Zohub Privacy Policy

Effective Date: 04, 07, 2026

Developer and Operator: Baoding Chuanzhang Technology Co., Ltd. (hereinafter referred to as "we", "us" or "the Company")

Contact Address: Room B803, Oriental Pearl Business Center, No. 483 Yulan Street, Dongguan Sub-district, Lianchi District, Baoding City, Hebei Province, Postcode 071000

Official Contact Email: grantboreiercoryr@gmail.com

Data Protection Officer (DPO): Data Protection Compliance Department of Baoding Chuanzhang Technology Co., Ltd.

DPO Contact Email: grantboreiercoryr@gmail.com

Welcome to use Zohub (hereinafter referred to as "this App"). This App is an AI space roving image-to-video generation application based on the Android system, independently developed and operated by Baoding Chuanzhang Technology Co., Ltd. This Privacy Policy is formulated in accordance with the Google Play Store listing guidelines and major global data protection laws and regulations, aiming to fully and transparently inform you of our operating standards regarding the collection, use, storage, sharing and protection of personal data, as well as your core rights and the ways to exercise them in data processing activities.

This App is only intended for adult users aged 18 and above. We will not actively collect any personal data of minors, and have taken technical measures to prevent minors from accessing and using this App. This App has no registration or login functions. After you check and agree to this Privacy Policy and the User Service Terms, you can access and use all functions of this App. Please carefully read and fully understand all terms of this Policy before using this App. If you do not agree to any content of this Policy, please do not download, install or use this App.

I. Core Definitions

1.1 Personal Data

Refers to any information relating to an identified or identifiable natural person, including but not limited to your device information, usage behavior records, images uploaded through this App, audio recording content, etc., and such information has not been anonymized.

1.2 Data Controller

Refers to the legal entity that determines the purposes and methods of personal data processing. The data controller of personal data under this Policy is Baoding Chuanzhang Technology Co., Ltd., which assumes full responsibility and relevant legal liabilities for the personal data processing activities of this App.

1.3 Data Protection Officer (DPO)

Refers to a dedicated person responsible for supervising the compliance of the Company's data processing activities and responding to user requests related to data. The Data Protection Officer of this App and contact information are detailed on the homepage of this Policy. All user data-related requests can be submitted to the Data Protection Officer.

1.4 Data Sale/Sharing

• Data Sale: Refers to the act of disclosing personal data to a third party for the purpose of obtaining commercial consideration in accordance with applicable laws;

• Data Sharing: Refers to the act of disclosing personal data to a third party beyond the purposes agreed in this Policy (excluding the necessary data transmission required to realize the core functions of this App).

1.5 Applicable Laws

Including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Brazil's General Data Protection Law (LGPD), United Arab Emirates' Federal Data Protection Law (FADP) and other major global data protection laws and regulations, as well as the data protection-related rules of the Google Play Store.

II. Detailed Information of the Data Controller and Data Protection Officer (DPO)

2.1 Data Controller

• Name: Baoding Chuanzhang Technology Co., Ltd.

• Registered Address: Room B803, Oriental Pearl Business Center, No. 483 Yulan Street, Dongguan Sub-district, Lianchi District, Baoding City, Hebei Province, Postcode 071000

• Official Contact Email: grantboreiercoryr@gmail.com

• Business Contact Method: Only accept user requests through the above official email, no other offline external contact channels.

2.2 Data Protection Officer (DPO)

• Department: Data Protection Compliance Department of Baoding Chuanzhang Technology Co., Ltd.

• Core Responsibilities: Supervise the compliance of personal data processing activities of this App, receive and handle user requests for exercising personal data rights, cooperate with regulatory authorities' investigations and inspections, and formulate and update internal data protection systems.

• Dedicated Contact Email: grantboreiercoryr@gmail.com

• Response Time Limit: Send a receipt within 1 working day after receiving the user's request, and complete the processing and feedback the result within 15 working days.

III. Scope and Methods of Information Collection

We strictly follow the three principles of legality, propriety and necessity, and only collect personal data necessary for realizing the functions of this App, without collecting any additional irrelevant information. All collection behaviors involving device permissions require your explicit authorization. The specific scope and methods are as follows:

3.1 Personal Data Voluntarily Provided by You

Such data is generated based on your active operations. You can independently decide whether to provide it, the content and form of the provision, and have the right to modify or delete the relevant data at any time.

• Creation Material Data: When you use the core functions of this App, static images (including portraits, landscapes, creative designs, etc.) taken by the camera or selected and uploaded from the album. We only collect the image data you actively select and upload for the basic material processing of AI video generation.

• Feedback Data: When you submit usage problems and function suggestions through the feedback page of this App, the audio data recorded by selecting the microphone recording function, or the text feedback content actively filled in; the microphone recording function is non-mandatory, and you can independently choose to submit feedback in text or voice form.

• Work Release Data: The AI-generated videos, work titles, tags and other content you choose to publish to the community of this App. You can independently decide whether to publish the work and have the right to delete the published community content at any time.

3.2 Automatically Collected Personal Data

Such data is automatically collected by the App's background system when you start and use this App, and is only used to ensure the normal operation of the App and optimize the product experience. All data is de-identified and will not be associated with your personal identity.

• Basic Device Information: Device model, Android system version, App version number, unique device identifier (such as Android ID, Advertising ID AAID, etc., only used for device adaptation and function debugging), network type (Wi-Fi/mobile network), network IP address (only used to judge the network environment, not for geolocation).

• Usage Behavior Data: Your function usage records in this App, including template selection for AI video generation, material usage, video editing operations, community work browsing, like/comment/share behaviors, search keywords, etc. This data is only used for personalized recommendations and function optimization.

• Permission Usage Status Data: The authorization status of various permissions of this App on your device (such as the on/off status of camera, album, microphone, external storage and other permissions). This data is only stored locally on your device and our secure server, and is used to ensure the normal call of functions and compliance management.

3.3 Explanation of Data Collection Methods

• Voluntary Provision: Generated based on your active operations, including uploading images, recording feedback audio, publishing community works, conducting community interactions, etc. You can stop providing such data at any time without affecting the use of the core functions of this App.

• Automatic Collection: Automatically obtained by the background system during the operation of this App's functions, without requiring you to perform additional manual operations. The collection process is completely transparent, will not be collected silently in the background, and will not affect your normal use experience.

• Permission Dependence: All information collection involving device permissions will initiate a permission request through a pop-up window when you use the corresponding function for the first time, and relevant permissions will only be obtained after you explicitly agree; you can modify the permission authorization status through the device system settings at any time, and closing non-essential permissions will not affect the normal use of other functions.

3.4 Detailed Explanation of Device Permissions Collected by This App

We list each device permission required by this App one by one, clarify the collection method, core usage scenario, collection purpose and data processing method of each permission, ensure that the collection and use of permissions fully comply with the principles of legality, necessity and transparency, and fully protect your right to know and right to choose.

3.4.1 Camera Permission

• Collection Method: When you use the AI video generation function for the first time, the App will initiate a request through a pop-up window, and you can independently choose to agree/refuse.

• Core Usage Scenario: Only on the material upload page of AI video generation, used for you to take real-time static images as creation materials.

• Collection Purpose: Support the core creation function of this App, facilitate you to quickly obtain shooting materials, and generate personalized space roving videos.

• Data Processing Method: Only collect the image data you actively shoot and confirm to upload; do not store additional original images; end-to-end encryption technology is adopted during transmission, and data is stored on a secure server that meets global data protection standards; you can delete the uploaded image data at any time, and after deletion, all relevant data including backups will be completely cleared within 7 working days.

3.4.2 Album Permission

• Collection Method: When you use the AI video generation function for the first time, the App will initiate a request through a pop-up window, and you can independently choose to agree/refuse.

• Core Usage Scenario: Only on the material upload page of AI video generation, used for you to select the static images already taken from the device album as creation materials.

• Collection Purpose: Improve the convenience of creation, allow you to use existing materials without re-shooting, and adapt to diverse creation needs.

• Data Processing Method: Only read and obtain the image files you actively select and upload, and will not scan or access other unselected images in the album; all data transmission and storage adopt encryption technology, and the unuploaded album images are always under your independent control.

3.4.3 Microphone Permission

• Collection Method: When you use the feedback function for the first time, the App will initiate a request through a pop-up window, and you can independently choose to agree/refuse.

• Core Usage Scenario: Only on the feedback page of the App, used for you to record voice feedback and submit usage problems or function suggestions.

• Collection Purpose: More accurately handle your feedback requests, improve the efficiency of feedback processing, and optimize the product use experience.

• Data Processing Method: Only collect the voice data you actively record and submit; automatically anonymize after the feedback is completely processed, with a maximum storage period of no more than 6 months; encryption protection is adopted during transmission, and the voice data will not be disclosed to any third party, and only the relevant responsible personnel of our company can view it when processing the feedback.

3.4.4 External Storage Permission

• Collection Method: When you use the video saving/work release function for the first time, the App will initiate a request through a pop-up window, and you can independently choose to agree/refuse.

• Core Usage Scenario: 1. After the video is generated, save the work to your local device; 2. Cache editing materials during the creation process to ensure the fluency of operations such as cropping and adding special effects; 3. Store offline cache data of community works to support offline browsing.

• Collection Purpose: Optimize the App use experience, ensure the smooth operation of functions such as creation, saving and browsing, and meet your needs for viewing and using works locally.

• Data Processing Method: Only store cache data directly related to the functions of this App and generated video files, and will not access or read other irrelevant files in the device's external storage (such as documents, other App data, videos, etc.); you can delete relevant data through the in-App function at any time; after uninstalling the App, all data related to this App in the device's external storage will be automatically and completely cleared without residue.

3.4.5 App Information Reading Permission

• Collection Method: Automatically obtained when the App starts, without requiring you to perform additional operations; the acquisition process is transparent and does not affect the device operation.

• Core Usage Scenario: During the background operation of the App, it is used to read the basic information of this App on your device, including version number, installation time, running status, etc.

• Collection Purpose: Adapt to different device operating environments, ensure the stable operation of the App on your device, accurately troubleshoot technical problems such as crashes and freezes, and optimize App compatibility and operating performance.

• Data Processing Method: Only collect the operation-related information of this App itself, and never read the information of any other third-party Apps on the device; the collected data is only used for technical optimization and fault diagnosis; only the anonymized statistical results are retained after real-time analysis, and no original data is stored; the statistical results are only used to improve the product experience and do not involve any personal privacy information.

3.4.6 Advertising Identifier Permission

• Collection Method: Automatically obtained when the App starts (if your device system supports and enables the advertising identifier function), without requiring you to perform additional operations; you can turn off the identifier through the device system settings.

• Core Usage Scenario: The advertising-related function module of the App is only used to receive the advertising identifier (such as AAID) generated by the device system.

• Collection Purpose: If the App launches advertising services in the future, it will be used to implement targeted advertising delivery (only push advertising content related to space creativity and video creation), improve advertising relevance, help advertisers count advertising effects, and ensure the compliance of advertising services.

• Data Processing Method: Only collect the advertising identifier generated by the device system, which is not associated with any personal identity information, and does not combine data collected from other permissions to build user portraits; you can turn off the advertising identifier through the device system settings at any time; after turning off, the App will stop obtaining relevant data, and the obtained identifier will be anonymized within 15 working days, which will not affect the use of the core functions of this App.

3.5 Statement on User's Right to Control Permissions

You have full control over all device permissions of this App, and can adjust the permission status through the device system settings or relevant functions in the App at any time. We will not restrict the use of core functions or take any form of discriminatory measures because you turn off non-essential permissions. The specific rights are as follows:

1. Permission Modification: You can turn off any granted permission at any time on the [Settings > Apps > Zohub > Permissions] page of the device. Turning off the permission will only cause the corresponding function that depends on the permission to be unavailable, and will not affect the operation of other irrelevant functions (for example, turning off the microphone permission will not affect the normal use of functions such as AI video generation, work release, and community interaction);

2. Non-Discriminatory Treatment: We will not reduce service quality, push irrelevant advertisements, restrict function use or take any other form of discriminatory operations because you turn off non-essential permissions;

3. Re-Authorization Rule: If you re-enable the turned-off permission later, we will use the permission in strict accordance with the scope and method agreed in this Policy, and will not collect any data beyond the agreed purpose;

4. New Permission Notification: If the App needs to add new device permissions due to function iteration in the future, we will clearly inform you through prominent methods such as App pop-up windows and in-site announcements, and only collect relevant data after you explicitly agree, and update the permission description part of this Policy simultaneously to fully protect your right to know.

IV. Purpose of Information Collection

All our personal data collection behaviors are carried out around providing you with better, safer and more convenient product services, without any irrelevant collection purposes, and the use of all data is strictly limited to the scope of the collection purpose. The specific purposes are as follows:

4.1 Realize Core Functions

• The image data collected based on the camera and album permissions is used as the core material for AI video generation, supporting core functions such as space roving video creation, local work saving, and community work release;

• The voice feedback data collected based on the microphone permission is only used to handle your usage problems and function suggestions, and there are no other usage scenarios;

• Basic device information is used to adapt to different devices and system environments, ensuring the stable operation of core functions such as AI video generation, video editing, and community interaction.

4.2 Optimize Product Experience

• Provide you with personalized recommendations based on your browsing records, function usage preferences, creation behaviors and other data, accurately push space-themed materials, AI generation templates and high-quality community works that meet your interests, and reduce the interference of invalid information;

• Analyze the overall user usage habits and function usage frequency, optimize the App's interface layout, function operation process and content distribution efficiency, and improve the usability and operation fluency of the product;

• Based on your text/voice feedback, timely fix product defects, optimize function design, respond to reasonable function needs, and continuously improve the product use experience.

4.3 Safety and Compliance Guarantee

• Monitor the operation status of the App, prevent malicious attacks, online fraud, illegal content dissemination and other behaviors, and ensure the safety of your device use and the overall use environment of the App;

• Count the number of legitimate users and function usage data for the purpose of completing compliance reports required by regulatory authorities, accepting regulatory inspections and other legitimate purposes, to ensure that the App's operation activities comply with the laws and regulations of various regions around the world and the rules of the Google Play Store.

4.4 Other Legitimate Purposes

Within the scope of obtaining your explicit consent or permitted by laws and regulations, the collected personal data will be used for other legitimate purposes directly related to the services of this App, and such purposes will not infringe on your legitimate rights and interests; if it is necessary to use the data for new purposes, we will clearly inform you in advance and obtain your separate consent.

V. Legal Basis for Data Processing

In accordance with major global data protection laws and regulations, the legal basis for us to process your personal data includes the following situations. All data processing behaviors have clear legal support and strictly comply with the requirements of relevant laws and regulations:

5.1 Based on Your Explicit Consent

For the data that can only be collected with your authorization of device permissions (such as images taken by the camera, images selected from the album, voice recorded by the microphone), as well as the work release data and feedback data you actively provide, the legal basis for us to process such data is your explicit consent; you can withdraw such consent at any time in accordance with the agreement of this Policy. Withdrawal of consent does not affect the legality of data processing activities carried out based on legal authorization before the withdrawal.

5.2 Necessary Conditions for Performing the Service Agreement

Processing relevant personal data is a necessary condition for us to provide you with the core services of this App (such as AI video generation, work saving, community interaction, etc.). If you refuse to provide such necessary data, we will not be able to provide you with complete App services, but you can still use other functions that do not rely on such data.

5.3 To Achieve Legitimate Business Interests

On the premise of not damaging your legitimate rights and interests and not causing unreasonable impact on your rights, process your personal data for legitimate business interests such as optimizing product experience, ensuring App safety, and counting the number of legitimate users; such data processing is anonymized and de-identified, and will not identify your personal identity.

5.4 Compliance with Legal Obligations

Process your personal data to fulfill compliance obligations in accordance with the mandatory requirements of laws and regulations, including but not limited to responding to regulatory investigations, cooperating with judicial procedures, and complying with tax-related regulations. Such data processing activities are carried out in strict accordance with the scope and requirements of the law.

VI. Data Storage and Protection

6.1 Data Storage Instructions

6.1.1 Storage Location

Your personal data will be stored on a secure server that meets global data protection standards, and the storage location is an overseas data center with a complete data protection system; if cross-border data transmission is involved, we will strictly comply with the provisions of applicable laws and regulations on cross-border data transmission (such as passing the GDPR adequacy assessment, signing standard contractual clauses, etc.), and take measures such as encrypted transmission and permission control to ensure the safety and compliance of the data transmission process.

6.1.2 Storage Period

We only store your personal data for the necessary period required by the collection purpose agreed in this Policy. After the period expires, the data will be processed in accordance with the following rules, and there is no unlimited storage behavior:

• Creation Materials and Work Data (uploaded images, generated videos, works and titles published to the community): If you do not actively delete them, they will be stored continuously until the App stops operating or the retention period required by laws and regulations expires; if you actively delete them, we will completely clear all relevant data including backups within 7 working days.

• Feedback Data (text/voice): Stored until we completely process your feedback and confirm that it is no longer necessary to retain it, with a maximum storage period of no more than 6 months. After the period expires, it will be automatically anonymized and cannot be traced to individuals.

• Device Information and Usage Behavior Data: Stored for 24 months from the date you last used this App. If you use this App again during this period, the storage period will be recalculated; after the period expires, it will be automatically deleted or anonymized.

• Permission Usage Status Data: Synchronized with your App usage cycle. If you uninstall this App, the relevant data will be deleted immediately; if you continue to use it, it will only be updated and stored within the necessary scope.

6.1.3 Exceptional Circumstances

If laws and regulations require mandatory data retention (such as responding to lawsuits, regulatory investigations, etc.), we will extend the storage period within the legal scope, and only use the data to fulfill legal obligations, not for any other purposes; after the legal obligations are fulfilled, the relevant data will be processed in accordance with the agreement of this Policy immediately.

6.2 Data Security Protection Measures

We attach great importance to the security of your personal data, and take industry-high-standard technical and management measures to comprehensively prevent personal data from being unauthorized accessed, used, disclosed, tampered with, damaged or lost, ensuring the safety and compliance of data processing. The specific measures are as follows:

6.2.1 Technical Security Guarantee

• Data Transmission Encryption: All personal data adopts end-to-end encryption technology (HTTPS) during transmission to ensure that the data is not stolen, tampered with or leaked during transmission;

• Data Storage Encryption: Sensitive personal data is stored in encrypted form, which can only be obtained through strict access control. The storage server is equipped with firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and other protective tools to monitor and resist network attacks in real time;

• Regular Security Testing: Regularly conduct security vulnerability scanning and penetration testing on the App system and storage server, timely fix potential security risks, and continuously maintain the security and stability of the system;

• Data De-identification: De-identify and anonymize automatically collected device information, usage behavior data, etc., which are not associated with your personal identity, to prevent data from being maliciously identified.

6.2.2 Management Security Guarantee

• Strict Permission Control: Establish a hierarchical data access permission control system, follow the principle of least privilege, only open data access permissions to a small number of authorized personnel, and all data access behaviors have complete operation log records, which can be traced throughout;

• Regular Compliance Training: Regularly carry out data protection compliance training for all employees, improve employees' data security awareness and compliance operation capabilities, clarify the data protection responsibilities of each position, and strictly prohibit any employee from unauthorized accessing, using or disclosing user data;

• Emergency Response Mechanism: Formulate a complete data security incident emergency plan. If a data security incident such as data leakage, loss, or tampering occurs, immediately activate the emergency plan, take remedial measures to prevent the expansion of losses, and timely notify you and relevant regulatory authorities of the incident, scope of impact and remedial measures in accordance with the requirements of applicable laws and regulations.

6.2.3 Control of Third-Party Service Providers

If it is necessary to entrust third-party service providers (such as server hosting, technical support, data storage, etc.) to process personal data due to business needs, we will sign a strict Data Processing Agreement (DPA) with the third party, clarify the third party's confidentiality obligations, data protection requirements and liability division, and continuously supervise the third party's data processing activities to ensure that they comply with this Policy and relevant laws and regulations; if the third party fails to perform data protection obligations, we will immediately terminate the cooperation and require it to bear corresponding legal liabilities.

Special Reminder: The Internet environment has inherent uncertainty. Although we have taken the above strict security protection measures, we cannot completely rule out data security risks caused by factors beyond our control such as force majeure, hacker attacks, and equipment failures. You need to understand and bear the corresponding reasonable risks.

VII. Data Sharing and Disclosure

We solemnly promise to strictly protect your personal data privacy and will not arbitrarily share or disclose your personal data to any third party. Data sharing/disclosure is only carried out in the following limited legal and compliant situations, and all sharing/disclosure behaviors follow the principle of least privilege and take strict security measures:

7.1 Obtaining Your Explicit Consent

After you confirm and actively agree in writing or orally, your personal data will be shared with the third party designated by you. The scope of sharing is strictly limited to the content you agree to, and there is no over-range sharing behavior.

7.2 Necessary Behaviors to Realize Core Functions

Share limited, de-identified personal data with third-party service providers that provide us with necessary services such as technical support, server hosting, data storage, and payment settlement (if any); such third parties can only use your personal data within the scope of providing services for us, not for any other purposes, and must strictly abide by the data processing agreement and relevant confidentiality requirements signed with us.

7.3 Compliance with Laws and Regulations or Legal Procedures

Disclose your personal data within the legal scope in accordance with the legitimate subpoenas, rulings, instructions of competent authorities such as courts, arbitration institutions, and regulatory authorities, or to comply with applicable laws and regulations and administrative rules; such disclosure behaviors will retain relevant legal documents to ensure compliance.

7.4 Necessary Behaviors to Protect Legitimate Rights and Interests

Share or disclose your personal data within a reasonable and necessary scope to protect the legitimate rights and interests of us, you or other third parties (such as responding to online fraud, handling infringement complaints, protecting personal and property safety, etc.), and such behavior will not infringe on your legitimate rights and interests.

7.5 Corporate Merger or Asset Transfer

In the event of corporate changes such as corporate merger, acquisition, bankruptcy liquidation, and asset sale, your personal data may be transferred to the transferee as part of the company's assets; we will clearly inform you through prominent methods such as App pop-up windows and official emails before the transfer (unless otherwise stipulated by laws and regulations), and the transferee must issue a written commitment to continue to strictly abide by all terms of this Policy; if the transferee refuses to make such a commitment, we will immediately terminate the data transfer.

Special Statement: Without your explicit written consent, we will never sell your personal data to any third party for commercial interests, and this App has no business arrangements related to data sales.

VIII. Core User Rights

In accordance with applicable global data protection laws and regulations, as a data subject, you enjoy the following core rights. We will provide convenient, efficient and unobstructed support for you to exercise your rights without any unreasonable restrictions or requirements, and will not charge any fees:

8.1 Right to Know

You have the right to access and understand all relevant information about our collection, use, storage and sharing of your personal data, including purposes, methods, scope, storage period, data recipients, etc. The above information has been fully and detailedly listed in this Policy; if you have further questions, you can consult us through the official email at any time, and we will give a comprehensive and clear reply.

8.2 Right of Access

You have the right to require us to provide a copy of your personal data in our possession, including the creation materials, published works, feedback content you actively provided, as well as the automatically collected device information, usage behavior records, etc.; we will provide you with a copy of the data in a structured, common and machine-readable format (such as CSV, JSON) to meet your data usage needs.

8.3 Right to Rectification

If you find that the personal data about you stored by us is inaccurate, incomplete, outdated, etc., you have the right to require us to correct and supplement the relevant data in a timely manner; we will verify it in a timely manner after receiving your request, and if verified to be true, we will complete the data correction/supplementation within 3 working days and feedback the processing result to you.

8.4 Right to Erasure (Right to Be Forgotten)

In the following circumstances, you have the right to require us to completely delete your relevant personal data, and we will complete the deletion operation within the statutory time limit without any unreasonable delay:

5. The purpose of data processing has been achieved, or it is no longer necessary to continue storage;

6. You have withdrawn your consent to data processing, and there is no other legal basis for data processing;

7. Our data processing behavior violates applicable laws and regulations or the agreement of this Policy;

8. You no longer use this App, and there is no requirement by laws and regulations to compulsorily retain relevant data;

9. Other circumstances where data should be deleted in accordance with applicable laws and regulations.

Exception: If deleting data conflicts with legal retention obligations, contract performance, or public interests, we will restrict the processing of data in accordance with legal requirements (instead of directly deleting it) and explain the specific reasons to you in writing.

8.5 Right to Restrict Processing

In the following circumstances, you have the right to require us to restrict the processing of your personal data. During the restriction period, except for storing and protecting the data, we will not perform any other processing on the data unless we obtain your explicit consent or there are other requirements by laws and regulations:

10. You have raised an objection to the accuracy of the data, and the verification work is in progress;

11. Our data processing behavior is illegal, but you do not want to delete the relevant data;

12. The data storage period has expired, but you need the data to resolve legal disputes;

13. You have withdrawn your consent to data processing, and the relevance between the consent and data processing is still being confirmed.

8.6 Right to Data Portability

You have the right to require us to provide your personal data to you or another data controller designated by you in a structured, common and machine-readable format; this right only applies to data processing activities carried out based on your consent or contractual agreement, and will not damage our legitimate rights and interests.

8.7 Right to Object to Data Sale/Sharing

You have the right to clearly object to our sale or sharing of your personal data to third parties. If you raise an objection, we will immediately stop the relevant data sale/sharing behavior without any additional conditions.

8.8 Right to Withdraw Consent

You can withdraw your consent to data processing at any time (such as revoking the authorization of camera, album, microphone and other device permissions). The ways to withdraw consent include device system settings, in-App permission management, submitting a withdrawal request to the official email, etc.; withdrawal of consent does not affect the legality of data processing activities carried out based on legal authorization before the withdrawal, nor does it affect the data processing activities carried out by us based on other legal bases.

8.9 Right to Complain

If you believe that our data processing behavior has infringed your legitimate rights and interests, you have the right to complain to the data protection regulatory authority in your jurisdiction. We will actively cooperate with the investigation and handling of the regulatory authority and bear corresponding responsibilities in accordance with the law.

8.10 Methods of Exercising Rights

If you wish to exercise any of the above rights, you can submit a written request to us through the official contact email listed in this Policy. The email subject should clearly indicate "Exercising Rights + Specific Right Name + Unique Device Identifier (such as Android ID, optional)", and attach necessary identity verification information (such as screenshots of work release, screenshots of function usage records, etc.) to facilitate us to quickly complete identity verification and improve processing efficiency.

After receiving your valid request, we will give a written reply and complete the processing within 15 working days; if the matter is complex and needs to extend the processing time limit, we will inform you in advance through email, with a maximum extension period of no more than 30 working days (in line with the maximum processing time limit requirements of GDPR and other laws and regulations).

If you entrust a third party to exercise the above rights on your behalf, you need to provide us with a written power of attorney and the identity information of both parties. After we verify the authenticity of the authorization, we will process the relevant request in accordance with the entrustment content.

IX. Right to Object to Data Sale/Sharing and Opt-Out Mechanism

To fully protect your control over personal data, we have formulated clear and convenient methods for exercising the right to object to data sale/sharing and an opt-out mechanism. You can exercise the relevant rights at any time in accordance with the following operations, and all operations are free and efficient:

9.1 Object to Data Sale

• We do not carry out any data sale activities by default. If it is necessary to carry out data sale-related activities due to business adjustments in the future, we will separately obtain your explicit written consent through prominent methods such as App pop-up windows, official emails, and in-site announcements. No data sale operations will be carried out without your consent;

• If you wish to clearly object to any form of data sale, you can submit an application to the official email (grantboreiercoryr@gmail.com) with the email subject indicating "Object to Data Sale + Unique Device Identifier (optional)". We will complete the registration within 10 working days after receiving the application and feedback the processing result to you through email; this objection is valid for a long time unless you take the initiative to revoke it in writing later.

9.2 Opt-Out of Data Sharing

If you have agreed to our sharing of your personal data with third-party service providers (such as authorizing the use of specific third-party functions), you can opt out of such sharing at any time in the following way: send an email to the official email with the subject indicating "Opt-Out of Data Sharing + Name of Third-Party Service Provider (if any) + Unique Device Identifier (optional)". We will stop subsequent data sharing activities within 15 working days after receiving the application and notify the relevant third parties to stop using your personal data (unless otherwise required by laws and regulations).

9.3 Effect Statement

14. After you raise a request to object to data sale or opt out of data sharing, we will immediately stop the relevant data processing activities, but it will not affect the legality of the data sale/sharing activities that have been completed based on your legal consent;

15. If data sale/sharing is a necessary condition for realizing specific functions of this App, your objection or opt-out behavior may result in the unavailability of that function. We will clearly inform you of this impact through App pop-up windows, emails, etc. before you operate, and you can independently decide whether to continue the operation.

X. Additional Rights for Users in Specific Jurisdictions

In accordance with the exclusive data protection laws and regulations of specific jurisdictions, users in the following regions enjoy additional exclusive data rights in addition to the core rights agreed in Article 8 of this Policy. We will strictly follow the legal requirements of the corresponding regions to ensure the realization of your additional rights and provide exclusive support for the exercise of rights:

10.1 European Union/European Economic Area (GDPR Applicable Regions)

16. You have the right to require us to explain the specific legal basis for processing your personal data and the category of data recipients (especially the recipient information in the case of cross-border data transmission);

17. If you believe that our data processing behavior violates the GDPR provisions, you have the right to complain to the data protection regulatory authority of your member state or the European Data Protection Board (EDPB). The complaint channel can be queried through the EDPB official website;

18. You have the right to refuse to accept decisions made solely on the basis of automated processing (including user profiling) that have legal effect or similar significant impact on you. This App has no such automated decision-making behavior;

19. If cross-border data transmission is involved, you have the right to understand the cross-border data protection guarantee measures we take (such as standard contractual clauses, adequacy assessment results, etc.), and we will give a comprehensive and transparent explanation.

10.2 California, USA (CCPA/CPRA Applicable Region)

20. You have the right to know whether your personal data has been shared, and require us to disclose the categories, sources, processing purposes and categories of data recipients of your personal data collected, sold and shared in the past 12 months. We will provide you with this disclosure report free of charge;

21. You have the unconditional right to object to data sale, and we will not take any discriminatory measures against you (such as reducing service quality, increasing fees, restricting function use, etc.) because you exercise this right;

22. In accordance with the requirements of CPRA, you have the right to restrict our use and disclosure of your sensitive personal data (if any). We will only process your sensitive personal data with your explicit consent or as permitted by law;

23. Your exercise of the right to erasure will not be subject to any unreasonable restrictions. After we receive the deletion request, we will complete the data deletion operation within the statutory time limit, except for legal exceptions (such as fulfilling legal obligations, ensuring safety, etc.).

10.3 Virginia, USA (VCDPA Applicable Region)

24. You have the right to require us to correct inaccurate personal data. After verification, we will correct it in a timely manner and inform you of the correction result in writing;

25. You have the right to opt out of our use of your data for targeted advertising, user profiling or data sale. This opt-out operation takes effect immediately without any delay;

26. If a data breach incident that may cause damage to your legitimate rights and interests occurs, we will notify you and the Attorney General of Virginia (if applicable) within 72 hours of discovering the breach, and clearly inform you of the category of the breached data, potential impact and the remedial measures we take.

10.4 Brazil (LGPD Applicable Region)

27. You have the right to require us to correct, update or anonymize incomplete, inaccurate or outdated personal data. We will complete the verification and processing in a timely manner after receiving the request;

28. When the data processing behavior may cause damage to your legitimate rights and interests, you have the right to require us to suspend data processing until the relevant risks are eliminated;

29. You can complain to the Brazilian Data Protection Authority (ANPD) about any of our data processing violations. The complaint process can be queried through official ANPD channels;

30. Our processing of your personal data will strictly follow the principle of purpose limitation, and will only be used for the purposes legally informed, without any over-range processing behavior.

10.5 United Arab Emirates (FADP Applicable Region)

31. You have the right to require us to confirm whether we are processing your personal data. We will give a written reply within 3 working days after receiving the request;

32. You have the right to require us to transmit your personal data to other data controllers that meet the FADP requirements. We will provide the data in a machine-readable format to ensure the realization of the right to data portability;

33. If our data processing behavior violates the FADP provisions, you have the right to require us to bear corresponding compensation liabilities, and we will make compensation in accordance with the law.

10.6 Tips for Exercising Additional Rights

If you are a user in the above regions, please clearly inform your jurisdiction in the written request when exercising additional rights to us. We will provide you with exclusive support for exercising your rights in accordance with the legal requirements of the corresponding regions to ensure that your rights are fully protected.

XI. Changes to This Privacy Policy

We may revise this Privacy Policy in accordance with the update of laws and regulations, the adjustment of Google Play Store listing policies, the iteration and optimization of product functions, and the improvement of data processing practices. The revised policy will more comprehensively protect your personal data rights and meet the latest global data protection requirements.

11.1 Material Changes

In the event of material changes to this Policy (including but not limited to: substantial adjustments to the purposes, scope, methods of data collection and data sharing rules; material changes to users’ core rights; major updates to applicable laws; changes to the information of the data controller or data protection officer), we will prominently notify you via in-app pop-ups, conspicuous in-app announcements, official email, or other means. You will be required to re-check and agree to the revised Policy to continue using this Application. If you do not agree to the revised Policy, you may stop using this Application. We will respect your choice and process your personal data in accordance with the original Policy.

11.2 Non-Material Changes

In the event of non-substantive adjustments to this Policy (such as optimizing textual expressions, supplementing details of permission usage, updating feedback processing time limits, etc., which do not affect your core rights), we will publish the revised Policy on the 【About > Privacy Policy】 page of this Application. The revised content shall take effect on the date of publication. Your continued use of this Application after such changes shall constitute your acceptance of the revised Policy terms.

11.3 Reminder to Review Regularly

We recommend that you regularly review this Privacy Policy to learn about our latest data protection measures and rules. Your continued use of this Application following any revisions to the Policy shall be deemed that you have fully and unconditionally understood the meaning and legal consequences of all revised terms, and voluntarily accepted their binding force on both parties.

XII. In-App Purchase Information

This Application offers in-app purchase services for AI video generation. The specific rules are as follows. In-app purchase operations will not collect additional personal data from you, and only involve necessary order and payment-related information (such information is processed by third-party payment institutions, and we do not store complete payment information):

34. First video generation: Each user may generate one video free of charge when using the AI video generation function of this Application for the first time, without any payment. Videos generated for free enjoy the same functions and rights as paid-generated videos (including saving, editing, publishing, etc.).

35. Subsequent video generation: After the first free video generation, each subsequent use of the AI video generation function shall cost 10 coins (in-app virtual currency). Video generation requests may only be initiated after successful payment.

36. How to obtain coins: Users may purchase coins through in-app purchase channels in this Application. The specific purchase amount and coin exchange ratio are subject to display in the Application. Coins will be credited immediately upon purchase and may be used to offset subsequent video generation fees. Coins are non-refundable, non-transferable, and cannot be redeemed for cash.

37. In-app purchase permission description: Use of the in-app purchase function requires enabling payment-related permissions on the device (if any). Such permissions are only used to complete coin purchase operations. We will not collect sensitive information such as your payment account or password through such permissions. All payment-related information is processed and stored by our cooperating third-party payment institutions, in strict compliance with payment industry security standards.

XIII. Contact Us

If you have any questions, comments or suggestions regarding this Privacy Policy, or wish to exercise any rights set forth in this Policy, please contact us exclusively through the following official channels. We will provide professional and efficient responses and processing services:

13.1 Official Contact Information

• Data Controller: Baoding Chuanzhang Technology Co., Ltd.

• Mailing Address: Room B803, Oriental Pearl Business Center, No. 483 Yulan Avenue, Dongguan Street, Lianchi District, Baoding City, Hebei Province, Postal Code 071000

• Official Email: grantboreiercoryr@gmail.com

• Service Scope: Privacy policy inquiries, requests to exercise personal data rights, data protection complaints, data-related issues during function usage

13.2 Response Timeframe

• Acknowledgment: We will send a confirmation email within 3 working days upon receipt of your request.

• Processing Timeframe:

￮ General inquiries: Processed and responded to within 7 working days.

￮ Complex issues (such as data access, data portability, cross-border data-related requests): Processed and responded to within 15 working days, up to a maximum of 30 working days (in compliance with response time requirements of major global data protection laws and regulations).

• Progress Updates: If processing requires an extension, we will provide you with progress updates every 10 working days to ensure you are informed of the status of your request.

XIV. Miscellaneous Provisions

14.1 Relationship with User Terms of Service

This Privacy Policy is the core agreement between you and us regarding personal data protection. Together with the Zohub User Terms of Service, they constitute a complete legal agreement governing your use of this Application. In the event of any conflict between the two, matters concerning personal data protection shall be governed by this Privacy Policy, and other matters concerning application usage rules and service terms shall be governed by the Zohub User Terms of Service.

14.2 Severability

If any provision of this Privacy Policy is held by a competent judicial or administrative authority to be invalid, illegal or unenforceable in whole or in part, such holding shall not affect the validity, legality and enforceability of the remaining provisions, which shall remain in full force and effect in accordance with this Policy.

14.3 Acceptance of Terms

By checking to confirm your agreement to this Privacy Policy and using this Application, you are deemed to have fully and unconditionally understood the meaning and legal consequences of all terms of this Policy, and voluntarily accepted its binding force on both parties. If you do not check to agree to this Policy, we will not provide you with any services of this Application, nor will we collect any personal data from you.

14.4 Applicable Law

The formation, performance, interpretation of this Privacy Policy and dispute resolution shall be governed by the effective data protection laws and regulations of major global jurisdictions and relevant rules of the Google Play Store. In the event of a dispute, both parties shall first resolve it through friendly negotiation. If negotiation fails, either party may file a lawsuit with the competent court where the Data Controller is located

Baoding Chuanzhang Technology Co., Ltd. reserves the right of final interpretation of this Privacy Policy.