Privacy Policy

Last Updated Date: November 21, 2024

Effective Date: November 21, 2024

XORIGIN AI (referred to as "we") understands the importance of protecting your personal information and will protect your personal information and privacy in accordance with laws and regulations and industry best practices. We have formulated this "Privacy Policy" and specially remind you to carefully read and understand this Privacy Policy before using XORIGIN AI and related services, so that you can make appropriate choices.

This Privacy Policy will help you understand:

This Privacy Policy ("Privacy Policy" or "Policy") outlines Shenzhen Xuanyuan Technology Co., Ltd, Ltd and its affiliated companies ("XORIGIN AI", "we", "our") collect and use information from you.

This policy applies to all websites, mobile applications, electronics and toy products, and other services provided by XORIGIN AI that link to this policy, as well as our offline services (collectively referred to as "Services").

When you use or enable relevant functions or use the Services, we will collect and use relevant information as necessary to achieve the functionality and services. Except for necessary information required to achieve business functions or as stipulated by applicable laws and regulations, you may choose not to provide it without affecting other functions or services. We will specify item by item in the Privacy Policy the information we intend to collect.

Permissions such as album storage and Bluetooth will not be enabled by default. They will only be used for specific functionalities or services after explicit authorization from you, and you can revoke such authorization. It is particularly important to note that even if you authorize us to obtain these sensitive permissions, we will not collect your information when the relevant functionalities or services do not require it.

Any undefined capitalized terms herein are defined according to the Terms of Service of XORIGIN AI.

The following sections will provide you with detailed information on how we collect, use, store, transfer (if applicable), and protect personal information; how you manage your personal information. This policy is closely related to your use of our Services, and we recommend that you carefully read and understand the entire content of this policy to make an appropriate choice. Important clauses concerning your rights to personal information are highlighted in bold, please pay special attention.

We Collect Information
How We Use the Information We Collect
Circumstances Under Which We Disclose Collected Information
Online Analytics and Customized Advertising
Your Choices
Regional Privacy Disclosure
Children's Privacy
Security
Consent to Transfer
Links to Third-Party Websites
Changes to This Policy
Contact Us

1. Information We Collect

When you visit or use our Services, we collect various types of information based on your usage. It is important to note that certain information is critical for us to provide the Services. If you choose not to share this essential information or request its deletion, you may lose access to certain Services. The information we collect can be categorized into three types: information you directly provide to us, information automatically collected from your interactions with our Services, and information we obtain from other sources.

Information You Directly Provide to Us

We collect information from you in various ways. This happens when you interact with our Services, communicate with us, register an account, subscribe to our newsletters, or participate in promotions. The information you provide may relate to yourself and others and may include a variety of data types, including but not limited to:

Email address;
Username;
Payment information (such as information processed through our payment providers);
Your user content, as defined in the Terms of Service, including chat communications, posted images, and shared characters;
Content of your communications with us.

You are not obligated to provide this information to us, but please note that without this information, certain features of some Services may not be accessible or usable.

Information We Automatically Collect

In collaboration with third-party service providers, including ad networks and analytics companies like Google Analytics, we may use cookies, web beacons, and other tracking technologies to collect information about the computer or device (including mobile devices) you use to access our Services. Below are types of information we may collect and analyze, including but not limited to:

(a) Browser type;
(b) ISP or operating system;
(c) Domain;
(d) Access time;
(e) Referring or exit page;
(f) Number of page views;
(g) IP address;
(h) Unique device identifier (e.g., IDFA or Android ID);
(i) Version of the Service you are using;
(j) Type of device you are using.

We also track when and how frequently you access or use our Services, including your interactions and navigation on our website or mobile app. This information, including data collected by our third-party service providers, is used for analysis—identifying the most commonly used parts of our Services and understanding user preferences—evaluating the success of our advertising campaigns, and for other purposes described in this policy.

We and our third-party service providers may use cookies, clear GIFs, pixel tags, and other technologies to better understand user behavior, customize preferences, conduct research and analysis, and enhance the Services. These technologies allow us to tailor the Services to your needs, such as saving your password securely, tracking the pages you visit, assisting content management, and collecting statistics on the use of our Services. Additionally, we or our third-party service providers may use some of these technologies in emails sent to customers. This helps us monitor email response rates, determine when our emails are viewed, and track whether our emails are forwarded.

Most web browsers are set to automatically accept cookies, but you can change your browser settings to reject cookies if you wish. Please note that disabling cookies may limit your ability to fully utilize the Services, as the Services may not function as expected without cookies. As we introduce new technologies, we may also collect additional information through various methods.

When you access the Services, we may collect general location information, which can be inferred from your IP address.

Information Collected from Other Sources

We may also collect information about you from external sources. For example, if another user recommends you to us or when you interact with our profiles on social media platforms (such as Facebook or Instagram), we may obtain information about you from these third parties.

Information Collected Through Third-Party Accounts

Whenever you connect your account to a third-party account, such as a social media account ("third-party account"), we may collect certain information. This collection is based on the permissions you grant and may include data from your third-party account. For example, by connecting to our Services using third-party accounts such as Facebook or Google, we receive information that helps us identify your account in those services. We safely collect and store this information to simplify the process of connecting to our Services.

The decision to link your account to a third-party account is entirely yours. When you start the connection, you will have the opportunity to provide your consent. If you decide to revoke this permission, you can do so by logging into the third-party account and disconnecting our Services there, or easily through the native application on your smartphone. It is important to note that we may retain information we previously collected from you.

2. How We Use the Information We Collect

We may use your information for any of the following purposes:

Provide and manage Services;
Personalize Services;
Communicate with you, including informing you of potentially interesting service features or aspects, or communicating changes to our terms, conditions, or policies;
Other communications with you, such as responding to your inquiries, comments, feedback, or questions;
Analyze, maintain, improve, modify, customize, and measure Services, including training our artificial intelligence/machine learning models;
Develop new programs and Services;
Detect and prevent fraud, criminal activities, or misuse of our Services, and ensure the security of our IT systems, architecture, and network;
Comply with legal obligations and legal proceedings, and protect our rights, privacy, safety, or property, as well as the rights, privacy, safety, or property of our affiliates, you, or others, including enforcing our Terms of Service and any other agreements;
Execute any other purpose for collecting information.

We may combine the information collected through the Services with information we obtain from other sources. We may also aggregate and/or de-identify the information collected through the Services. We may use de-identified or aggregated data for any purpose, including but not limited to research and marketing purposes.

3. Circumstances Under Which We Disclose Collected Information

We may disclose your information in the following circumstances:

(i) To protect or defend the rights or property of XORIGIN AI, including enforcing this policy, our Terms of Service, or any other agreement;

(ii) To ensure the safety of XORIGIN AI, our agents and affiliates, our employees, users, and the public.

Affiliates: We may share information with our affiliates, which refers to any entity controlling XORIGIN AI, controlled by XORIGIN AI, or jointly controlled with XORIGIN AI. Our affiliates may use the information we share in a manner consistent with this policy.
Suppliers: We may share your information with employees, consultants, and other service providers who need access to such information to perform work or services on our behalf. This group may include data storage providers, payment processing, technical support and services, customer service, analytics, fraud prevention, legal services, and marketing services providers.
Protecting XORIGIN AI and Others' Safety: If we sincerely believe it is necessary or appropriate:
Advertising and Analytics: As of the effective date of this policy, we do not engage in advertising. However, in the future, we may share or provide part of your information with advertising and analytics partners to publish ads on the internet on our behalf and provide analytics services. These partners may use cookies and tracking technologies to track and analyze data, evaluate the popularity of content, deliver targeted ads and content based on your interests, and enhance understanding of online activities. For more details on managing your browsing information for advertising purposes, see the "Online Analytics and Customized Advertising" section below.
Legal Requirements: If we sincerely believe it is necessary to comply with law enforcement, legal, or regulatory procedures, we may disclose certain information. This includes responding to search warrants, subpoenas, court orders, or complying with applicable laws and regulations.
Business Transfers: In the event of a merger, sale of company assets, financing, or acquisition of all or part of our business by another company, we may disclose certain information during the transaction or negotiation process.
Your User Content: Actions you take on our Services may be visible to other users or result in sharing content with them. For example, creating user content, such as shared characters, makes that content accessible within the Services. Similarly, participating in group chats means you request us to share your chat content with other members of that chat room, which may include roles and other users within the Services.
Other Disclosures With Your Consent or At Your Direction: Upon your consent or at your direction, we may share your information with unrelated third parties. For example, if you choose to recommend our Services to your friends or acquaintances, you can instruct us to share certain information about you with them.

4. Online Analytics and Customized Advertising

Analytics: We use third-party web analytics services in our Services, including Google Analytics. These services use technologies mentioned in the "Information We Automatically Collect" section to help us understand user interactions with the Services, such as identifying the third-party websites you use to connect to our Services. These technologies collect information, which is then disclosed or directly collected by these suppliers, who analyze your use of the Services. Additionally, we may use Google Analytics for advertising-related purposes, as described in subsequent sections. If you want to prevent Google Analytics from using your information for analysis, you can install the Google Analytics browser plugin to opt-out.

Customized Advertising: Although we currently do not engage in advertising according to the latest update of this policy, in the future, we may allow third-party advertising networks to use cookies or other tracking technologies to collect information about your use of the Services. This data collection aims to (a) provide, optimize, and serve marketing content based on your previous interactions with our website and other Services, and (b) evaluate the effectiveness of our marketing content and its relationship with interactions with our Services. We may also authorize other non-affiliated entities (such as advertising networks and servers similar to Google Analytics) to provide personalized marketing to you and use their own cookies or tracking technologies. Entities using these technologies may provide you with options to opt-out of targeted advertising. Customized advertisements may be delivered to your device through web browsers. Cookies may be associated with data you voluntarily provide to us (such as your email address), and we may share this data with suppliers in hashed, unreadable formats.

If you are interested in learning more about customized advertising and controlling cookies for targeted marketing, you can refer to the following resources:

Network Advertising Initiative (NAI): Visit NAI's consumer opt-out page to block cookies from providing personalized ads to member companies.
Digital Advertising Alliance (DAA): Use DAA's consumer opt-out link to opt-out of tailored ads from participating companies.
European Interactive Digital Advertising Alliance: For European users, this alliance provides a similar opt-out mechanism.
To manage Google’s personalized ads or adjust Google Ad Network ad settings, visit the Google Ads Settings page.

Please note that opting out of customized advertising does not mean you will no longer see ads on our Services; it just means the ads will not be tailored to your interests. Additionally, we do not control the opt-out links provided above and cannot guarantee their effectiveness or the accuracy of these mechanisms.

Please note that if your browser rejects cookies, clears cookies, changes computers, or switches web browsers after opting out, your opt-out preference may no longer be effective.

5. Your Choices

We provide you with several options to control the collection, use, and sharing of your information:

(i) Request detailed information about the categories of personal information we collect and disclose, and the purposes for which we collect this information, as described in this policy.

(ii) Access and/or obtain copies of specific information we hold about you.

(iii) Object to our processing of your information for direct marketing purposes.

(iv) Correct outdated or incorrect information we hold about you.

(v) Request the deletion of certain information we hold about you.

(vi) Restrict how we process and share your specific information.

(vii) Transfer your information to third-party service providers.

(viii) Opt-out of analytical processing used to make decisions with significant legal or similar effects (where applicable).

(ix) Revoke your consent for processing your information (where legally permissible).

Profile Information: You can disable your account through the profile page of your account. Additionally, you can verify, correct, update, or delete some of your information through the same page.
Marketing Communications: To unsubscribe from our marketing emails, simply follow the instructions provided in these emails. Please note that opting out of marketing communications does not exempt you from receiving administrative messages related to our Services, such as updates to our Terms of Service or Privacy Policy.
Cookies and Analytics: You can opt-out of certain cookie-related and analytics activities by following the instructions outlined in this policy.
Rights Regarding Your Information: Depending on your place of residence, local laws may give you certain rights regarding personal information, including being able to:

You may designate an authorized agent to submit requests on your behalf. To do so, you must provide your authorized agent with a signed written permission or power of attorney. In jurisdictions where permissible, we may also directly contact you to confirm your identity before processing any request made by your authorized agent.

Please note that certain information may be exempt from such requests under applicable law. For example, we may need to retain certain information to comply with legal requirements or to ensure the security of our services. Additionally, deleting information necessary for us to provide our services may prevent you from using those services.

You have the right not to be discriminated against for exercising any of your rights under applicable law.

In addition, you may have the right to opt out of the sale of your personal information or its use in targeted advertising. To opt out of future targeted advertising, please refer to the instructions provided in the "Customized Advertising" section above.

If you wish to learn about your rights under applicable law or to exercise those rights, please visit https://www.xoriginai.com to contact us. To ensure your privacy and security, we take reasonable steps to verify your identity and the legitimacy of your request. If we are unable to verify your identity, this may prevent us from fulfilling your request.

If your request is denied under applicable law, you may have the right to appeal our decision. We will include information on how to file an appeal in our response to a denied request.

Regional Privacy Disclosures and Rights: We provide additional disclosure information for residents of the European Economic Area, the United Kingdom, California, and Nevada in the Regional Privacy Disclosures section below.

6.Regional Privacy Disclosures

For residents of the European Economic Area and the United Kingdom:

XORIGIN AI acts as the "data controller" for the "personal data" we process, as defined by the General Data Protection Regulation (GDPR). This means we are responsible for determining how to collect, use, and disclose personal data and for complying with applicable legal requirements. GDPR and UK law require data controllers to disclose the legal bases on which they process personal data. In applicable cases, our legal bases for processing personal data are as follows:

Contractual Necessity: We process personal data to fulfill our contractual obligations to you. This includes complying with our agreements and fulfilling our contractual commitments.
Your Consent: In cases where required by law, and in other cases, we process personal data based on your explicit consent.
Legitimate Interests: Typically, we process personal data to serve our legitimate business interests, provided those interests are not overridden by your interests or fundamental rights and freedoms. This includes customer support, certain marketing activities, business analytics and improvement, ensuring the security of our services, preventing fraud, and managing legal matters.

Legal Compliance:

We are required to use and disclose personal data in specific ways to comply with our legal obligations.

In addition to the rights outlined in this document, you have the right to lodge a complaint with the relevant supervisory authority. However, we encourage you to first contact us to express any concerns. We are committed to making every effort to resolve any issues you may encounter.

Nevada Residents:

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties with whom we do not have a direct relationship. To exercise this right, please contact us using the contact details provided in the "Contact Us" section below. In your correspondence, use the subject line "Nevada Do Not Sell Request" and include your name and email address. Currently, we do not engage in the sale of personal information as defined by Nevada Revised Statutes Chapter 603A.

California Residents:

This policy details the specific personal and sensitive personal information we collect, its sources, and how we disclose this information. In accordance with the California Consumer Privacy Act (CCPA), we are required to categorize personal and sensitive personal information collected and disclosed for business or commercial purposes.

Categories of Personal Information Collected and Disclosed:

In the past twelve months, we have collected and disclosed the following categories of personal information for business or commercial purposes, as described in Section 1:

Identifiers
Financial information, including payment details
Commercial or transaction information
Internet or other electronic network activity information
General geolocation data
Audio or visual information, such as submitted photographs and videos
Voluntarily provided information, including information provided through user content
Other identifying information and information inferred from the collected data

Sensitive Personal Information:

In accordance with CCPA definitions, we collect:

Account login information, passwords, or other credentials
Sensitive personal details voluntarily provided by users through user content (e.g., race, religion, sexual orientation)

The purposes for which this information is processed are detailed in Section 2.

Sources of Information:

The sources from which personal information categories are collected include:

a.Direct interactions with you

b.Your use of our services

c.Other users and non-affiliated parties

Practices of Disclosing Information:

Our practices of disclosing information are further described in Section 3.

The "sale" and "sharing" of personal information:

Under CCPA, "sale" or "sharing" of personal information has specific definitions. We engage in third-party analytics and online advertising, which may involve "sharing" online identifiers with advertising partners. California residents or their authorized agents who wish to opt out can use the tools mentioned in the Customized Advertising section.

We do not "sell" or "share" the personal information of individuals under the age of 18.

Do Not Track Disclosure:

Due to the lack of industry standards, we do not respond to browser-initiated Do Not Track signals.

Retention of Personal Information:

For details on the retention of your personal information, please refer to the Data Retention section below.

CCPA Rights:

California residents can exercise their rights regarding personal information as outlined in the "Your Information Rights" section. CCPA also provides the right to limit the use or disclosure of "sensitive personal information" for certain specific purposes.

7.Children's Privacy

We prioritize the privacy of children. Therefore, our services are not designed for individuals under the age of 13, unless they have obtained the full understanding and consent of a guardian. Our Terms of Use clearly state that our services are not intended for individuals under the age of 13. For residents of the European Economic Area, the minimum age requirement is under 16.

7.1Children under the age of 13

In accordance with the Children's Online Privacy Protection Act of 1998 (COPPA) and related regulations, we are committed to informing parents and legal guardians ("parents") about our practices regarding the collection, use, and disclosure of personal information from children under the age of 13 ("children"). COPPA also requires us to obtain verifiable parental consent for certain activities involving children's personal information.

Section 7: Children Under 13

This section specifically describes our practices regarding Children's Personal Information and takes precedence over any conflicting information in other sections of this policy.

In this section, we inform parents:

About the categories of information we may collect from children.
How we use the collected information.
Our practices for disclosing this information.
How we notify parents and obtain their consent to collect a child's personal information, including the process for parents to revoke consent.
The identification of all operators who collect or maintain children's information through our website, application, or any device.

This section applies only to children under the age of 13 and is intended to supplement, rather than replace, the other sections of this Privacy Policy. For teenagers and adults, the remainder of this Privacy Policy applies.

In this Children's Privacy Policy, the definitions provided in the General Privacy Policy retain the same meaning.

7.2Collection of Information from Children and Parents

Children can interact with the device and access many of its features without providing personal information, except for audio recordings of children speaking to the device. However, if children enter personal details, such as their name, we will collect this information. Additionally, we may collect personal information about children from parents during the purchase or setup of the device through our application or website.

We commit to collecting only the information that is reasonably necessary to participate in activities and will not require children to disclose more personal information than is necessary for their participation.

(i) Information Collected Directly

To activate the device through the application or website, parents must provide certain details about their child. This includes providing a preferred name (first name or nickname), date of birth, names of family members, and the parent's email address. Additionally, parents must create a membership username and password.

The device allows children to control and interact with it through voice commands ("Voice Interactions"). This interaction temporarily records voice audio files. These audio files are only used to create text transcripts to enable interaction between the child and the device. Once the audio is transcribed into text, the original audio file is immediately deleted. Text transcripts will be retained for up to 90 days to allow parents to view their child's interactions with the device. Although these transcripts will be automatically deleted after 90 days, parents can choose to delete them earlier.

(ii) Automatic Information Collection

We use technologies to automatically collect information during a child's interaction with the device. This automatic collection process may capture:

Persistent identifiers that can identify the device across different websites and online services.

In addition, we may combine non-personal information obtained through these technologies with personal information we collect online about you or your child.

For details about our automatic information collection practices, including instructions on how to opt out of certain types of data collection, please refer to the "How We Use the Information We Collect" section of this policy.

7.3How We Use Your Child's Information

We use the information parents submit about their child through the website or application during the setup of the device for the following purposes:

To verify the individual submitting the information is indeed the child's parent through a third-party vendor, to comply with regulatory requirements.
To enable parents to input information about their child into the device, thereby enhancing the interaction between the device and the child.

We use third-party voice-to-text services to transcribe audio recorded during voice interactions and then immediately delete the audio. In these AI-driven interactions, the device may simulate natural conversations and may prompt the child to provide personal information. However, providing personal information is not a prerequisite for continuing the conversation. If the child voluntarily provides personal information during voice interactions, it may be used to enhance the conversational experience with the device.

This information is temporarily utilized by the third-party AI service to generate responses during the conversation. It is important to note that this third party does not retain the information during or after the conversation, nor use it for training or any other purpose. The generated responses are influenced by the provided personal information, are converted from text to speech for audio output, ensuring seamless interaction.

The device retains written records of a child's conversations for up to 90 days to enhance the conversational experience and allow parents to view transcripts of these interactions. Parents can choose to delete these transcripts earlier through the application. To improve the overall user experience of our devices, we may retain written records of voice interactions, including any personal information shared in these conversations, for up to 90 days, unless parents choose to delete them earlier.

We use information automatically collected through technologies, as well as other non-personal information, to enhance the functionality of our website, application, and device. This allows us to:

Evaluate audience size and understand usage patterns.
Monitor progress through the onboarding process.
Detect and resolve any errors on our website, application, or device.

In addition, the application and device may collect non-specific location information, such as postal code, time zone, and similar details, to provide localized content and information more effectively.

7.4Our Practices for Disclosing Children's Information

Except as described in this section, we do not share, sell, rent, or transfer children's personal information. We may disclose information in aggregated form that does not identify any individual. Additionally, children's personal information may be disclosed in the following circumstances:

To third-party service providers that support the internal operations of our website, device, and application.
Pursuant to legal or regulatory requirements, such as complying with a court order, subpoena, or responding to a request from a government or regulatory body.
When we believe it is necessary to protect the rights, property, or safety of our company, our customers, or others. This includes:
(i) Ensuring the safety of children.
(ii) Securing the website, application, or device.
(iii) Taking preventive measures to avoid liability risks.
To law enforcement or in investigations related to public safety.

In the event of a corporate transaction (such as a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of all or part of our company's assets), the personal information we hold may be transferred to the buyer or other successor.

7.5Accessing and Correcting Your Child's Personal Information

You have the right at any time to view the personal information we hold about your child, request corrections or deletions, and/or refuse to allow further collection or use of your child's information.

To view, modify, or delete your child's personal information, please contact us at xuanyuan@xoriginai.com. To protect your privacy and security, we may require you to follow certain steps or provide additional details to confirm your identity before disclosing, modifying, or deleting any information.

7.6Operators Collecting or Maintaining Children's Information

The following operators are involved in the collection or maintenance of children's personal information through our application or device.

Operator Names:

ElevenLabs
Google
OpenAI
Microsoft
Amazon Web Services, Inc.
Cloudflare

8.Security

At XORIGIN AI, we implement comprehensive security measures, including technical, administrative, and physical safeguards, designed to prevent the information we collect from being lost, misused, and from unauthorized access, disclosure, alteration, or destruction. However, it must be acknowledged that no internet or email transmission is completely secure or error-free. Therefore, while we strive to protect your information, we cannot guarantee or warrant the absolute security of any information or communication.

9.Consent to Transfer

Our services operate globally, which means your information may be stored and processed in the United States and other countries outside the United States. These countries may have data protection laws that differ from the laws of the country in which you reside. Additionally, in certain cases, law enforcement and national security agencies in these countries may access your data.

By using our services or providing us with any information, you consent to the collection, processing, storage, and transfer of your information in countries that may provide a level of protection different from, and potentially less protective than, the country in which you reside or hold citizenship.

10.Links to Third-Party Websites

Our services may contain links to websites or services operated by third parties. Please note that we do not control these external websites or services and are not responsible for their content or privacy practices. The processing of your information by these third-party websites or services will be governed by their own privacy policies, not ours. We strongly recommend that you carefully review their privacy and security policies before sharing any information with any third party.

11.Changes to This Policy

We reserve the right to update this policy as required by the development of legal standards, our information processing procedures, or the characteristics of our services. The date of the most recent revision will be clearly marked at the top of this policy. If there are significant changes, we will provide prominent notice to you as required by law. Your continued use of our services after any such updates take effect constitutes acceptance of the revised policy and agreement to be bound by its terms. We encourage you to review this policy regularly to ensure that you are aware of any changes.

12.Contact Us

If you have any questions about our Privacy Policy or information practices, please submit a request through our official website: https://www.xoriginai.com or contact us directly by email: xuanyuan@xoriginai.com