Privacy Policy
Effective: 28 /11 /2025
Welcome to
[StepFun
Open Platform] !
SPARKLING AI PTE. LTD.
(“we”, “us”, and/or “our”) operates the
[StepFun Open Platform]
(“StepFun” or “Services”). This Privacy Policy (the “Policy”)
describes how we collect, store, use, and share information through
our Services.
We care about the protection and confidentiality of your information.
We process your personal information only as described in this Policy.
If you have any questions regarding this Policy, please contact us
according to the information listed below under the Section “Contact
Us”.
Please note that, this Policy does not apply when we act as a data
processor and process personal data on behalf of our commercial
customers using our Services. In such cases, the commercial customer
is the controller, and you can review their policies for more
information about how they handle your personal data.
This privacy policy aims to help you understand the following:
1 PERSONAL INFORMATION WE COLLECT
2 HOW WE USE YOUR INFORMATION
3 How We Use Cookies and Similar Technologies
4 HOW WE SHARE YOUR PERSONAL INFORMATION
5 HOW WE TRANSFER YOUR DARA AROUND THE WOLRD
6 HOW WE SECURE YOUR INFORMATION
7 HOW DO WE RETAIN YOUR PERSONAL INFORMATION
8 YOUR RIGHTS AND CHOICES
9 USE BY MINORS
10 CHANGES TO THIS PRIVACY POLICY
11 CONTACT US
12 Legal bases for processsing
13 ADDITIONAL U.S. STATE DISCLOSURES
1. PERSONAL INFORMATION WE COLLECT
For the purpose of this Policy, “personal information” means any
information relating to an identified or identifiable individual. In
certain jurisdictions, this may be referred to as “personal data”.
However, for the sake of consistency, this Policy will use the term “personal information” throughout to refer to such
data.
Through your use of the Services, you may provide us with the
following information:
a. Account Information.
This includes your email address/Google Account (as applicable),
verification code and password. When you use our Services, you may
create an account with your email address or Google Account to
complete the registration and become our user. We may verify your
identity by sending a verification code. If you refuse to provide Account Information for registration and
login, we may be unable to create an account or offer
you our Services.
b.
Information Required for Trial Service Application. This includes the developer type (enterprise or individual),
business scenario, and contact name. If you are an enterprise
developer, in addition to the above information, you also need to
provide your company name and company size. This information is
required to apply for an API service trial. We collect it to
verify your identity, review your application, and determine your
eligibility for access. Except for optional items, these details are necessary; if you do
not provide them, you may be unable to apply for the trial.
c. Payment Information. This includes the record of your
payment status. Some of our Services may require payment before use,
and the specific payment requirements are shown on the relevant
platform pages. This information is necessary to record your payment
and enable access to the corresponding services based on your payment
status. If you refuse to provide this information, you may be unable
to use the related paid services.
1.2. Information we collect automatically
e. Usage Data. We collect your API Usage information
associated with your account, including your API key information, its
creation time, latest call time, and usage records (such as consumed
interfaces, models, consumption amount, and consumption time). This
information is necessary to help you manage and monitor your API
service usage.
f. Device and Network Data.
This includes your device information and log information,
including: your hardware model, operating system version, device
identifier, IP address, WLAN access points (e.g., SSID, BSSID),
base station, software version, network access method, type,
status, network quality data, network source and destination
addresses, network source port, operation time and operation type,
usage, service logs, device sensor data (e.g., accelerometer),
overall usage statistics, and performance data. This information
is to maintain the integrity and stability of our Services and
provide you with a secure usage environment.
1.3.
Information Processed by Us as a Data Processor When Providing
Services
When we act as a data processor and process personal data on behalf
of our commercial customers using our Services — for example, when
the End Users’ employer has provisioned an
StepFun account, or when the End Users’
use an application that is powered by
StepFun on the back end — the commercial
customer serves as the data controller. The commercial customer is
responsible for providing its own privacy policy to explain how it
handles your personal data. Commercial customers may refer to this
Policy when developing their own policies.
Information we may processed as a data processor when providing
services includes:
a. End Users’ Account Information. This includes end users’ mobile
phone number.
b. End Users’ Interaction Information: When End User uses the
AI-powered function, we collect your input data, such as text, images
and voice messages. These Inputs are analyzed to enhance our
understanding of your inquiries and context, enabling us to provide
you with responses tailored to your specific needs.
c. Device and Network Data. This includes End Users’ device
information and log information, including: your hardware model,
operating system version, device identifier, IP address, WLAN access
points (e.g., SSID, BSSID), base station, software version, network
access method, type, status, network quality data, network source and
destination addresses, network source port, operation time and
operation type, usage, service logs, device sensor data (e.g.,
accelerometer), overall usage statistics, and performance data.
d. Usage Data. This includes End Users’ behavior
information while using the Services, including your click, browsing,
and editing activity records.
2. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes. You can
find more detail in “12 Legal Bases for Processing”.
To offer trial services, verify your identity, review your
application, and determine your eligibility for access.
To facilitate payments for the Services we provide.
To send you notifications, such as reminders about your service
usage.
To analyze user behavior in order to optimize and improve the
Services.
To monitor and protect the Services, ensuring their normal
operation and preventing fraud, criminal activity, or misuse.
To respond to your inquiries, comments, feedback, or questions.
To comply with legal obligations and defend against legal claims
or disputes.
When we intent to use your personal information for purposes not
covered in this Policy, or when we intend to use information collected
for specific purposes for other purposes, we will obtain your consent
in advance.
Please understand that our Services are continually updated and may
change. If you choose to use functions not listed in this Policy, we
will provide detailed explanations of the purpose, method, and scope
of information collection through agreements or page prompts before
collecting your personal information. Your consent will be required.
If you do not agree to provide the requested information, you may not
be able to use that particular function, but it will not affect your
ability to use other functions.
3.
How We Use Cookies and Similar Technologies
Cookies and similar technologies are common technologies used on the
internet. When you use our Services, we may send one or more cookies
or anonymous identifiers to your device using related technologies to
collect, identify, and store information about your access to and use
of the Services. We commit not to use cookies for any purposes other
than those described in this Policy. We primarily use cookies and
similar technologies to achieve the following functions or
services:
a. Ensuring the secure and efficient operation of our Services
We may set authentication and security-related cookies or anonymous
identifiers to verify whether you have securely logged into this
platform or encountered unauthorized use, fraud, or other illegal
activities. These technologies also help us improve service efficiency
and enhance login and response speed.
b. Help you enjoy a smoother access experience
Using such technologies can help you avoid repeating steps and
procedures of re-entering your personal information.
Clearing cookies. Most browsers provide users with the ability to clear browser cache
data. You can perform data clearing operations through the browser
settings. If you clear the data, you may no longer be able to use
services or features provided by us that rely on cookies due to these
changes.
4. HOW WE SHARE YOUR PERSONAL INFORMATION
In order to provide you with more comprehensive and high-quality
Services, we will authorize our commercial partners to provide certain
services to you. In such cases, we may share some of your personal
information with our partners.
We will only share your personal information for lawful, legitimate,
necessary, specific, and explicit purposes, and we will only share the
personal information required to provide the Services. We will require
our partners, through agreements, to retain data only for the
necessary period and to implement adequate security measures to
protect data security.
We will disclose personal information to the following categories of
third parties for the purposes explained in this Policy:
·
Affiliates and corporate partners. We disclose the categories of personal information described above
between and among our affiliates and related entities, for legitimate business purposes and the operation of the Services,
in accordance with applicable laws.
·
Service providers and business partners. Third-party service providers who provide us with technology services
(such as server deployment and database storage services) and business
support (such as SMS sending services) may need to process your data.
These third parties will process your personal information on our
behalf under relevant contracts.
·
Law enforcement agencies, public authorities or other judicial
bodies and organizations.
We disclose Information if we are legally required to do so, or if we
have a good faith belief that such use is reasonably necessary to
comply with a legal obligation, process or request; enforce our Terms of Services and other terms, policies, and standards, including investigation of
any potential violation thereof; detect, prevent or otherwise address
security, fraud or technical issues; or protect the rights, property
or safety of us, our users, a third party or the public as required or
permitted by applicable laws (including exchanging information with
other companies and organizations for the purposes of fraud
protection).
·
Change of corporate ownership.
If we are involved in a merger, acquisition, bankruptcy,
reorganization, partnership, asset sale or other transaction, we may
disclose your Information as part of that transaction.
5. HOW WILL WE TRANSFER YOUR DARA AROUND THE WOLRD
Our servers are located in [the United States*]. Meanwhile, due to the international nature of our business, your
personal information may also be accessed by our affiliates or be
transferred to third-party service providers and business partners, in
connection with the purposes set out in this Policy. For this reason,
we transfer personal information to other jurisdictions that may have
different laws and data protection compliance requirements to those
that apply in the jurisdiction in which you are located. If you would
like to obtain more information regarding cross-border data transfers,
please contact us through the details provided in the “Contact Us”
section.
In the event of an international transfer of personal information,
when required by applicable laws, we will provide an adequate level of
protection for your personal information using various means,
including implementing Standard Contractual Clauses or data transfer
agreements that comply with applicable laws between our affiliates and
third parties or any other lawful approach that permits the lawful
transfer of personal information from those countries.
6. HOW WE SECURE YOUR INFORMATION
a. We take the security of your personal information very seriously
and will make efforts to protect your personal information by
implementing reasonable security measures (including technical and
managerial aspects) to prevent the improper use, unauthorized access,
disclosure, use, modification, damage, loss, or leakage of the
personal information you provide.
b. We use encryption technologies, anonymization techniques, and
other reasonably feasible methods no less secure than those used by
industry peers to protect your personal information and employ
security mechanisms to prevent malicious attacks on your personal
information.
c. We have established a dedicated security team, security management
policies, and data security procedures to safeguard your personal
information. We enforce strict data usage and access policies to
ensure that only authorized personnel can access your personal
information, and we conduct regular security audits on data and
technology as appropriate.
d. Although we have implemented the above-mentioned reasonable and
effective measures and complied with the standards required by
applicable laws and regulations, you acknowledge that due to
technological limitations and the existence of various malicious
methods, it is impossible to guarantee 100% security in the Internet
industry even with the utmost efforts. We will do our best to ensure
the security of the personal information you provide to us.
e. You acknowledge and understand that the systems and communication
networks used to access our services may encounter issues beyond our
control. Therefore, we strongly recommend that you take proactive
measures to protect the security of your personal information,
including but not limited to not disclosing your account information
to others.
f. We will establish emergency response plans and immediately
activate them upon any user information security incident to strive to
prevent the impact and consequences from expanding. In the event of a
user information security incident (such as leakage or loss), we will
promptly inform you of the basic situation and potential impact of the
incident, the measures we have taken or will take, recommendations for
you to independently prevent and mitigate risks, and remedies
available to you, as required by laws and regulations. We will notify
you of such incidents via push notifications, emails, letters, SMS, or
other appropriate means. If it is not feasible to notify each
individual, we will issue public announcements through reasonable and
effective methods. Meanwhile, we will also report the handling of the
user information security incident to relevant regulatory authorities
as required.
g. Once you leave StepFun platform and
browse or use other websites, services, or content resources, we have
no ability or direct obligation to protect any personal information
you submit on software or websites outside this platform, regardless
of whether your login, browsing, or use of such software or websites
is based on links or guidance from this platform.
7. HOW DO WE RETAIN YOUR PERSONAL INFORMATION
We adhere to retention policies for the personal information we
collect to ensure that it is not retained longer than necessary for
the intended purpose, for example:
Phone Number: When you use your phone number to register or log in, we need to retain your phone number continuously to provide you with normal services, respond to your inquiries or complaints, and ensure account and system security.
IP addresses are retained for 3 years.
If you deactivate your account, delete personal information, or the
retention period is expired, we will delete or anonymize your personal
information, except in the following cases:
Compliance with legal requirements regarding data retention according
to the applicable laws.
Extension of the period for financial, audit, dispute resolution, or
other legitimate purposes.
When assessing how long your personal information is retained, we
consider criteria such as: (i) the nature
of the personal information and the activities involved; (ii) when and
for how long you use the Services; and (iii) our legitimate interests
and our legal obligations.
8. YOUR RIGHTS AND CHOICES
Subject to applicable law and depending on where you reside, you may
have some rights regarding your personal information, as described
below. If you have any other requests relating to the access of your
personal information, please contact us using the contact details
listed in the Section “Contact Us”.
8.1
Data Access
You may have the right to know what personal information we process
about you, including the categories of personal information, the
business or commercial purposes for collection, the categories of
third parties to whom we disclose it and other information according
to the applicable law.
You may have the right to access and obtain a copy of your personal
information in accordance with the applicable laws. Where applicable, we will provide the information in a portable,
machine-readable, readily usable format.
You can view your phone number information and access your API key
information, account creation time, last call time, and usage records
(including consumed APIs, models, consumption amount, and consumption
time) on StepFun platform page. If you
wish to access other personal information generated during your use of
this platform, you may contact us through the contact details provided
in this Policy.
8.2
Data Correction
You may have the right to request that we correct inaccurate personal
information that we retain about you, subject to certain exceptions.
8.3
Data Deletion
You have the right to delete your account and erase your personal
information. Upon deleting your account, all your personal information
will be deleted. Additionally, you may also request deletion of the
personal information you provide by contacting us. If some of your personal information cannot be
deleted, we will inform you of the reasons for not taking action.
Please note that we reserve the right to retain some of your personal information where
there are valid grounds for us to do so under applicable laws.
8.4
Withdrawal of Consent
Where we process your personal information on the basis of your
consent, you may withdraw your consent by contacting us. The
withdrawal of consent will not affect the lawfulness of processing
based on consent before its withdrawal.
8.5
Objection to the Processing
Subject to applicable laws, you may object to the processing of your
personal information based on our legitimate interests where there are
grounds relating to your particular situation by contacting us. Please
note that we may have an overriding legitimate interest to keep
processing your personal information, but we will let you know where
this is the case.
8.6
Restriction to the Processing
If you would like to restrict our processing of your personal
information, you may contact us. You have the right to restrict the
processing of your data where one of the following applies:
the processing is unlawful and you oppose the erasure of relevant
personal information;
for the purpose of establishment, exercise or defense of legal
claims, you request us to retain your personal information that we
were supposed to delete;
your objection regarding the accuracy of your personal information is
pending our verification;
your request to object to the processing of your personal information
is pending our verification.
8.7
Lodge a complaint with your local data protection authority
Subject to applicable data protection laws, you may have the right to
submit your complaint to the local data protection authority where you
reside if you consider that the processing of your personal
information infringes any applicable data protection laws.
A full list of EU supervisory authorities’ contact details is
available here. If you live or work in the UK, you have the right to lodge a
complaint with the UK Information Commissioner’s Office.
8.8
Other Rights
Depending on your jurisdiction, you may be entitled to additional
rights in relation to your personal information. If you would like to
contact us to exercise one or more of these rights, to ask a question
about these rights or any other provision of this Policy or about our
processing of your personal information, or to file a complaint about
how we process your personal information, you may use the contact
details provided in Section “Contact Us” below.
When submitting a right request, please specify the scope and basis
of your request and provide us with the necessary information to
verify your identity. We may contact you to confirm your identity in
order to handle your request. We will typically respond to your
request within 7 days after verifying your identity and no later than
the timeframe required by applicable laws.
9. USE BY MINORS
If you are considered a minor under the laws of the applicable
jurisdiction, before using the Services, consent to the processing of
your personal information shall be given by your parent(s) or legal
guardian(s). Additionally, our Services are not directed towards, and
we do not knowingly collect, sell, or share any information about
individuals under the age of 18. If you become aware that a child
under the age of 18 has provided any personal information to us while
using our Services, please email us at the contact details provided in
the Section “Contact Us” below, and we will investigate the matter
and, if appropriate, delete the personal information.
10. CHANGES TO THIS PRIVACY POLICY
The Services and our business may change from time to time. As a
result, at times it may be necessary for us to make changes to this
Policy. we recommend that you regularly check the latest version of
this Policy on the StepFun platform. If
there are any substantial changes to this Policy, depending on the
nature of such changes, we will notify you in advance through pop-ups,
push notifications, and other appropriate means.
11. CONTACT US
For more information about your data subject rights, or how we
process your personal information, please contact us by using the
information below.
Controller: SPARKLING AI PTE. LTD.
Contact Person: StepFun Privacy Team
Contact Details: platform@stepfun.com
12.
Legal Bases for Processing
|
Purpose |
Type of Personal Information |
Legal Basis |
|
To provide you with user account management functions, such as
account registration, login, and deletion |
Account Information
Device and Network Data |
Performance of contract |
|
Account Information Information Required for Trial Service Application Usage Data |
||
|
To send you notifications, such as reminders about your
service usage |
Account Information Usage Data Device and Network Data |
Performance of contract
& Consent, where required by applicable laws |
|
To facilitate payments for the Services we provide |
Payment Information
Device and Network Data |
Performance of contract |
|
To analyze user behavior in order to optimize and improve the
Services |
Device and Network Data
Usage Data |
Legitimate interests in identifying and resolving issues with
the platform and enhancing its functionality |
|
To monitor and protect the Services, ensuring their normal
operation and preventing fraud, criminal activity, or misuse |
Account Information
Device and Network Data
Usage Data |
Performance of contract & Legitimate interests in
ensuring that the platform is safe and secure |
|
To respond to your inquiries, comments, feedback, or
questions |
Account Information Payment Information
Feedback Information |
Performance of contract |
|
To comply with legal obligations and defend against legal
claims or disputes |
Account Information Information Required for Trial Service Application Payment Information
Feedback Information
Device and Network Data
Usage Data |
Legal Obligations & Legitimate interests & Consent,
where required by applicable laws |
13. ADDITIONAL U.S. STATE DISCLOSURES
We collect personal information from and about you in the preceding
12 months as described in Section 1. PERSONAL INFORMATION WE COLLECT
above.
We disclose personal information with third parties for business
purposes in the preceding 12 months as below:
|
Categories of personal information |
Disclosed to which categories of third parties |
|
All categories detailed in Section 1 above |
server deployment and database storage services providers
and our affiliates |
|
Account Information |
SMS sending services providers |
To the extent provided for by local law and subject to applicable
exceptions, you may have the following rights:
Limit the Use of Sensitive Personal Information. You also have the right to request limitation of use and disclosure of your sensitive personal information, subject to certain exceptions. If you would like to limit the use of your sensitive personal information, please contact us by using the contact details provided in the Section “Contact Us”.
The verification code are sensitive
personal information under certain State data protection laws.
Currently, we do not “sell” or “share” (as defined under applicable
State data protection laws) your sensitive personal information.
Do Not Sell or Share My Personal Information.
Based on the definition of “sell” and “share” under applicable State
data protection laws, we do not believe that we engage in such
activity and have not engaged in such activity in the past 12 months
from the effective date of this Policy.
Appeal.
You may appeal our refusal to take action on a request by contacting
us using the contact details provided in Section “Contact Us” below.
Direct Marketing. We do not disclose personal information to third parties for their
direct marketing purposes.
The Right to Non-discrimination.
You have a right to not be discriminated against for exercising any
of your rights.
If you would like to contact us to exercise one or more of these
rights, to ask a question about these rights or any other provision of
this Policy or about our processing of your personal information, or
to file a complaint about how we process your personal information,
you may use the contact details provided in the Section “Contact Us”.
According to applicable laws, we may request you provide documents
such as application form and proof of identity. We may contact you to
confirm your identity in order to handle your request. We will respond
to your request or complaint in due course under the applicable
laws.