App Privacy Policy
By using this App, you agree to the collection and use of your information in accordance with this policy. This policy is strictly developed in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy supplementary regulations (such as those of British Columbia and Alberta), and applies exclusively to Canadian resident users. In the event of any conflict between this policy and PIPEDA or provincial privacy laws, the applicable regulation shall prevail.
The ORing app and compatible accessories (such as the ORing smart ring) are consumer fitness and wellness products. They are not medical devices and are not intended for medical diagnosis, treatment, or clinical monitoring. Information in the App is for general wellness reference only.
The following information is essential for this App to provide core services and is a necessary prerequisite for wellness and fitness tracking, device connectivity, data synchronization, exercise recording, and other basic functions. Without any of these types, core functions cannot operate normally. The processing of such information is based on PIPEDA's core principles — we process only to the minimum extent necessary to achieve the service purpose, do not exceed necessary limits, and clearly notify you of the purpose of information processing.
Required Basic Information Types and Necessity
Device Basic Information (device model, system version, Bluetooth identifier, hardware identifiers, etc.)
Necessity: Used for smart device pairing, connection stability assurance, fault diagnosis, and account security verification.
Supplementary Note: Hardware identifiers and other device information will be anonymized/de-identified; the processed data cannot identify you personally and is not considered "personal information" under PIPEDA, and is not used for any additional purposes.
Basic Health Data (heart rate, steps, sleep, blood oxygen, body temperature, motion sensor data, etc.)
Necessity: Used to generate wellness insights and activity summaries, exercise records, data displays, status reminders, and other core services.
Supplementary Note: Basic health data is sensitive personal information that requires priority protection under PIPEDA. We process this data based on your explicit consent, strictly following the principles of "purpose limitation" and "data minimization," not using it for any purpose unrelated to the service, and applying additional security protection measures.
Basic Account Information (email, identifiers, registration information)
Necessity: Used for identity verification, account management, cloud data synchronization and secure storage.
Supplementary Note: Account identifiers are stored with strict encryption; email addresses are used only for account verification and security notifications, not for marketing or third-party sharing, in compliance with PIPEDA requirements for personal information storage and use, ensuring transparency in information processing.
The information collection and use described in this section complies with PIPEDA's eight core principles. All personal information processing is carried out with your explicit consent (or in accordance with statutory exceptions), used only for the purposes clearly stated in this section, and not changed without authorization; any change of purpose will require your separate written consent.
Health Data
This App reads your health-related data through Bluetooth connection to smart wearable devices (such as smart rings). This data includes: heart rate, steps, sleep data, oxygen level from the wearable (wellness reference), skin temperature (surface temperature, not internal body temperature), biological sex, and date of birth. We use this data to generate personalized wellness insights and activity analysis for you, and to help analyze your heart rate zones and physical condition. We do not use your health data for marketing or advertising purposes.
Supplementary Notes: 1 You may withdraw your consent to health data processing at any time; upon withdrawal, we will cease processing your health data (however, data already processed based on consent that is needed for compliance retention or completed analytical services will be handled in accordance with PIPEDA requirements and will not be used for new processing activities); 2 Health data is retained for the duration your account is active. After you actively delete your account, we will delete all your health data within a reasonable period (normally not exceeding 30 days) in accordance with PIPEDA requirements. If you have not logged in for more than 12 consecutive months, we may treat the account as inactive, and will send a notification to your registered email before deleting data, giving you a 30-day opportunity to log in and retain your data. If the law requires extended retention, we will comply; 3 Your health data will be stored on AWS Canada servers, strictly complying with PIPEDA data security and cross-border transfer requirements, without any cross-border transfer (unless your explicit consent is obtained and the transfer complies with PIPEDA cross-border transfer provisions).
Location Information
This application accesses your precise location information (GPS) solely for distance calculation and route display in the exercise recording function. Location information is only collected while you actively have the exercise recording function enabled, including continuous background recording when the device screen is locked during exercise (to ensure route completeness), and collection stops immediately after exercise ends. Location data is processed locally on the device in real time, will not be uploaded or sent to any server, and is not subject to cross-border transfer. We do not use your location information for marketing or advertising purposes. Please note: after disabling precise location permission (GPS), distance calculation in the exercise recording function will be inaccurate, resulting in inaccurate exercise data.
Camera and Photo Library
We access camera permission for taking photos when changing your avatar and uploading feedback photos; we access photo library permission for selecting avatar images, selecting images for feedback, and saving shared images to the photo library. The above functions are only triggered when you authorize and actively use them; we do not access your camera or photo library in the background.
Bluetooth
We access Bluetooth permission to connect and synchronize your smart wearable device. Bluetooth data is used only for device pairing and health data synchronization, and will not be used to track your location or identity. Synchronized health data, when you actively trigger synchronization, is uploaded to our AWS Canada servers via encrypted HTTPS connections for providing data analysis services, without any cross-border transfer.
Notifications
We access notification permission to send you application messages, health reminders (such as low battery alerts), and status updates. After disabling notification permission, important security notifications such as data breach alerts can still be viewed in the App at "My > Settings > Privacy Settings > Violation Notifications."
You can independently control the following non-core required permissions through "My > Settings > Privacy Settings > Device Privacy Permissions": precise location permission, camera permission, photo library permission, notification permission (device privacy permissions serve as a portal entry that will guide you to the system settings page).
After disabling precise location permission: the exercise recording function can be used normally, but distance calculation will be inaccurate, resulting in deviations in exercise data; core App functions such as wellness insights, sleep summaries, and data synchronization are not affected.
After disabling camera, photo library, and notification permissions, only the corresponding functions become unavailable; the main App service is not affected.
In accordance with relevant PIPEDA provisions, you enjoy the following personal information rights. This App has provided corresponding functional entry points and convenient processing procedures for each right. All information rights requests are initiated through the same interface; clicking the corresponding item will open the "Information Request" form, and we will process your legitimate requests free of charge.
1 Right of Access
You have the right to access all personal information held by this App about you, including basic account information, exercise and health data, device information, types of data processed by third-party SDKs, and information sharing records. Request entry: "My > Settings > Privacy Settings > Data Rights > Data Access." We will provide a complete information report within 30 business days of receiving the request; if extension is needed, it will not exceed 60 days, and you will be notified in advance of the reason for the extension and the expected completion time, in compliance with PIPEDA time limits.
2 Right of Rectification
If you find that your personal information held by this App is inaccurate or incomplete, you can submit a correction through "My > Settings > Privacy Settings > Data Rights > Data Correction." We will verify and correct it within 30 business days and notify you of the result.
3 Right of Erasure
You have the right to request deletion of your personal information held by us. We commit to: completing deletion within 30 business days of receiving a valid deletion request; sending you a confirmation notification after deletion is complete; simultaneously notifying relevant third-party SDKs to delete the corresponding information they have processed; except for information required to be retained by law and regulation, in which case you will be informed of the reason for retention and the retention period. Deletion entry: "My > Settings > Privacy Settings > Data Rights > Data Deletion."
4 Right to Account Cancellation
This entry is for deleting the entire account and all associated information, path: "My > Settings > Account & Security > Cancel Account."
5 Right to Data Portability
You have the right to request that we provide your personal information (including account information, health data, exercise records, etc.) in a structured, commonly used, machine-readable format. Request method: send an email to privacy@opove.com noting "data portability request"; we will provide a copy of your personal information in a structured, machine-readable format within 30 business days of receiving the request, with a maximum extension of 60 days.
6 Right to Object
You have the right to object to our use of your personal information for purposes unrelated to the original collection purpose. If you raise an objection, we will cease such processing unless we can demonstrate legitimate and reasonable grounds that override your privacy interests. Objection method: please submit through "My > Settings > Privacy Settings > Complaint Channel," or send an email to privacy@opove.com noting "objection to processing request"; we will respond within 30 business days.
7 Right to Withdraw Consent
You have the right to withdraw your consent to personal information processing at any time (such as health data processing, location information collection, etc.); withdrawal of consent does not affect the lawfulness of processing already carried out based on consent before withdrawal. Withdrawal entry: "My > Settings > Privacy Settings > Consent Management"; upon withdrawal, we will immediately cease processing of the relevant information.
8 Rights Related to Automated Decision-Making
The AI functions in this App are used solely to generate health data interpretation reports for you, and will not make fully automated decisions with legal effects or significant impacts on you, nor will they provide automated alerts. This complies with PIPEDA requirements regarding automated decision-making. If you have objections to AI-generated reports, you can submit them through "My > Settings > Privacy Settings > Complaint Channel"; we will respond within 7 business days.
This App has commissioned the following third parties to process personal information. In accordance with PIPEDA requirements, we have implemented necessary management and supervision of commissioned parties, clearly defined their information processing permissions and responsibilities, and ensured that personal information processing is lawful, secure, and does not exceed the scope of the commission.
To ensure data security and compliance requirements, this App has deployed AWS Canada servers. Your core business data is all stored on AWS Canada servers, strictly enforcing the principle of no cross-border data transfer (unless your explicit consent is obtained and the transfer complies with PIPEDA cross-border transfer provisions). Detailed local server information can be viewed through "My > Settings > Privacy Settings > Local Server Information," containing specific information about the AWS Canada data center, legal basis, protective measures, etc.
1 Apple Inc (United States)
Commissioned Content: Account authentication, identifier management
Data Processed: Account identifiers, email addresses (used only for login authentication-related functions)
Data Description: Necessary only to implement functionality, does not involve cross-border transfer of core business data, and a commissioned processing agreement compliant with PIPEDA requirements has been signed.
Compliance Assurance: A Data Processing Agreement (DPA) has been signed, clearly defining information processing boundaries, ensuring that commissioned processing is transparent and secure.
Privacy Policy: https://www.apple.com/legal/privacy/
2 Google LLC (United States and Global Data Centers)
Commissioned Content: Map display, account authentication (does not involve location information processing; location information is processed only locally on the device)
Data Processed: Account information, map logs (used only to implement corresponding functions, does not involve location information processing)
Data Description: Necessary only for service, core business data does not cross borders, and the processing complies with PIPEDA security requirements.
Compliance Assurance: A Data Processing Agreement (DPA) has been signed; regular inspections of commissioned party information protection measures are conducted.
Privacy Policy: https://policies.google.com/privacy
3 Functional Software, Inc (Sentry) (United States)
Commissioned Content: Crash collection, error diagnosis, performance monitoring
Data Processed: Error logs, device information (anonymized/de-identified)
Purpose of Use: Used only for App function optimization and stability improvement
Data Description: Does not involve cross-border transfer of core business data; processed data cannot identify individuals.
Compliance Assurance: A data processing agreement containing information protection clauses has been signed; regular inspections of data protection and security measures are conducted.
Privacy Policy: https://sentry.io/privacy/
Information Inquiry
Details of commissioned parties, compliance agreements, and local server deployment information can be viewed in "My > Settings > Privacy Settings > Third-Party Commissioned Processing Information."
Ova is an AI health data interpretation function provided within the ORing App, used to generate periodic analyses and reference descriptions based on your authorized health data. Ova is not a real-time conversational AI; it only generates interpretation reports when you actively trigger it, and no reports are generated without triggering. Its interpretation results are stored only in local records within the application or in AWS Canada backend logs, without any cross-border transfer.
When using the Ova function, only after you actively trigger the AI analysis command will we process your authorized health data (such as sleep, activity, heart rate, etc.) to generate an interpretation report for you. If you do not trigger this function, we will not proactively process any related data or generate reports, and the data will not be used for any other purpose. The above data will not be used to identify your personal identity, nor will it be used for advertising or marketing purposes. Unless required by law and regulation or with your explicit authorization, we will not disclose relevant data to any unauthorized third parties.
You understand and confirm that the content provided by Ova is used only for health data interpretation and reference, and does not constitute a medical diagnosis, treatment recommendation, or any form of medical behavior. Data collected by wearable devices and AI analysis results may deviate due to wearing method, environmental factors, or technical limitations; the related interpretations do not guarantee complete accuracy or applicability to your specific situation. Opove is not responsible for any decisions you make based on the above interpretations or the consequences thereof.
PIPEDA Compliance Supplement
Type and purpose of data used by AI functions: AI functions only analyze your authorized health data, generate reports, and output them to you after you actively trigger them, with no other additional functions; if not triggered, no reports are generated and no related data is processed.
Refined authorization choices for AI data: The "Ova Data Access" toggle at the top of the privacy settings page ("My > Settings > Privacy Settings") allows you to independently control whether to allow AI to analyze your exercise and health data to generate reports (even with authorization enabled, you still need to actively trigger report generation); the option to use anonymized data for model improvement and new feature testing is disabled by default, and no authorization entry for this is provided.
Automated Decision-Making Statement: The AI functions in this App are used solely to generate health data interpretation reports for you, and will not make fully automated decisions with legal effects or significant impacts on you, nor will they provide automated alerts such as abnormal heart rate warnings.
Google Account Login (Google Sign-In)
Purpose of Use: Provides the ability to log into this application with one click using a Google account, for identity verification and account association.
Types of Personal Information Collected: Basic profile information under your Google account (such as nickname and avatar), unique user identifier, email address (subject to your authorized scope).
Cross-Border Transfer Description: Your login information will be transferred to Google servers in the United States for processing (only data related to the Google login function). This App's core business data is stored on AWS Canada servers, without any cross-border transfer. Detailed local server information can be viewed through "My > Settings > Privacy Settings > Local Server Information."
Operating Entity: Google LLC (United States)
Privacy Policy: https://policies.google.com/privacy
Login with Apple (Sign in with Apple)
Purpose of Use: Provides the ability to log into this application with one click using an Apple account, for identity verification and account association.
Types of Personal Information Collected: Name you choose to provide, email address that can be hidden (or Apple-provided private relay email), unique user identifier.
Cross-Border Transfer Description: Your login information will be transferred to Apple servers in the United States for processing (only data related to the Apple login function). This App's core business data is stored on AWS Canada servers, without any cross-border transfer. Apple does not use your personal information for advertising purposes.
Operating Entity: Apple Inc (United States)
Privacy Policy: https://www.apple.com/legal/privacy/
This App implements compliance management of personal information processing in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy supplementary regulations, strictly complying with all PIPEDA requirements and safeguarding the personal information rights of Canadian residents. A summary of compliance content can be viewed through "My > Settings > Privacy Settings > Qualification Filing Information."
Main Compliance Content:
1 Transparent Notification: Upon first login, you are clearly informed of the purpose, scope, methods of use, retention period, third-party commissioning status, and your rights regarding personal information processing, ensuring your right to know;
2 Information Rights Protection: All rights under PIPEDA are provided to you, including access, rectification, erasure, portability, objection, and withdrawal of consent, with convenient request entries and timely processing of your various requests;
3 Third-Party Commission Management: Data Processing Agreements (DPAs) compliant with PIPEDA requirements are signed with all third-party commissioned parties, with regular audits, clear definition of commissioned party responsibilities, and ensuring that commissioned parties process personal information in compliance;
4 Information Security Assurance: Security measures such as encrypted storage, end-to-end transmission, and access control are taken to prevent personal information leakage, tampering, and loss; regular security assessments are conducted;
5 Privacy Impact Assessment (PIA): For processing activities that may generate high risks, such as health data processing and AI functions, PIAs have been completed; assessment results are available for public review;
6 Breach Notification: In the event of a personal information breach that may have a significant impact on your rights and interests, we will notify you promptly upon discovering the breach, take necessary remedial measures, and record the breach.
Compliance-related qualification filing information can be viewed through "My > Settings > Privacy Settings > Qualification Filing Information," including the contact information of the Privacy Officer, information processing filing, and server security certification.
Privacy Protection Officer, Canada
Please note that the email service support hours are Beijing Time business days 9:00–17:00 (corresponding to Eastern Canada Time 21:00 the previous day – 05:00 the next day, Pacific Time 18:00 the previous day – 02:00 the next day), with a significant time difference. We will reply within the next Beijing Time business day upon receipt of the email. For urgent data security issues, please prioritize using the emergency reporting function at the bottom of "Privacy Settings > Violation Notifications" in the App, which provides 24/7 rapid response to ensure your urgent needs are addressed promptly.
PIPEDA-related contract disclosures (including third-party DPA agreements) can be viewed through "My > Settings > Privacy Settings > Qualification Filing Information," displaying core contract terms.
The complete PIA report (Privacy Impact Assessment) can be viewed through "My > Settings > Privacy Settings > PIA Summary / Privacy Impact Assessment," displaying the assessment scope, risk identification, mitigation measures, AWS Canada server and core data assessment, etc.
In-App privacy complaints dedicated entry: "My > Settings > Privacy Settings > Submit Complaint." Here you can select the complaint type (local server storage / core health data consent / server security / general complaint), fill in descriptions and contact information, and submit. You can also view the contact information of the Canadian Privacy Commissioner at this entry and directly initiate a complaint.
Upon receiving a complaint, we commit to: sending an acknowledgment within 3 business days; completing the investigation and providing a written response within 30 business days; if an extension is needed during the investigation, notifying you in advance of the reason and expected completion time; if the complaint is substantiated, immediately initiating rectification and informing you of the rectification measures.
Canada Region: Privacy Appeal Channel
If you are dissatisfied with this App's processing result, or believe this App has violated PIPEDA, you have the right to directly file a complaint with the Office of the Privacy Commissioner of Canada (OPC) free of charge.
OPC inquiry entry in the App: "My > Settings > Privacy Settings > Submit Complaint > Canada OPC Inquiry," where you can view the OPC official website, contact information, and complaint procedures, and also directly navigate to the OPC's complaint page through this entry.
OPC official website: https://www.priv.gc.ca/, complaint consultation email: info@priv.gc.ca.
In addition, you may contact this App's Canadian Privacy Protection Officer at any time to inquire about privacy-related issues or submit a complaint. Contact information can be viewed through "My > Settings > Privacy Settings > Qualification Filing Information":
Service support hours are Beijing Time business days 9:00–17:00; for urgent needs, please prioritize submitting through the in-App emergency reporting function.
We take your information security seriously. However, please note that no electronic transmission or storage method is 100% secure. Although we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. Breach notifications (data breaches / security incidents) can be viewed through "My > Settings > Privacy Settings > Violation Notifications," displaying historical breach events, affected data, remedial measures, and recommended user actions.
We may update this Privacy Policy from time to time. In the event of significant changes, we will notify you 30 days in advance through in-App notifications and registered email, and re-obtain your consent where necessary. The updated policy takes effect upon publication. Without your consent, we will not change this policy in any way to allow additional collection of your personal information or other significant adjustments.
Service Provision: This App is provided "as is." We strive to ensure the stability and accuracy of the service, but do not guarantee that the service will be uninterrupted or error-free at all times, nor do we guarantee the absolute accuracy of data.
Limitation of Liability: To the maximum extent permitted by law, we are not liable for indirect losses or data loss not caused by our intentional or gross negligence. This provision does not affect any mandatory rights granted to you by PIPEDA, nor does it relieve us of our data protection obligations under PIPEDA.
This disclaimer applies to the maximum extent permitted by law and does not affect any mandatory rights granted to you by PIPEDA and other applicable Canadian laws and regulations.
Operating Entity: Shenzhen Shufang Innovation Technology Co., Ltd.