App Privacy Policy

Last Updated: 2026 / 04 / 09
Effective Date: 2026 / 04 / 09

Thank you for choosing to use the Usay Ring smart wearable device and its accompanying mobile application (the "Application"), developed and operated by Fison Health Co., Limited and/or its affiliates (collectively referred to as "we" or "us"). For the purposes of this Privacy Policy, Fison Health Co., Limited acts as the data controller, being responsible for deciding how and for what purpose your personal data is processed when you use the Application. We take your privacy and personal data protection very seriously and will safeguard your personal data and privacy strictly in accordance with German applicable laws and regulations.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Application, and outlines the rights to which you are entitled. Please carefully read and understand all the contents of this policy before using the Application. Important contents that might affect your personal data and privacy rights have been highlighted in bold for your attention.

Table of Contents

  • I. How We Collect and Use Your Personal Data
  • II. Legal Basis for Our Collection and Use of Your Personal Data
  • III. How We Share, Transfer, and Disclose Your Personal Data
  • IV. How We Store and Transmit Your Personal Data
  • V. What Rights You Have
  • VI. How We Protect Your Personal Data
  • VII. How We Protect the Personal Data of Minors
  • VIII. Updates to This Privacy Policy
  • IX. How to Contact Us

I. How We Collect and Use Your Personal Data

Please be informed and understand that we will only collect your personal data for the purposes and within the scope outlined in this Privacy Policy in compliance with applicable laws and regulations. In handling your personal data, we are committed to maintaining your trust in us and strictly adhere to the principles of purpose limitation, explicit consent, data minimization, accuracy, security safeguards, subject participation, and transparency, etc. We also ensure that you can exercise your relevant rights through convenient means to protect your personal data and privacy.

To provide you with excellent user experience and comprehensive personal data and privacy protection, we will collect and use data that you actively provide while using the Application, as well as data collected automatically during your use of the Application, in the following ways.

1. Registration and Login

1.1 To help you create a Usay account and log in to and use the Application via your Usay account, you will need to provide us with your phone number or email address. We use such information to send you verification codes to authenticate your identity. To assist you in completing registration, we will also collect your user ID, password, nickname, date of birth (year and month), gender (female, male, or undisclosed), height, and weight. You may also choose to fill in other personal data including your step length, waist circumference, medical history, medication status, time zone, and profile picture according to your needs to complete your profile, so that we can better serve you.

1.2 Alternatively, you may choose to register, log in, and use the Application more conveniently through a third-party account (including Google, Apple, or Facebook accounts, depending on your actual choice). Upon your express consent and authorization, we will indirectly collect your account information registered on these third-party platforms (including but not limited to your account ID, password, nickname, and profile picture, depending on your granted authorization). If you refuse to provide third-party account information, you will not be able to register or log in using such third-party account.

1.3 To complete your profile and APP registration service, the data you need to provide is summarized as follows:

  • Mandatory data: user ID, phone number, email address, nickname, date of birth (year and month), height, weight, step length, time zone, password, and profile picture.
  • Optional data: gender (female, male, or undisclosed), waist circumference, and other health-related data (such as medical history and medication usage).
  • Special categories of personal data: gender (female, male, or undisclosed), height, weight, step length, waist circumference, other health-related data (such as medical history and medication usage), and profile picture.

2. Physiological and Wellness Data

2.1 To provide you with the core functions of the Application, help you keep track of your wellness and exercise data, and generate wellness insights and advice, we will collect the following physiological, wellness, and exercise data. In Germany Berlin city, physiological and wellness data are considered special categories of personal data. We will implement higher levels of protection for such data and will only collect and process them after obtaining your separate express consent.

2.2 Device-Collected Data: Your Usay device is equipped with various sensors (such as Photoplethysmography (PPG) sensors for heart rate and blood oxygen). We will use these sensors to collect waveform data of your pulse intervals and blood flow velocity, as well as skin temperature data, based on which we estimate and generate the following physiological and wellness data:

  • 2.2.1 Heart Rate (HR): The number of times the heart beats per minute (bpm). It is a fundamental indicator of cardiac function and overall health. The normal resting heart rate for a healthy adult typically ranges from 60 to 100 beats per minute.
  • 2.2.2 Blood Oxygen: The percentage of oxygen-saturated hemoglobin in the blood. It is a key parameter reflecting the efficiency of oxygen exchange in the lungs and transport in the bloodstream. A normal reading is generally 95% or above.
  • 2.2.3 Heart Rate Variability (HRV): The variation in time intervals between consecutive heartbeats. It reflects the activity and balance of the autonomic nervous system (sympathetic and parasympathetic branches).
  • 2.2.4 Vascular Vitality Insights: The analysis of circulatory dynamics and arterial responsiveness based on physiological signals. It reflects the overall condition and functional state of your vascular system.
  • 2.2.5 Blood Glucose: The concentration of glucose (sugar) present in the blood. It is a primary indicator for metabolic health and the management of conditions like diabetes.
  • 2.2.6 Step Count: The total number of steps taken by a person over a period. It is a common metric for quantifying daily physical activity volume.
  • 2.2.7 Activity Distance: The total distance covered through physical activities like walking or running. It is often calculated from step count and stride length.
  • 2.2.8 Calories Burned: The amount of energy expended by the body, measured in kilocalories (kcal). It includes energy used for basal metabolism and during physical activity.
  • 2.2.9 Stress Level: A quantified assessment of an individual's physiological or perceived stress state.
  • 2.2.10 Total Sleep Duration: The total amount of time spent asleep during a sleep period.
  • 2.2.11 Sleep Stage: Deep Sleep: Also known as slow-wave sleep, this phase is crucial for physical restoration, tissue repair, and memory consolidation.
  • 2.2.12 Sleep Stage: Light Sleep: A transitional sleep phase between wakefulness and deeper sleep stages.
  • 2.2.13 Sleep Stage: Rapid Eye Movement (REM): A phase characterized by rapid eye movements, vivid dreaming, and brain activity similar to wakefulness.
  • 2.2.14 Sleep Stage: Awake: Periods of wakefulness that occur during the sleep interval.
  • 2.2.15 Sleep Onset Time: The clock time at which an individual falls asleep.
  • 2.2.16 Sleep Latency: The duration it takes to transition from full wakefulness to sleep after the intention to sleep.
  • 2.2.17 Sleep Temperature Variation: Changes in body or ambient temperature during the sleep cycle, which can influence sleep onset and quality.

When your Usay device synchronizes with our Application, the data recorded on your device will be transmitted from your device to our cloud servers for storage and processing.

2.3 To provide our wellness service, the data you need to provide is summarized as follows:

  • Mandatory data: above all data in section 2.2.
  • Special categories of personal data: above all data in section 2.2.

3. AI Wellness Advice and Intellectual Dialogue

3.1 When you use our AI wellness advice services, we will process the physiological, wellness, and exercise data already collected from you through our self-developed algorithms or through Gemini-2.5-flash-lite (the "Gemini"), a third party generative artificial intelligence model, to provide you with wellness-related suggestions.

3.2 We provide conversational and interactive services based on generative AI model technology. To provide these services, we will collect the following information from you: information that you actively input (in the form of text and/or voice, depending on what you actually enter and what the feature supports), your prompts and/or instructions to the AI model/agent, your behavioral information while using the model (including your clicks, browsing, editing, and other operation records), and your feedback (including likes, dislikes, and feedback content submitted). We will analyze and compute the above information to better understand your questions and contextual meaning, thereby providing you with more relevant content.

3.3 When you actively input voice, we will request your authorization for microphone permission. If you refuse authorization, you will not be able to input voice information, but this will not affect your use of other functions and services of the Application.

3.4 Please be advised and understand that, while we provide AI wellness advice and intellectual dialogue services to you, THE OUTPUTS WE PROVIDE SHALL FUNCTION AS WELLNESS-RELATED SUGGESTIONS ONLY, WHICH CAN BY NO MEANS CONSTITUTE OR REPLACE PROFESSIONAL MEDICAL DIAGNOSIS OR MEDICAL ADVICE IN ANY CIRCUMSTANCE.

3.5 To provide third party’s AI service, the data you need to provide to third party is summarized as follows:

  • Mandatory data: AI Conversation (text, audio format), AI-Generated Wellness Insight.
  • Special categories of personal data: AI Conversation (text, audio format), AI-Generated Wellness Insight.

4. Behavioral Monitoring

4.1 Our smart ring device is designed to function as a comprehensive Wearable Device and Health Tracker. To provide you with personalized insights and services, it collects data related to your daily activities and behaviors. This section details the specific types of behavioral data recorded.

4.2 The device utilizes integrated sensors, such as inertial measurement units, to perform Activity Sensing and Motion Detection. This enables the continuous and passive monitoring of your physical movements and routines throughout the day.

4.3 The collection of this behavioral data serves several key purposes in line with our device's function as an Intelligent Wearable Gadget. Primarily, it allows the device to build a personalized model of your daily patterns. By analyzing historical trends in your Activity Time, Duration, and Type, the device can better understand your normal routine.

4.4 The primary behavioral data fields collected include:

  • 4.4.1 Activity Time: This refers to the specific clock time at which a discrete activity or event is recorded as beginning.
  • 4.4.2 Activity Duration: This field records the length of time for which a specific activity or event persists.
  • 4.4.3 Activity Behavior: This identifies the nature of the recorded activity. Using Activity Sensing algorithms, the device can automatically classify behaviors such as walking, running, cycling, or periods of stillness. It may also record user-logged activities.
  • 4.4.4 Meal Time: This records the clock time associated with eating events, which you may log manually. This is also commonly referred to as Mealtime.
  • 4.4.5 Food Intake: This field pertains to information about the consumption of food and drink. It relates to the broader concept of Dietary Intake or Ingestion of food, and typically relies on manual user entry to describe what was consumed.
  • 4.4.6 Other Behaviors (e.g., daily medication): This is a category for logging other significant, health-related daily routines that are not covered by the primary activity or dietary fields.

4.5 To provide our behavioral monitoring service, the data you need to provide is summarized as follows:

  • Mandatory data: above all data in section 4.4.
  • Special categories of personal data: above all data in section 4.4.

5. Device Data

5.1 Our Smart Ring or Intelligent Ring functions as a Wearable Device designed to provide health and wellness services. To ensure the proper functioning, security, and management of your device and account, we collect certain technical and operational data related to the device itself. This data is essential for core functionalities such as device pairing, software updates, and troubleshooting.

5.2 The collection of this device data is based on the necessity for the performance of our contract with you to provide the core wearable device service. It enables us to: Facilitate the initial setup, secure pairing, and ongoing operation of your smart ring. Use unique device identifiers to help protect your account from unauthorized access and fraudulent activities. Deliver necessary firmware updates and diagnose technical issues to improve your experience. Link the physical device to your digital account for personalized data management.

5.3 The device data fields we collect include:

  • 5.3.1 Device Name: This is the user-readable name of your wearable device. It helps you identify your device within the companion application and during the Bluetooth pairing process.
  • 5.3.2 Device ID: This refers to a unique identifier assigned to your hardware.
  • 5.3.3 Device Version: This indicates the current version of the software or operating system running on your smart ring. Collecting this data is necessary to determine if updates are available and to ensure compatibility with our services.
  • 5.3.4 Device Battery Level: This field records the remaining battery charge of your device, usually expressed as a percentage.
  • 5.3.5 Device Connection Status: This indicates whether your smart ring is currently connected to our application or servers via technologies like Bluetooth.
  • 5.3.6 Registration Time: This is the date and timestamp when your device was first activated and registered with our service.
  • 5.3.7 Last Connection Time: This records the most recent date and timestamp when your device successfully synced data with our servers.
  • 5.3.8 Bound User ID: This is the unique account identifier (User ID) to which your smart ring is linked. This association is fundamental for securely attributing all collected health and activity data (such as heart rate, sleep, and steps) to the correct user profile and ensuring data privacy.

This data is typically collected automatically when you set up and use the device. It is stored securely and is essential for the basic functionality of your Wearable Health Ring.

5.4 To provide our service, the data you need to provide is summarized as follows:

  • Mandatory data: above all data in section 5.3.

6. User Feedback

6.1 Our smart ring service values user input as a critical driver for product improvement and customer satisfaction. To effectively address concerns and enhance your experience, we provide channels for you to submit feedback and complaints. When you choose to use these channels, we collect the related information to process and respond to your submissions.

6.2 The collection and processing of this data are based on your consent, which you provide when you actively choose to submit feedback through our app. We process this information for the following legitimate purposes: The primary purpose is to listen to your feedback, deal with your complaints, and maintain customer satisfaction. This allows us to investigate issues, provide solutions, and improve our overall service delivery. Your feedback, especially regarding product defects, service errors, or other concerns, provides invaluable insights that guide our product development and operational enhancements. We analyze feedback to identify trends and areas for improvement. We use your submission to respond to you, request additional information if needed, and keep you informed about the status of your report.

6.3 The primary user feedback data fields we collect include:

  • 6.3.1 User Complaints / Feedback: This refers to the textual content of opinions, suggestions, or reports of issues that you voluntarily submit regarding our products or services.
  • 6.3.2 User Complaint / Feedback Images: These are any photographic or screenshot images that you may attach to your feedback submission to provide visual evidence or further illustrate the issue you are reporting.

6.4 To provide our user feedback service, the data you need to provide is summarized as follows:

  • Mandatory data: above all data in section 6.3.
  • Special categories of personal data: above all data in section 6.3.

7. Subscriptions and Payments

7.1 When you subscribe to our paid services within the Application (depending on what the feature supports and whether you choose to subscribe), we will collect all or part of the following personal data: email, password, details of the subscribed services, order number, order time, and invoice information. Please note that we collect this information only to help you successfully complete your subscription, view and manage your order information, and receive relevant customer services (including but not limited to after-sales support).

7.2 To complete payment processing and ensure transaction security, we need to collect the information regarding your transaction amount, order number, order time, payment method, payment account, and payment status, and share some or all of the above information with third-party payment providers through secured methods (including but not limited to Google Pay, Apple Pay, and PayPal).

7.3 The primary subscription and payment data fields we may collect include:

  • 7.3.1 Email Address: This is your electronic mail address. It serves as a primary contact method for account registration, communication regarding your subscription or purchases, and for receiving transaction receipts and service notifications.
  • 7.3.2 Password: This is a secret string of characters you create to secure access to your account.
  • 7.3.3 Payment Account Information: This refers to the details of your chosen payment method. Depending on the integrated payment provider, this may include information such as your credit/debit card number, associated billing address, or your third-party payment service account (e.g., PayPal, Alipay, WeChat Pay) details.
  • 7.3.4 Shipping Address: This is your physical delivery address.

7.4 To provide our subscriptions and payments service, the data you need to provide is summarized as follows:
Mandatory data: above all data in section 7.3.

8. Service Optimization

You acknowledge and agree that, on the condition that the information is processed using secure encryption technology, de-identified, and cannot be used to re-identify any specific individual, we may use the information that you provide while using the Application, as well as corresponding model-generated replies and feedback, for model training and algorithm iteration. This allows us to continuously adjust and optimize the model’s performance in order to provide you with services of higher quality. If you do not wish us to use such information for model training and optimization, you may contact us using the contact information disclosed in Section IX of this Privacy Policy.

9. Customer Service

To provide you with better customer services, we will collect the complaint and feedback information that you provide (including text and images), information you provide when contacting our customer service team via email at cs@myusay.com, and information you send to us when participating in surveys, contests, or promotional activities, such as your name, contact details, and messages.

II. Legal Basis for Our Collection and Use of Your Personal Data

1. Performance of Contract
We process your personal data in order to fulfill our contractual obligations to you (for example, processing orders, delivering products or services, and providing after-sales support), when such processing is necessary for the performance of the contract between you and us.

2. Express Consent
In certain circumstances, we will collect and process your personal data or sensitive personal data only with your prior explicit consent or separate explicit consent. For example, in scenarios involving the sending of electronic marketing communications or delivery of wellness analysis reports. You have the right to withdraw such consent at any time.

3. Legal Obligations
We may process certain data in order to fulfill statutory and compliance duties and obligations in accordance with applicable laws and regulations, as well as requirements from administrative authorities or courts. For examples, financial and tax compliance, consumer rights protection, product recalls, or safety requirements. These obligations may vary depending on the jurisdiction.

4. Legitimate Interests
4.1 In certain circumstances, we process your personal data on the legal basis of our legitimate interests, as permitted by Article 6(1)(f) of the GDPR. This applies when the processing is necessary for purposes pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
4.2 We rely on this legal basis only after conducting and documenting a structured Legitimate Interests Assessment (LIA). This assessment ensures that: (a) the interests we pursue are legitimate, clear, and realistic; (b) the data processing is necessary to achieve that purpose; and (c) after careful balancing, our interests do not disproportionately impact your privacy and other rights and freedoms.
4.3 Our typical legitimate interests include but not limited to: product improvement, cybersecurity.

III. How We Share, Transfer, and Disclose Your Personal Data

1. To ensure the normal operation of, to provide you with our core functionalities of, and to improve the features and services of, the Application, we may need to share information that has been anonymized or de‑identified with our affiliates, and certain reliable suppliers and cooperative partners. Only after obtaining your explicit consent and within the scope of your explicit authorization, will we share data that can be used to identify you personally with a third‑party. We require that any third party receiving your personal data to strictly comply with policies and requirements regarding the protection of personal data and privacy, including but not limited to processing the data in accordance with data protection agreements, undertakings, and relevant data processing policies, minimizing the scope of data to be shared, avoiding identification of individuals, and take all reasonably necessary technological measures to safeguard your personal data and privacy.

2. To date, the external services we use from third party suppliers fall into the following three categories:

2.1 Cloud Storage and Technical Infrastructure: We utilize cloud service providers located in the German Berlin city for data storage, data hosting, and security optimization. These providers act as service providers and are prohibited from using your data for any purpose other than providing these infrastructure services.

2.2 Generative AI Services: To provide you with wellness insights and natural language interaction, the Application utilizes the Gemini API (provided by Google).

  • Data Processing: When you interact with AI features, necessary context—including your health-related prompts and query history—is processed by Gemini.
  • Privacy Protections: Your interactions are governed by the relevant policies of Google and/or Gemini where applicable. To support conversation continuity, we temporarily store dialogue data on our secure servers; this data is automatically deleted on a regular cadence and is never accessed for human review.

2.3 Payment Processing Services: When you make a subscription through the Application, your payment data are processed by authorized third‑party payment service providers (e.g., Google Pay, Apple Pay, and PayPal). We do not store the details of your bank account or payment account data. Such data are directly processed by the payment service providers under applicable laws and regulations.

Details regarding our third‑party suppliers, types of personal data to be shared, purposes of sharing, and other relevant information are set out in the table below.

Third‑Party Suppliers Services Provided Types Of Personal Data Shared Purpose Of Sharing
Third-party cloud service provider Cloud infrastructure and storage Usage data, account information, communication content To provide cloud storage and service hosting
Third-party AI service provider Generative AI and content analysis User input content, usage data, device information To provide AI-generated content, data analysis, and intelligent recommendations at users’ requests
Third-party account login platforms Third-party identity verification and social media login Account information, device information, usage data To support user login via third-party accounts, synchronize user preferences, and enable cross-device synchronization
Third-party SMS service provider SMS sending services Mobile phone number, SMS content, account information To send verification codes (during user login/register) and notifications to users
Third-party email service provider Email sending services Email address, email content, account information To send verification codes (during user login/register), notifications and marketing emails to users

For additional question or information, please contact us via email at data_protect@myusay.com.

3. If we sincerely believe that disclosing personal data is reasonably necessary and proportionate to achieve any of the following purposes, we will disclose your personal data to third parties only in the following circumstances:

3.1 In compliance with any applicable laws, regulations, court orders or judgments, or law enforcement demands. We will share information about the number and types of governmental requests we receive through public reports.
3.2 Enforcing applicable terms of use, including investigating possible violations.
3.3 Monitoring, preventing, or otherwise addressing fraud, security, or technical issues.
3.4 Protecting the personal or proprietary safety of you, ourselves, or the public from harm.

IV. How We Store and Transmit Your Personal Data

1. Data Storage

1.1 Storage Location
To ensure the security of your personal data and privacy and provide you with stable and efficient services, in compliance with the applicable laws and regulations of Germany, your personal data will be primarily stored and hosted in cloud infrastructure located in Germany. We implement administrative, technical, and physical safeguards designed to protect this information in accordance with the applicable cybersecurity standards.

1.2 Retention Period
We will retain your personal data only for as long as is necessary to provide you with the services of the Application. Once the retention period exceeds what is necessary, or when you withdraw your consent, request deletion of your personal data, deregister your account, or when your personal data is no longer used for the intended purpose of collection, we will delete or permanently anonymize your personal data, unless otherwise required by applicable laws and regulations.

2. Cross-Border Data Transfers

2.1 Cross-Border Data Transfer Process
We recognize the value of your personal data, and are committed to providing you with consistent, secure services worldwide. To offer you safe, stable, and efficient global services, your personal data (including but not limited to account information, wellness data synchronized from the smart ring, usage records, and log data) will be collected and transferred in compliance with the applicable laws and regulations of your country or region. For additional question or information, please contact us via email at data_protect@myusay.com.

2.2 How We Safeguard Your Personal Data During Cross-Border Transfers
We undertake that we will exert ourselves to ensure that your personal data receives adequate protection in any data transfer in strictly compliance with all applicable personal data and privacy protection laws and regulations of the relevant countries and regions. We will adopt including but not limited to the following measures:

  • 2.2.1 Equivalent Level of Data Protection: We will endeavor to ensure that the legal and data protection practices in the recipient jurisdiction provide a level of protection comparable to that of the country or region where the data was originally collected.
  • 2.2.2 Execution of Standard Contractual Clauses (SCCs): We will sign Standard Contractual Clauses recognized by regulatory authorities (such as the Hong Kong Office of the Privacy Commissioner for Personal Data and the European Commission) with the data recipients. These clauses will legally bind and oblige the recipients to protect your personal data in accordance with standards equivalent to those under the PDPO, GDPR, and other relevant laws and regulations.
  • 2.2.3 Obtainment of Your Explicit Consent: In certain exceptional circumstances, if the above safeguards are not applicable, we will clearly inform you of the purpose, scope, and risks of the transfer, and seek your explicit consent in advance.
  • 2.2.4 Data Anonymization and Pseudonymization: When transmitting data to third‑party suppliers and partners, we will prioritize the use of data that has been anonymized (unable to identify a specific individual) or pseudonymized (replaced with identifiers instead of direct personal identifiers), in order to minimize risks to the greatest extent.

2.3 Jurisdictional Differences and Risk Notice
If your personal data is stored or processed in a jurisdiction other than where they are collected, the personal data and privacy protection laws in that jurisdiction may differ from those in your country or region and may not provide an entirely consistent level of protection. By creating a Usay account and continuing to use the Application, you acknowledge that you understand and accept the reasonable risks associated with such cross-border data transfers.

3. Complaints and Appeals

If you have any questions or complaints regarding our cross-border data transfer or privacy protection measures, please contact us via email at data_protect@myusay.com, or via the “Help & Feedback” page of the Application. You also have the right to lodge a complaint with the data protection authority in your place of residence.

V. What Rights You Have

We respect the rights to which you are entitled under the applicable laws and regulation to acquire, access, correct, transfer, restrict the process of, and delete your personal data, and we are committed to ensuring that you can exercise your rights conveniently.

1. What Rights You Have

1.1 Right to Access Your Personal Data
You have the right to ascertain whether we have collected or processed your personal data, and to access, within reasonable limits, what personal data about you we have collected or processed, including the types of information, purposes of processing, and potential recipients (if any). Some information (e.g., sleep monitoring data) can be accessed directly by you through our website and Application.

1.2 Right to Correct Your Personal Data
You have the right to request that we correct any inaccurate, incomplete, outdated, or misleading personal data we possess about you. Some information, such as basic profile details, can be corrected by you directly.

1.3 Right to Delete Your Personal Data / Right to Be Forgotten
You have the right to request that we delete your personal data. Unless we have a legitimate legal basis not to delete them, or are under a legal obligation to retain the data, we will act in accordance with your request. We typically ensure your right to deletion through the following two methods:

  • 1.3.1 When a user initiates an unbinding process, the user will be prompted that the temporarily stored data within the app and the ring will be deleted.
  • 1.3.2 When a user initiates an account cancellation, the user will be prompted that all data on the server will be deleted.

1.4 Right to Data Portability
You have the right to receive your personal data held by us in a structured, commonly used, and machine‑readable format, and to transmit that data to another data controller without hindrance at your choice.

1.5 Right to Object to or Restrict Processing
You have the right to object to or opt out of our processing of your personal data. If we do not have a lawful reason to continue such processing, we will cease processing your personal data upon receipt and verification of your objection.

1.6 Right to Refuse Automated Decision‑Making and Profiling
You have the right to refuse or opt out of decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects on you. We are obliged to obtain your separate explicit consent before carrying out such decisions, or to provide you with human intervention, the opportunity to express your point of view, and the right to contest the decision.

1.7 Right to Withdraw Consent
To the extent permitted by applicable laws and regulations, you have the right to withdraw your consent for us to process your information at any time. When you withdraw consent, we will cease collecting and processing new data from you, and you may also choose to have the personal data previously collected from you deleted. Withdrawal of consent does not affect the lawfulness and legitimacy of our processing based on consent before the withdrawal. However, please be advised and understand that withdrawing consent may result in difficulties or limitations in using the Application.

1.8 Right to Restrict Cross‑Border Transfers
You have the right to be informed whether your personal data is transferred outside your country / region of residence, and in certain circumstances to restrict such transfers. We undertake to obtain your explicit consent and explain the relevant matters in advance of any cross‑border transfer that may materially affect your rights.

1.9 Right of Nondiscrimination
You have the right not to be discriminated against by us in any way for exercising any of the personal data rights or privacy rights set out in this Privacy Policy or under any applicable laws and regulations, such as being refused objectively available services, being charged different prices, or being offered services of different quality. At the same time, you acknowledge and understand that providing certain personal data is prerequisite for us to deliver certain related functions and services. If you refuse to provide such information, we will be objectively unable to provide the relevant functions or services. For example, if you refuse to provide third‑party account information, you will not be able to register or log in using such third‑party account; if you refuse our collection of your wellness and exercise data, we will be unable to provide you with individualized wellness suggestions.

1.10 You have other relevant rights under applicable laws and regulations such as GDPR in Germany or Berlin city.

1.11 Right to Legal Remedies
If you believe we have violated applicable laws and regulations, or that your rights have been infringed, you have the right to seek remedies through the following channels:

  • 1.11.1 Complaint to Regulatory Authorities in Your Country or Region: For example, if you are in German Berlin city, you may lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information. The Commissioner has the power to investigate and may issue an “enforcement notice” requiring us to rectify any violations.
  • 1.11.2 Arbitration: If you suffer losses or damages (including mental distress) due to our violation of applicable laws and regulations, pursuant to our Terms of Use, you have the right to submit the matter to the Shenzhen Court of International Arbitration for arbitration against us.

2. How to Exercise Your Rights

You may exercise the above rights by logging into your Usay account and using the account settings interface. You may also submit rights requests in text and/or image form along with your email address for receipt of feedback on the “Help & Feedback” page, or by email at data_protect@myusay.com. To protect the security of your and other users’ personal data and ensure smooth exercise of your rights, please provide sufficient information for us to verify your identity when making a request. Generally, we will respond within 【30 days】 after receiving your request and verifying your identity. However, We may refuse your request for legitimate reasons such as court orders or to prevent undue impact on the legitimate rights of others.

VI. How We Protect Your Personal Data

1. Data Protection Measures

We place great emphasis on the security of your personal data and privacy. To this end, we adopt measures including, but not limited to:

  • 1.1 Technical Measures: We will implement security measures such as anonymizing or pseudonymizing personal data, strict access controls, and the use of encryption technologies to protect the data we process.
  • 1.2 Internal Controls: We will provide regular confidentiality training for employees, and limit access to, and processing of, your personal data to authorized personnel only.
  • 1.3 Third‑party Cooperation: We will ensure through contracts and other reasonable measures that the data processing activities of all third party suppliers and partners should comply with applicable legal requirements.
  • 1.4 Authoritative Regulation: We are subject to supervision by applicable regulatory authorities and continuously assess the adequacy of our data protection measures to ensure the legal and industry standards be met.

2. Data Breach

We maintain reasonable administrative, technical, and physical security measures, including encryption and access controls, to protect your personal information. In the event of a security breach involving your unencrypted personal information, we will comply with applicable laws and regulations, including notifying the relevant regulatory authority and the affected users without undue delay in compliance with applicable laws and regulations of the relevant jurisdiction. Furthermore, we will make every reasonably possible effort to patch vulnerabilities or attacks that could lead to data breaches, in order to avoid any adverse impact on your personal rights and interests.

VII. How We Protect the Personal Data of Minors

We are committed to protecting the privacy of minors. THE APPLICATION IS INTENDED FOR ADULTS ONLY, AND NOT INTENDED FOR MINORS UNDER THE AGE OF 18. We will not proactively provide services to minors under the age of 18, nor intentionally collect or process their personal data. If we become aware that we have collected personal data of a minor, we will take steps to promptly delete or anonymize such information and cease processing it. Parents or legal guardians of minors may contact us by email at data_protect@myusay.com for any question or request regarding personal data of minors.

VIII. Updates to This Privacy Policy

To provide you with better services, the Application may be updated from time to time due to changes on our operations, technologies, or applicable laws and regulations. We will revise this Privacy Policy accordingly, and such revisions shall form part of this Privacy Policy and have the same effect as the current version. Without your explicit consent, we will not reduce the rights you are entitled to under the currently effective Privacy Policy.

The updated version of the Privacy Policy will be published in the App and marked with an “Effective Date.” If there are material changes, we will notify you in a prominent manner (e.g., push notification, pop‑up window, or email).

IX. How to Contact Us

If you have any questions, comments, or complaints regarding this Privacy Policy, please contact our Data Protection Officer (DPO) using the following contact details:

Data Protection Officer: Kaelly Wei
Email Address: data_protect@myusay.com
Mailing Address: RM 503, 5/F, Hang Seng Castle Peak Road Building, 339 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong, China