1. Introduction
CNDLive (“we”, “us”, or “our”) is committed to protecting your privacy. This policy outlines how we collect, process, store, and disclose your personal data through live stream and related platforms (collectively, “Services”). By using our Services, you consent to the practices described herein.
2. Scope of Data Collection
2.1 Directly Provided Data
- Identity verification: Name, email, phone number, physical address;
- Account credentials: Usernames, passwords, third-party authentication tokens (e.g., social media accounts);
- Transaction records: Order history, payment details, invoices.
2.2 Automatically Collected Data
- Device metadata: IP address, device model, OS version, unique device identifiers (UDID/IMEI);
- Usage analytics: Timestamps, feature engagement rates, error logs;
- Geolocation data: Collected only with explicit user consent via device permissions.
2.3 Third-Party Sources
- API integrations: Configuration data from platforms like YouTube Live and Facebook Live through OAuth authorization;
- Public databases: Corporate registration records, open-source social media profiles.
3. Purposes of Data Processing
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Account registration | Name, email, phone number | Contractual necessity |
| Service functionality | Device metadata, API tokens | Explicit consent |
| Security monitoring | IP addresses, access logs | Legal obligations |
| Service optimization | Usage analytics, feedback | Legitimate business interests |
4. Data Sharing & Transfers
4.1 Recipient Categories
- Vendors: Cloud providers (AWS/Google Cloud), payment gateways (Stripe/PayPal), bound by Data Processing Agreements (DPAs);
- Legal compliance: Disclosure to authorities under valid court orders or regulatory requests.
4.2 Cross-Border Transfers
- Implement EU Standard Contractual Clauses (SCCs) and EU-U.S. Data Privacy Framework (DPF) certifications for international data flows.
5. Security Measures
- Technical safeguards: AES-256 encryption for data at rest, TLS 1.3 for in-transit protection;
- Access controls: Role-based access (RBAC), quarterly penetration testing;
- Breach response: Notification to regulators within 72 hours of identifying significant incidents.
6. Your Rights
You may exercise the following rights via [designated portal/email]:
- Access & Portability: Request a copy of your data in structured formats (JSON/CSV);
- Rectification & Erasure: Correct inaccuracies or delete non-essential data (processed ≤24 hours);
- Objection & Restriction: Opt out of specific processing activities (e.g., marketing emails).
7. Special Provisions
- Children under 13: Prohibit usage without parental consent, with dedicated guardian contact channels;
- Third-party integrations: YouTube/Facebook API data encrypted locally and never stored on our servers.
8. Policy Updates
- Notify changes through website banners and registered email alerts;
Contact Information
Data Protection Officer: [email protected]
Postal Address: 3rd&5th Floor, Building 7, Xinhua Industrial Building, Shekou, Nanshan District, Shenzhen, Guangdong Province, China