Skip to main content

Personal Information Protection Rules for CrashSight SDK

Date of Issuance: February 2, 2022

Date of Update: March 15, 2022

Effective Date of This Version: March 15, 2022

Note on Updates:

We have updated Privacy Protection Guidelines for CrashSight SDK, primarily including the following contents:

  1. Changed the title to Personal Information Protection Rules for CrashSight SDK;
  2. Reviewed and restated the rules for APP developers to use the SDK for processing personal information or use the SDK to create APPs for processing personal information;
  3. Updated the requirements for disclosure and management of third-party SDKs used by the SDK and third-party service providers chosen for the SDK;
  4. Added the processing rules for push features possibly contained in the SDK;
  5. Detailed the mechanism for the information subject to exercise relevant rights;
  6. Updated the rules for processing personal information of the underage;
  7. Updated relevant terms and expressions according to Law for Personal Information Protection;
  8. Updated the expressions for the type and name of personal information to be collected for the service.

Introduction

CrashSight ("SDK product") is developed by Shenzhen Tencent Computer System Co., Ltd. ("We"), with the registered address at 35/F, Tencent Building, Kejizhongyi Road, Maling Community, Yuehai Subdistrict, Nanshan District, Shenzhen.
Personal Information Protection Rules for CrashSight SDK ("the Rules") are prepared mainly for elucidating to third-party developers and their end users ("End user") how the SDK shall process the personal information of end users to realize the relevant features of the SDK, including collection, storage, use, processing, providing, publicly disclose personal information, etc.
Before registration, implementing, and using CrashSight SDK and/or related services, the third-party developer and end users must carefully read the Rules. For a third-party developer, you should inform end users of the Rules, so that they can read and understand the Rules before using any product and/or related services developed, adapted, integrated, and loaded with the SDK by you; and if you do not agree to any content of the Rules, please stop implementing or using the SDK and/or related services immediately, and you can only use the SDK and process the personal information of any end user after obtaining his/her consent.
For sensitive personal information, we specifically indicate with "bold and italic letters" for your attention. For any question on the contents of the Rules, the third-party developer and the end user may contact us at any time with the methods specified in Article 9 herein.

1. End User’s Personal Information to be Collected and Used for Realizing SDK Features

  1. Personal information to be collected from the end user or third-party developer by the SDK when any end user is using features related to the SDK.
    To realize relevant features of the SDK, we shall collect the following personal information from the end user or third-party developer generated when the end user is using the features related to the SDK:
Personal informationPurposeApplication sceneProcessing method
WiFi stateReporting network connection and crash dataFirst launch with network, crash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
Mobile phone modeMake statistics of crash percentageFirst launch with network, crash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
Operating systemMake statistics of crash percentageFirst launch with network, crash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
IDFVMake statistics of crash percentageFirst launch with network, crash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
Custom log by a third-party developerAnalyze crash causesCrash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
Logcat logAnalyze crash causesCrash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
APP crash stacking informationAnalyze crash causesCrash, lag and calling error report interfaceSecured processing with de-identification and encrypted transmission
  1. Applying for relevant system permissions

To realize the relevant features of the SDK, we may apply for specific permissions from the operating system of the end user device via the App by the third-party developer, with the real-life scenes and purposes for application as follows:

Operating systemPermissionFeaturePurposeSceneConsequence of Denied PermissionSetting Management
Android / iosINTERNETNetwork accessReport network connection, crash and error dataFirst launch with network, crash, lag and calling error report interfaceThe product of the third-party developer can operate normally, but game crash data analysis will not be availableSuch permission can be disabled via the system settings or the privacy settings by the third-party developer
Android ACCESS_NETWORK_STATEAccess network stateReport network connection, crash and error dataFirst launch with network, crash, lag and calling error report interfaceThe product of the third-party developer can operate normally, but game crash data analysis will not be availableSuch permission can be disabled via the system settings or the privacy settings by the third-party developer
AndroidACCESS_WIFI_STATEAccess Wifi stateReport network connection, crash and error dataFirst launch with network, crash, lag and calling error report interfaceThe product of the third-party developer can operate normally, but performance data analysis will not be availableSuch permission can be disabled via the system settings or the privacy settings by the third-party developer

Note: The method for displaying and disabling permissions may vary for different devices and systems, so the end user may refer to instructions or guides from the developer for his/her device and operating system. The end user disabling the permission constitutes cancellation of the relevant authorization, and we and the third-party developer shall not continue to collect or use relevant personal information, nor provide the end user with the features corresponding to the above permissions.

  1. Exemption by user consent according to laws and regulations:
  • (1) Required for execution and performance of the contract with the end user;
  • (2) For performing our statutory obligations;
  • (3) In response to sudden public health events, or protecting the life, health and property safety of the end user under emergent conditions;
  • (4) Processing the personal information of end users within the reasonable scope used for news reports, public opinion-based supervision, etc. for public interests;
  • (5) Processing the personal information disclosed by the end user or legally disclosed in other forms within the reasonable scope according to regulations;
  • (6) Other matters required by laws and administrative regulations.

Note: Any information collected by us that cannot be used to identify the identity of the end user individually or when combined with other information shall not be legally deemed as personal information.

  1. Use of personal information We shall process the personal information collected from end users only for realizing the features of the SDK and/or services. If using any personal information collected for other purposes, we shall reasonably inform the end user, and use such information after obtaining the consent of the end user.

2. Compliance Obligation of Third-Party Developers

Before adapting, integrating or loading the SDK to your products, applications or services, the third-party developer should carefully read and accept the relevant service agreement, the Rules and/or compliance guide for third-party developers (or related legal documents of similar nature) published on the official website by us, and perform compliance inspection of the collection and use of personal information by your product adapted, integrated or loaded with the SDK. You should:

  • (1) Collect, use and process the personal information of end users according to laws, regulations and regulatory requirements, including but not limited to preparation and publishing of the privacy policies for personal information protection, etc.;
  • (2) Before adapting, integrating or loading the SDK, inform the end user, for the purpose of providing the features related to the SDK, how the SDK processes the end user personal information (including but not limited to the type of information, purposes of use and application scene), how the SDK sends and shares - the personal information of users to/with other apps or server, third-party SDK, etc. other than you (including the company name of the third party, product/type, name of shared information, purposes of use, application scene, sharing method, and rules for processing third party personal information), and how you will collect, use and share the personal information of end users (including but not limited to listing the name of the provider of the SDK, product/type, name of shared information, purposes of use, application scene, sharing method, and the rules of personal information protection of the SDK); and you have obtained from the end user the adequate, necessary and explicit authorization, consent and approval according to laws (including preparing the dedicated rules for protecting children’s personal information, based on which you have obtained the separate consent from the guardian of the child for providing the personal information of the child as the end user);
  • (3) Not collect any personal information of the end user or start to use the SDK and /or related services before obtaining consent from the end user, unless otherwise permitted by laws and regulations;
  • (4) Have provided the end user with the mechanism for exercising user rights conveniently and complying with laws and requirements of regulatory authorities, and indicated how to exercise the rights for accessing, copying, or deleting personal information, withdrawing the consent, conveniently unsubscribing individualized push, restriction on processing personal information, transferring personal information, obtaining copies of personal information, cancelling the account, etc.;
  • (5) Not set the SDK as automatic start or linked start if not required for the services or without reasonable application scene, and if required, not set automatically starting linked services in default, and indicate explicitly the application scenes and rules for personal information protection in your privacy policies, while complying with relevant laws and regulations, and provide the relevant functions for the end user to freely choose and accept opening linked start or not; If you are an end user, please be noted that we have required the third-party developer to comply with the above compliance obligations. We shall use reasonable care in supervising the third-party developer processing your personal information with the SDK, to protect the security of your personal information. It is difficult for us to control all the acts of the third-party developer in processing personal information, however, if we found any third-party developer fails to fulfill one or more of the aforementioned commitments for compliance, we shall immediately take relevant actions to protect the security of your personal information (including but not limited to immediately require the third-party developer to stop integrating and using the SDK).

3. Sharing, Transfer, and Disclosure of End User’s Personal Information

  1. Sharing
    We shall not share the personal information of end users with our affiliates, partners, or any third party ("the Receiver").
  2. Transfer
    We shall not transfer the personal information of end users to any company, organization or person, except in the following cases:
  • (1)The end user is informed of the type, purpose, mode and scope for the transfer of personal information, and separate consent is obtained from the end user in advance;
  • (2) When a transfer of personal information is required due to merger, separation, dissolution, declaring bankruptcy, etc., we shall inform the end user of the name or the name and contact information of the Receiver, and require the Receiver to continue to perform the obligations as the processor of the personal information. Should the Receiver change the original purposes and mode of processing, we shall require the Receiver to obtain consent from the end user.
  1. Disclosure
    We shall not publicly disclose the personal information of end users, except in the following cases:
  • (1) The end user is informed of the type, purpose, mode, and scope for disclosure of personal information, and separate consent is obtained from the end user;
  • (2) Disclosure is required by/in laws and regulations, legal procedures, suits or competent government authorities.

4. End User’s Management of Personal Information

  1. Response to reasonable requests from end users

We place high importance on the rights of end users for the management of their personal information and use all our efforts to help them manage their personal information, including access, copying, amending or deletion of personal information, withdrawal of consent, restriction on processing personal information, obtaining the copy of personal information, canceling the account, setting privacy functions, etc., so that the end user can protect his/her own privacy and information security. If you are a third-party developer, you should:

  • (1) Provide end users with the specific methods for accessing, copying, amending or deleting personal information, withdrawing the consent, transferring personal information, restricting for processing personal information, obtaining a copy of the personal information, and canceling the account, according to the functional settings of the platform used by the developer.

  • (2) When any end user requests for management of his/her personal information when you use the SDK, and you have confirmed such request involves the personal information processed by the SDK, and our assistance is needed for processing, you should timely contact us according to the methods specified in Article 9 herein, attached with necessary written evidencing information of the request of the end user. We shall time verify the information, and provide the relevant support and cooperation for the end user to exercise his/her rights according to relevant laws and regulations, the Rules and other legal documents. If you are the end user, please be noted that you are not a direct user of us, and have no direct interactive dialogue interface with us, so we have required the third-party developer to undertake to provide methods convenient for exercising the user rights. If requiring access, copying, amending or deleting relevant personal information, withdrawing the consent, restricting the processing of the personal information, obtaining a copy of the personal information or canceling the account, you may ask the third party developer to provide such means for exercising your rights. It is difficult for us to control the actions of the third-party developer, so when the third-party developer fails to provide such means as promised, you may contact us with the methods specified in Article 9 herein, and we shall make coordination, and assist you to ensure the exercise of your rights.
    When you directly contact us for managing your personal information, to better protect the security of your account and personal information, we may need to perform a verification operation and may need your cooperation. In addition, to help you better manage your personal information, we may need to send your request for management of personal information to the third-party developer, and ask the developer for processing, or we and the developer shall jointly process it for you.

If you are an end user, you may manage your personal information according to the following instructions:

  • (1) Accessing, copying and revising the personal information
    When using any features provided by the SDK, you may access, copy and revise relevant personal information according to the guidelines in the privacy policies of the third-party developer during the use of the products or services provided by the third-party developer, or contact us according to the methods specified in Article 9 herein.

  • (2) Deleting personal information
    Under any of the following circumstances, we shall delete any personal information related to you:
    a. We have accomplished the purpose for processing, or cannot accomplish the purpose, or it is no longer necessary for the purpose;
    b. We have stopped providing the service, or the storage period of the information expired;
    c. We received your request for withdrawal of consent;
    d. You deem our processing of personal information is in violation of laws and administrative regulations or the provisions agreed upon;
    e. Other matters specified by laws and administrative regulations. We shall conduct the internal assessment voluntarily and/or upon receiving your deletion request, and for such cases required by laws and regulations, we shall handle them according to relevant procedures, including technical measures. When the storage period specified by laws and administrative regulations does not expire, or it is technically impossible to delete personal information, we shall stop processing other than storage and implement necessary security protection measures.

  • (3) Withdrawing consent
    For personal information processing activities with your consent, you have the right to withdraw such consent. We have provided the third-party developer with the capability to disable the SDK, so you can contact the third-party developer, requesting to disable the products and/or services related to the SDK, and stop collecting and processing the personal information of end users.
    Since we have no direct interactive dialogue interface with you, you may directly contact the third-party developer, or operate in the operating system of the device, to request withdrawal of the consent or disable the permissions, or contact us via the methods specified in the Rules, requesting to withdraw the consent.
    After your withdrawal of the consent for processing personal information, disabling relevant services provided by the SDK, or disabling permissions, we shall no longer provide you with the features and services withdrawn (disabled), or process your relevant personal information. However, your withdrawal of consent will not affect the processing of personal information already performed as approved by you before the withdrawal.

  • (4) Cancelling account
    When expecting the cancel the account registered in the specific product or service of the third-party developer, you may apply for cancellation of such account according to the privacy policies for such product or service.

  • (5) Restricting or refusing others processing personal information
    If expecting to restrict or refuse others to process the personal information, you may act according to the guidelines for privacy policies of the actual product or services provided by the third-party developer, or contact us with the method specified in Article 9 herein.

  • (6) Obtaining a copy of your personal information
    Under the condition of complying with legal regulations, you may request a copy of the personal information. You may act according to the guidelines for privacy policies of the actual product or services of the third-party developer, or contact us using the method specified in Article 9 herein.

  1. Exceptions for responding to requests regarding personal information

Under any of the following circumstances, we may not respond to the request of the end user due to the requirements by laws and regulations:

  • (1) Required for execution and performance of the contract with the end user;
  • (2) For performing our statutory obligations;
  • (3) In response to sudden public health events, or protecting the life, health and property safety of the end user under emergent conditions;
  • (4) Processing the personal information of end users within the reasonable scope used for news reports, public opinion-based supervision, etc. for public interests;
  • (5) Processing the personal information disclosed by the end user or legally disclosed in other forms within the reasonable scope according to regulations;
  • (6) Other matters required by laws and administrative regulations. According to laws and regulations, we may not give a timely response to the request of the end user for personal information management, in case of which we shall make our best efforts to give a reply to the end user as soon as possible.

5. Storage of Personal Information of End Users

  1. Storage Method and Period
    We shall store the information of end users with safe methods, including local storage, database, and server log.
    Generally, we shall only maintain the personal information of end users within the shortest period necessary for accomplishing the purposes specified in the Rules, or according to the conditions/in the scope stipulated by laws and regulations or authorized by the owner of the personal information. However, under the following circumstances and for the purpose of the following circumstances, we may maintain the personal information of end users for a longer period:
  • (1) Comply with applicable laws and regulations, etc.;
  • (2) Observe the judgment, ruling of the court, or requirements of other legal procedures;
  • (3) Observe the requirements of relevant government agencies or other competent authorities;
  • (4) Perform relevant service agreements or the Rules, safeguard the public interest, handle complaints/disputes, and protect the personal and property safety or lawful rights and interests of our clients, us or our affiliates, other users or employees.
  1. Place for Storage
    We shall store the personal information collected in the corresponding areas according to laws and regulations.
    Currently, we shall not conduct cross-border transmission or storage of the personal information of end users. If you are a third-party developer, when we need cross-border transmission or storage in the future, you shall inform end users of the name of the foreign receiver, or the name and contact information, purposes and type for processing, type of personal information, as well as the method and procedures for the individual to exercise the rights toward the foreign receiver as specified in the Rules, and other legal requirements; obtain the separate consent of the end user, complete necessary evaluation procedures, and meet other requirements of laws and regulations.

6. Protection of Personal Information Security of End Users

  1. Security Protection Measures
    We have adopted security protection measures that meet industry standards to protect the personal information provided by end users, to avoid unauthorized access, publishing, use, amendment, damage, disclosure or loss.
    We have employed the industrial leading technical protection measures, including but not limited to a firewall, encryption (e.g. SSL), de-identification or anonymization, access control measures, etc. We shall also continuously enhance the security capability for integrating the SDK in the products or services of third-party developers.
    We have established the management systems, procedures and organization for protecting personal information security, and we shall also review such systems, procedures and organization, to avoid unauthorized access, use or disclosure of the information of end users.

  2. Security Event Handling Measures
    In the event of disclosure, damage, loss of personal information or other security events, we shall trigger the emergency response, to stop the escalation of the event. We shall inform third-party developers via push notice, email, etc. of the basic condition of the security event, handling actions and remedies to be taken or having taken by us, as well as the recommendations for response by the end users and other matters to be disclosed required by laws and regulations. If you are a third-party developer, you should inform end users according to laws and regulations.

7. Handling of Children’s Personal Information

If the SDK involves the personal information of any minor aged below 14 ("Child"), the third-party developer shall inform the parents or other guardians of the child of the Rules and 《Tencent Rules for Protection of Children’s Personal Information》 and obtain their consent.
The guardian of the child, when having any questions on the processing of the personal information of the child under his/her guardianship, or expecting to access, copy, change, withdraw the consent for or delete the personal information of the child, may contact the third-party developer or us with the methods specified in the Rules. When finding any third-party developer who provided the personal information of any child to us without the consent of his/her guardian, we shall delete the personal information of the child as soon as possible and ensure there shall be no further processing of such information.

8. Revision and Updating of the Rules

To provide better services to third-party developers and/or end users, and with the continuous development and changes of the SDK and/or related services, we may revise the Rules from time to time.
For any change of the provisions of the Rules, we will post the notice on the website, etc., indicating the date of effectiveness. In case of any significant change to the processing of the personal information of end users after updating the Rules, the third-party developer shall timely update its privacy policies, and inform end users by pop-up windows and obtain their consent, and when not accepting the Rules, the end user shall stop accessing and using our services.
Significant changes to the Rules include, and are not limited to the following:

  1. Significant change in our service mode, e.g. purpose and type of processing the personal information, the methods for using the personal information, etc.;
  2. Significant change to our ownership structure, organization structure and more, e.g. change of ownership caused by business adjustment, bankruptcy, M&A, etc.;
  3. Change of the responsible department for handling personal information security, contact information, and channel for complaints;
  4. Existence of high risk as shown in the impact evaluation report of personal information security. The Rules form an important part of the service agreements of Tencent SDK developer platforms. We shall also keep the old versions of the Rules on filing, for access and downloading by third-party developers and/or end users.

9. Contact Us

We have established a dedicated team and assigned the leader for personal information protection, and any third-party developer and/or end user, when having any questions, complaints, or suggestions for the Rules or matters related to personal information protection, may contact us with the following methods: (i) Online consultation via https://kf.qq.com/; (ii) Send email to Dataprivacy@tencent.com; (iii) Write a letter to: Tencent Binhai Building, 33 Haitian 2nd Road, Nanshan District, Shenzhen 518054, Guangdong, China. We will review the issues concerned as soon as possible, and give a reply within 15 working days or the period specified in laws and regulations.

10. Miscellaneous

When any third-party developer processes the personal information under any of the following circumstances, we shall require the third-party developer to comply with (General Data Protection Regulation ("GDPR"), if the third-party developer:

  1. Is located in European Economic Area ("EEA"), regardless of whether the processing activities are performed in EEA or not;
  2. Provides goods or services (paid or free of charge) to any individual in EEA, or monitors his/her acts in EEA;
  3. Is not located in EEA, but shall comply with the laws of EEA member states according to international public law (e.g. the embassy or consulate of any EEA member state). For any third-party developer and/or end user from EEA, the legal basis for us to collect and use such personal information shall be subject to the relevant personal information and the actual background for our collection of information. Any third-party developer and/or end user from EEA shall have the right to file a complaint to the competent data protection authorities or litigate suit to any court with jurisdiction according to the applicable data protection laws. For any doubt about the legal basis of our collecting and using personal information or requesting further information, the third-party developer and/or its end user may contact us according to the methods specified in Article 9 herein.