Privacy Policy

1. Introduction

Welcome to Kaliu ("the App" or "we"). Kaliu is a mobile application that provides instant messaging (IM), tribe communities, events and discovery, AI assistance, and related social services.

We understand how important your personal information is. In accordance with applicable laws and regulations (including the Personal Information Protection Law of the PRC, the Cybersecurity Law, and the Data Security Law), we adopt appropriate safeguards to protect your personal information.

This Privacy Policy ("Policy") explains what information we collect, why we collect it, how we use, share, store, and protect it, and what rights you have. Please read this Policy carefully before using the App. If you do not agree with any part of this Policy, please stop using the App.

This Policy applies to the Kaliu mobile client, our official website, and related services we may offer from time to time. If a specific service has a separate privacy notice, that notice prevails for that service where it conflicts with this Policy; otherwise, this Policy applies.

---

2. How We Collect and Use Personal Information

We follow the principles of lawfulness, legitimacy, necessity, and good faith, and collect personal information only for the purposes described in this Policy.

(1) Account Registration and Sign-in

To create an account, identify you, and secure your account, we may collect:

• Mobile phone number (for registration, sign-in, verification, and security checks);
• Account identifiers (user ID), nickname, avatar, bio, gender (if you choose to provide it);
• Sign-in credentials (e.g., verification codes, tokens, third-party authorization if you use third-party sign-in);
• Device information (device model, OS version, unique device identifiers, network type) for risk control and abnormal sign-in detection.

(2) Instant Messaging (IM) Services

To provide one-to-one chat, group chat, and related features, we process:

• Communication content: text, images, voice, video, files, stickers, links, and system messages (e.g., read receipts, recall notices) you send or receive;
• Conversation data: conversation IDs, participants, group names, announcements, membership, timestamps, delivery/read status;
• Contacts and social graph (with your authorization or active actions): friends list, follow/follower relationships, block list, friend requests and verification data (including verification questions, answers, and images you configure);
• Messaging preferences: who may message you, session privacy modes, notification settings, etc.

Note: Communication content may constitute sensitive personal information. We process it only as necessary to provide the service and apply measures such as encryption in transit and access controls. Please be careful when sharing personal information with others, especially in group chats.

(3) Tribe Communities and Posts

To enable tribe creation/joining, posts, comments, likes, events, and participation, we may collect:

• Tribe information: name, description, cover, membership, roles, permissions, join/leave records;
• User-generated content (UGC): posts, comments, events, album content, @mentions;
• Interaction data: likes, favorites, shares, browsing records (for display and recommendation);
• Visibility settings: post visibility, profile visibility, online status visibility (configured in Privacy & Permissions).

Content you publish may be visible to tribe members or other users according to your settings. Please post responsibly.

(4) Discovery, Nearby, and Encounters

To provide discovery, nearby users, event recommendations, and interest-based matching, with your location authorization, we may collect:

• Location information (precise or coarse, depending on system permissions);
• Discovery preferences and interaction records;
• Tags and interests you set for recommendations.

You may revoke location permission in system settings at any time; some discovery features may then be unavailable.

(5) Bluetooth and Hardware Devices

To support Bluetooth scanning, device pairing, encounter records, etc., with your Bluetooth and related permissions, we may collect:

• Bluetooth device identifiers (e.g., hashed MAC or device UUID, as permitted by the platform);
• Scan and connection records, signal strength, encounter time windows;
• User operation logs related to bound devices.

This information is used only for features you actively use, not for unrelated purposes.

(6) Camera, Album, Microphone, and Local Media

When you take photos, upload images/videos, send voice messages, or record video, we access the relevant permissions and files only after you authorize and only for content you choose to send.

(7) Push Notifications

To deliver message alerts, friend/follow notifications, tribe and event notifications, we may collect:

• Push tokens (e.g., vendor push identifiers);
• Notification preferences (in-app switches).

You may disable push in system or in-app settings at any time.

(8) KaliuAI and Smart Recommendations

When you use AI assistants, content recommendations, or event recommendations, we may process:

• Queries or instructions you submit;
• Context necessary to generate responses (e.g., interest tags or public profile summaries within your authorization);
• Interaction logs (for service improvement and security auditing).

We do not collect more than necessary for AI features and apply safety and compliance review to inputs and outputs.

(9) Security, Risk Control, and Compliance

To keep the service secure and compliant, we may collect:

• Operation logs (sign-in, settings changes, reports, enforcement records);
• Crash and performance data (de-identified or aggregated where appropriate);
• IP address and carrier information (for security);
• Reports and appeals (materials you submit and processing outcomes).

(10) Customer Support and Dispute Handling

When you contact support or exercise your rights, we may collect contact details, correspondence, and supporting documents to verify identity and resolve issues.

---

3. Cookies and Similar Technologies

Our website may use cookies or local storage for language preferences and session state. The mobile app may use local cache to improve loading and offline experience. You can manage related permissions in your browser or system settings.

---

4. Sharing, Transfer, and Public Disclosure

(1) Sharing

We do not sell your personal information to unrelated third parties. We share information only when:

1. You give explicit consent;
2. Processors: we engage cloud, IM, push, analytics, or other processors to help operate the service, bound by confidentiality and security obligations;
3. Legal requirements: as required by law, litigation, arbitration, or competent authorities;
4. Protection of rights: when reasonably necessary to protect you, us, or other users.

See Settings → Privacy & Security → Third-Party Information Sharing List in the App for SDK names, purposes, data types, and privacy policy links (as displayed in the App).

(2) Transfer

If we undergo merger, acquisition, or bankruptcy, we will require the recipient to continue to protect your information under this Policy or obtain your consent again.

(3) Public Disclosure

We publicly disclose personal information only with your explicit consent or as required by law.

---

5. Storage Location and Retention

(1) Location

We store personal information within the People's Republic of China. If cross-border transfer is required, we will comply with applicable laws (security assessment, standard contracts, separate consent, etc.) and inform you of recipients, purposes, and methods.

(2) Retention Period

We retain information only as long as necessary, for example:

Type	Retention principle
Account data	While the account is active; deleted or anonymized after cancellation as required by law
IM content	As needed to provide the service; handled per rules when you delete or cancel
Tribe and UGC	While content exists and as required for legal backup
Logs and security data	Typically up to 6 months to 3 years unless law requires longer

After the retention period, we delete or anonymize data unless law requires otherwise.

---

6. How We Protect Personal Information

We use industry-standard measures, including:

• Encryption in transit (e.g., TLS) and encryption of sensitive data at rest;
• Access control, role-based permissions, and least-privilege access;
• Security auditing, intrusion detection, and incident response;
• Employee confidentiality training and access approval.

No internet transmission is completely secure. Please keep your account credentials safe and do not share verification codes.

If a personal information security incident occurs, we will notify you as required by law of the situation, possible impact, measures taken, and steps you can take to reduce risk.

---

7. Your Rights

Subject to applicable law, you have the right to:

1. Access and copy your personal information (via in-app settings or by contacting us);
2. Correct and supplement your profile and privacy settings;
3. Delete certain UGC and message records (subject to technical limits and group rules);
4. Withdraw consent by disabling location, Bluetooth, push, etc.; withdrawal does not affect processing based on consent before withdrawal;
5. Cancel your account in Settings → Account & Security; we will stop providing services and delete or anonymize data as required by law, except where retention is mandatory;
6. Object to automated decisions that materially affect your rights, where applicable;
7. Complain to regulators or contact us as below.

We will respond within 15 business days (or explain if extension is needed). We may verify your identity before processing requests.

---

8. Minors

The App is intended primarily for users aged 18 and over. If you are under 18, use the App only with your guardian's guidance and consent.

If you are under 14, do not register or use the App. If we learn we have collected a child's information without consent, we will delete it promptly.

Guardians may contact us with questions about minors' use of the App.

---

9. Community and IM-Specific Notice

1. Public and semi-public spaces: tribe posts, group chats, and comments may be seen by others; do not post illegal, infringing, harassing, pornographic, violent, false, or otherwise inappropriate content.
2. Others' information: respect others' privacy; do not collect or spread others' personal information without authorization.
3. Reporting: you may report violations; we will review and act as required by law.
4. Moderation: we may review content manually or automatically and remove content, restrict features, or ban accounts for violations.

---

10. Updates to This Policy

We may update this Policy from time to time. Material changes will be notified via in-app dialog, in-app message, or website notice.

Continued use of the App means you accept the updated Policy; if you disagree, please stop using the App and cancel your account.

---

11. Contact Us

• Privacy inquiries and rights requests: privacy@kaliu.app
• Customer support: support@kaliu.app
• Terms and legal matters: legal@kaliu.app

We will handle your request as soon as reasonably possible.