Data privacy notice

Data Control and Protection

The responsible party for the processing and protection of your personal data is BOKE Medical. If you have any questions regarding data protection or questions relating to the processing of your personal data or the exercise of your rights, please contact us by either using the contact form at the bottom of this page or at the following address, telephone number or email address:

Identity verification and compliance requirements

To comply with applicable laws, regulations, and competent authorities' requirements, we may need to verify your identity in certain scenarios (for example, when account security, regulated access, or formal service delivery requires it). With your consent or upon your active provision, we may collect identity information such as name and identity document information (where legally required).

Such personal data is strictly processed to ensure compliance with legal and regulatory requirements and will not be used for unrelated purposes. We collect only the data that is necessary and we take technical and organizational measures to protect your personal data.

Note: For medical device software and healthcare-related services, identity verification may also be required for patient safety, traceability, and regulatory audit purposes, depending on the product and deployment model.

Account registration and login

When you register or log in, you may need to provide a mobile number or email address and create account credentials (e.g., username and password). If you refuse to provide necessary registration information, you may not be able to create or access an account.

If you choose to register or log in via an approved third-party account (e.g., WeChat, QQ, or other providers we support), we may receive your third-party account's unique identifier and basic profile information you authorize (e.g., nickname, avatar). The exact information depends on the provider and your authorization settings.

Usage logs, device information, and service operation

During your use of the Services, we may collect usage logs, device information, and related identifiers for the following purposes: providing functions, ensuring service stability, security, troubleshooting, and improving user experience.

Examples include:

• Usage/operation logs: sign-in time, feature usage, page views, clicks, in-app actions, error logs, crash logs, performance logs, and interaction records.
• Device and network information: device model, OS version, browser type, IP address, network type, language settings, and app version.
• Device identifiers (where permitted by law and depending on your device settings): Android ID, OAID, IDFA, GUID, or similar identifiers used for security, anti-fraud, and service optimization.

Health-related and clinical/assessment data
(sensitive information)

For healthcare and medical device software, we may process information related to health, assessment, training, or wellness records, which may be considered sensitive personal information under applicable laws. This may include:

• assessment results, training records, reports (e.g., PDF reports), progress metrics;
• symptom logs or wellness records (for wellness products);
• patient profile information (if your deployment model includes patient management and you provide or input such data).

We process such information to:

• provide product functionality (assessment/training/reporting);
• generate standardized outputs and history tracking;
• support clinical workflow (where applicable) and user-requested services;
• ensure product safety, quality control, and regulatory compliance.

Transactions and subscriptions (if applicable)

If a Service offers paid subscriptions or purchases, we may collect transaction records (e.g., purchase time, subscription type, order identifiers) to enable payment, provide customer support, and maintain transaction security. We generally do not store your full payment card details; payment processors/app stores handle them according to their own policies.

Location information (optional)

With your authorization, we may collect approximate or precise location information to support specific functions (e.g., location-based features or messaging). Location information is sensitive. Refusing to grant location permission will not affect core functions unless the specific feature requires it. You can withdraw location permission at any time in device settings.

Content you submit

If you submit content through the Services (text, images, audio, video, files) such as form submissions, messages, or uploads, we may process that content to provide the requested functionality, handle support requests, and detect unlawful or harmful content when necessary to maintain a safe environment and comply with legal obligations.

Device permissions

Certain functions may require you to enable specific permissions. You can choose whether to grant them ; refusing may disable the related function:

• Camera: scanning QR codes, taking photos (if applicable).
• Storage/Photos: uploading images/files or saving reports.
• Network: accessing online functions.
• Contacts: inviting contacts or sharing content (if the feature exists).

Customer support

When you contact support, we may collect necessary information to verify your identity and handle your request. We may retain your contact details, communications, and related records to provide support and improve service quality.

How We Collect and Use Personal Information

Notice and consent

We use personal information as described in this Notice. If a specific function is not covered here, we will explain what data is collected, why, and how it will be used through appropriate methods (e.g., prompts, interactive flows, announcements, or updated policies) before collecting it, and obtain your consent when required.

De-identification and anonymization

Where feasible, we may de-identify or anonymize data using technical measures. Data that has been anonymized so that it cannot identify you may be used for analytics, service improvement, product safety monitoring, and lawful business purposes.

Processing without consent (where legally permitted)

Under applicable laws and regulations, we may process your information without obtaining your consent in certain situations, such as:

• where necessary to enter into or perform a contract with you;
• where necessary to fulfill legal obligations or statutory duties;
• where necessary to respond to public health emergencies or protect life, health, or property in urgent circumstances;
• where necessary for news reporting or public opinion supervision in the public interest within a reasonable scope;
• where processing information that you have made public or that has been lawfully disclosed within a reasonable scope;
• other circumstances permitted by laws and administrative regulations.

Storage and Protection of Personal Information

Data storage location

Information collected and generated within the People's Republic of China is stored within China. Unless we obtain your explicit authorization, or laws/regulations or competent authorities require otherwise, we will not transfer your personal information.

Retention period

We retain personal information only for the minimum period necessary to achieve the purposes described in this Notice, or for the period required by laws and regulations. When the retention period expires or the purpose is achieved, we will delete or anonymize the information unless otherwise required by law.

Security measures

We take industry-standard safeguards to protect your information, including:

• encryption (e.g., SSL/TLS) during transmission and encryption/storage safeguards where appropriate;
• access control, least-privilege authorization, and audit mechanisms;
• internal policies, confidentiality commitments, and staff training on privacy and security;
• vendor management and security requirements for partners who process data on our behalf.

Security incident response

No system can guarantee absolute security. If a data security incident occurs, we will activate our response plan, take measures to prevent escalation, and notify you as required by law via announcements, email, SMS, or website/app notices, including information on what happened and recommended steps.

Sharing, Transfer, and Disclosure of
Personal Information

Unless otherwise stated in this Notice or required by law, we do not share, transfer, or disclose your personal information to third parties without your consent.

Sharing

We may share personal information in a controlled manner for legitimate, necessary purposes, such as:

• providing our Services and supporting core functions (e.g., hosting, customer support tools, analytics providers);
• ensuring security and stable operation (e.g., anti-fraud, security monitoring, crash analysis);
• fulfilling obligations under this Notice or other agreements with you;
• third-party SDKs or app store distribution (if applicable). Where third-party SDKs are used, we will provide a list of such third parties and their purposes, and you should review their privacy policies;
• complying with legal obligations, responding to lawful requests, or cooperating with regulators and authorities where required ;
• academic or medical research within a lawful and appropriate scope, typically after de-identification/anonymization where feasible.

We require third parties to process information under confidentiality and security obligations consistent with this Notice and applicable laws.

Transfer

We may transfer personal information in limited scenarios:

• business changes such as merger, acquisition, asset transfer, or similar transactions, where personal information may be part of transferred assets. We will require the new entity to continue to be bound by this Notice or obtain renewed consent where required ;
• transfer with your explicit consent.

Disclosure

We disclose personal information only where:

• you have provided explicit consent; or disclosure is required by laws, regulations, national standards, litigation, or mandatory government requests.

How You Manage Your Personal Information

Access, correction, deletion

You may request to access, correct, supplement, copy, transfer, or delete your personal information. For security, we may verify your identity before processing your request. We will respond within 15 business days (or within the timeline required by applicable law).

Deletion may not immediately remove data from backup systems; however, we will stop processing the relevant data and delete it during backup updates unless law requires retention.

Account cancellation

Where account cancellation is supported and permitted by law and service terms, you may request account deletion/cancellation through our customer support. After cancellation, related data will be handled according to applicable laws and our retention policy, and the account cannot be restored.

Withdraw consent

You may withdraw consent by adjusting device permissions, deleting information, disabling certain settings, or contacting us. Withdrawal does not affect processing that has already occurred based on your prior consent.

Children's and Minors' Personal Information

We take minors' privacy seriously. Our Services may be used in scenarios involving minors (e.g., pediatric vision care or adolescent health management) depending on the product design and deployment model.

• We encourage minors to use the Services only with the consent and guidance of a parent or legal guardian.
• If we knowingly collect personal information from a child under the age threshold defined by applicable law without appropriate guardian consent, we will take steps to delete it or otherwise handle it in compliance with legal requirements.
• If you are a guardian and believe a minor has provided us information without your consent, please contact us using the contact details below.

Updates to This Notice

We may update this Notice from time to time. We will notify you of material changes via appropriate methods (e.g., on-site notice, pop-up, email, or in-app notice). Continued use of the Services after an update means you acknowledge and accept the updated Notice, unless otherwise required by law.

Contact Us

If you have questions, suggestions, complaints, or requests regarding privacy or personal information protection, please contact us:

Email : bokemedical@boke.com