QiuYun Sports Privacy Policy
Effective date: 2026-05-05 | Last updated: 2026-05-12
Nanjing Lingdong Century Media Co., Ltd. ("we", "us", or "our") is the developer and operator of the QiuYun Sports mobile application (the "App"). We take your privacy and personal information protection very seriously and strictly comply with the Personal Information Protection Law (PIPL), Cybersecurity Law, and Data Security Law of the People's Republic of China. This Privacy Policy describes how we collect, use, store, disclose, and protect your information when you use the App. Please read this policy carefully before using the App; by tapping "Agree" or starting to use the App, you consent to the information handling practices described herein.
Developer Information
App Name: QiuYun Sports
Developer / Operator: Nanjing Lingdong Century Media Co., Ltd.
Registered Address: Nanjing, Jiangsu Province, China
Data Protection Officer Email: postmaster@nanjingld.top
Governing Jurisdiction: Nanjing, Jiangsu Province, People's Republic of China
App Name: QiuYun Sports
Developer / Operator: Nanjing Lingdong Century Media Co., Ltd.
Registered Address: Nanjing, Jiangsu Province, China
Data Protection Officer Email: postmaster@nanjingld.top
Governing Jurisdiction: Nanjing, Jiangsu Province, People's Republic of China
Key Points (summary — does not replace the full text)
- We do NOT sell your personal information, and we do not track you across apps for advertising or profiling
- We follow the minimum-necessary principle: this version does NOT request camera, microphone, photo library, or local-network permissions, and does NOT include any live video streaming, picture-in-picture, or DLNA / AirPlay casting features
- Match data, team rosters, and historical head-to-head statistics are public content provided by us and our licensed sports-data partners, unrelated to your identity
- You can update your profile or permanently delete your account anytime from "Me → Settings → Account & Security"
- Users under 14 years old are not allowed to register; users aged 14–17 should use under parental supervision
1. Information We Collect
1.1 Account Information
- Mobile phone number (primary credential for registration, login, and password recovery)
- Login password (stored only as a one-way bcrypt / SHA-256 + salt hash; cannot be reversed)
- User ID (assigned by our server), nickname, avatar, gender, birthday (optional)
- Session credentials (access / refresh token)
- Sign in with Apple credentials (when you tap "Sign in with Apple" on iOS): only the Apple-issued opaque user identifier and, if you actively share them, your name / email (you may use Apple's "Hide My Email" relay, in which case we receive only the
@privaterelay.appleid.comaddress)
1.2 Match & Usage Behavior
- Matches and teams you follow; subscription history
- Usage records of the three AI features (AI Chat / AI Sports analysis tools / AI Live Analysis; collectively referred to as "AI data analysis" below) — queried matches and call count, for quota settlement and abuse prevention; disclosure of the third-party LLM API call is in §3.9
- Virtual currency (Ball-Gems) top-up and consumption records (used only for AI data-analysis services; NOT for tipping or gifts)
- Match-detail chat-room text messages, report and block (mute) actions
1.3 Device Information
To identify your device, prevent malware and fraud, improve service security, and ensure operational quality and efficiency, we and the third-party SDK we integrate (Umeng+ U-APM) collect the following device information only after you tap "Agree" to this Privacy Policy:
- Device hardware: device model, brand, manufacturer, CPU type, memory size, screen size and resolution, OS type and version, system language, time zone
- App & channel info: app version, install channel (store / promotion source), bundle ID / package name
- Network info: current network type (WiFi / cellular), carrier name (no phone number), IP address (transient during requests; not persisted long-term)
- Device identifiers (used for anti-fraud, anti-abuse and statistical deduplication; all are anonymous / de-identified and never linked to your real-world identity):
- Android ID (Android platform; a 64-bit string generated by the OS on first boot; collected by Umeng+ U-APM SDK for statistical deduplication, crash attribution, and anti-abuse device fingerprinting)
- OAID (Android 10+, anonymous advertising identifier provided by MSA SDK; resettable by user in system settings)
- IDFV (iOS only; Apple's vendor-scoped opaque identifier; reset when all apps from the same developer are uninstalled)
- Umeng device ID (UmengID / UMZID) (a second-level de-identified hash generated locally by the Umeng SDK from the above fields)
- Push tokens: iOS uses Apple APNs (device token may be sent to our servers when you enable notifications). The currently published Android build does not bundle Xiaomi / OPPO / Huawei / Honor vendor push SDKs or Google FCM client libraries, so no Android vendor / FCM push token is registered with our backend.
About Android ID:
- Android ID is randomly generated by the Android OS on first boot and is reset upon factory reset; different apps may receive different Android IDs (since Android 8.0 it is scoped per app signature + user).
- The App reads Android ID via the Umeng+ U-APM SDK (com.umeng.commonsdk) solely for device-level crash attribution, ANR monitoring, DAU / MAU deduplication, and anti-abuse device fingerprinting.
- Timing: Collected only after you tap "Agree" to this Privacy Policy and the SDK has been initialized; not collected before your consent and not collected again in silent / background states.
- Transmission & storage: The collected Android ID is transmitted over HTTPS / TLS to Umeng servers in Mainland China; it is not linked to your name, ID number, or phone number.
The App does NOT collect:
- IMEI / IMSI / SUPI / SUCI / ICCID: Neither the App nor any integrated SDK reads these; the
READ_PHONE_STATEpermission is not declared in AndroidManifest.xml. - Device MAC address: The system returns a randomized value on iOS and Android 10+; the App does not actively call
WifiInfo.getMacAddress()/NetworkInterfaceAPIs; Umeng+ U-APM SDK in compliant 9.5.0+ versions also no longer reads the real MAC. - Installed app list: Neither the App nor any integrated SDK calls
PackageManager.getInstalledPackages()/getInstalledApplications(); theQUERY_ALL_PACKAGESpermission is not declared in AndroidManifest.xml. - Precise GPS location: The App does not request location permission (
ACCESS_FINE_LOCATION/ACCESS_COARSE_LOCATIONare not declared). - Contacts / call logs / calendar / SMS / fitness / step counts: The App does not request the corresponding permissions.
1.4 Media Files
This version does NOT collect any media files. The match-detail chat-room only supports plain-text messages.
1.5 Payment & Transaction Information
The current version (QiuYun Sports iOS / Android) does NOT open any virtual-currency top-up entry. When iOS top-up is enabled in a future release it will be processed exclusively through Apple In-App Purchase (IAP); when Android top-up is enabled it will go through the corresponding store billing channel (Google Play Billing / Huawei IAP, etc.). The App is currently not integrated with any third-party payment SDK such as WeChat Pay, Alipay, or UnionPay. Free Ball-Gem balance lookups and AI-service consumption ledgers continue to work and are handled as follows:
- Balance change records (claim, consume) — timestamp and amount only, used for billing display and abuse prevention
- The App never touches bank card numbers, CVV / CVC codes, or payment passwords
We never touch payment credentials: when Apple IAP is enabled in a future release, all payment credentials (bank card numbers, expiry dates, CVV / CVC, passwords) are collected by Apple within its own client and sent to Apple's own servers. The App and our backend never receive, store, or transmit these credentials.
2. Device Permissions
The App requests the permissions below. You may enable or disable them anytime in system settings; even if you decline all, you can still browse match data, schedules, and news.
| Permission | Purpose | Trigger | Required? |
|---|---|---|---|
| Internet | Fetch matches, AI data analysis, chat-room text messages | On launch; mandatory | Yes |
| Notifications | Match kickoff alerts, goal notifications, top-up receipts, system announcements | Prompted at first launch | No |
| Install Unknown APK (Android non-store channel) | In-app upgrade | When you tap "Update Now" after download | No |
This version does NOT request the following permissions:
Camera, Microphone, Photo Library (read / write), Local Network (Bonjour / mDNS) scan, Picture-in-Picture, Floating Window, Background Audio, Wake Lock (keep screen on). The App does NOT include any live video streaming, anchor live rooms, picture-in-picture, DLNA / AirPlay casting, floating window, or any other audio / video playback or capture features.
2.1 Background Behavior
| Activity | Data | Explanation |
|---|---|---|
| Receive push notifications | Push token, notification payload | iOS: OS + APNs. Android (current shipping build): vendor / FCM push SDK not packaged, so remote push stacks above do not execute; notifications may still be shown via local/OS channels when permitted. |
In the background the App will never:
- Collect GPS location or do geo-fencing
- Scan, read, or upload your photo library, contacts, SMS, or call logs
- Read IMEI / IMSI / SUPI / SUCI or other hardware telephony identifiers; not actively read device MAC address
- Enumerate installed apps (the
QUERY_ALL_PACKAGESpermission is not declared) - Track user behavior across other apps or build ad profiles
- Record audio or start the camera (this version does not request these permissions)
- Perform any background audio / video decoding or playback
- The Umeng+ U-APM SDK does NOT collect Android ID / OAID / IDFV again in background / silent states: these anonymous identifiers are collected only once, in the foreground, after you have agreed to this Privacy Policy and the SDK has initialized; background only contains necessary crash / ANR reporting.
3. Third-Party Services and SDKs
To provide stable and rich features, subject to your consent, the App integrates the following third-party SDKs. We require each third-party SDK provider to protect your personal information in accordance with applicable laws and to be independently responsible for its own processing activities.
3.0 Sensitive Personal Information Compliance Table (14 Categories)
In line with China's Personal Information Protection Law and related MIIT regulations, the following is the summary of how the App and its SDKs collect the 14 categories of sensitive personal information:
| Information Type | Collected? | SDK / Feature | Purpose | Handling |
|---|---|---|---|---|
| IMEI | No | — | — | — |
| IMSI | No | — | — | — |
| SUPI | No | — | — | — |
| SUCI | No | — | — | — |
| Device MAC | Not actively collected (randomized on iOS and Android 10+; ACCESS_WIFI_STATE for MAC reading is not declared in AndroidManifest.xml) |
— | — | — |
| Android ID (anonymous device identifier) | Yes (collected by Umeng+ U-APM SDK after your consent) | Umeng+ U-APM SDK (com.umeng.commonsdk + com.umeng.analytics) | Device-level crash attribution, ANR monitoring, DAU / MAU deduplication, anti-abuse device fingerprinting | Collected only after your consent; HTTPS / TLS encrypted to Umeng servers in Mainland China; not linked to your real-world identity; not used for ad profiling |
| OAID (anonymous advertising identifier) | Yes (Android 10+ only, via MSA SDK) | Umeng+ U-APM SDK + MSA OAID SDK | Same as Android ID (combined for dedup; OAID is user-resettable) | Same as above |
| IDFV (vendor identifier) | Yes (iOS only) | Umeng+ U-APM SDK | Equivalent deduplication on iOS | Provided by iOS; reset when the App is uninstalled; HTTPS encrypted |
| Installed app list | No (QUERY_ALL_PACKAGES permission is not declared; neither the App nor any SDK calls PackageManager.getInstalledPackages()) |
— | — | — |
| GPS location | No | — | — | — |
| Contacts | No | — | — | — |
| Call logs | No | — | — | — |
| Calendar | No | — | — | — |
| SMS | No | — | — | — |
| Phone number | Only when user manually enters it for registration / login | Our server + SMS gateway (Aliyun / Ronglian) | Send verification SMS | HTTPS to our server, then server-to-gateway via encrypted REST API |
| Photos / images | No (this version does not request photo-library permission; chat-room is text-only) | — | — | — |
| Audio / video | No (this version does not request microphone / camera permission; chat-room is text-only) | — | — | — |
Declarations:
- Identifiers marked "Yes" above (Android ID / OAID / IDFV) are all collected by the Umeng+ U-APM SDK only after you tap "Agree" and the SDK has initialized. They are not collected before your consent, not collected again in silent / background states, not linked to your real-world identity, and not used for ad profiling or cross-app user portraits.
- Items marked "No" are not collected, stored, or transmitted by the App or any integrated SDK in any run-time phase (foreground / background / silent).
- Items marked "Only when actively triggered" are accessed only when you explicitly tap the corresponding feature; nothing happens in the background.
3.1 SDK Summary Table
The "Platform" column indicates on which OS each SDK is actually packaged and runs. SDKs marked as "Android only" do NOT ship inside the iOS ipa.
| SDK | Platform | Provider | Collected Data | Purpose | Privacy Policy |
|---|---|---|---|---|---|
| Umeng+ U-APM (analytics + APM only) | iOS + Android | Beijing Ruixun Lingtong Tech. Co., Ltd. + Umeng+ TongXin (Beijing) Technology Co., Ltd. | Device model / brand / manufacturer, CPU type, memory, screen size, OS version, language, time zone, network type and carrier, app package name, app version, install channel, Android ID, OAID (Android 10+), IDFV (iOS), Umeng device ID (UmengID / UMID / UMZID), crash stack, ANR, page paths and dwell time, app launch / custom business events | Identify device ID for anti-fraud and anti-abuse, improve service security, DAU / MAU statistics, crash / ANR monitoring, performance data | View |
| RongCloud IM SDK | iOS + Android | Beijing RongCloud Network Technology Co., Ltd. | Match-room text-only messages, room ID, RongCloud userId, timestamps (no images / voice / video) | Match-detail chat-room (text only) | View |
| Baidu ERNIE Bot API (Wenxin Yiyan / Beijing-WenXinYiYan-20230821) | iOS + Android (server-side only; the client does NOT bundle any Baidu SDK) | Beijing Baidu Netcom Science Technology Co., Ltd. (Baidu AI Cloud) | Text content you actively type into the AI data-analysis feature (e.g. questions to the AI assistant, public match IDs you query) and prompts assembled by our backend from public match statistics; NO phone number, device IDs, IP, chat-room messages, follow lists, or any account / social data are forwarded to Baidu | LLM inference for the AI data-analysis feature (conversational Q&A and neutral reference analysis derived from public match statistics) — outputs are for fan reference only and do NOT constitute betting advice | View |
| Sign in with Apple (sign_in_with_apple) | iOS only | Apple Inc. | Apple opaque user identifier; optional name / email you choose to share at the Apple consent screen (you may select Apple's "Hide My Email" relay) | iOS Apple Sign In (Guideline 4.8 compliance) | View |
| APNs | iOS only | Apple Inc. | APNs device token, notification payload | iOS push | View |
| Dio | iOS + Android | Open-source Flutter package | API payload | Communicate with our backend | — |
| cached_network_image / flutter_svg | iOS + Android | Open-source Flutter package | Image URL + bytes (local cache only) | Cache avatars, crests, posters | — |
| GetStorage / sqflite / Flutter Secure Storage | iOS + Android | Open-source Flutter package | Preferences, login token, local IM message cache (managed by RongCloud), AI session history | Local-only key-value / SQLite storage; never uploaded | — |
| device_info_plus / package_info_plus | iOS + Android | Open-source Flutter package | Device model, OS version, app version | Environment info in headers | — |
| share_plus | iOS + Android | Open-source Flutter package | Shared text / URL | Invoke system share sheet | — |
| install_plugin | Android only (iOS uses App Store updates) | Open-source Flutter package | APK path | Android in-app upgrade | — |
| permission_handler | iOS + Android | Open-source Flutter package | System permission status (only notification permission is requested) | Read / write notification authorization status; collects no user data | — |
| url_launcher / connectivity_plus / path_provider / flutter_native_splash, etc. | iOS + Android | Open-source Flutter package | No user data collected | External-link opening / network status / file path / launch screen utilities | — |
3.2 Umeng+ U-APM (Analytics + Application Performance Monitoring)
- SDK name: Umeng+ U-APM (Umeng analytics SDK
com.umeng.analytics+ Umeng common base librarycom.umeng.commonsdk+ Application Performance Monitoring / crash monitoring) - Flutter wrapper:
fl_umeng+fl_umeng_apm - Third-party recipient: Beijing Ruixun Lingtong Technology Co., Ltd. (Umeng+) + Umeng+ TongXin (Beijing) Technology Co., Ltd. (Umeng+ Mobile Analytics)
- Purpose:
- Identify your device ID to prevent malware and fraud
- Improve service security and operational quality
- Compute DAU / MAU and page conversion paths
- Monitor app crashes (Crash), ANR (application not responding), and freezes
- Collect performance and stability data to optimize app quality
- When data is collected: Only after you tap "Agree" in the privacy-policy consent dialog and the App calls
FlUMeng().init()to initialize the SDK; afterwards the SDK collects events on each page you visit (match list, match detail, AI analysis, Mine tab, etc.). - Sharing method: Local collection by the SDK on your device + HTTPS / TLS encrypted upload to Umeng servers. The App does not hold the Umeng-side raw data store and does not re-share with any other third party.
- Information collected / shared (itemized disclosure):
- Device hardware: device model, brand, manufacturer, CPU type, memory size, screen size and resolution, OS type and version, system language, time zone
- Network info: network access state, WiFi state, current network type (WiFi / cellular), carrier name
- Device identifiers: Android ID, OAID (Android 10+), IDFV (iOS), Umeng device ID (UmengID / UMID / UMZID)
- App info: app package name, app version, install channel (only for our App; NOT the list of other apps on your device)
- Event info: app launch events, page visit paths and dwell time, custom de-identified business events (login, signup, follow, AI invocation, etc.)
- Diagnostic info: crash stack, ANR stack, error logs
- Account linking: login / logout events (only the user_id assigned by our backend; NOT your phone number or password)
- NOT collected / NOT shared:
- NOT collecting IMEI / IMSI / SUPI / SUCI / ICCID
- NOT actively reading device MAC (system returns randomized value on iOS / Android 10+; Umeng 9.5.0+ compliant versions no longer read the real MAC)
- NOT collecting the installed-app list (
QUERY_ALL_PACKAGESpermission is not declared) - NOT collecting GPS location, contacts, SMS, call logs, calendar, photos, clipboard
- NOT reading your phone number, password, chat-room messages, friend graph
- Compliance integration: Before you tap "Agree" we do NOT call
FlUMeng().init(); the SDK is not loaded and no information is read.SdkInitializer._initUmengSdk()is invoked only afterSplashViewModel.agreePrivacy()succeeds. - NOT included: The App does NOT integrate Umeng U-Push (push notifications), U-Link (deep-link / invitation), or U-Share (one-tap share). Android vendor push / FCM is not in the published APK (see §3.3).
- Privacy policy: https://www.umeng.com/page/policy (Umeng+ Privacy Policy)
- SDK personal-information collection list: Umeng SDK Personal Information Collection List
- Data location: Mainland China (Umeng servers located in Beijing)
3.9 Baidu ERNIE Bot API (Wenxin Yiyan LLM · powering the AI data-analysis feature)
Generative-AI algorithm filing (per PRC Interim Measures for the Management of Generative AI Services, Provisions on Algorithm Recommendation, and Provisions on Deep Synthesis):
- Algorithm name:
Beijing-WenXinYiYan-20230821(Baidu Wenxin Yiyan / ERNIE Bot generative-AI algorithm) - CAC algorithm filing No.:
网信算备110108645502801230043号 - Filing entity: Beijing Baidu Netcom Science Technology Co., Ltd.
- Algorithm purpose: conversational Q&A, text generation, knowledge reasoning
- Cooperation model: The App, through a formal commercial agreement with Baidu AI Cloud, calls the ERNIE Bot LLM via Baidu's official Qianfan platform API. We act solely as an API consumer; we do NOT participate in training the model and do NOT hold any model weights.
- Integration mode: The client does NOT bundle any Baidu SDK. User input from the AI data-analysis feature is forwarded by our backend over HTTPS to Baidu Qianfan (
aip.baidubce.com/qianfan.baidubce.com); the client never communicates directly with Baidu servers. - Provider: Beijing Baidu Netcom Science Technology Co., Ltd. (Baidu AI Cloud)
- Data forwarded to Baidu:
- Conversation text you actively type into the AI data-analysis feature
- Public match identifiers you query (match IDs, league IDs, team IDs)
- Prompts our backend assembles from public match statistics (with a query timestamp)
- Never forwarded: The App will never forward to Baidu your phone number, password, login token, device identifiers (IDFV / OAID / UmengID), IP address, location, chat-room messages, follow lists, friend graph, order / top-up records, or any account / social data.
- Use case: LLM inference for the following three AI features. Outputs from each feature are for fan reference only and do NOT constitute betting, gambling, investment, medical, legal, or any form of decision-making advice:
- AI Chat (conversational Q&A): open-domain Q&A about sports events, players, tactics, and rules. Every reply is rendered with a persistent banner saying "AI-generated content. For reference only."
- AI Sports analysis tools (data prediction): neutral reference outputs (handicap / win-draw-loss / score / total goals / parlay, etc.) derived from public match statistics for a given match. Each result page carries a persistent banner saying "Data analysis is reference only · not a basis for decision-making."
- AI Live Analysis (match-detail streaming): on the match-detail page, neutral reference analysis (strength comparison, data trends, risk hints, etc.) generated from public match statistics. The page header always shows "AI analysis is based on public data and is for reference only — not advice", and a one-time disclaimer dialog is enforced on first entry; the user must explicitly tap "Agree" to continue.
- Transport: HTTPS / TLS 1.2+ between our backend and Baidu Qianfan API. Baidu processes the request text and generated outputs under its ERNIE Bot User Agreement and Baidu AI Cloud Terms.
- Content moderation: Both inbound user input and outbound model output go through dual content-safety review (our backend keyword filter + Baidu's official moderation: politics, pornography, gambling, terrorism, violence, minors-protection, etc.). Non-compliant content is replaced with a safety notice.
- Data residency: Baidu AI Cloud Mainland China data centers (Beijing / Baoding); no cross-border data transfer.
- Retention: Baidu retains API call logs per its platform default (typically 30–90 days for observability and compliance audit). Our server retains AI invocation records for 90 days, then anonymized aggregated.
- Your rights: Wipe local AI history at "Me → Settings → AI History → Clear". To request deletion of historical conversation text from log records, email postmaster@nanjingld.top.
- Baidu official documents:
Notice on AI-generated content (per PRC Interim Measures for the Management of Generative AI Services, Articles 14 & 15):
- The App provides three AI features: AI Chat (conversational Q&A), AI Sports analysis tools (data prediction), and AI Live Analysis (match-detail streaming). Outputs from all three are generated by the Baidu ERNIE Bot LLM, do NOT represent the views of this App, and may contain factual errors, knowledge cut-off limitations, or reasoning bias.
- Outputs from all three AI features are for fan discussion and entertainment reference only; none of them constitute betting advice, gambling information, or investment / medical / legal / decision-making advice. Do NOT use any of these outputs for gambling or any unlawful purpose.
- Sports outcomes are inherently uncertain. AI Live Analysis and AI Sports analysis tools do NOT guarantee the result of any match (winner, score, handicap, total goals, etc.); any decision you make based on these outputs is at your own risk.
- Each AI surface in the App carries a persistent disclaimer banner; AI Live Analysis additionally enforces a first-entry disclaimer confirmation dialog. You may clear local AI history anytime at "Me → Settings → AI History → Clear".
- If you encounter unlawful, false, or rights-infringing content from any of the three AI features, file a report via "Me → Feedback" or postmaster@nanjingld.top; we will respond within 7 business days and forward the report to Baidu.
4. How We Use Your Information
- Core service: registration / login, match data, the three AI features (AI Chat (conversational Q&A), AI Sports analysis tools (data prediction), AI Live Analysis (match-detail streaming)), match-detail text chat-room, virtual-currency (Ball-Gems) top-up and AI service settlement (see §3.9 for the third-party LLM API disclosure)
- Match and schedule information: show public fixtures and matches for teams or leagues you actively follow in the App (NOT for cross-app targeted advertising).
- Account security: detect suspicious login, prevent account takeover
- Customer support: respond to inquiries, handle refund requests, process abuse reports
- App improvement: analyze crashes and performance (via Umeng U-APM)
- Legal obligations: cooperate with lawful requests from regulators / judicial authorities
Our Commitments:
- We never sell your personal information
- We never build cross-app ad profiles
- We never read your chat-room messages, follow lists, or order history to train AI models. All three AI features (AI Chat / AI Sports analysis tools / AI Live Analysis) rely on a duly-filed third-party LLM API for inference; only text you actively type and public match data are forwarded. See §3.9 for the full integration disclosure, algorithm filing number, and content-safety review process.
- Outputs from all three AI features (AI Chat / AI Sports analysis tools / AI Live Analysis) are for analytical and entertainment reference only and do NOT constitute betting, gambling, investment, medical, legal, or any form of decision-making advice
- We never show payment prompts or virtual-currency upsells to users identified as minors
5. Data Storage & Security
5.1 On-device
- Login tokens are encrypted in iOS Keychain / Android Keystore
- Match cache and images live in the App sandbox; clear from "Me → Settings → Clear Cache"
- RongCloud IM cache is stored locally and wiped on logout
5.2 Server-side
- Account, profile, orders, follows are stored in our Mainland China cloud infrastructure
- Protected by WAF, DDoS mitigation, DB encryption, access auditing
- Chat messages are hosted on RongCloud with its default retention policy
5.3 Security Practices
- All network traffic uses HTTPS / TLS 1.2+
- Passwords are one-way hashed; not recoverable by anyone
- Sensitive APIs use signature + timestamp anti-replay
- Regular penetration testing, code audits, third-party compliance reviews
- Operated in accordance with China's Multi-Level Protection Scheme
6. Data Retention
| Data Type | Retention |
|---|---|
| Account info | Until you delete the account; purged within 7 days thereafter (save legal retention) |
| Session tokens | 30 days default; invalidated on logout |
| Top-up / orders | 3–5 years (PRC e-Commerce & Accounting Laws) |
| Chat messages | 7–30 days on RongCloud; report records kept 6 months |
| AI data-analysis call records | 90 days, then anonymized aggregated |
| Crash logs (Umeng U-APM) | 30 days (Umeng default) |
| Push tokens | iOS APNs: managed by Apple; bindings on our servers are cleared on unlink / logout as applicable. Android (current shipping build): no vendor / FCM push token is persisted for remote push SDKs. |
7. Data Sharing, Transfer, and Disclosure
We do not sell your personal information. After you tap "Agree" to this Privacy Policy, in accordance with Article 23 of the PRC PIPL, we share your information with the third parties below only within the necessary, minimum, and explicit scope. Each sharing relationship is itemized in §3 with the recipient, fields shared, purpose, and the third party's own privacy policy link.
- SDK partners (data recipients):
- Umeng+ U-APM (Beijing Ruixun Lingtong Technology Co., Ltd. + Umeng+ TongXin (Beijing) Technology Co., Ltd.) — shared: device model / brand / manufacturer, network type and carrier, Android ID, OAID, IDFV, Umeng device ID (UmengID), app package / version / channel, crash stack, ANR, page paths, app launch / login / signup de-identified events — used for device-ID-based anti-fraud, DAU / MAU statistics, crash / ANR monitoring, performance data (see §3.2)
- RongCloud IM (Beijing RongCloud Network Technology Co., Ltd.) — shared: chat-room text messages, room ID, RongCloud userId, message timestamps — used solely for match-detail text chat (see §3.4)
- Baidu AI Cloud Qianfan API (ERNIE Bot LLM) (Beijing Baidu Netcom Science Technology Co., Ltd.) — forwarded by our backend; the client does not share directly — shared: text you actively type into AI features and public match IDs you query (see §3.9)
- Apple Inc. (iOS only) — shared: APNs device token (for push), Apple Sign In opaque user identifier (for login) — see §3.5 / §3.6
- Payment providers: the current version does NOT integrate any third-party payment SDK; when iOS top-up is enabled in a future release, only Apple In-App Purchase (IAP) is used and only order ID / amount will be exchanged with Apple (no card credentials)
- SMS providers: your phone number (for verification codes only)
- Cloud / CDN vendors as data processors acting on our instructions
- Regulators and judicial authorities upon lawful request
- Successors in interest with notice and obligation to honor this policy
8. Cross-Border Data Transfer
Core services are hosted in Mainland China. Cross-border scenarios:
- Apple APNs — push tokens transit Apple's global infrastructure (iOS only)
- Android push (vendor SDKs / FCM): the shipping Android app does not bundle these client SDKs for remote delivery, therefore this channel does not move push tokens/payload to Google/vendor clouds from the client.
- Overseas usage — accessing the App outside China involves cross-border traffic
Transfers comply with PRC PIPL Chapter III; where required we sign Standard Contractual Clauses or complete regulatory filings.
9. Your Rights
- Access / review in "Me → Account Settings"
- Correction of profile fields
- Deletion / account closure in "Me → Settings → Delete Account"
- Withdraw consent: turn off notifications in system settings; manage notification categories under "Me → Settings → Notifications (push)"
- Data portability: email postmaster@nanjingld.top; we respond within 15 business days
- Lodge a complaint with CAC (cac.gov.cn), MIIT, or local regulator
9.1 How to Delete Your Account
- Open QiuYun Sports
- Go to "Me → Settings → Account & Security → Delete Account"
- Complete SMS verification and confirm
- Profile, follows, and AI data-analysis call records purged within 7 days; completed orders retained 3–5 years per law
10. Children's Privacy
Age gate: Users under 14 are NOT permitted to register or use the App. Users 14–17 must use under parental supervision. Accounts identified as under 14 will be suspended and data deleted.
The App does not include any tipping, gift, or anchor live-streaming features; the virtual currency (Ball-Gems) is used only for in-app purchase of AI data-analysis services. We do not push payment prompts or upsells to accounts identified as minors. If a minor has made unauthorized purchases, the guardian may apply for a refund via postmaster@nanjingld.top.
11. Cookies & Similar Technologies
As a native app we do not use browser cookies. Our in-app H5 campaigns may use localStorage for login tokens and campaign progress, released when the page is closed.
12. Policy Changes
- Non-material changes: updated "Last updated" date at the top
- Material changes: in-app banner / push / email 7 days in advance; we will ask you to re-consent
13. Governing Law
This policy is governed by the laws of the Mainland of the People's Republic of China (excluding Hong Kong SAR, Macau SAR, and Taiwan region). Disputes are submitted to the competent people's court of Nanjing, Jiangsu Province.
14. Contact Us
App: QiuYun Sports
Developer: Nanjing Lingdong Century Media Co., Ltd.
Data Protection Officer Email: postmaster@nanjingld.top
In-app support: "Me → Help & Feedback"
We will respond within 15 business days.
See also: QiuYun Sports Terms of Service