HomeMall Privacy Policy

Privacy Policy

This Privacy Policy explains in detail how HomeMall (hereinafter referred to as "this Application") collects, uses, stores, and protects your personal information. Shenzhen Hongmai Zhichuang Technology Co., Ltd. (hereinafter referred to as "we" or "us") attaches great importance to your privacy and is committed to ensuring the security of your surveillance data. Please read this Privacy Policy carefully.

Please recognize that before clicking "Agree" or starting to use this service, you must review and fully understand this Policy. Once you click confirm, check the consent box, or actually start using this service, you are deemed to have read and agreed to the entire content of this Privacy Policy and authorized us to collect and process your relevant information in accordance with this Policy. If you do not agree with this Policy, please stop using this Application immediately.

We adhere to the "Data Minimization Principle": we only collect personal information when it is necessary to provide specific functions (such as device networking, cloud service purchase). Before collecting such sensitive information or invoking system permissions (such as location, camera, microphone), this Application will clearly obtain your authorized consent through system pop-ups or interactive interfaces. Refusing to provide non-essential information will only affect the use of specific functions and will not affect the normal operation of the App's basic functions.

We may revise this Policy from time to time based on product function updates or legal and regulatory requirements. The revised policy will take effect once it is published within the App. After this Policy is updated, if you continue to use this Application, you are deemed to have fully read, understood, and accepted the modified policy. If you do not agree with the revised terms, please stop using it immediately and contact us to cancel your account.

I. Details of Personal Information Collection and Use

We only collect personal information when it is necessary to achieve specific functions. All collection behaviors will be processed under encryption and through system pop-ups, page descriptions, or interactive confirmations. We will not sell your private data to any unauthorized third party. To improve your operational convenience, ensure transaction security, and optimize service experience, we may collect personal information related to you from third-party partners within the scope allowed by laws and regulations or after obtaining your clear authorization. We promise to encrypt, store, and protect such data in accordance with the agreement with the third party and the requirements of this Privacy Policy.

(I) Basic Business Functions

Basic functions refer to the functions necessary to ensure that this Application achieves core services such as remote video surveillance, real-time preview, and security alerts. To run these functions, we need to collect your account information, device identifiers, and necessary sensor permissions. If you refuse to provide this information, you will be unable to use the core services of this Application.

1. Registering an Account to Become a User

Account registration is the identity foundation for using various services of this Application. Its core purpose is to establish an exclusive private cloud space for you, ensuring that surveillance devices, video data, and purchased value-added services can only be accessed and managed by you personally, thereby safeguarding personal privacy security and the uniqueness of data ownership. When you register, we will collect your email address, User ID, mobile phone number, SMS verification code, and the account password you set. The email address will serve as your login account, used to synchronize all camera configurations under your name after you change mobile devices and to provide a secure recovery path if you forget your password; meanwhile, we will also send necessary system security alerts and subscription expiration notifications to this address. The generated unique User ID is used to privately bind your identity with specific hardware devices in the cloud. Additionally, if you choose to use a third-party authorization method, we will obtain your third-party unique identifier to achieve quick login and ensure the uniqueness and continuity of the account across different platforms.

2. Device Binding and Networking

Device binding and networking are prerequisites for achieving remote monitoring. This function authorizes you to perform real-time control, screen browsing, and parameter configuration of specific hardware by establishing a secure communication link between the mobile App, cloud server, and camera hardware. During the binding process, we need to collect and use your location information, device identifiers, and Wi-Fi network list. App will call Location Permissions to obtain the SSID of the wireless network in the current environment when scanning nearby Wi-Fi to assist in camera networking. This operation is only for networking guidance, and we do not record your specific movement tracks. Simultaneously, we will read the unique hardware identifier of the camera and associate it with your User ID on the cloud server to complete authority verification. Furthermore, during the networking phase, the App will apply for Camera Permissions so that you can quickly scan the QR code on the device body to enter device information, avoiding the tediousness and errors of manual input and ensuring the efficiency and safety of the networking process.

3. Device Status Query

This function aims to provide you with real-time monitoring and refined management of the status of devices under your name. Through this function, you can check the online status, signal strength, storage status, and custom device name of the camera at any time. When you access the device settings or status page, we need to collect and display the camera's unique device identifier, hardware model, real-time network connection status (such as Wi-Fi signal strength or 4G signal level), and the remaining capacity information of the storage card/cloud storage. Collecting this information is to let you intuitively grasp the physical operating environment of the device, such as judging the cause of slow video loading through the network status. Meanwhile, for the 4G package devices you purchased, we will also query and display the remaining traffic percentage and package expiration time so that you can obtain service status in time. These data are only used for status feedback to you in the application interface. Except for anonymous technical logs used to improve device compatibility and stability, we will not share specific hardware operation data with any unauthorized third party.

4. Device Settings

Device settings provide you with deep customization rights for monitoring hardware, allowing you to flexibly adjust the camera's operation logic according to different usage scenarios. Through this function, you can remotely configure detection sensitivity, storage strategy, and audio/video parameters. All setting options directly act on your private hardware, aiming to improve the accuracy of monitoring and optimize your personalized user experience. When you adjust parameters, this Application will record and synchronize your operation instructions and configuration parameters. Specifically: In Smart Guard Switch settings, we record your motion detection status and arming time periods so the system can trigger alerts based on your authorization; in Recording Settings and Cloud Recording Settings, we record the recording mode (such as full-day or event recording) and storage path; in Image and Audio Settings, we save your preferences for image flip, night vision, and intercom volume; in Light Settings, we synchronize your control logic for fill lights or warning lights. These configuration data are encrypted and stored in the cloud and sent to the hardware, used only to implement your preset monitoring behaviors.

5. Monitoring View

This function is the core interaction scenario of this Application, aiming to provide you with real-time visual feedback and instant retention of key images. This function allows you to remotely call up the real-time screen of the camera and supports you to save the real-time screen directly to your mobile terminal in the form of pictures or videos. In the process of performing the above operations, we need to call your Camera Permissions and Album/Storage Permissions. When you click the "Screenshot" or "Record" button in the real-time preview interface, the application will capture the current video stream data and convert it into image or video files. To save these files to your mobile system album, we need your clear authorization to write data to the mobile local storage space. It should be specifically noted that these manually triggered screenshots and recordings are stored entirely in your local mobile device. Unless you actively share them through third-party social software, these image materials will not be uploaded to our server, nor can we remotely view, download, or interfere with your local multimedia files.

6. Message Push

The message push function is a key link to ensure the monitoring system plays its role in safety early warning. Whether the application is active or not, this function ensures that you are informed of abnormal movements in the monitoring area, device status changes, or service subscription reminders at the first time. To achieve precise message push, you can enable Notification Permissions for the device. When your camera sensor detects human passage, screen changes, or device offline events, the system will send instructions to your registered device identifier through the cloud server, triggering a notification reminder on your phone screen. Additionally, for the 4G package or cloud storage service you purchased, we will also push renewal reminders before the service expires. It should be clarified that the push content only contains the event summary (such as "moving object detected") and the trigger time. Unless you click the notification to enter the App and pass identity authentication, the push process will not directly leak sensitive monitoring screens on the lock screen. You can turn off notification permissions in system settings at any time, but this will result in you being unable to receive any safety alerts in real time.

7. Order Management

Order management is the core module to ensure your consumption rights and accounting transparency, mainly used to record, maintain, and display various value-added services you purchased within the application. Through this function, you can track the purchase history of cloud storage services and 4G traffic packages at any time, ensuring that every transaction is traceable, and providing you with subsequent bill queries, invoice applications, and after-sales rights protection support. When you initiate a purchase or view history in the application, we need to collect and record your order information, purchase item name, transaction time, payment amount, and subscription cycle status. This function can be viewed in [Me] - [My Orders].

(II) Extra Extended Functions

Extra extended functions refer to advanced value-added services and experience optimization functions provided on top of meeting basic monitoring needs. These functions aim to improve the intelligence level of monitoring, extend data retention periods, or provide more convenient hardware maintenance support. Such functions usually involve third-party payment and logistics distribution. We only collect specific personal information based on the necessity of the function when you actively choose to enable or purchase the corresponding service.

1. Details of Data Collection and Use

After you enable the cloud storage service, the application will upload the alarm video clips detected by the camera to an encrypted cloud server. For this, we need to record your User ID, device identifier, and cloud video index information. Collecting these data is to allow you to trace back history images anytime and anywhere, even if the front-end device is damaged or the storage card is lost. All video data are stored using end-to-end encryption technology. Except for your own authorization, we cannot view or download your private video content.

2. Two-way Intercom

The two-way intercom function aims to provide you with real-time remote voice interaction capability. To achieve this, when you click the intercom button to initiate a call, we need to apply for your Microphone Permission to collect audio data. During this process, we will process your voice information in real time and transmit it through an encrypted channel to the associated monitoring device for playback; such audio streams are only used for real-time transmission, and we will not perform persistent storage or recording on the server side. Microphone permission is only triggered when you actively operate the intercom, and you can manage or withdraw this authorization through system settings at any time.

3. Device Sharing

Device sharing allows you to securely share access permissions of cameras under your name with other users. When you use this function, we need to collect the account information of the shared person you provide to accurately establish the device access authorization relationship in the cloud system. After successful sharing, the system will record the sharing record. To safeguard your sovereignty, the correlation data generated by the sharing process is only used to maintain multi-user access logic. As the device owner, you can view the sharing list or withdraw authorization with one click in the App at any time. We will not leak your personal privacy other than the authorized content to the shared person, and we recommend that you confirm the shared person has registered an account before sharing.

4. Smart Guard

Smart Guard is the core module for automated safety early warning and intelligent identification recording. To run this function, we need to collect and record your Smart Guard switch status, arming time plan, detection sensitivity value, care area setting, and record event type. When the sensor detects moving objects or sound abnormalities, the system will generate and process alarm trigger records (including trigger time, device number, and event type) and associate them with your User ID to push notifications. If you enable cloud recording association, the system will automatically upload short video clips to encrypted storage. These setting data and trigger records are only used to execute your preset safety protection logic. You can adjust or turn off various guard parameters according to actual needs at any time.

5. 4G Traffic Service

To achieve traffic recharge, balance query, and package management, we need to collect and use your camera's ICCID (Integrated Circuit Card Identifier), IMEI (International Mobile Equipment Identity), and the traffic package order records generated within the application. All order information generated during the transaction process is only used for entry verification, synchronizing your service rights, and providing necessary after-sales support. We will not collect your payment account password or sensitive bank card information.

6. Problem Feedback

The problem feedback function aims to provide you with a convenient technical support channel. When you actively submit feedback or repair applications to online customer service, we need to collect the feedback text description, uploaded pictures or video attachments, and your contact information you filled in, so that our customer service team can contact you regarding the processing progress.

7. After-sales Service

When you initiate an after-sales application through this Application, we need to collect your consignee name, contact phone number, and detailed shipping address. This information is necessary for completing logistics delivery or pick-up. To verify your warranty rights, we will also record the device serial number (SN) and your historical purchase certificate associated with the after-sales application. We specifically remind you that to protect your data privacy, please be sure to remove and properly keep the SD storage card inside the device before sending it for repair. If data loss or leakage occurs during logistics or maintenance due to failure to remove the storage card, the risk shall be borne by you.

(III) Specific circumstances for collection without consent

According to relevant laws and regulations and national standards, in the following listed circumstances, which usually involve national security, public interest, or legal obligations, we may collect and use your personal information without your prior authorized consent:

1. Directly related to national security and national defense security;

2. Directly related to public safety, public health, and significant public interests;

3. Directly related to criminal investigation, prosecution, trial, and judgment execution;

4. For the purpose of protecting the life, property, and other major legal rights of you or other individuals but it is difficult to obtain the consent of the person themselves;

5. The personal information collected is disclosed to the public by yourself;

6. Personal information collected from legally publicly disclosed information, such as legal news reports, government information disclosure, etc.;

7. Necessary for signing and performing contracts according to your requirements;

8. Necessary for maintaining the safe and stable operation of the products and/or services provided, such as discovering and handling faults of products and/or services;

9. Other circumstances stipulated by laws and regulations.

(IV) Details of Permission Invocation

To provide you with convenient and safe monitoring and device management services, this Application needs to call some necessary permissions of the device system. Related permissions will clearly seek your consent through system pop-ups. We never silently enable sensitive permissions in the background. You can view, manage, or withdraw these authorizations at any time through the [Settings] function of the mobile system. Withdrawing authorization will cause us to stop collecting the corresponding permission data, but this may result in you being unable to continue using specific functions that depend on the permission. The following are the system permissions required for business functions and the specific use purposes:

II. How We Use Cookies and Similar Technologies

To ensure the efficient operation of the website, provide you with a smoother access experience, and guarantee your account and device security, we will write Cookies or similar technology files on your mobile device. These tiny data files are mainly used to maintain your login status, record basic preferences, and verify the security of network interactions. We hereby solemnly promise that this Application uses Cookies and similar technologies only for the purpose of maintaining basic monitoring services and optimizing the interaction experience, and will never use them to collect your monitoring screen privacy or track your cross-application behavior tracks. You have the right to manage and clear the Cookies and similar technology data stored in the application. Clearing local Cookies will not affect your core assets such as device binding information, cloud recordings, or purchase records stored in the cloud; it only ensures your privacy footprint is cleared at the local terminal level.

III. How We Share, Transfer, and Disclose Your Personal Information

We are well aware of the sensitivity of monitoring videos and related personal information, so we promise to undertake strict confidentiality obligations for your information. We will not share your personal information with any company, organization, or individual outside the provider of this Application, unless there is your clear authorization, performance of legal obligations, or specific scenarios necessary to achieve the core monitoring functions of this Application (such as querying 4G traffic from mobile operators, pushing alarm messages through third-party channels).

(I) Sharing Principles and Scenarios

1. Achieving Core Functions: To ensure the stability of video transmission, achieve message push, and complete order payment, we will access third-party service providers with professional capabilities.

2. Performing Legal Obligations: Disclose necessary information to regulatory departments according to laws and regulations, litigation, or mandatory requirements of administrative and judicial organs.

To ensure the security of your data during the sharing process, we have signed strict confidentiality agreements and data processing agreements with all third-party service providers. We require partners to strictly abide by our Privacy Policy and relevant laws and regulations, and only process your personal information within the agreed scope of authorization.

Please be informed that in statutory circumstances involving national security, public interest, criminal investigation, prosecution, trial, and execution of judgments, or when it is necessary to share your personal information to maintain the legitimate rights and interests of us and other users (such as handling infringement disputes), we will provide it in accordance with legal requirements and mandatory instructions of administrative and judicial organs, and such sharing does not require your prior authorization.

To provide you with more complete services, some third-party plug-ins (SDKs) are integrated in this Application. These partners will process your data according to their privacy policies. We will conduct strict safety monitoring on them. The following are the main third-party SDKs accessed by this Application:

"Third-party SDK Directory"

(II) Principles of Transfer and Disclosure

In principle, we will not transfer your personal information to any company, organization, or individual, nor will we publicly disclose your personal privacy. Unless company merger, acquisition, asset transfer, or similar transaction scenarios occur, if personal information transfer is involved, we will require the recipient to continue to be bound by this Privacy Policy; if the recipient changes the original processing purpose or method, we will require them to obtain your express consent again.

Regarding public disclosure, we will only disclose necessary information in accordance with legally prescribed procedures under laws, legal procedures, litigation, or mandatory requirements of government authorities, or in emergency situations necessary to protect social public interests or maintain the legitimate rights and interests of you or us. Even in the above special circumstances, we will take safety protection measures (such as desensitization, encrypted transmission) consistent with industry standards to protect the disclosed information, and strictly prohibit any unauthorized irregular leakage.

IV. How We Store and Protect Your Personal Information

(I) Storage of Personal Information

Personal information collected and generated within the territory of the People's Republic of China will be stored uniformly within the territory of the People's Republic of China. We only retain your personal information for the shortest period necessary to achieve the purposes described in this Privacy Policy, unless there are mandatory retention requirements by laws and regulations (for example, the Cybersecurity Law requires network logs to be kept for no less than six months). For your core monitoring data, such as cloud-stored video clips, they will be saved strictly according to the package validity you purchased (such as 7-day or 30-day cyclic coverage); for your account registration information and device binding relationship, as long as your account is active, we will keep them for you until you cancel your account or actively unbind. Once you cancel your account, we will immediately stop processing and delete your personal information, or anonymize it so that it is technically impossible to be re-identified.

(II) Security Protection Measures

We adopt industry-recognized security technologies and management systems to build a physical and technical integrated protection system, ensuring that your personal information is always in a high-intensity encrypted and controlled state throughout the life cycle of collection, transmission, storage, and processing. At the technical defense level, we establish secure transmission channels to effectively prevent data from being intercepted or tampered with during network transmission; for core video streams, we apply end-to-end encryption technology to ensure the video screen is only decrypted in a closed loop on your authorized mobile terminal. In the data storage link, your account passwords are all stored using encryption (such as SHA-256). At the same time, we solemnly remind you again that the local data stored in the SD card is physically controlled by you. Before sending the device for repair, transfer, or scrap, please be sure to remove and properly keep the storage card yourself to ensure that the privacy data at the physical medium level is not leaked due to hardware flow.

(III) Handling of Security Events

We have established a complete personal information security incident emergency plan. Once a security incident such as personal information leakage, damage, or loss occurs, we will immediately start the emergency mechanism and take remedial measures to reduce the impact. We will promptly inform you of the basic situation of the incident, possible impacts, measures we have taken or will take, and suggestions for you to prevent and reduce risks on your own as required by laws and regulations. We will reach users through App push, sending emails, or making phone calls, and actively report to relevant regulatory departments.

V. How You Manage Your Information

(I) Querying, Accessing, and Correcting Personal Information

You can view and modify your avatar, nickname, login password, and bound mobile phone/email at any time through the "Me" interface in the App; for bound hardware devices, you can enter "Device Settings" to manage and modify device-related settings in real time. We recommend that you regularly check and update relevant information to ensure various warning notifications can be accurately delivered.

(II) Deleting Your Personal Information

You have flexible data deletion rights within the App, and can manually clear specific motion detection alarm records, operation logs, or video clips stored in the cloud. For devices no longer in use, you can completely cut off the association between the account and the hardware through the "Unbind" operation. The system will synchronize and clear the temporary cache data of the device in the cloud; once you confirm the deletion, unless laws and regulations require retention (such as transaction records), relevant information will be physically shredded and unrecoverable in the system background.

(III) Withdrawing Authorized Consent

For system permissions such as camera, microphone, location, notification, and album, you can choose to turn off related authorizations in the [Settings] - [Permission Management] of the mobile system at any time. When you withdraw authorization, we will immediately stop collecting the corresponding personal information, but this will result in specific functions (such as two-way intercom, scan code networking, etc.) that depend on the permission being unable to operate normally, and the withdrawal operation does not affect the information processing activities already carried out based on your authorization.

(IV) Canceling Your Account

We provide a clear cancellation path in the application. You can initiate an application through "Personal Center - Account and Security - Cancel Account". After verifying that there are no unfinished orders or disputes under your account, we will handle the cancellation procedures for you. At that time, your account identity, purchased value-added services, bound device relationships, and all cloud storage data will be permanently deleted or anonymized. Please note that account cancellation is an irreversible operation, and you will not be able to retrieve any historical monitoring data through the original account after cancellation. For security reasons, you may need to provide a written request or prove your identity in other ways when exercising the above rights. We will complete processing and give feedback within 15 working days after verifying your identity. For those requests that are groundless and repeated, require too many technical means, bring risks to the legitimate rights and interests of others, or are impractical, we may refuse and inform you of the legitimate reasons.

VI. Protection of Minors

We attach great importance to the protection of minors' personal information. Our monitoring products and related services are mainly for adults. Minors should use this application under the guidance and supervision of parents or guardians. If you are a child or a guardian, please read and understand this policy carefully before using our services. Although our system cannot accurately identify the specific age of users through simple registration information, we solemnly promise: once we discover that we have collected personal information of minors without obtaining verifiable prior consent from parents or guardians, we will immediately take technical measures to delete relevant data and stop providing services to the account. For the personal information of minors collected with the consent of the guardian, we will only use, share, or disclose it when permitted by law, clearly authorized by the guardian, or necessary for protecting the minor. If you, as a guardian, believe that we may have processed information of your ward without authorization, please contact us promptly through the contact information published in this policy.

VII. Policy Updates and Notification

In order to provide you with higher quality services and adapt to the latest requirements of national laws and regulations, this Privacy Policy will be revised and updated from time to time. Without your clear consent, we will not reduce your rights under this Policy. When major changes occur (such as major adjustments to service functions, changes in shared objects of personal information, changes in the way user rights are exercised, etc.), we will notify you through App pop-up reminders, station messages, push notifications, or publishing announcements in a prominent position on the official website and seek your authorization again. We recommend that you check this page regularly to learn about the latest version of the privacy terms; if you continue to use our services after the update notice is published, it means you have fully read, understood, and accepted the revised Privacy Policy. Within this Application, you can view the complete content of the latest version at any time in "Me - About - Privacy Policy". We will synchronize the latest release date and effective date of this Policy to ensure transparency and traceability of the rules.

VIII. How to Contact Us

If you have any questions, comments, or suggestions regarding this Privacy Policy or personal information protection, you can contact us through the following ways:

1. Official Customer Service (LINE): @471slaky

2. Contact Email: [Fill in Email]

Generally, we will complete the verification and processing within 15 working days after receiving your question and verifying your identity.