OneTapLight - Privacy Policy

1. Information Collection

OneTapLight ("this app") is developed by Shenzhen Aschip Technology Co., Ltd. We take your privacy protection very seriously.

1.1 Information We Do NOT Collect

• Personal identification information (such as name, phone number, email address, ID number, etc.)
• Precise location information (such as GPS coordinates)
• Contacts, SMS messages, call records
• Photos, media files or other document contents on your device
• Bank card, payment account or other sensitive personal information

1.2 Technical Data

To provide Bluetooth connection and QR-code configuration as core functions, this app may locally access the following technical information on your device:

• Bluetooth connection status: Used only to scan for, connect to and control your smart lighting devices, and not used to identify personal identity or track users across devices.
• Device orientation/sensor information (such as accelerometer): When you actively enter the QR-code configuration screen and use the camera to scan, the system or scanning component may briefly access device orientation-related information (for example, accelerometer/gravity sensor data used for portrait/landscape detection or image stabilization). This is only used to optimize QR-code recognition and image display, and is not read, separately stored, or transmitted to any server by this app.
• Location information (Android 12 and below only): Due to system requirements, some lower Android versions require location permissions when scanning nearby Bluetooth devices. This app only uses this permission together with the system to complete Bluetooth device scanning and connection. It does not obtain or record your specific location information (such as latitude and longitude), is not used for location positioning or behavior tracking analysis, and does not upload any location information to servers.

1.3 Network Data

When you use the QR-code scanning feature to download configurations or update icons, the app will:

• Access servers - Only to download device configuration information or button icons, and it will not upload any user data to the server.
• No personal identification - It cannot identify any specific user identity.

2. Information Use

The technical data we access locally on your device is only used for the following purposes directly related to app functionality:

• To perform Bluetooth scanning, connection and control of smart lighting devices.
• When you actively use the QR-code scanning feature, to complete QR-code parsing and downloading of device configuration information.
• In QR-code scanning scenarios, to use device orientation/sensor information (such as accelerometer) via the system or camera component to improve scanning success rate, image stability and overall experience, without any other purposes.

3. Information Storage

All data is only stored locally on your device. We will not:

• Store any of your information on servers
• Transmit data to third-party servers
• Create user profiles or databases

4. Data Sharing

We promise:

• Not to share any data with third parties
• Not to sell user information
• Not to use for advertising
• Not to use for user profiling analysis

5. Data Security Protection Measures

We take your personal information security very seriously and have implemented security protection measures that meet industry standards to protect your personal information, preventing unauthorized access, disclosure, use, modification, damage, or loss of personal information. The measures and capabilities we take in personal information protection include but are not limited to the following aspects:

5.1 Identity Authentication

This app takes the following identity authentication measures in personal information protection:

• No User Registration Required: This app does not require user registration or login, and does not involve collection of user identity information. Therefore, identity authentication is not required. All data is stored only locally on the device and will not be associated with any user identity information.
• Device-Level Protection: The app relies on the security mechanisms of the device operating system, including device lock screen passwords, biometric authentication, and other identity verification methods, to ensure that only authorized users can access app data on the device.
• Future Extensions: If account functionality is added in the future, we will implement identity authentication using security measures such as encrypted password storage and two-factor verification.

5.2 Data Encryption

This app takes the following data encryption measures in personal information protection:

• Local Data Storage Encryption: All locally stored data is protected using encryption storage mechanisms provided by the Android/iOS system. Data stored in the app's private directory is protected by system-level permissions, and other apps cannot directly access it.
• Network Transmission Encryption: When the app needs to access the network to download device configuration information or icons, all network communications use HTTPS protocol for encrypted transmission, ensuring security and integrity during data transmission.
• Sensitive Information Protection: The current version of this app does not involve sensitive data storage. If sensitive information needs to be stored in the future, we will use strong encryption algorithms such as AES-256 to encrypt and store sensitive data, ensuring that data cannot be read even if accessed without authorization.

5.3 Access Control

This app takes the following access control measures in personal information protection:

• Principle of Minimum Permissions: We strictly control app permissions and only request necessary permissions related to functionality (such as Bluetooth permissions, camera permissions, etc.), and will not request permissions unrelated to functionality.
• Data Access Control: All locally stored data is only accessed within the app and is not exposed externally. The app uses the sandbox mechanism provided by the system to ensure app data is isolated from other apps and prevent unauthorized access.
• Third-Party SDK Management: We strictly review third-party SDKs used (such as Bluetooth SDK) to ensure their permission usage complies with the principle of minimum necessity and does not collect or transmit user personal information.
• Code Signature Verification: App installation packages are code-signed to ensure the app source is trustworthy and prevent malicious tampering or replacement.

5.4 Malicious Code Prevention

This app takes the following malicious code prevention measures in personal information protection:

• Code Security Review: We regularly conduct code security reviews during development to ensure the app code does not contain malicious code, backdoors, or unauthorized data collection functions.
• Third-Party Library Security Audit: We conduct security assessments of all third-party libraries used, only use open-source libraries from trusted sources that have been security verified, and promptly update them to fix known security vulnerabilities.
• App Update Security Verification: All app updates undergo security verification and code signing to ensure the integrity and security of update packages. Apps are only updated from official app stores or trusted channels.
• Runtime Protection: The app runtime relies on operating system security mechanisms, including process isolation and memory protection, to prevent malicious code injection or attacks.

5.5 Security Audit

This app takes the following security audit measures in personal information protection:

• Regular Security Assessment: We regularly conduct security assessments and vulnerability scans of the app to identify and fix potential security risks, ensuring continuous improvement of app security.
• Security Incident Response Mechanism: We have established a security incident response mechanism. If security vulnerabilities or data breach risks are discovered, we will immediately take remediation measures. If a security incident involves personal information disclosure, we will notify affected users in accordance with relevant regulations.
• Compliance Check: We regularly check privacy policy compliance to ensure it meets the latest regulatory requirements such as "GB/T35273-2020 Information Security Technology - Personal Information Security Specification" and promptly update the privacy policy in response to regulatory changes.
• Development Process Control: We establish security control mechanisms at all stages of app development, testing, and release to ensure each version undergoes security review before release.

We commit to continuously improving and enhancing personal information security protection measures, adopting the latest security technologies and standards to provide more reliable protection for your personal information security.

6. Third-Party Services

This app may use the following third-party services:

• Bluetooth service - System-level Bluetooth functionality, not involving user data transmission
• Server - Only for downloading device configuration information and updating button icons
• App store service - Only for app update checks

7. User Rights

You have the following rights:

• Understand how we handle your data
• Request us to explain data processing methods
• Stop using the app at any time
• Contact us to resolve privacy-related issues

8. Children's Privacy

This app does not collect anyone's personal information, and of course it does not collect information from children under 13.

9. Policy Updates

We may update this privacy policy. When updating, we will:

• Display update notifications in the app
• Update the effective date of this page
• Push notifications through app updates

10. Contact Us

11. Legal Application

This privacy policy is governed by the laws of the People's Republic of China. Any disputes should be resolved through friendly consultation.