correct arrival of message push, and cannot remind users of abnormal account situations such as remote login

1.8 READ_CONTACT

Permission function description: Obtain the address book information in the system

Usage scenario and purpose: Allow users to import address book information when adding signers

Necessity: Permission required for basic functionality, without which users will not be able to add the contact's information as signer information to initiate the signing process

1.9 CALL_PHONE

Permission function description: Make a call

Usage scenario and purpose: Allow users to call customer service numbers after obtaining permissions

Necessity: The permissions required for basic functions, authorized users to consult and complain through customer service calls in the APP

1.10 USE_FINGERPRINT

Permission function description: fingerprint permission

Usage scenario and purpose: Allow reading of local fingerprint ID information (not fingerprint information itself)

Necessity: After authorization, the authentication and signing function can be realized through fingerprint recognition stored on the device, and the permission is not required

1.11MANAGE_FINGERPRINT

Permission function description: fingerprint management permission

Usage scenario and purpose: Allow reading of local fingerprint ID information (not fingerprint information itself)

Necessity: After authorization, the authentication and signing function can be realized through fingerprint recognition stored on the device, and the permission is not required

1.12 USE_IFAA_MANAGER

Permission function description: IFAA fingerprint permission

Usage scenario and purpose: Allow reading of local fingerprint ID information (not fingerprint information itself)

Necessity: After authorization, the authentication and signing function can be realized through fingerprint recognition stored on the device, and the permission is not required

1.13USE_FACERECOGNITION

Permission function description: Face permission

Usage scenario and purpose: Allow reading of local Face ID information (not the Face ID information itself)

Necessity: After authorization, the authentication and signing function can be realized through the face recognition stored on the device, and the permission is not required

1.14USE_FACE

Permission function description: individual manufacturer face permission

Usage scenario and purpose: Allow reading of local Face ID information (not the Face ID information itself)

Necessity: After authorization, the authentication and signing function can be realized through the face recognition stored on the device, and the permission is not required

(II) iOS system

2.1 APP Transport Security Settings - Allow Arbitrary Loads

Permission function description: Allows the application to access the HTTP protocol link

Usage scenario and purpose: Request network data and load the corresponding web page

Necessity: Permissions required for basic functions, and non-authorized APP cannot access http links and APIs

2.2 Camera Usage Description

Permission function description: Allow the use of camera permissions

Usage scenario and purpose: Take a photo to initiate signing, which is used to initiate signing by taking a photo, use the camera to scan the QR code to open the link for signing, and swipe the face video authentication function

Necessity: Permissions required for basic functionality. If you do not authorize, you will not be able to use the photo initiation signing function; Cannot scan the code to sign; The video authentication function cannot be used

2.3 Microphone Usage Description

Permission function description: Allow microphone permission

Usage scenario and purpose: Face video authentication function

Necessity: The permissions required for basic functions, and you cannot use the video authentication function without authorization

2.4 Photo Library Additions Usage Description

Permission function description: Allow permission to write albums

Usage scenario and purpose: Scan the code to save the QR code

Necessity: The permissions required for basic functions, without authorization, cannot save the QR code to the album

2.5 Photo Library Usage Description

Permission function description: Allow permission to read albums

Usage scenario and purpose: Initiate function from album, add function to sign file attachment

Necessity: The permissions required for basic functions are not authorized to use the function of initiating signing from albums; You can't add signed files and attachments from an album

2.6 NS Location When In Use Usage Description

Permission function description: Allow access to geolocation during use

Usage scenario and purpose: Used to obtain the geographical distribution map of users and optimize user experience

Necessity: Required to optimize the function, users can optionally turn it on

2.7 NS Location Always Usage Description

Permission feature description: Allow continuous access to geolocation

Usage scenario and purpose: Used to obtain the geographical distribution map of users and optimize user experience

Necessity: Required to optimize the function, users can optionally turn it on

2.8 Face ID Usage Description

Permission function description: Face ID use permission

Usage scenario and purpose: Users can use the local facial recognition ID to confirm the user's identity and complete the signing intention authentication

Necessity: The function of signing method diversity can be optionally enabled by users

IV. INFORMATION SHARED BY THE ESIGN APP THROUGH SDK

(I) Some products and services may be provided to you by our authorized partners through SDKs. In this process, our authorized partners may collect, use and store your relevant data or information, and your information will be processed through de-identified, encrypted transmission and processing security methods. We list specific authorized partners and provide links to their privacy policies, which we encourage you to read.

(II) SDK services used by the Android system

2.1 Individual push gtc SDK

Supplier Name: Daily Interactive Inc

Purpose of use: Push system notifications and other messages

Necessity: Required for basic functions, timely push node information and results in business processes to users in signing and approving business scenarios

Type of personal information: device information (imei/imsi/iccid/android id/oaid/SN/MAC address/system version/device model/notification switch status), network information (wifi related/IP)

Privacy Policy Link: https://docs.getui.com/privacy

2.2 Shence Analysis SDK

Supplier Name: Shence Network Technology (Beijing) Co., Ltd

Purpose of use: To analyze the user's behavior and business operation in the APP, and monitor the performance of the APP

Necessity: If you do not use it, you cannot analyze the user's behavior and business operations in the APP to ensure the stability of the application

Type of personal information: device information (imei/imsi/iccid/android id/oaid/SN/Mac address/system version/device model), network information (wifi related/IP)

Privacy Policy Link: https://www.sensorsdata.cn/market/privacy_policy.html

2.3 Tencent Open Service SDK、WeChat sharing SDK

Supplier Name: Shenzhen Tencent Computer System Co., Ltd

Purpose of use: To enable the corresponding WeChat users to realize the basic functions of signing, approval, and contract viewing through WeChat

Necessity: Share the signed business, approval business or signed documents with the corresponding account in WeChat

Type of personal information: Device identifier (IMEI/Mac/AndroidID/IDFA/OPENUDID/GUID, SIM card IMSI information)、MAC address, read-write storage, and view network permissions

Privacy Policy Link: https://www.wechat.com/zh_cn/privacy_policy.html

2.4 Meizu Flyme push SDK

Supplier name: Zhuhai Meizu Communication Equipment Co., Ltd

Purpose of use: Push system messages and other messages

Necessity: Enable Meizu mobile phone users to receive node information pushes in business scenarios, such as signing links

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters

Privacy Policy link: https://i.flyme.cn/privacy

2.5 Xiaomi Open Platform Message Push SDK

Supplier Name: Xiaomi Communication Technology Co., Ltd

Purpose of use: Push system notifications and other messages

Necessity: Enable Xiaomi mobile phone users to receive node information pushes in business scenarios, such as signing links

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters

Privacy Policy Link: https://privacy.mi.com/all/zh_CN

2.6 OPPO push platform SDK

Supplier name: OPPO Guangdong Mobile Communications Co., Ltd

Purpose of use: Push system notifications and other messages

Necessity: Enable OPPO mobile phone users to receive node information pushes in business scenarios, such as signing links

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters

Privacy Policy Link: https://open.oppomobile.com/wiki/doc#id=10288

2.7 VIVO Message Push SDK

Supplier Name: Vivo Mobile Communications Co., Ltd

Purpose of use: Push system notifications and other messages

Necessity: VIVO mobile phone users receive node information pushes in business scenarios, such as signing links

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters

Privacy Policy Link: https://www.vivo.com.cn/about-vivo/privacy-policy

2.8 HUAWEI APPGallery Connect core SDK/HUAWEI HMS core function SDK/HUAWEI Analytics Service SDK/HUAWEI Message Push SDK/HUAWEI Log SDK

Supplier Name: Huawei Software Technologies Co., Ltd

Purpose of use: Push system messages and other messages

Necessity: Enables Huawei mobile phone users to receive node information pushes in service scenarios, such as signing links

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters

Privacy Policy Link: https://developer.huawei.com/consumer/cn/devservice/term/

2.9 Tencent TBS SDK

Supplier Name: Shenzhen Tencent Computer System Co., Ltd

Purpose of use: Open the H5 web control, read and write local crash information and report it, and improve system compatibility

Necessity: If you do not use it, some phones will have compatibility and performance issues when opening the H5 page

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters, read and write permissions

Privacy Policy link: https://x5.tencent.com/docs/privacy.html

2.10 Tencent Matix Android SDK

Supplier Name: Shenzhen Tencent Computer System Co., Ltd

Purpose of use: to ensure the stability and performance of the APP

Necessity: Detection tools to improve the performance and stability of the APP

Personal information type: local device information (IMEI, IMSI), MAC address, mobile phone model, system type, system version, mobile phone screen size parameters, read and write permissions

Privacy Policy link: https://x5.tencent.com/docs/privacy.html

2.11 Tencent Bugly SDK

Supplier Name: Shenzhen Tencent Computer System Co., Ltd

Purpose of use: Capture APP crash information, facilitate troubleshooting and solving online crash problems

Necessity: Detection tools to improve the performance and stability of the APP

Personal information type: log information (including developer custom logs, logcat logs, and APP crash stack information), device ID (including androidid), network information, system name, system version, and country code

Privacy Policy Link: https://bugly.qq.com/v2/contract

2.12 Yisha SDK

Supplier name: Beijing Yisha Information Technology Co., Ltd

Purpose of use: Information elements that identify users

Necessity: By reading local biometric information, the user identity is identified, improving the efficiency and accuracy of signing and signing

Type of personal information: IFAA device information, camera permissions, local biometric ID information, etc. (excluding biometric information itself)

Privacy Policy Link: https://edis.esandcloud.com/web/privacy.html

2.13 ARMS App Monitoring SDK

Supplier Name: Alibaba Cloud Computing Co., Ltd

Purpose: For reporting and analyzing crash logs

Necessity: Detection tools to improve app performance and stability

Personal information type: network information, device information including operating system, device model, Android system device identification, IP, operator information

Privacy Policy Link: https://terms.alicdn.com/legal-agreement/terms/privacy/20220808181437191/20220808181437191.html

2.14 Zxing（com.google.zxing）

Vendor name: Google

Purpose of use: For the identification of QR codes

Necessity: Provide QR code scanning for QR code scanning business

Types of personal information: photo information, video information, network status information, flash information, device information

Privacy Policy Link: https://policies.google.com/privacy?hl=zh-CN

2.15 Tencent MMKV SDK

Supplier Name: Shenzhen Tencent Computer System Co., Ltd

Purpose and necessity of use: local data storage and reading tools to improve APP data storage and reading performance

Type of Personal Information: Not involved

Required permissions: Read and write permissions for local file information

2.16 Extreme Behavior Verification SDK

Supplier name: Wuhan Jiyi Network Technology Co., Ltd

Purpose and necessity of use: Provide verification code behavior verification services to reduce the probability of APP being cracked by machines

Type of Personal Information: Not involved

Required permissions:/

2.17 Facebook fresco SDK

Supplier Name: Meta Platforms, Inc.

Purpose and necessity of use: third-party image library, improve the efficiency of APP loading pictures

Type of Personal Information: Not involved

Required permissions: Read and write permissions for local files, download network images to the local computer, and read the display

2.18Glide SDK

Supplier Name:/

Purpose and necessity of use: third-party image library, improve the efficiency of APP loading pictures

Type of Personal Information: Not involved

Required permissions: Read and write permissions for local files, download network images to the local computer, and read the display

2.19EasyPermissions SDK

Vendor name: Google

Purpose and necessity of use: The APP permission acquisition permission framework provided by Google

Type of Personal Information: Not involved

Required permissions:/

(III) SDK services used by the iOS system

3.1 Individual push gtc SDK

Supplier Name: Daily Interactive Inc

Purpose of use: Push system notifications and other messages

Necessity: Required for basic functions, timely push node information and results in business processes to users in signing and approving business scenarios

Type of personal information: device information (mac address/idfa/device model/deviceToken/allowNotification status), network information (wifi related/IP)

Privacy Policy Link: https://docs.getui.com/privacy

3.2 Shence Analysis SDK

Supplier Name: Shence Network Technology (Beijing) Co., Ltd

Purpose of use: To analyze the user's behavior and business operation in the APP, and monitor the performance of the APP

Necessity: If you do not use it, you cannot analyze the user's behavior and business operations in the APP to ensure the stability of the application

Type of personal information: Device information (MAC address/IDFA/device model/screen width), network information (WiFi related/IP)

Privacy Policy Link: https://www.sensorsdata.cn/market/privacy_policy.html

3.3 UMConfigure

Supplier Name: Beijing Ruixun Lingtong Technology Co., Ltd

Purpose of use: for user data statistics, APP crash optimization, APP WeChat sharing, APP optimization analysis

Necessity: Required for basic functions, if not used, APP optimization analysis cannot be performed

Type of personal information: Device Mac address, unique device identification code

Privacy Policy Link: https://www.umeng.com/policy

3.4 Yisha SDK

Supplier name: Beijing Yisha Information Technology Co., Ltd

Purpose of use: Information elements that identify users

Necessity: By reading local biometric information, the user identity is identified, improving the efficiency and accuracy of signing and signing

Type of personal information: IFAA device information, camera permissions, local biometric ID information, etc. (excluding biometric information itself)

Privacy Policy Link: https://edis.esandcloud.com/web/privacy.html

3.5 AFHTTPSessionManager

Supplier Name:/

Purpose of use: Used to implement network requests

Necessity: Required for basic functionality, if not used, the APP cannot effectively interact with the server

Personal information type: local device information (IMEI, IMSI), 2. MAC address, mobile phone model, system type, system version, mobile phone screen size parameters; Detect network status

Privacy Policy Link:/

3.6 Extreme Behavior Verification SDK

Supplier name: Wuhan Jiyi Network Technology Co., Ltd

Purpose and necessity of use: Provide verification code behavior verification services to reduce the probability of APP being cracked by machines

Type of Personal Information: Not involved

Required permissions:/

3.7 ZXQRCodeReader

Supplier Name:/

Purpose and necessity of use: to achieve the scan function, the basic function is required, and the QR code cannot be scanned without use

Type of Personal Information: Not involved

Required permissions: Camera permissions

3.8 SDCycleScrollView

Supplier Name:/

Purpose and necessity of use: used to implement the banner carousel function

Type of Personal Information: Not involved

Required permissions:/

3.9 Reachability

Supplier Name:/

Purpose and necessity of use: Used to detect the network status of the APP

Type of Personal Information: Not involved

Required permissions:

3.10 MJRefresh

Supplier Name:/

Purpose and necessity of use: Used to detect the network status of the APP

Type of Personal Information: Not involved

Required permissions:/

3.11 MBProgressHUD

Supplier Name:/

Purpose and necessity of use: used to implement interactive pop-up windows such as toast/dialog

Type of Personal Information: Not involved

Required permissions:/

3.12 MASConstraintMaker

Supplier Name:/

Purpose and necessity of use: For page layout

Type of Personal Information: Not involved

Required permissions:/

3.13 CJSONSerializer

Supplier Name:/

Purpose and necessity of use: To provide JSON data parsing capabilities

Type of Personal Information: Not involved

Required permissions:/

(IV) Others

4.1 When the app is running in the background, the SDK that provides message push, performance monitoring and log upload services will continue to run. This is to ensure the accessibility of service push messages, and the push service needs to continue to run in the background, including a push SDK and an SDK corresponding to the user's mobile phone manufacturer that provides the message push service; In order to ensure the compatibility and stability of the APP, logs will be uploaded when the APP is idle or the background is idle for performance and error analysis, including Shence Analysis SDK, Tencent Bugly SDK, and Tencent TBS SDK.

4.2 Please be aware that we will only share your personal information for legal, legitimate and necessary purposes, and will only share personal information necessary to provide services. We will carry out personal information security impact assessments for authorized cooperative institutions, conduct reasonable analysis of the personal information they collect or the permissions they need to be authorized to obtain, regularly assess and monitor their service capabilities and security capabilities, and sign relevant agreements with them to clearly stipulate strict data protection measures, requiring them to comply with relevant laws and regulations, and handle your personal information in strict accordance with our standards, this Privacy Policy and any other relevant confidentiality and security measures. The above SDK partners all process your personal information through de-identification, encrypted transmission and secure processing.

4.3 If you find that our authorized partner has violated laws and regulations during use, you can contact us at any time through the manual customer service channel of calling the customer service telephone number 400-087-8198. We will verify and promptly terminate the cooperation with the third party to protect your personal data and privacy information to the greatest extent possible.