Welcome to use QI-ANXIN Authenticator!

QI-ANXIN Technology Group Co., Ltd. and its affiliates (referred to as "we" or " QI-ANXIN Group") fully understand the importance of privacy to you and will take adequate and appropriate measures to ensure the security of your personal information.

We hope to explain to you through this Privacy Policy how we collect, use, store, share and transfer user information and how we protect user information when using QI-ANXIN Authenticator (hereinafter referred to as "this product"). Please read and understand this Privacy Policy carefully before using this product and use our product after confirming your full understanding and agreement. Once you start to use this product or continue to use this product after we update our privacy policy, you fully understand and agree to this privacy policy, and agree to our collection, use, storage and sharing of user information in accordance with this privacy policy. If you have any questions, comments, or suggestions about the content of this Privacy Policy, you may contact us through the contact information provided in this Privacy Policy (see Section IX below).

 

This Privacy Policy will help you understand the following:

I . User i nformation w e m ay c ollect

II . The purpose and usage rules of our collection of user information

III . How we store user information

IV . How we share, transfer, and publicly disclose user information

V . How we protect user information

VI. Your rights to user information

VII . Scope of Application of Privacy Policy

VIII . Changes and Amendments to Privacy Policy

IX . How to contact us

X. Effectiveness of Privacy Policy

 

 

I . User information we may collect

The main sources of user information we collect are: the information you provide to us, the information we obtain during your use of this product or service, and your information shared by third parties. We will collect and use your user information within the scope stipulated in this Privacy Policy. If you do not provide relevant information or do not agree to our collection of relevant information, you may not be able to register as our user or use some of the services we provide or cannot achieve good service results.

 

  1. The information we obtain during your use of this product or service, including but not limited to:

         User account and password. The user's login information, which is used to log in.

         Server address. The server address where the user logs in, which is used to connect to the server.

         Dynamic password, used to provide authentication function.

         Fingerprint for biometric fingerprint authentication.

         The task list used to run the detection security function and judge the currently running application.

         Wi-Fi information, MAC address and SSID information, used for device binding function.

         Album, used to open the system album picture when scanning the code.

         Third-party components, as described in Section 3 below.

         Clipboard content for copying dynamic passwords.

         The log of the program running time is stored locally, which only involves the record of the program running process, and does not include the user's personal privacy. It is used for troubleshooting when there may be problems in the user's use process.

         Information such as mobile phone number or email address during the enhanced authentication process is used for the login process.

         Device information such as IMEI and IMSI, used for device binding process.

         Bluetooth information, used to get the device name to bind the device.

and other relevant necessary information.

  1. The permissions we apply for and obtain during your use of this product or service include but are not limited to:

         Camera

         Read external memory

         Writing to External Memory

         Read phone status

         Floating window

         Network access

         Vibration prompt

         Network Status

         Wi-Fi status

         Bluetooth

         Screen Brightness

         Upgrade and install this application

         Fingerprint Identification

         Read hardware device information

and other relevant necessary permissions.

 

To allow you to use the login service more safely and conveniently, if both your device and the QI-ANXIN Authenticator version support the face/fingerprint function, you can choose to enable the face or fingerprint login function. You need to enable your face/fingerprint information on your device. When you log in with your face/fingerprint, you need to complete face/fingerprint verification on your device. We only receive verification results and do not collect or retain your facial/fingerprint information. You can refuse to provide it, and it will not affect the normal use of other functions of this product. This information is only for the purpose of the above description and will not be used for other purposes without your authorization.

 

  1. In this product or service, the following third-party SDKs and auxiliary development frameworks are used:

To ensure the user experience, the following SDKs (Software Development Kit) is embedded in this App. We remind you to pay attention to and clearly understand the specific information of the service provider that provides you and how service providers collect and use your personal information:

 

3.1 SDK name: Chromium, Gson

Affiliation Name: Google Inc.

SDK purpose, function: assist tool

Types of Personal Information Collected: MAC address, SSID, Wi-Fi information

Website, for reference only: http://www.chromium.org/

 

3.2 Framework name: Samsung Android

Affiliation Name: Samsung Corporation

Function: assist development

Website, for reference only: https://developer.samsung.com/digital-id/overview.html#

 

3.3 Framework name: OKHTTP

Function: assist development

Website: https://square.github.io/okhttp/

License Agreement: https://square.github.io/okhttp/#license

 

3.4 Framework name: Butterknife

Function: assist development

Website: https://jakewharton.github.io/butterknife/

License Agreement: http://www.apache.org/licenses/LICENSE-2.0

 

3.5 Framework name: Zxing

Function: assist development

Website: https://github.com/zxing/zxing

License Agreement: https://github.com/zxing/zxing/blob/master/LICENSE

 

3.6 Framework name: Apache

Function: assist development

Website: https://httpd.apache.org

License Agreement: https://httpd.apache.org/licenses/

 

3.7 Framework name: FingerPrintIdentify

Function: assist development

Website: https://github.com/uccmawei/FingerPrintIdentify

License Agreement: https://github.com/uccmawei/FingerPrintIdentify/blob/master/LICENSE

 

3.8 Framework Name: Daimajia

Function: assist development

Website: https://github.com/daimajia/AndroidSwipeLayout

License Agreement: https://github.com/daimajia/AndroidSwipeLayout/blob/master/LICENSE

 

3.9 Framework name: Eventbus

Function: assist development

Website: https://github.com/greenrobot/EventBus

License Agreement: https://github.com/greenrobot/EventBus/blob/master/LICENSE

 

3.10 Framework name: XCrash

Function: assist development

Website: https://github.com/iqiyi/xCrash

License Agreement:

https://github.com/iqiyi/xCrash/blob/master/LICENSE

 

3.11 Framework name: AndPermission

Function: assist development

Website: https://github.com/yanzhenjie/AndPermission

License Agreement: http://www.apache.org/licenses/LICENSE-2.0

 

  1. We will not share your information with any third parties.

You understand and agree that we only activate, manage, and use the data or information you provide above according to your instructions. You should strictly follow the principles of legality, legitimacy, necessity, and minimization to upload and/or access the end user information of this product. You should ensure that you have obtained sufficient and necessary explicit authorization, consent, and permission from the relevant rights subject in advance. It has fully informed the end user of the relevant data, the purpose, scope, and usage of the information collected. Any disputes arising therefrom shall be resolved by you and shall bear the corresponding legal responsibilities.

 

II. The purpose and usage rules of our collection of user information

 

  1. The user information we collect is mainly used for the following purposes:

a)         Support authentication function

The core function of QI-ANXIN Authenticator is for user authentication. QI-ANXIN Authenticator server can use built-in or third-party identity management services to complete user identity verification. QI-ANXIN Authenticator supports a variety of authentication methods, including certificate authentication, AD domain authentication, LDAP authentication, RADIUS authentication, mailbox authentication, App ID/App Key, QR code authentication and multi-factor authentication, etc., and any combination of them can be used. It can also be used in combination with the hardware feature binding. User personal account information may be involved in the authentication process.

 

b)        Supports the multi-factor authentication function of the product

QI-ANXIN Token can realize the multi-factor authentication function of user identity. QI-ANXIN Token can be applied on Android and iOS platforms, and provides multi-factor authentication services for other business platforms, including TOTP (Time-based One-time Password), QR code scanning, out-of-band message confirmation and other forms. Permissions to use the camera, access photo albums, etc. may be involved in this process.

 

c)         Supports the log auditing function of the product

Qi-ANXIN Token server will provide detailed log records for user authentication, user authorization, local user management and other operations for access auditing, including access user identity, device information, access time, access target applications, authentication results, etc. Qi-ANXIN Token can provide detailed and non-repudiation security auditing functions for enterprise applications through log records. If security incidents occur, it could provide early warning and quickly locate the cause and source of the incident.

 

d)        Reply your feedback

If you have any questions, comments, suggestions or complaints about our privacy policy and user information processing, you can give us feedback through the contact information as in Section IX of this Privacy Policy, and we will try our best to solve your problems. Under normal circumstances, we will reply to your request within 15 working days; if the situation is complicated and needs to be postponed, we will also explain to you within 15 working days.

 

e)         Safety Insurance

In order to improve the security of your use of the products provided by us and our affiliated companies and partners, to protect the personal and property safety of you, other users or the public, and to better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network Attacks, network intrusions and other security risks, more accurately identify violations of laws and regulations or the relevant agreement rules of QI-ANXIN Group, we may use or integrate your device information, software usage information and our affiliates, partners to obtain your authorization or basis Information shared by law is used for identity verification, detection and prevention of security incidents, and necessary recording, auditing, analysis, and disposal measures are taken according to law.

 

f)          Exceptions to Authorized Consent

According to relevant laws and regulations, your authorization and consent may not be required to collect your user information in the following situations:

  1. Related to national security and national defense security.
  2. Related to public safety, public health, and major public interests.
  3. Related to criminal investigation, prosecution, trial and execution of judgments.
  4. To safeguard the important legitimate rights and interests of the information subject or other individuals, such as life and property, but cannot obtain your explicit consent.
  5. The collected user information is disclosed to the public by yourself.
  6. Collect user information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels.
  7. Necessary to conclude a contract at your request.
  8. Necessary for maintaining the safe and stable operation of the products or services provided, such as finding and disposing of faults in the products or services.
  9. Necessary for legitimate news reporting.
  10. When it is necessary for an academic research institution to conduct statistical or academic research based on the public interest, and when providing the results of academic research or description, the information contained in the results is de-identified.
  11. Other situations stipulated by laws and regulations or agreed in this Privacy Policy.

 

  1. Rules for the use of user information

a)         We will use the collected user information in accordance with the stipulations of this Privacy Policy and to realize the functions of this product and/or service.

b)        Please note that all user information you provide when using this product and/or service will continue to authorize us to use it during your use of this product and/or service unless you delete it or refuse us to collect it through system settings.

c)         We may conduct statistics on the usage of this product and/or service to show the overall usage trend of this product and/or service. However, these statistics do not contain any identifying information about you.

d)        If we want to use your user information for other purposes not specified in this Privacy Policy, or use the information collected for a specific purpose for other purposes, we will not use it until your prior consent.

 

III. How we store user information

  1. Storage Location

User information we collect and generate in the People's Republic of China will be stored in the People's Republic of China.

If it is necessary to transmit relevant user information collected in China to overseas institutions for the purpose of processing cross-border business, we will seek your consent separately and implement it in accordance with laws, administrative regulations, and relevant regulatory authorities. We will ensure that user information is adequately protected, such as anonymization, encrypted storage, etc.

 

  1. Storage Period

We only retain your personal information for the period necessary to achieve the purpose stated in this Privacy Policy and within the time limit required by laws and regulations. After the necessary period, we will delete or anonymize your personal information.

If we stop operating this product, we will promptly stop collecting users' personal information, notify you of the notice of operation termination in an announcement or similar form, and delete or anonymize the user's personal information (if any) stored by us.

 

IV. How we share, transfer, and publicly disclose user information

 

  1. Share

We do not share user information with any companies, organizations and individuals, except in the following cases:

a)         With your explicit consent, we will share user information with other parties.

b)        We may share user information externally in accordance with laws and regulations or the need for litigation and dispute resolution, and as required by administrative and judicial organizations in accordance with the law.

c)         To the extent permitted by laws and regulations, it is necessary to share user information to protect QI-ANXIN Group, its affiliates or partners, you or other users or the public interest, property or safety from damage.

d)        Where our affiliates provide products or services to you or to us, we may share user information with our affiliates. However, we only share necessary user information, and the processing of your information by affiliates is governed by this Privacy Policy. If the affiliated company wants to change the purpose of processing your user information, it will seek your authorization and consent again.

e)         We will not share user information with third-party advertisers, application developers, open platforms, or other partners unless we have your express authorization and consent. We may provide these partners with aggregated, anonymized, or other information that does not identify you.

f)          Only for the purpose stated in this Privacy Policy, we may share user information (or text messages or caller numbers reported by users) with our suppliers, service providers, consultants or agents to provide better user services and user experience. These vendors, service providers, consultants, agents may provide us with technical infrastructure services, analyze how our products are used, measure the effectiveness of advertising and products, provide customer service and payment services, conduct academic research and surveys, or provide legal, financial and technical advisory services.

 

For companies, organizations and individuals with whom we share user information, we will sign strict confidentiality agreements or other binding documents of the same legal nature, requiring them to comply with our instructions, this Privacy Policy and any other relevant confidentiality and security measures to process user information.

 

  1. Transfer

We will not transfer user information to any other companies, organizations and individuals, except in the following cases:

a)         With the development of QI-ANXIN Group's business, we and our affiliated companies may conduct mergers, acquisitions, asset transfers or other similar transactions. If the relevant transaction involves the transfer of user information, we will require the new company, organization and individual holding user information to continue to be bound by this Privacy Policy, otherwise we will require the company, organization and individual to obtain your authorization and consent again.

b)        Transfer with your explicit consent, that is, after obtaining your explicit consent, we will transfer the user information we have acquired to other parties.

c)         Provided in accordance with applicable laws and regulations, the requirements of legal process, mandatory administrative or judicial requirements.

d)        Provided in accordance with the relevant agreements or other legal documents signed by QI-ANXIN Group and/or our affiliates and you.

 

  1. Disclose

We will only publicly disclose user information under the following circumstances:

a)         Your express consent has been obtained.

b)        We may publicly disclose user information in the case of legal regulations, legal procedures or mandatory requirements of government authorities.

c)         To the extent permitted by laws and regulations, it is necessary to disclose user information to protect QI-ANXIN Group, its affiliates or partners, you or other QI-ANXIN users or the public interest, property or safety from damage.

d)        Other situations stipulated by laws and regulations.

According to the law, any sharing and transferring the de-identified user information and ensuring that the recipient of the data cannot restore and re-identify the information subject are not seen as external sharing, transfer or public disclosure of user information. Please be aware that the storage and processing of such data will not require further notice and your consent.

 

V. How we protect user information

We have implemented industry-standard security to protect the user information you provide from unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonably practicable measures to protect your user information.

 

  1. By publishing this Privacy Policy, we realize the transparency of user information processing, and establish user feedback channels to accept public supervision.
  2. We will encrypt the transmission and storage of identifiable personally identifiable information to ensure the confidentiality of the data.
  3. We deploy access control mechanism on the server side, adopt the principle of least privilege authorization for staff who may have access to user information, and regularly check the list of access personnel and access records.
  4. The server systems where we store user information are all security-hardened operating systems. We conduct account auditing and monitoring of server operations. If an externally announced server operating system with security problems is found, QI-ANXIN Group will upgrade the server security as soon as possible to ensure the security of all our server systems and applications.
  5. We regularly hold trainings on laws and regulations related to privacy protection for staff to enhance their awareness of privacy protection.
  6. If any unfortunate damage happened to our physical, technical or management protection measures, we would promptly activate an emergency plan to prevent the expansion of security incidents, report to the competent national authorities in accordance with the requirements of laws and regulations, and take reasonable measures such as push notifications and announcements in a timely manner. And we will inform you of the basic situation of security incidents, possible impacts, measures that have been taken or measures to be taken, etc. in an effective way.

 

VI. Your rights to user information

During your use of this product, you can access and manage your information in the following ways:

  1. Notify your enterprise/organization user administrator of the access and correction of user information.
  2. Deletion of user information. In the following situations, you have the right to request to notify the user administrator of your company/organization to delete your information. If the user of your company/organization deletes the QI-ANXIN Authenticator account, we will anonymize or delete your relevant personal information in the organization:

a)         We have collected your information without your express consent.

b)        Our processing of your user information violates this Privacy Policy and laws and regulations.

c)         You have logged out, uninstalled, or no longer used this product and/or service.

d)        We stop providing services for you.

  1. Notify the user administrator of your enterprise/organization to log out of the user account.
  2. Change or withdrawal of user authorization.

In the operating system of the device, you can close the relevant system permissions previously authorized to agree to our use to change the scope of consent or withdraw your authorization. After authorization is turned off, we will no longer collect information related to these authorizations. The following is a guide for closing permissions on the Android platform:

 

Android: Open "Settings" -> “Application” -> swipe down, you can find "QI-ANXIN Authenticator", you can turn off the corresponding permissions.

 

Please understand that each business function requires some basic information to be completed. When you withdraw your consent or authorization, we will not be able to continue to provide you with corresponding services and will no longer process your corresponding information. However, your decision to withdraw your consent or authorization will not affect the previous information processing based on your consent or authorization.

If you have any questions about the protection of user information, you can contact us through the contact information stipulated in Section IX of this Privacy Policy, and we will deal with the feedback within a reasonable time.

 

VII. Scope of Application of Privacy Policy

This Privacy Policy applies only to this product. This Privacy Policy does not apply to the following situations:

 

  1. Embed this product into a third-party product (or service), the information collected by the third-party product (or service).
  2. Information collected by third-party services, advertisements or other companies, organizations or individuals accessed in this product.

 

VIII. Changes and Amendments to Privacy Policy

Our Privacy Policy is subject to change. We will not limit your rights under this Privacy Policy without your express consent.

For major changes to this Privacy Policy, we will also provide prominent notices (for example, software revisions or upgrades installed on this product, or timely notification in the form of pop-up windows when you log back in).

Material changes referred to in this Privacy Policy include, but are not limited to:

  1. Significant changes to our product model. Such as the purpose of processing user information, the type of user information processed, the way of using user information, etc.
  2. Significant changes in our control, etc. Such as changes in owners caused by mergers and acquisitions, etc.
  3. The main objects of user information sharing, transfer or public disclosure have changed.
  4. Your right to participate in the processing of user information and the way you exercise it have undergone significant changes.
  5. When there are changes to the responsible department, contact information and complaint channels that we are responsible for handling user information security.
  6. When the user information security impact assessment report indicates that there is a high risk.

 

IX. How to contact us

If you have any questions, comments, suggestions or complaints about this Privacy Policy and the handling of user information, please contact us:

 

Phone Number: 400-930-3120

Email: kefu@qianxin.com

 

X. Effectiveness of Privacy Policy

This Privacy Policy version is updated and effective as of December 2021.