Smart Scanner Privacy Policy

 

Last Updated: September 15th, 2025

Effective Date: September 15th, 2025

 

Welcome and Policy Effectiveness Statement

Product and Policy Definitions

Dear User, welcome to Smart Scanner (hereinafter referred to as "this application" or "we")—a professional scanning and measurement tool developed specifically for iOS devices.

 

This Privacy Policy (hereinafter referred to as "this Policy") aims to clearly and comprehensively inform you about how we collect, use, store, and protect your personal information during your use of this application and related services (hereinafter referred to as "the Services"), as well as the management rights you possess over such information.

 

By downloading this application from the Apple App Store, granting necessary permissions, and commencing use, you are deemed to have fully understood and voluntarily accepted all terms of this Policy. If you disagree with any part of this Policy, please immediately cease using this application and related services.

 

Scope of Application

  1. This policy applies only to the following information collection scenarios: information collected directly through this application, or collected through electronic channels such as email and SMS provided by this application.
  2. This policy does not apply to the following scenarios:
  3. Information collected in offline scenarios;
  4. Information collected by third-party platforms, websites, or services (including in-app advertisements and external links) — such information processing follows the third party's own privacy policy, and we assume no responsibility for their privacy practices.
  5. Before accessing third-party services through this application, we recommend reviewing the third-party's privacy policy to understand their information processing rules. You bear all related risks.

 

Governing Law and Dispute Resolution

  1. The establishment, performance, interpretation, and dispute resolution of this policy shall be governed by the laws of the Mainland Region of the People's Republic of China (excluding all conflict of laws rules);
  2. Any disputes arising from this Policy shall be resolved through friendly consultation between the parties as a priority. If consultation fails to reach an agreement, either party has the right to file a lawsuit with the People's Court where the defendant is located.

 

Contact Us

If you have questions about the content of this policy, the processing of your personal information, or wish to exercise your information rights or obtain historical versions of this policy, please contact us via the following methods: Email Address: topjoyservice@zohomail.com

 

Our Privacy Protection Principles

 

We always prioritize your privacy and security, strictly adhering to the following principles when processing personal information:

  1. Lawful and Necessary, No Overcollection: We collect only the information necessary to provide services based on laws, regulations, and functional requirements, and never collect unnecessary data unrelated to functionality.
  2. Special Protection for Sensitive Information: For sensitive personal information such as temporary heart rate measurement data and Apple ID-linked information, we implement additional safeguards including encrypted storage and strict access controls. Collection requires your explicit authorization.
  3. Local Storage, Transparency & Control: Core data like measurement results and scan records are stored locally on your iOS device (except for cloud storage services). We provide self-management channels for revoking permissions, deleting data, and opting out of targeted push notifications.
  4. Non-medical disclaimer, no misrepresentation: The heart rate measurement feature serves solely as a general health reference tool. It is not a medical device and should not be used for medical diagnosis or health assessment. If you have health concerns, please consult a qualified healthcare professional.
  5. Anonymized Data, Compliant Use: We may lawfully utilize de-identified information that cannot identify specific individuals for commercial purposes (e.g., algorithm optimization) without requiring your additional consent.

 

Exceptions and Standard Scenarios for Personal Information Processing Processing Without Your Authorization

Under relevant laws and regulations, processing your personal information in the following scenarios does not require your authorization or consent:

  1. Processing related to national security, defense security, public safety, public health, or major public interests;
  2. Related to judicial procedures such as criminal investigation, prosecution, trial, and enforcement of judgments;
  3. Necessary for the conclusion or performance of a service contract between you and us;
  4. To protect your or another individual's vital legal rights and interests, such as life or property, where obtaining your consent is impractical;
  5. Personal information you have voluntarily disclosed to the public;
  6. Collected from legally disclosed information (e.g., government information disclosure channels, legitimate news reports);
  7. Necessary for maintaining the secure and stable operation of this application service (e.g., identifying and addressing software crashes or malfunctions);
  8. For statistical or academic research conducted by academic institutions in the public interest, provided that the results are de-identified before external dissemination;
  9. Other circumstances as prescribed by laws and regulations.

 

Information Processing for Functional Purposes

  1. Device and Log Information: To ensure normal service operation, troubleshoot abnormal faults, and prevent security risks, we may collect the following with your authorization:
  2. Device identifiers: such as IDFA (Identifier for Advertisers), IDFV (Identifier for Fulfillment Vouchers), IMEI (International Mobile Equipment Identity), and encrypted MAC address;
  3. Basic device data: System version, device model, IP address, network status, and this application's version number;
  4. Operation Logs: Feature launch times, crash logs, cloud storage synchronization logs.
  5. Usage behavior information: We collect your usage behavior data to optimize service experience and feature recommendations, specifically including:
  6. Feature Usage Records: Feature usage frequency, duration per session, and successful/failed launch status;
  7. Interaction records: "Save" and "Share" actions on measurement results, clicks on in-app feature guides.
  8. Feature-Specific Information: Different features require corresponding permissions and necessary data collection, with all information processed locally on your device (except for cloud uploads):
  9. Scanning & Measurement: Camera permission is required for distance measurement, area calculation, height measurement, and object counting—temporary image frames captured by the camera are collected locally (for algorithmic calculations) and deleted immediately after processing, retaining only structured results;
  10. Extraction and Recognition: When using text extraction or plant recognition, album or camera permissions are required—only images you actively select are read. After extracting text or identifying plants, image caches are deleted, retaining only result data;
  11. Heart Rate Measurement Category: When using heart rate measurement, camera permission is required—heart rate values are collected locally and temporarily only.
  12. QR Code Scanning: When scanning QR codes/barcodes, camera permission is required—scanned results (e.g., links, text) are collected locally without storing images captured during scanning.
  13. Order-Related Information: If you use paid services, the payment process is completed through Apple Inc.'s in-app purchase interface:
  14. We collect only essential order information via iOS system APIs, including purchased items, subscription validity period, order status, and payment time;
  15. We do not collect sensitive payment information such as card numbers, payment passwords, or verification codes—such data is processed and protected by Apple Inc. in accordance with its official privacy policy (https://www.apple.com/legal/privacy/).

 

Third-Party Information Processing

  1. Obtaining Information from Third Parties: Subject to applicable laws and regulations and with your authorization, we may obtain publicly shared information about you from affiliated entities or partners:

◦ If you log in to iCloud using your Apple ID, we obtain non-sensitive identifier information (e.g., nickname, profile picture) from Apple Inc. — used solely for account binding and iCloud identity verification, without accessing other private data;

2.To provide specific features such as statistical analysis and ad delivery (if applicable), this application integrates third-party SDKs. These SDKs may collect and use certain information about you. For details on information collected by third-party SDKs, please refer to the appendix "Third-Party SDK List" of this agreement.

 

Specific Uses of Personal Information

The personal information we collect is used solely for the following purposes and not for any other scenarios not specified in this policy:

 

Ensuring Basic Service Operation

  1. Device identifiers and log information are used to adapt scanning/measurement algorithms for different devices, fix model-specific issues, and ensure service stability;
  2. Function-specific information is used to generate measurement results, extract text content, and create plant identification reports, ensuring you can use all tool functions normally;
  3. Apple ID association information is used to link cloud storage accounts.

 

Enhancing Service Experience

  1. Anonymized usage behavior data is analyzed to identify high-frequency feature demands and optimize operational workflows;
  2. Conduct user research to improve existing services and develop new features.

 

Essential Notifications

  1. Product service notifications: Feature update alerts delivered via in-app pop-ups, email, or SMS;
  2. Legally Required Notifications: Important information sent in compliance with laws, regulations, or service agreements remains unaffected by the above opt-out actions.

 

Special Handling of Sensitive Information

Certain personal information is classified as sensitive due to its specific nature, including but not limited to:

  1. Biometric-related data: Blood flow signals captured during heart rate measurement;
  2. Identity-related information: Apple ID nickname and profile picture.

We implement additional protective measures for sensitive information, such as encrypted storage and restricted access permissions. Such information is used solely to fulfill corresponding functionalities and for no other purposes. Please exercise caution when providing sensitive information to avoid potential rights infringement due to information leakage.

 

Your Personal Information Rights and How to Exercise Them

You have the right to access, correct, delete, or withdraw consent regarding your personal information. We will respond to your reasonable requests within 15 business days (except where otherwise provided by laws and regulations). The specific methods for exercising these rights are as follows:

 

Accessing and Correcting Personal Information

  1. Local Data Access: Access all locally stored functional results within this application;
  2. Correcting Information: Measurement results and text-extracted content can be directly modified on the corresponding record page. Apple ID-associated information (such as nicknames) must be modified through Apple's official website (https://appleid.apple.com/), as we cannot directly alter it.

 

Obtaining Copies of Information and Third-Party Transfer

  1. You may send an email to topjoyservice@zohomail.com to request a copy of your personal information (including local measurement records, cloud storage file lists, and order history) — we will provide this as an encrypted attachment after verifying your identity;

 

Deleting Personal Information and Account Closure

Local Data Deletion:

  1. After uninstalling this app, all locally stored information on your device will be permanently deleted and cannot be recovered.

Account Deactivation:

  1. To deactivate your account, navigate to "Settings > Deactivate User" within the app. Upon confirmation, all associated content will be permanently deleted and cannot be recovered.

 

Permission Control and Push Notification Management

  1. Device Permission Revocation: Go to your iOS device's "Settings > Privacy & Security > Smart Scanner" to disable permissions such as Camera, Photos, Notifications, etc. — Once revoked, corresponding features (e.g., scanning will be unavailable if Camera permission is disabled) will become inaccessible, but this does not affect the lawful use of previously collected information.

 

Complaints, Reports, and Deceased Information Handling

  1. If you discover unlawful processing of your personal information (e.g., unauthorized sharing), report it via email to [topjoyservice@zohomail.com]. We will investigate promptly, take appropriate action, and provide feedback on the resolution.
  2. If a user (natural person only) passes away, their immediate family members may exercise the right to access, copy, or delete the deceased's personal information to protect their legitimate interests. To do so, they must provide the following documentation:
  3. The deceased's identification documents and death certificate;
  4. Applicant's identification documents and proof of kinship with the deceased (e.g., household register, marriage certificate);
  5. A detailed explanation of the rights being requested.

 

Circumstances Where Requests Cannot Be Honored

Pursuant to laws and regulations, we may be unable to respond to your request in the following circumstances:

  1. Matters related to national security, defense security, public safety, public health, or major public interests;
  2. Cases related to criminal investigations, prosecutions, trials, or enforcement of judgments;
  3. Where there is sufficient evidence indicating you have acted with malicious intent or abused your rights (e.g., repeatedly requesting deletion of the same data);
  4. Where it is necessary to protect your or another individual's vital legitimate interests, such as life or property, but obtaining your consent is impractical;
  5. Where responding to the request would cause serious harm to the legitimate rights and interests of you, other individuals, or organizations;
  6. Involving trade secrets.

 

Rules for Sharing, Transferring, and Disclosing Personal Information

We strictly control the sharing, transfer, and disclosure of personal information, conducting such activities only under the following statutory or contractual circumstances. Beyond these, we will not disclose your personal information to any third party:

 

Public Disclosure of Personal Information

We do not publicly disclose your personal information, except in the following circumstances:

  1. With your explicit consent;
  2. When required by laws, regulations, or mandatory requests from administrative or judicial authorities, with disclosure strictly limited to the legally necessary scope;
  3. When the information is disclosed after undergoing de-identification processing, rendering it incapable of identifying specific individuals.

 

Transfer of Personal Information

We do not transfer your personal information unless one of the following circumstances occurs:

  1. We obtain your explicit written consent;
  2. In the event of corporate mergers, acquisitions, bankruptcy liquidation, or other asset transfers—in which case your information (excluding local measurement data and cloud storage file content) will be transferred as part of the assets. We will require the transferee to continue complying with the information protection requirements of this policy. Should the transferee need to change the purpose of information processing, they must obtain your authorization and consent again.

 

Personal Information Sharing

  1. Explicit Authorization: Sharing information necessary for specific functions with third parties upon your explicit consent (e.g., sharing your feedback with customer service providers to resolve issues);
  2. Legal and Administrative Requirements: We may provide necessary information within the scope of legal requirements, such as in response to legal subpoenas or directives from administrative authorities, and require recipients to maintain confidentiality.
  3. Protection of Legitimate Interests: In urgent situations to protect you, other users, or public interests, we may share anonymized information with relevant parties (e.g., local storage paths of fraud detection measurement results);
  4. Sharing with Affiliates and Partners:
  5. Sharing with Affiliated Companies: Sharing necessary non-sensitive information solely for service delivery purposes. Affiliated companies must comply with this policy, and any change in purpose requires your renewed consent.
  6. Sharing with Authorized Partners: Only information essential for service provision is shared, with usage scope restricted by confidentiality agreements. Resharing or use for other purposes is prohibited (specific partners and privacy policy links are provided in the appendix to this policy).

Storage and Security of Personal Information

Information Storage Rules

 

Storage Locations:

  1. Local Data (measurement records, text extraction content, heart rate records): Stored locally on your device without cross-border transmission;
  2. Cloud Storage Data (files you actively upload): Stored on servers within the People's Republic of China, with no cross-border transmission;

 

Storage Period:

  1. Local Data: Stored until you actively delete or uninstall this application;
  2. Cloud Storage Data: Stored until 30 days after you delete files or deactivate your cloud account, after which it is permanently deleted;
  3. Feedback and order information: Deleted within 30 days after completing feedback requests or terminating subscription services.

 

Security Protection Measures

 

Technical Safeguards:

  1. Local Data: Stored using iOS system key encryption to prevent unauthorized access by other applications;
  2. Cloud Storage Data: Transmitted via SSL encryption; servers implement access control mechanisms with regular vulnerability scans and penetration testing;
  3. Sensitive Information: Temporary heart rate measurement data undergoes real-time encryption processing. Apple ID-associated information is used solely for identity verification and does not store original credentials.

 

Administrative Safeguards:

  1. Establish information security management systems to define staff access permissions—only authorized personnel may handle sensitive data;
  2. Conduct regular privacy protection and information security training to enhance employee risk awareness;
  3. Maintain operational logs for information processing to facilitate tracing of abnormal activities.

 

Security Incident Response:

  1. In the event of a personal information security incident, we will immediately activate our emergency response plan: Block leakage channels, freeze abnormal accounts, and back up relevant data;
  2. In accordance with legal requirements, promptly notify you via in-app alerts and email regarding the incident details, measures taken, and recommendations for self-protection;
  3. When individual notifications are impractical, we will publish incident-related information via our official website or in-app announcements and report the handling status to regulatory authorities.

 

Your Security Considerations

The internet environment is not absolutely secure. Although we have implemented the above measures, we cannot guarantee 100% security for the transmission and storage of personal information. Please note:

  1. Do not share your device or Apple ID with others to prevent unauthorized access to cloud storage data;
  2. Download this app exclusively through official channels like the Apple App Store. Avoid using third-party cracked versions to prevent malicious programs from stealing local data;
  3. If you notice any account abnormalities (e.g., cloud storage login alerts for unauthorized activity), immediately contact us to freeze your account and change relevant passwords.

 

Special Protection for Minors' Personal Information

This application is primarily intended for adults. Minors under the age of 14 are not recommended to use it. If minors use this application, the following requirements must be met:

 

Prerequisite: Parental Consent

1. Minors under 14 years of age must read this policy with their legal guardian before using this application (especially heart rate measurement and paid cloud storage features) and obtain explicit consent from their guardian for the following:

  1. Authorization for camera/photo library access;
  2. Logging into cloud storage using an Apple ID;
  3. Payment of related fees;

2. Persons with limited capacity for civil conduct aged 14 to 17 must obtain guardian consent before using paid features or sharing personal information.

 

Information Processing: Strict Restrictions

  1. If minors use this application, we collect only the minimum information necessary to fulfill its functions (e.g., measurement results) and do not collect additional personally identifiable information (e.g., name, school).
  2. Heart rate measurement records and scan data for minors are stored locally on the device they use. Guardians may assist in deleting or managing this information.

 

Guardian Rights: Assistance and Supervision

  1. Guardians bear supervisory responsibility for minors' use of this application and may assist in managing device permissions and deleting sensitive data.
  2. If a guardian discovers a minor using this application without consent, or if we mistakenly collect a minor's information, please contact us at topjoyservice@zohomail.com. Upon providing proof of guardianship and proof of parent-child relationship, we will assist in resolving the matter within 15 business days.

 

Policy Changes and Notifications

We may revise this policy due to legal updates, business adjustments, or technical upgrades. Revision rules are as follows:

 

Circumstances and Process for Changes

 

Non-Material Changes:

Includes but is not limited to: optimizing wording, supplementing third-party partner lists, adjusting information retention periods;

Notification Method: Updates will be posted directly on the "Settings > Privacy Policy" page within this application. Your continued use of this application constitutes acceptance of the revised terms.

 

Material Changes:

  1. Including but not limited to: substantial changes to the purpose/type/method of personal information processing; changes to how you exercise your information rights; major adjustments to personal information security protection measures; changes to minor protection rules;
  2. Notification Method: Active prompts via in-app pop-ups, email, etc., taking effect only after your confirmation and consent.

 

Definition of Significant Changes

The core criterion for determining "significant changes" under this policy is whether they substantially impact your personal information rights. Specifically, this includes:

1. A change in the core purpose for which we process personal information;

2. Changes to the scope of sharing or transferring personal information, or alterations to third-party cooperation models;

3. The personal information security impact assessment report indicates significant risks.

Version Inquiry and Opt-Out

  1. You may view the currently effective version at any time under "Settings > Privacy Policy" within this application. To obtain historical versions, contact us by sending an email to topjoyservice@zohomail.com, and we will provide them within 5 business days.
  2. If you do not agree with the revised policy, you should immediately cease using this application and related services. Continued use shall be deemed as acceptance of all amended terms.

Supplementary Provisions

  1. Definitions of "Personal Information" and "Sensitive Personal Information" herein comply with the Personal Information Protection Law of the People's Republic of China, the Information Security Technology - Personal Information Security Specification, and other applicable laws, regulations, and national standards.
  2. Matters not covered herein shall be governed by the relevant laws and regulations of the Mainland Region of the People's Republic of China;
  3. The operator of Universal Scan Master reserves the final right of interpretation for this policy.

 

Appendix: SDK Directory

Sensors Analytics SDK

Company Information: Sensors Analytics

Information Collected and Purpose: Used to analyze crash information and optimize product experience;

Official website link: https://manual.sensorsdata.cn/sa/docs/tech_sdk_client_privacy_policy

BDASignal SDK

Company Information: ByteDance

Information Collected and Purpose: Device and storage information; used for providing advertisements;

Official website link: https://bytedance.larkoffice.com/docx/CgYBdVzoBogND2xv7PhcSfFNnyc

AppLovin SDK

Company Information: AppLovin Corporation

Information Collected and Purpose: Device and storage information; used for providing advertisements;

Official Website Link: https://www.applovin.com/privacy-cn/

Google Mobile Ads SDK

Company Information: Google LLC

Information Collected and Purpose: Device and storage information; used for providing advertisements;

Official website link: https://policies.google.com/privacy?hl=zh-CN

AppsFlyer SDK

Company Information: AppsFlyer Inc.

Information Collected and Purpose: Device and storage information; used for providing advertisements;

Official Website Link: https://www.appsflyer.com/legal/services-privacy-policy/

Firebase SDK

Company Information: Google LLC

Information Collected and Purpose: Used for analyzing crash information and optimizing the product experience;

Official website link: https://policies.google.com/privacy?hl=zh-cn