目录

1. 我们如何收集与使用个人信息
2. Cookie/本地存储与同类技术
3. 我们如何委托处理、共享、转让与公开披露个人信息
4. 个人信息的存储地点、期限与跨境传输
5. 我们如何保护您的个人信息
6. 您的权利及其行使（访问、更正、删除、限制/拒绝处理、撤回同意、数据可携、账号注销、自动化决策相关权利）
7. 未成年人个人信息保护
8. 第三方网站/服务链接
9. 本政策的更新与通知
10. 如何联系我们
11. 术语与定义
12. 附件 A：个人信息收集清单（按功能场景）
13. 附件 B：第三方信息共享清单（SDK/合作伙伴）
14. 附件 C：权限使用与调用场景（iOS/Android）
15. 附件 D：数据留存与删除策略矩阵
16. 附件 E：数据主体请求模板（访问/删除/可携/撤回）

1. 我们如何收集与使用个人信息

1.1 处理原则

1.2 账号注册与登录

• 信息类型：手机号/邮箱、验证码；第三方登录（微信（如启用））的账号标识；密码（加密存储）；昵称、头像（可选）。
• 处理目的：创建与验证身份、登录安全、找回密码、账户安全审计与客服支持。
• 法律依据：履行合约或合约前措施；为保障账号与平台安全之必要。根据法律法规要求，您在发布信息（如社区评论）前，我们需要对您的手机号进行验证以完成实名认证。

1.3 设备绑定、蓝牙/Wi‑Fi 配网与控制

• 信息类型：蓝牙扫描信息（设备名、MAC/随机标识、信号强度）、设备 SN/UUID、固件与硬件版本、网络配置信息（仅用于将设备接入网络）、设备状态（电量/温度/料仓/故障码）、遥控指令与操作日志（含急停）、OTA 升级记录。
• 处理目的：连接/配对与控制发球机/配件、提升稳定性、远程诊断与售后、固件升级与安全告警。
• 法律依据：履行合约之必要；保障设备/服务安全之必要；合法权益（安全与质量）。

1.4 训练参数、实时数据与训练报告

• 信息类型：您设定的训练模式与参数（速度/旋转/频率/球数/NTRP 等）、训练过程产生的时序指标与事件日志、热力与落点数据（如由视觉/传感器生成）、训练结果与可分享海报。
• 处理目的：实现训练功能、生成报告、历史统计与对比；您自愿分享时用于社区展示。
• 法律依据：履行合约之必要；分享/公开展示基于您的选择与同意。

1.5 视觉/AI 动作分析（可选）

• 信息类型：相机/相册/麦克风权限；您上传或录制的视频/音频（可能包含面部图像、身体姿态与背景环境）将在App内授权后，由模型产生的关键点/姿态轨迹、评分与建议；设备/网络状态用于故障排查。
• 处理目的：为实现AI动作分析和个性化训练报告功能，我们需要调用您的摄像头权限并收集您的运动视频。该过程中可能涉及您的面部特征、体态特征等敏感个人信息。我们将仅在您开启该功能并给予单独同意后进行处理。相关数据将在分析完成后按约定存储，仅保留经去标识化处理后的分析报告数据。
• 法律依据：您的明示同意；您可随时撤回，不影响撤回前的处理。

1.6 地图与定位（可选）

• 信息类型：粗略或精确定位、IP 派生城市、定位相关设备标识；可能包含后台定位（仅当您在系统层授权且确为实现功能所需）。
• 处理目的：约场、附近活动与“约球”地图、排行榜的距离排序、路线与到店导航。
• 法律依据：您的明示同意（系统弹窗授予）。

1.7 健康与运动数据对接（可选）

• 信息类型：来自 Apple 健康/华为健康等平台的步数、心率、卡路里、运动时长等（以您授权的具体范围为准）。
• 处理目的：运动统计与趋势、排行榜（自愿开启）、个性化训练建议。
• 法律依据：您的单独同意；您可在系统/平台侧随时撤回授权。

1.8 社区与互动（可选）

• 信息类型：您发布的笔记/图片/视频、评论/点赞/收藏、话题与地理标签（如您主动添加）、UGC 元信息；违规处置/侵权投诉相关记录。
• 处理目的：内容发布与展示、互动交流、社区治理与秩序维护。
• 法律依据：履行合约之必要；遵守法律义务（处理侵权与违法内容）。

1.9 通知与客服

• 信息类型：推送 Token、设备与系统消息类别、站内信、客服工单记录、通话录音（在法律允许且提示后）。
• 处理目的：设备状态/报告完成/活动提醒、服务联络与质量跟踪。
• 法律依据：履行合约之必要；对营销/活动类通知基于您的同意（可在设置中管理）。

1.10 日志、风控与合规

• 信息类型：崩溃日志、性能指标、异常行为日志、反作弊与防滥用模型产生的标记（不用于对您作出不利的自动化决策）。
• 处理目的：安全与防欺诈、稳定性改进、合规审计与争议举证。
• 法律依据：合法权益（安全与质量）；遵守法律义务。

1.11 自动化决策/画像（如适用）

2. Cookie/本地存储与同类技术

3. 我们如何委托处理、共享、转让与公开披露个人信息

3.1 委托处理

3.2 共享

• 与关联公司协同提供或改进服务（仅为实现本政策所述目的）；
• 与第三方合作伙伴（含 SDK）：地图、推送、统计/崩溃、短信与本机号登录、视频与直播、云存储、支付、第三方登录、健康平台对接等（关于我们与之共享数据的第三方SDK及合作伙伴的具体名称、联系方式及处理类型，请务必查阅《附件B：第三方信息共享清单》。该清单为本政策不可分割的一部分）；
• 法律法规、诉讼/仲裁或监管部门依法提出要求；
• 为保护您、我们或公众的生命财产安全而在紧急情况下需要共享的。

3.3 转让

3.4 公开披露

3.5 例外情形

4. 个人信息的存储地点、期限与跨境传输

• 存储地点：数据将按业务发生地就近存储；中国大陆用户数据原则上在境内存储。如需跨境提供，我们将单独征得您的授权同意并依适用法实施安全评估/标准合同等措施。
• 存储期限：基于最短必要原则（详见附件 D）。如法律另有规定，则按法定最长期限保存。
• 跨境传输：因全球化服务、容灾备援或境外供应链（如云存储/推送/统计）的需要而进行跨境传输时，我们将开展个人信息跨境影响评估并落实合同与技术保护措施，确保接收方提供不低于本政策的保护水平。

5. 我们如何保护您的个人信息

• 技术与组织措施：传输与存储加密（如 TLS、HTTPS、加密密钥管理）、权限分级与最小授权、零信任访问、双人复核、访问与操作审计、入侵防御与漏洞管理、代码安全/第三方依赖审计、数据脱敏与去标识化、定期渗透测试与应急演练、多活备份与灾备。
• 安全事件处置：一旦发生或可能发生个人信息安全事件，我们将按法律规定及时通知您事件事实、可能影响、已采取措施与自救建议，并按要求上报监管；在合理与可能范围内，我们将采取补救措施以降低风险。

6. 您的权利及其行使

6.1 自助路径

• 数据与权限中心：App 内路径 “我的 > 设置 > 隐私与安全” 提供权限管理、数据导出/删除；
• 账号注销：“我的 > 账户与安全 > 注销账号”；
• 健康/定位/相机等系统权限：可在设备系统设置中随时管理。

6.2 行使渠道

6.3 例外与拒绝情形

6.4 自动化决策相关权利

7. 未成年人个人信息保护

8. 第三方网站/服务链接

9. 本政策的更新与通知

10. 如何联系我们

• 数据保护邮箱：privacy@lumistar.ai
• 客服电话：400-8585-168（工作日 9:00–18:00）
• 通信地址：皓翊星辰（上海）机器人科技有限责任公司

11. 术语与定义

• 个人信息：以电子或其他方式记录的与已识别或可识别个人有关的各种信息，不包括匿名化处理后的信息。
• 敏感个人信息：一旦泄露或被非法使用，容易导致个人尊严受侵害或人身/财产安全受危害的信息（如精确定位、健康生理数据、未成年人信息、面部图像等）。
• 去标识化/匿名化：去标识化是通过技术处理使信息主体不可直接识别；匿名化是使信息不可再复原至特定个人的不可逆过程。

附件 A：个人信息收集清单（按功能场景）

为帮助您更清晰地了解我们在各项功能中处理您个人信息的情况，根据《中华人民共和国个人信息保护法》及相关国家标准的要求，我们特制定本按功能场景划分的个人信息收集清单。

核心原则：我们将遵循合法、正当、必要和诚信的原则，仅处理实现产品功能所必要的最小范围的个人信息。本清单未涵盖的场景，我们不会主动收集您的个人信息。

1. 共享原则：我们仅共享实现功能所必要的信息，且与合作伙伴签署数据保护协议，要求其依法保护用户信息。
2. 用户授权：在首次使用涉及共享信息的功能前，我们会通过弹窗或协议方式征得用户同意。
3. 用户权利：您可通过“我的-设置-账号与安全”查看和管理授权情况，或通过客服联系我们撤回授权。
4. 政策更新：本清单可能随业务调整而更新，更新后的版本将在App内发布并通知用户。

附件 B：第三方信息共享清单（SDK/合作伙伴）

为保障App功能的正常运行、提升用户体验、实现特定服务目的，我们可能会与第三方服务商共享部分必要的信息。本清单列出了App当前集成或可能调用的第三方SDK及合作伙伴信息，包括其收集的个人信息类型、使用目的及官方隐私政策链接。

附件 C：权限使用与调用场景（iOS/Android）

为保障本应用相关功能的实现与应用安全稳定运行，我们可能需要向您申请调用以下系统权限。请您知悉，我们不会默认开启这些权限，仅在您主动确认或在具体场景中根据提示开启后，才会在权限授权范围内处理您的信息。

1. 权限管理：您可以在设备的 【设置】>【隐私】>【权限管理】（或类似路径）中查看上述权限状态，并随时关闭或重新开启。关闭权限仅会影响对应功能，不会影响其他功能的使用。
2. 权限与信息：部分权限本身不直接收集个人信息，但结合其他操作可能获取。例如，开启“相机”权限后，我们仅在您主动拍照时获取照片信息。
3. 儿童隐私：我们非常重视对未成年人个人信息的保护。如果您是未满14周岁的儿童，请在您的父母或其他监护人的指导下使用我们的服务。
4. 政策更新：本清单可能会随功能更新而调整。若有重大变更，我们会在应用内通过显著方式通知您。

附件 D：数据留存与删除策略矩阵

为保障您的信息权益，我们制定了严格的数据留存期限与删除规则。本矩阵明确了不同数据类型在实现特定目的后，将被保留的时限以及删除方式。

1. 您可以通过以下方式行使您的权利，访问、更正与删除：：
   1. 在App内操作：对于个人资料、训练记录、社区内容等，您可以直接在【我的】、【训练报告】、【社区】等相关页面进行编辑或删除。
   2. 通过客服申请：对于无法直接操作删除的信息，或需要注销账户，您可以通过【我的】->【设置】->【帮助与反馈】联系我们，提出删除或注销请求。

1. LUMISTAR Privacy Policy（英文）

LUMISTAR Privacy Policy

1. Personal Information We Collect

2. How We Use Your Information

3. How We Disclose and Share Personal Information

4. Protection and Retention of Personal Information

5. Cross-Border Transfers of Personal Information

6. Managing Your Privacy Rights and Choices

7. About Cookies and Similar Technologies

8. Children’s Privacy We do not intend for our websites or app services to be used by, and do not knowingly collect information from, anyone under the relevant minimum age under applicable local law ("Children"). Additionally, we do not knowingly sell or share personal information of our customers under the age of 18 for targeted advertising purposes. If you are a parent or guardian and believe we may have collected information about your child without your consent, please contact us immediately as described in this Policy. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers and terminate the applicable account.
   Please note that the use of our hardware (Ball Machines) by minors should always be under the strict supervision of a guardian. While this Privacy Policy covers data, please refer to our User Manual and Safety Guidelines for physical safety requirements regarding minors.
9. Changes to Our Privacy Policy

10. Contact Us

1. What Data Do We Collect and Who Do We Share It With?

• Authorize synchronization with third-party health platforms (e.g., Apple HealthKit, Google Fit);
• Use the AI Motion Analysis feature; or
• Voluntarily provide it in your User Profile.

• Analyze your sports performance (e.g., swing speed, ball rotation);
• Provide technical coaching and correction suggestions; and
• Track your workout intensity.

• We do not use HealthKit data for advertising, marketing, or data mining purposes.
• We do not sell HealthKit data to third parties.
• We only share HealthKit data with third parties for medical research (with your explicit consent) or as required by law.

2. When/How Do We Collect Data?

• From you or a member of your household;
• From other individuals acting on your behalf, such as personal shoppers or assistants;
• From devices associated with you or a member of your household, including through Cookies, web beacons or similar technologies when you visit our websites or online applications or open our emails;
• Through technology we use in our apps;
• From third-party partners.

3. How Do We “Share” or “Sell” Your Data as Defined under Applicable Law?

4. Your Choices and Rights

• Opt out of Sale/Share/Disclose for Targeted Advertising:

• Targeted Advertising. As further discussed above you may opt-out of our use of Cookies and similar technologies for targeted advertising purposes by adjusting your "Privacy Settings" within our App.
• Marketing Communications. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or contacting us at support@lumistar.ai.
• Your Legal Rights. Some consumers (including job applicants located in California) may have additional rights with respect to their Data under applicable law, such as:
  • Right to access Data. You have the right to request that we disclose to you the categories of Data that we have collected about you, the categories of sources from which we collected your Data, the business or commercial purposes for collecting or “selling” or “sharing” your Data and the categories of third parties with whom we shared your Data. You may be entitled to receive the specific pieces of your Data we hold. In some jurisdictions you may also be entitled to receive a list of the specific third parties with whom we share Data.
  • Right to disclosure. You may be entitled to receive information regarding the categories of Data we collected, the sources from which we collected Data, the purposes for which we collected and shared Data, the categories of Data that we sold or shared and the categories of third parties to whom the Data was sold or shared, and the categories of Data that we disclosed for a business purpose in the 12 months preceding your request.
  • Right to correct Data. You have the right to request in certain circumstances that we correct any personal information that we, our vendors or service providers on our behalf, have collected directly from you.
  • Right to deletion. You may be entitled to request that we delete the Data that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep certain information, such as for our legitimate business purposes or to comply with applicable law.
  • Right to opt-out of sales or sharing of Data to third parties. You have the right to opt out of sales of your Data, as defined under applicable state privacy laws.   In addition, you have the right to opt of the sharing of Data for cross-contextual behavior advertising / targeted advertising purposes. The definitions of “sale” under applicable state privacy law is very broad and may include certain activities, including the use of website Cookies and similar tracking technologies for analytics and advertising purposes.
  • Right to use an authorized agent. You can designate an authorized agent to submit requests on your behalf. However, to protect your Data and in accordance with applicable state privacy laws, we will require written proof of the agent’s permission to do so and we will need to verify your identity directly.
  • Right to appeal. You have a right to appeal decisions concerning your ability to exercise your consumer rights.
  Please note that these rights may be limited under applicable laws. For example, we may need to retain certain Data for business purposes, to complete transactions you have requested, to comply with our legal obligations, or for other purposes as required or permitted by applicable law.
  If you wish to exercise your rights under applicable law, please contact us by [privacy@lumistar.ai ].
  Please note that we may require additional information from you in order to verify your identity and process your request. we will not discriminate against you because you exercise any of the consumer rights described in this section.

5. Contact Us

1. You may vary or withdraw your consent to the processing of your Data, or opt-out of certain uses and disclosures, subject to legal and contractual restrictions. Such withdrawal will not affect the lawfulness of the processing prior to consent being withdrawn.
2. You also have the right to object at any time to the processing of your Data for marketing purposes. To unsubscribe from our marketing communications, you may also use the above channels or click the "Unsubscribe" link included at the bottom of any marketing email we send to you.To stop receiving “LUMISTAR Product & Service Recommendations,” you can switch off the “LUMISTAR Product & Service Recommendations” toggle in Settings > Message Center.

1. Provision to Third Parties

2. Provision to Foreign Third Parties

• when we have your consent;
• when the third party is located in a member state of the European Economic Area or in the UK; or
• when the third party has established a system necessary to continuously implement measures comparable to the measures that a personal information handling business operator in Japan should take.

3. Managing Your Privacy Rights and Choices

4. Contact US

1. What Data Do We Collect and How?

• Customer Registration (retention period: one (1) month upon membership unsubscription): (i) Purpose: Member identification, membership management, and service provision; (ii) Mandatory Items: Name; phone number; email address; password; (iii) Optional Items:[Profile picture, gender, date of birth, height, weight, sports preferences.]
• Mobile App: (i) Registration:[Device Information (UUID, OS version, device model), IP address, Service usage logs]; (ii) Location-based Push Messaging (upon consent of access to location data): Mandatory Items: Location data (retention period: immediately deleted without storage).

2. For How Long Do We Keep Your Data?

• Commercial books and records (e.g., accounting books and balance sheets); material documents regarding business (including any agreements): (i)Legal ground: Commercial Code; (ii) Retention period: ten (10) years.
• Books, evidentiary documents, tax invoices or receipts regarding transactions: (i)Legal ground: Framework Act on National Taxes, Corporate Tax Act, Value-Added Tax Act; (ii)Retention period: five (5) years.
• Records on agreement or withdrawal of subscription; records on payment and supply of goods: (i)Legal ground: Act on the Consumer Protection in Electronic Commerce, Etc. (“E-Commerce Consumer Protection Act”); (ii)Retention period five (5) years.
• Records on consumer complaints or dispute resolution: (i)Legal ground: E-Commerce Consumer Protection Act; (ii)Retention period: three (3) years.
• Records on website visits: (i)Legal ground: Protection of Communications Secrets Act; (ii)Retention period: three (3) months.

• Online customers may freely choose a period of service validity for either one (1) year or until withdrawal from membership; and if they do not specify their choice, the one-year period will be automatically selected.
• The period of validity is counted from the date on which online customers use the service; and if the customer does not use the service over the period selected pursuant to the preceding paragraph, Data of such customers will be stored and managed separately from that of other customers.
• At least thirty (30) days prior to converting to dormancy, we will notify applicable customers of related Data by email or other communication channels.

3. What Are the Grounds for Processing Your Data?

4. To Whom Do We Share Your Data with?

5. How Do We Destroy Your Data?

6. What Safety Measures are Taken to Protect Data?

• Managerial Measures to Protect Data: [].
• Technical Measures to Protect Data: [].
• Physical Measures to Protect Data: [].

7. Contact for Data Privacy

8. Processing of Personal Location Information

9. Data Subjects’ Rights

1. Who Is the Data Controller?

2. What Lawful Bases of Processing and Legitimate Interests Do We Rely On?

3. What Categories of Recipients Receive Personal Data From Us?

4. Where Is Your Personal Data Processed and On What Basis Do We Transfer Personal Data Across Borders?

5. How Long Do We Process Personal Data?

6. What Data Protection Rights Do You Have?

• To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of our personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications or through other means.
• To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
• To obtain from us the rectification of inaccurate personal data concerning you.
• To ask us to erase your personal data to the extent it is not required for legally required purposes or necessary for security and integrity purposes.
• To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
• To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
• To withdraw your consent at any time. This will not affect the lawfulness of our use of your personal data before your withdrawal.
• To lodge a complaint with a supervisory authority.
• In some jurisdictions such as France and Portugal, you also have the right to provide us with guidelines as to the processing of your personal data after your death.

7. Children’s Privacy

8. Are You Required to Provide Us with Your Personal Data?

Appendix A: Data Collection Inventory (by Feature)

To help you understand more clearly how we process your personal information across various functions, and in accordance with the requirements of the Personal Information Protection Law of the People's Republic of China and relevant national standards, we have specially formulated this list of personal information collection, itemized by function and scenario.

Core Principle: We adhere to the principles of legality, legitimacy, necessity, and good faith, processing only the minimum scope of personal information necessary to achieve the product's functions. For scenarios not covered in this list, we will not proactively collect your personal information.

1. Sharing Principles: We only share information necessary to enable specific functions. We enter into data protection agreements with our partners, requiring them to protect user information in accordance with the law.
2. User Authorization: Before you first use a function that involves sharing information, we will obtain your consent via a pop-up window or user agreement.
3. User Rights: You can view and manage your authorizations through "My Profile > Settings > Account & Security," or contact our customer service to withdraw your consent.
4. Policy Updates: This list may be updated as business adjustments are made. The updated version will be published within the App, and users will be notified accordingly.

Appendix B: Third‑Party Sharing (SDK/Partners)

To ensure the normal operation of the App's features, enhance user experience, and fulfill specific service purposes, we may share necessary information with third-party service providers. This list details the third-party SDKs currently integrated or potentially invoked by the App, as well as partner information, including the types of personal information they collect, the purposes of use, and links to their official privacy policies.

Appendix C: Permissions & Invocation (iOS/Android)

To ensure the implementation of relevant features within this application and its secure and stable operation, we may need to request your authorization to access the following system permissions. Please be aware that these permissions are not enabled by default. We will only process your information within the scope of the authorized permissions after you actively confirm or grant access based on prompts in specific scenarios.

1. Permission Management: You can review the status of the permissions mentioned above on your device via Settings > Privacy > Permission Management (or a similar path), and turn them off or back on at any time. Disabling a permission will only affect the corresponding function and will not impact the use of other features.
2. Permissions & Information: Some permissions themselves do not directly collect personal information but may enable its acquisition when combined with other actions. For example, after granting "Camera" permission, we only access photo information when you actively take a picture.
3. Children's Privacy: We place great importance on the protection of minors' personal information. If you are a child under the age of 14, please use our services under the guidance of your parent or other guardian.
4. Policy Updates: This list may be adjusted as features are updated. In the event of significant changes, we will notify you through prominent means within the application.

Appendix D: Retention & Deletion Matrix (Examples)

To safeguard your information rights and interests, we have established clear data retention periods and deletion rules. This matrix specifies the duration for which different types of data will be retained after fulfilling specific purposes, as well as the methods for their deletion.

Appendix E: Data Subject Request Templates (Summary)

• Access/Copy: Provide account identifier, scope, and preferred delivery format.
• Rectify/Supplement: Specify fields and reasons.
• Erasure: Specify feature/data types to erase.
• Restrict/Object: Explain scope and reasons.
• Portability: Indicate recipient and format (e.g., JSON/CSV/ZIP).
• Withdraw Consent: Identify the permission (e.g., Location/Health/Camera).
• Account Deletion: Unbind devices and close orders, then submit the deletion request.

After identity verification, we aim to process requests within 15 business days, or within 30 days/statutory timeframes where permitted. If we cannot fulfill a request, we will provide reasons and available remedies (regulator complaint/judicial relief).