Tuoji symbol Tuoji (Xuzhou)
Network Technology Co., Ltd

Legal Policy

Privacy Policy

Effective Date: 2026-05-11. This Privacy Policy applies to the website and digital services of Tuoji (Xuzhou) Network Technology Co., Ltd, including mobile management applications distributed through Google Play and the App Store.

1. Controller Identity and Contact Information

Controller: Tuoji (Xuzhou) Network Technology Co., Ltd

Office Address: 1-2419, Buildings 1, 2, 3, 5, and 8, Tongshan Wanda Plaza, Tongshan District, Xuzhou, 221000, CN

Website: https://xztuoji.com

Business Support Contact: support@xztuoji.com

Key Accounts Contact: sunzhaoping@xztuoji.com

2. Scope of This Policy

This policy covers:

  • Website visitors and customer communication channels.
  • Business services in network technology development, software development, internet live media and advertising marketing, all-category e-commerce retail support, enterprise management and business services, digital technology and data services.
  • Mobile management applications released on Google Play and the App Store.
  • In-app advertising, analytics, and monetization integrations.

3. Data We Collect

Depending on your interaction, we may collect:

  • Identity and contact data: name, email, organization, support ticket details.
  • Commercial and account data: contract records, service usage summaries, billing references where applicable.
  • Technical data: IP address, browser type, operating system, app version, device model, language settings, crash diagnostics, and network logs.
  • App telemetry and usage data: feature events, session timestamps, performance metrics, campaign attribution data.
  • Advertising data: ad unit interactions, ad exposure counters, device advertising identifiers (such as GAID/AAID on Android and IDFA on iOS where permitted), consent state flags, and anti-fraud signals.
  • Location-related data: coarse location inferred from IP, and precise location only when separately requested and authorized by your device-level permissions.
  • User-generated content: support requests, feedback content, and voluntary submissions.

4. Purposes and Legal Bases

We process personal data under one or more legal bases depending on jurisdiction:

  • Contract necessity: providing requested services and app functionality.
  • Legitimate interests: service security, abuse prevention, diagnostics, and product improvement.
  • Consent: personalized ads, optional analytics, optional push notifications, and non-essential cookies/SDK processing where required.
  • Legal obligation: compliance with tax, accounting, fraud-prevention, and lawful government requests.

5. App Store and Platform Compliance

For applications published through Google Play and the App Store, we align with platform requirements including data safety disclosures, privacy nutrition labels, consent collection, account deletion workflows where applicable, and SDK usage transparency.

We maintain documentation for permissions, data collection categories, transmission purpose, data-sharing context, and retention practices to support platform declarations and audits.

6. Advertising and Monetization Compliance

Our applications may use ad monetization and mediation providers, including but not limited to:

Google AdMob, AppLovin MAX, Unity Ads, Meta Audience Network, ironSource, Pangle, Mintegral, InMobi, Liftoff Monetize (Vungle), Chartboost, Start.io, Smaato, Yandex Ads, Digital Turbine, and Bigo Ads.

Ad formats commonly integrated include:

  • App Open Ads
  • Rewarded Video Ads
  • Interstitial Ads
  • Banner Ads

Advertising SDKs may process identifiers, IP-derived region information, ad interaction metrics, and anti-fraud signals. Where legally required, ad requests are limited until valid consent is collected through a consent management flow.

For iOS, where applicable, we request App Tracking Transparency permission before accessing IDFA. For Android, we follow Google Play advertising ID policies and user choice settings.

We support non-personalized ad mode, limited ad mode, and region-based controls for users who do not grant consent where consent is legally required.

7. Cookies, SDKs, and Similar Technologies

We use cookies, local storage, software development kits, and server logs for authentication, performance, analytics, and ad delivery operations. Non-essential technologies are activated according to jurisdictional consent rules.

Where the IAB Transparency and Consent Framework or comparable regional mechanisms apply, we maintain consent strings or equivalent records as required by law and platform policy.

8. Children, Teens, and Age-Sensitive Handling

We do not knowingly collect personal data from children in violation of applicable law. If an app is directed to mixed audiences or youth segments, we apply age-gating, limited data processing, and ad controls appropriate to legal requirements.

Regional examples include:

  • United States: compliance considerations under COPPA and state-level youth privacy rules.
  • European Economic Area and United Kingdom: parental-consent rules for children under the digital-consent age defined by local law (typically between 13 and 16).
  • Other regions: youth protections under local privacy and consumer rules where applicable.

When required, personalized advertising is disabled for child-directed or age-restricted contexts.

9. Country and Region Policy Adaptation

We adapt privacy and ad processing according to applicable local laws and guidance, including but not limited to:

  • European Union and EEA: GDPR and ePrivacy principles.
  • United Kingdom: UK GDPR and PECR.
  • United States: CCPA/CPRA and other state privacy laws (for example, Virginia, Colorado, Connecticut, Utah, and additional applicable states).
  • Canada: PIPEDA and relevant provincial privacy rules.
  • Brazil: LGPD.
  • Australia: Privacy Act and Australian Privacy Principles.
  • New Zealand: Privacy Act 2020.
  • Japan: APPI.
  • South Korea: PIPA.
  • Singapore: PDPA.
  • Other jurisdictions where our services are made available, based on legal applicability.

Where multiple laws apply, we apply the stricter practical standard if feasible to improve user protection consistency.

10. Data Sharing and Recipients

We may share data with:

  • Infrastructure, cloud, analytics, and security providers acting as processors or service providers.
  • Advertising and mediation providers for monetization and fraud prevention, subject to legal basis and consent requirements.
  • Business partners when required for contracted service delivery and under confidentiality obligations.
  • Authorities and regulators when legally required.
  • Corporate transaction participants under legal safeguards in merger, acquisition, or restructuring scenarios.

We do not sell personal information where prohibited by law. Where laws classify certain ad-tech sharing as "sale" or "sharing," we provide legally required rights and controls.

11. International Transfers

Cross-border data transfers may occur when services are provided internationally. We use applicable transfer safeguards such as contractual clauses, risk assessments, and vendor due diligence according to regional legal requirements.

12. Data Retention

We retain data only as long as needed for operational, legal, security, and dispute-resolution purposes. Retention periods differ by data type, legal obligations, fraud risk windows, and account status.

When retention is no longer required, data is deleted, anonymized, or irreversibly de-identified according to technical feasibility and legal requirements.

13. Data Security

We implement organizational and technical controls including access control, encryption in transit, secure credential handling, role-based permissions, logging, vulnerability management, and incident response procedures.

No online system can be guaranteed as absolutely secure; however, we continuously improve safeguards based on risk assessments and operational reviews.

14. User Privacy Rights

Depending on jurisdiction, users may have rights to access, correction, deletion, portability, restriction, objection, withdrawal of consent, and appeal of certain automated decisions where legally applicable.

Rights requests may be submitted to support@xztuoji.com. We may verify identity and legally permitted exceptions before completion.

Users may also manage ad preferences through device settings, consent prompts, and in-app privacy controls where available.

15. Do Not Track and Similar Signals

Because standards for browser-level Do Not Track signals are not uniformly defined across jurisdictions, responses may vary by product and region. We prioritize legally recognized consent and opt-out mechanisms where required.

16. Third-Party Links and Services

Our websites and apps may link to third-party properties. Their data practices are governed by their own policies. Users should review those policies before providing information.

17. Changes to This Privacy Policy

We may update this policy to reflect legal, technical, or operational changes. Material updates will be posted through appropriate channels, including website updates and in-app notices where required.

18. Contact and Complaints

For questions, rights requests, or complaints regarding privacy and data handling, contact support@xztuoji.com. For enterprise-level matters, contact sunzhaoping@xztuoji.com.

Where applicable, users may also lodge complaints with competent data protection or consumer protection authorities in their jurisdiction.