Unless the context requires otherwise, references to “processing,” “personal data,” and “controller” follow the usage of Regulation (EU) 2016/679 and the United Kingdom GDPR where those instruments apply. Where United States statutes employ “personal information,” that term is treated as overlapping but not identical to “personal data,” and the stricter reading governs disclosure.
Quoted labels that mirror Google Play Data safety declarations appear solely to maintain alignment between this notice and in-console disclosures; they do not expand processing beyond what the shipped Android client actually performs.
The controller for processing described herein is Xiangtan Chuanyue Trading Co., Ltd., reachable at No. 25, Lubian Villager Group, Huangmao Village, Baishi Town, Xiangtan County, Xiangtan City, Hunan Province. The controller has designated Zhu Chuanfeng as Data Protection Officer; correspondence may be directed to dpo@chuanyuetrade.com. General privacy inquiries unrelated to supervisory complaints may be sent to market@chuanyuetrade.com.
This instrument governs only the Android distribution of DailyGlow obtained through Google Play. It does not purport to regulate hypothetical iOS builds, web clients, or sideloaded packages absent a separate publication.
The controller does not operate credential-based registration or password login for the described build. Access is conditioned on acceptance of in-application Terms of Use, Privacy Notice, and age attestation flows. No in-application purchase, subscription, or paid digital content mechanism falls within the scope of this notice.
Persons who have not reached eighteen (18) years of age are instructed not to use the service; verification is limited to a first-launch declaration rather than documentary proof.
Where Article 6 of the GDPR or its UK analogue must be cited, the controller maps processing as follows: performance of measures taken at the data subject’s request prior to contract (and, where applicable, performance of the digital service contract) for real-time communications and chat payloads; legitimate interests in network integrity, incident response, and proportionate analytics for diagnostic telemetry; legal obligation where a competent authority mandates retention; consent only where a discrete consent gate is presented and may thereafter be withdrawn without charge where technically feasible.
The controller processes the following categories, each tied to a concrete operational purpose:
The controller does not monetise personal data through sale to third-party advertising marketplaces.
Diagnostic streams may incorporate values colloquially labelled “Device ID” within Google Play questionnaires. Such values may include installation-bound tokens exposed by the operating system or bundled SDKs. They are processed exclusively for session correlation, fraud pattern analysis, and service hardening. They are not repurposed for unrelated profiling. Provider handling follows the contractual mapping set out under Article VIII for analytics infrastructure.
DailyGlow is a skincare and self-care tips application. The runtime permissions enumerated below correspond to discrete in-client surfaces. Each is requested at the moment the data subject affirmatively engages the associated feature; none is described by the controller as a continuous background surveillance channel.
android.permission.CAMERA) — invoked when the data subject elects to publish through “Post My Glow” by tapping the camera tile inside the publish picker. Declining suppresses the camera-publish surface only; gallery selection remains operative.android.permission.RECORD_AUDIO) — invoked when the data subject records a short “Mirror Note” voice memo inside the Reset Map feature. Declining suppresses Mirror Note recording only; textual notation remains operative.READ_MEDIA_IMAGES / READ_MEDIA_VIDEO on API 33 and above; READ_EXTERNAL_STORAGE on prior releases) — invoked when the data subject selects an existing image from the gallery as the cover of a “Post My Glow” submission. Declining disables the gallery picker only; in-client capture remains operative.MediaStore insertion on API 29 and above; WRITE_EXTERNAL_STORAGE on prior releases) — invoked when the data subject taps “Save to Photos” on a Routine Snapshot export. Declining causes the export to fail at the device-gallery layer; the Routine Snapshot itself remains addressable within the application’s Saved list.Revocation by means of Android system settings degrades the specific surfaces named above in a predictable, feature-bound manner and does not impair unrelated portions of the application.
Processors receive data only under written instructions and for the following mapped functions: content delivery and object storage (media payloads and related metadata); automated and human-assisted moderation interfaces; analytics and crash ingestion pipelines. Marketing resale is contractually prohibited. The controller reaffirms that it does not sell personal and sensitive user data within the meaning used by Google Play policies.
Hosting and subprocessors may reside outside the data subject’s country of residence. Where Chapter V of the GDPR or UK transfer rules apply, the controller relies on appropriate safeguards including standard contractual clauses where no adequacy decision covers the destination.
Retention is purpose-bound: ephemeral call routing data is minimised; chat artefacts follow operational schedules tied to delivery and moderation; diagnostics roll within finite engineering windows; safety tickets may persist longer when investigations or appeals require an evidentiary trail; device-bound diagnostic identifiers inherit the diagnostics schedule.
Deletion or irreversible pseudonymisation occurs when the underlying purpose lapses, except where statute or lawful order mandates extension. Requests may be lodged at market@chuanyuetrade.com; substantive replies are targeted within fifteen (15) business days where verification succeeds.
The controller maintains access segregation, transport encryption where in transit, monitoring, and incident response procedures proportionate to risk. Absolute security cannot be warranted; legally mandated breach notifications will issue when thresholds are met.
California consumers may enjoy rights to know, delete, correct, and opt out of certain disclosures characterised as “sale” or “sharing” under Cal. Civ. Code § 1798.100 et seq. The controller does not operate a targeted-advertising business model for this app. A consumer may email market@chuanyuetrade.com with subject line “California Privacy Request” and should anticipate a reply within fifteen business days absent exceptional complexity.
Virginia residents may contact market@chuanyuetrade.com with subject lines “Virginia Targeted Advertising Opt-Out,” “Virginia Sale Opt-Out,” or “Virginia Profiling Inquiry,” as applicable. The controller’s baseline position is that it does not sell personal data nor conduct regulated profiling producing legal effects solely by automated means in the manner described by Va. Code § 59.1-575 et seq.
Although the controller does not presently monetise personal data through sale or cross-context behavioural advertising for this title, it maintains an operational channel: email market@chuanyuetrade.com with subject “Opt-Out of Sale/Sharing Request” or “Opt-Out of Targeted Advertising”, including jurisdiction and non-sensitive locating context. Acknowledgement and processing follow applicable statutory windows, with an internal target of fifteen business days.
DailyGlow is not directed at children. The controller does not knowingly collect personal information from individuals under eighteen. Misstated age declarations undermine safety objectives; where the controller obtains reliable notice of underage use, it will delete or restrict processing as law demands.
Absence of a persistent account record complicates—but does not eliminate—retention governance. The controller applies category-specific review boards: routing artefacts tied to live sessions are truncated aggressively; chat content may persist for operational delivery and safety review aligned with documented abuse-prevention cycles; diagnostics remain in rolling engineering windows; safety dossiers may outlive other categories when regulatory or investigative defensibility requires. Upon expiry, destruction or robust pseudonymisation is executed save for narrow statutory carve-outs. Deletion enquiries should cite approximate timeframe and device class to aid matching.
The controller may revise this notice. Material changes will be reflected through updated version metadata and, where proportionate, additional in-client surfacing linked to Terms or Privacy Notice flows.
Privacy desk: market@chuanyuetrade.com. Data Protection Officer: Zhu Chuanfeng, dpo@chuanyuetrade.com.
The Android client may rely on platform frameworks, Google Play distribution services where enabled, real-time communications infrastructure, moderation vendor APIs, and diagnostic SDKs—each only to the extent required for the processing described above.