Welcome to SalloChat. We attach great importance to your privacy and will process your personal data only after obtaining your consent.

This Privacy Policy, hereinafter referred to as this “Policy”, explains how TCI ENTERTAINMENT HONGKONG LIMITED, hereinafter referred to as “we”, “us”, or “our”, collects, uses, and shares your personal data when you browse the SalloChat website, application, or other services operated by us, hereinafter referred to as the “Product”, and use the Product Services. This Policy also explains the personal data rights you enjoy and other important information about how we process your personal data.

This Policy applies to the SalloChat Product and the related services provided through it. We attach great importance to your privacy and, to the extent permitted by applicable law, will process your personal data on the basis of consent, performance of a contract, legitimate interests, compliance with legal obligations, or any other applicable legal basis. By accessing or using the Product Services, you indicate that you have read and understood this Policy. However, for processing scenarios that require separate consent or authorization under applicable law, such as non-essential Cookies, targeted advertising, specific device permissions, processing of sensitive personal information, specific cross-border transfers, or AI training, we will separately request your consent or provide you with necessary choices through pop-ups, checkboxes, device permission request pages, separate authorization pages, or other appropriate means.

Please carefully read this Policy before accessing the Product and/or using the Product Services. Your access and/or use shall indicate that you agree to and accept this Policy. If you do not accept this Policy, you may be unable to register, log in, or continue using all or part of the Product Services. You confirm that: (a) you have read and understood this Policy; (b) you accept this Policy and agree to the collection, use, sharing, and other processing of your personal data as described in this Policy; and (c) you agree to receive notices regarding security incidents sent by us to your email address.

Please note that your use of the Product Services is also subject to the Terms of Service, community rules, top-up and subscription rules, Host rules, activity rules, and other applicable agreements or explanations displayed on product pages. We may amend this Policy based on business development, changes in law, or product updates. If the relevant changes require notice or renewed consent under law, we will provide a prompt through in-app notices, pop-ups, emails, SMS messages, push notifications, or other appropriate means.

We have the right to adjust this Policy and may notify you through the Product where required by law. However, we still recommend that you review this Policy from time to time. If you continue to use the Services, you shall be deemed to have agreed to and accepted the latest version of this Policy.

2.1 Personal Data Provided by You

By using the Product Services, you may provide us with the following personal data:

a. Account data. This includes your name and email address. If you choose to log in using another platform, such as Google, we will receive the service data used for your login and, depending on your account settings on Google or other platforms, detailed data about you, including your name, email address, or unique user identifier.

b. Messages and content. This includes content containing personal data that you provide in any free-form or unstructured format when using the Product Services, such as personal-data-related information provided in chat sessions with a virtual companion or in messages sent to us.

c. Real-name identity information. This includes your photo. If you apply to join as a Host, you shall provide your real photo for facial recognition verification. Please note that this involves your sensitive personal information. Other than facial recognition verification information required for Host onboarding review, we generally do not require ordinary users to provide identity document information, statutory real-name information, or biometric information. However, given the nature of voice chat social and AI interaction products, the chats, voice, images, short videos, or other user content you voluntarily submit may contain sensitive personal information, special category information, or data relating to others. Please exercise caution and avoid uploading, sending, or disclosing any sensitive information that is not necessary to implement the relevant function, and do not disclose another person’s personal data without lawful authorization.

d. Payment and transaction data. When you purchase paid services provided by the Product, the third-party payment platform cooperating with us will provide us with your order number and payment status.

2.2 Personal Data We Automatically Collect

We automatically record the following data:

a. Device and network data. This includes the operating system, manufacturer and model of your computer device, browser, IP address, device and Cookie identifiers, language settings, and general location data, such as city, state, or geographic region, microphone permission, and camera permission.

b. Usage data. This includes data on how you use the Services, such as your interactions with the Product Services, the links and buttons you click, and the pages you visit.

We and our service providers use Cookies, scripts, or similar technologies to manage the Services and collect information about you and your use of the Services. These technologies help us identify you, customize or personalize your experience, provide additional products or services to you, and analyze the use of our Services so that they become more useful to you. Most internet browsers allow you to delete or manage Cookie functions and adjust your privacy and security preferences. Please note, however, that disabling our Cookies may mean that you cannot fully use our Services.

3.1 General principles. We will process your personal data within the scope of clear and reasonable purposes related to the Product Services, and will follow the principles of necessity, minimization, transparency, security, and storage limitation. For users in different jurisdictions, we will select the corresponding legal basis for processing in accordance with applicable legal requirements. Different legal bases may apply to the same processing activity in different regions.

3.2 Providing and managing accounts and basic services. We may use your account data, device data, log data, and necessary contact information for registration and login, identity verification, account management, profile display, message notification, service maintenance, version updates, operation of basic functions, transaction processing, customer service communication, ticket circulation, and necessary service-related notices. Such processing is usually based on the performance of our contract with you, compliance with legal obligations, or our legitimate interests.

3.3 Providing voice chat social, interaction, and content publishing functions. We may use your profile, social relationships, chat content, voice, images, short videos, interaction records, permission invocation information, and device information so that you may conduct private chats, voice interactions, content publishing, room interactions, following/blocking, reporting, appeals, and other in-product social activities with other users, Hosts, content providers, or AI companions. In the relevant functions, the profile, nickname, avatar, status, room statements, posts, or other content that you voluntarily set as public or as visible to specific recipients will be visible to the corresponding scope of users according to your settings or the Product Rules.

3.4 Host application review, risk control, and revenue settlement. For users applying to become Hosts or other users eligible to receive revenue, we may use their photos, display materials, application materials, review records, facial recognition verification information, risk control results, transaction records, settlement information, and necessary dispute handling materials for identity verification, admission review, anti-fraud, risk control, revenue statistics, withdrawal review, revenue share settlement, dispute handling, and legally compliant record retention. For facial recognition verification information, we will process it only to the extent necessary for review, anti-fraud, and dispute handling, and will not use it for marketing purposes unrelated to the foregoing purposes.

3.5 Payment, top-up, subscription, tipping, and refunds. We may use orders, payment status, device risk information, transaction logs, and customer service records to complete top-ups, subscriptions, tipping, order confirmation, reconciliation, refunds, risk control review, abnormal handling, and compliance record retention. We generally do not directly store full bank card numbers, payment passwords, or other sensitive payment credentials independently processed by third-party payment service providers, but we may receive transaction confirmation information, partially masked account information, or risk control results returned by them.

3.6 Security, content review, and compliance enforcement. We may review, monitor, analyze, and handle user profiles, messages, voice, images, short videos, live streaming/room interactions, report materials, and device and log data through a combination of automated tools and manual review, in order to prevent fraud, harassment, hate, exploitation, illegal pornography, risks involving minors, spam, malicious marketing, account theft, payment fraud, technical abuse, and other conduct that violates laws, Platform Rules, or the Terms of Service. Such processing is usually based on our legitimate interests, performance of a contract, and compliance with legal obligations.

3.7 Service improvement, statistical analysis, and product development. We may analyze usage data, device data, crash logs, page visits, function calls, conversion funnels, user feedback, content tags, review results, and de-identified or aggregated data in order to improve product functions, fix bugs, optimize recommendations, improve matching results, train review models, and conduct internal reporting, business assessment, and product development. Where feasible, we will preferentially use aggregated, de-identified, or minimum necessary data.

3.8 Training and optimization related to AI virtual companion functions. Chat text, voice, images, short videos, prompts, feedback, and related tags, ratings, correction records submitted or generated by users when using AI virtual companion functions may be used by us for model training, fine-tuning, evaluation, safety alignment, quality improvement, and function optimization. For this purpose, we may conduct automated analysis, manual sampling, data annotation, quality review, and security review of such content. Unless we separately disclose this to you, obtain the corresponding authorization in accordance with law, or applicable law permits or requires it, we will not directly use content from ordinary user-to-user private chats, voice rooms, live streaming rooms, communities/posts, or similar functions for general AI model training merely because you use such functions. However, we may still process such content for security review, abuse detection, customer service support, quality control, dispute handling, troubleshooting, statistical analysis, and compliance with legal obligations.

3.9 Personalized recommendations, advertising, attribution, and remarketing. To the extent permitted by applicable law and after completing necessary authorization or providing opt-out choices, we may use device identifiers, advertising identifiers, Cookies, pixels, access events, conversion events, in-app interaction events, page browsing information, marketing preferences, approximate location information, and similar data for ad delivery, performance measurement, attribution analysis, profiling, personalized recommendations, ad frequency capping, remarketing, and anti-fraud. In regions where prior consent is required, we will obtain your consent before placing or reading non-essential advertising technologies. In regions where you are permitted to opt out of targeted advertising or “sharing”, we will provide the corresponding opt-out mechanism.

3.10 Communication with you and handling of legal matters. We may use your contact information, ticket records, report and appeal materials, transaction records, and necessary logs to communicate with and handle matters involving you or relevant parties, including changes to terms, updates to the Privacy Policy, security incidents, product notices, customer service responses, complaint handling, dispute resolution, rights protection and litigation response, regulatory communication, or corporate restructuring, financing, mergers and acquisitions, and asset transactions.

3.11 Other uses permitted by law. We will not use “other unspecified purposes” as a blanket authorization for unlimited expansion. If we intend to use your personal data for other purposes that are incompatible with the purposes disclosed in this Policy, we will separately inform you in accordance with applicable legal requirements and request your consent where necessary.

4.1 Unless otherwise stated in this Policy, separately authorized by you, or otherwise required by applicable law, we will share your personal data only to the extent necessary to achieve the relevant purposes.

4.2 When you use social, posting, feed, room, live streaming, comment, private chat, gift, follow, profile display, or other interactive functions, the nickname, avatar, introduction, status, online status, room statements, published content, gift interactions, and other visible information that you choose to make public, semi-public, or visible to specific recipients may be seen, copied, or forwarded by other users, Hosts, or content recipients.

4.3 We may share necessary personal data with third parties that provide services on our behalf, such as cloud service providers, hosting service providers, content delivery networks, database and security service providers, customer service system providers, email or SMS delivery service providers, content review and risk control service providers, AI model or data annotation service providers, payment and settlement service providers, order processing service providers, analytics service providers, advertising attribution and marketing partners, app stores, anti-fraud service providers, identity verification service providers, and other partners necessary for Product operation. Such third parties may process the relevant data only under contracts, confidentiality obligations, and applicable law, and in accordance with our instructions.

4.4 For legitimate purposes directly related to the Product Services, such as unified operations, customer support, technical maintenance, settlement management, product development, internal audit, risk control, or compliance management, we may share personal data with our affiliates within the necessary scope.

4.5 For payment and settlement scenarios, we may share order and transaction-related data with payment platforms, app stores, and settlement service providers. For advertising, attribution, analytics, or remarketing scenarios, to the extent permitted by applicable law and after completing necessary authorization or providing an opt-out mechanism, we may share device identifiers, Cookies, pixel events, conversion events, technical logs, and necessary data related to marketing performance measurement with advertising platforms, attribution platforms, and analytics partners. Unless otherwise stated, we will not provide advertising partners with the full content of your private chats, voice, images, short videos, or similar content itself for advertising targeting.

4.6 We may share personal data with lawyers, auditors, accountants, insurance companies, banks, investors, transaction counterparties, and their advisors to the extent reasonably necessary to support corporate governance, financing, mergers and acquisitions, restructuring, asset transactions, claims and litigation response, compliance audits, or risk control. We may also disclose personal data to competent authorities or authorized third parties in accordance with laws and regulations, court orders, arbitration proceedings, regulatory requirements, law enforcement investigations, or to protect the rights, property, and safety of us, users, or third parties.

4.7 If a merger, division, asset sale, restructuring, change of control, bankruptcy, or similar transaction occurs, your personal data may be transferred as part of the transaction. We will require the relevant successor to continue to be bound by this Policy or by arrangements that provide no lower standard of protection than this Policy.

4.8 We will not directly sell your personal data for actual consideration. However, in certain jurisdictions, disclosure of certain identifiers, event data, or online activity information to advertising, attribution, analytics, or remarketing partners may be deemed a “sale”, “sharing”, or “targeted advertising”. You may exercise the relevant opt-out rights in accordance with applicable law.

Cookies, device information identifiers, and similar technologies are commonly used on the internet. When you access the Product or use the Product Services, we may use relevant technologies to send one or more Cookies or anonymous identifiers to your device in order to collect and identify information about your access to and use of the Product. We undertake not to use Cookies for any purpose other than the purposes described in this Policy. We use Cookies and similar technologies mainly to implement the following functions or services.

5.1 Ensuring Secure and Efficient Operation of the Product and Services

We may set authentication and security Cookies or anonymous identifiers so that we can confirm whether you are securely logged in to the Services, or whether theft, fraud, or other illegal conduct has occurred. These technologies also help us improve service efficiency and increase login and response speed.

5.2 Helping You Obtain an Easier Access Experience

Using such technologies can help you avoid repeatedly filling in personal data or entering search content, such as by recording searches and form entries.

5.3 Clearing Cookies

Most browsers provide users with a function to clear browser cache data. You may perform the corresponding data clearing operation in your browser settings. If you clear such data, you may be unable to use the services or corresponding functions provided by us that rely on Cookies.

Given that we and our affiliates, service providers, and partners may provide technical, operational, review, support, settlement, advertising, analytics, or security services in different jurisdictions, your personal data may be transferred to, accessed in, stored in, or processed in jurisdictions outside your country or region. To the extent required by applicable law, we will adopt appropriate safeguards for such cross-border transfers, such as signing standard contractual clauses, adopting recognized transfer mechanisms, conducting necessary assessments, obtaining separate consent, or fulfilling other statutory obligations.

We will retain your personal data for the shortest reasonable period necessary to achieve the purposes described in this Policy, and will determine the specific period by considering the data category, processing purpose, business needs, dispute resolution, account status, security requirements, backup and recovery needs, and retention obligations required by applicable law. Generally, basic account data will be retained for the duration of your account. Data related to transactions, payments, settlements, taxes, audits, and dispute handling may continue to be retained during the period required by applicable law or necessary for risk control. Reporting, appeal, review, security, anti-fraud, and log data may be retained for the period necessary to achieve investigation, handling, and record retention purposes. Data related to AI training and model optimization will be retained according to specific dataset management rules, de-identification needs, quality control requirements, and applicable legal requirements. When the retention period expires or the processing purpose has been achieved, we will delete, anonymize, or otherwise properly handle the data in accordance with law. However, where otherwise required by law, where an ongoing dispute exists, where it is necessary to prevent fraud or maintain system security, or where other legitimate obligations must be fulfilled, we may extend the retention within the necessary scope.

We attach great importance to the security of your personal data and will strive to take reasonable security measures, including technical and managerial measures, to protect your personal data and prevent the personal data you provide from being misused or accessed, publicly disclosed, used, modified, damaged, lost, or leaked without authorization. For example, we use encryption at rest to protect all user data, including database files and backups, and use security keys for data management. We use encryption in transit to protect data flows in public network environments from user devices to servers and from server to server. We also ensure the effective implementation of these technical measures through code review mechanisms. In addition, we regularly test applications and systems for vulnerabilities and security issues, and take access control measures, such as access tokens and two-factor authentication, to ensure data security.

Please note and understand that we cannot ensure an absolutely secure internet environment. If you discover that your personal data has been leaked, please contact us immediately so that we can take corresponding measures.

If any incident, force majeure event, or other circumstance causes leakage of your personal data, we will make every effort to minimize the loss and promptly notify you of the relevant circumstances, the security measures we have taken and that you may take, and other relevant personal data. If a security incident related to personal data occurs, we will report such incident to the competent authority in accordance with applicable laws and regulations, promptly investigate the issue, and take emergency measures.

9.1 You have the right to access a copy of the personal data we collect about you. Where appropriate, we will provide the personal data in a portable, machine-readable, and easy-to-use format.

9.2 You have the right to request that we correct your personal data, which means that you may require us to correct inaccurate personal data. Where necessary, you may also supplement personal data.

9.3 You have the right to request that we delete your personal data, including your SalloChat account and related personal data. If you wish to delete your account, you may contact us by email at contact@sallochat.com. Please note that after you submit an account deletion request, you will no longer be able to use SalloChat, so please consider carefully. In addition, when the purposes of use agreed in this Policy no longer exist or the retention period for personal data expires, we will also proactively delete your personal data.

9.4 Withdrawal of consent. You may withdraw your consent to our processing of your personal data at any time by sending an email to contact@sallochat.com. Withdrawal of consent does not affect the lawfulness of our processing of your personal data before the withdrawal. After receiving your withdrawal request, we will process it promptly, and unless otherwise provided by law, we will no longer process your personal data.

9.5 Other rights, such as objecting to and requesting that we restrict the use of your personal data.

If you make any of the above requests, please contact us through the method provided in Article 14, “Contact Us”, below. To protect the security of your personal data, before responding to your rights request, we may need to verify your identity, such as by requiring you to provide certain identity-related supporting information. We will respond to your rights request in a timely manner in accordance with the requirements of relevant laws and regulations.

Our Product Services are intended only for users who are 18 years old or above, and we do not provide registration, login, or use eligibility to minors under 18 years old. We do not knowingly collect personal data from minors under 18 years old. If we have reasonable grounds to believe that an account is held or used by a minor or is related to a minor, we may take measures such as restricting functions, suspending services, requiring supplemental explanation, deleting relevant content, terminating the account, or deleting relevant personal data.

The Product Services may contain links to other third-party products or applications, or may direct users to other third-party products or applications not operated by us. This Policy does not apply to those products or applications. Third-party links in the Services do not mean that we endorse or have reviewed those products or applications. We cannot control or ensure that the personal data processing practices of such products or applications comply with legal requirements. We recommend that you directly and promptly review the privacy policies of those products or applications.

Our products and services may change from time to time. Therefore, we need to adjust this Policy. We reserve the right to update or amend this Policy at any time and may notify you through the Product where required by law. However, we still recommend that you review this Policy from time to time. If you continue to use the Services, you shall be deemed to have agreed to and accepted the latest version of this Policy.

If you are located in one of the following U.S. states: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, or Virginia, in addition to the above provisions, you have the right to make the following requests to us:

To prohibit the sale of your personal data. Please note that we do not sell your personal data.

If profiling and targeted advertising are involved in our Product, you may object to profiling and targeted advertising. You need to submit a verifiable request to opt out of each of the above activities. Please note that these measures may negatively affect your customer experience when using our Product and third-party services.

You may exercise the above rights through the method specified in Article 14, “Contact Us”, of this Policy. Please note that state data privacy laws vary. If you are located in the United States, please consult your locally certified legal counsel for more detailed regulatory information.

If you have any questions, concerns, or complaints about this Policy or the processing of personal data, you may contact us by sending an email to contact@sallochat.com. If applicable law requires us to set up a representative, designated contact person, privacy officer, data protection officer, or local agent for a specific region, we will disclose the relevant information to you through this Policy, a Product page, or a separate notice.