Privacy Policy
1. Definitions
Customer: The party using services provided by Bonree.
User: The party using services provided by the Customer.
Bonree Data: Refers to Beijing Bonree Data Technology Co., Ltd.
Bonree Data Products: Software products such as systems and applications provided by Bonree Data.
2. Bonree Data Solemnly Commits to Not Accessing Any Data Without Customer Authorization
For all Bonree Data products utilizing a privatized deployment system architecture (i.e., products deployed in the customer's data center or the customer's public cloud), all data collection, security measures, and permission restrictions are independently controlled by the customer. Without customer authorization, Bonree Data cannot access customer data or data obtained through customer authorization (hereinafter collectively referred to as "Customer Data").
Unlike general third-party service providers, Bonree Data generates revenue by providing system tools and support services, not by leveraging the data itself for other commercial value; therefore, there is no need to acquire Customer Data.
For end users, Bonree Data products that have been privately deployed are of the same nature as the customer's own systems. Since Bonree Data cannot access Customer Data, Bonree Data is not considered a third party that shares, receives, transfers, obtains (or potentially accesses through other means) relevant information within the customer's "User Privacy Statement."
Bonree Data commits to not proactively accessing any unnecessary raw data or statistical results during the implementation and maintenance of Bonree Data products.
3. All Bonree Data Products Shall Only Be Used for Legal Purposes
The Customer may only use the services provided by Bonree Data and its related application software (including but not limited to SDKs, the main software, underlying storage, etc.) for legal purposes. The Customer must ensure that its use of the services and related application software complies with applicable laws, regulations, and regulatory requirements, does not infringe upon any third party's intellectual property rights or other legitimate rights and interests, and does not violate the provisions of prior legal documents binding upon it. Otherwise, Bonree Data has the right to suspend or terminate the Customer's use of the services and related application software. If Bonree Data consequently faces third-party claims, administrative investigations, or becomes involved in other legal proceedings, the Customer shall compensate Bonree Data for all losses incurred (including but not limited to litigation costs, expenses incurred in cooperating with investigations, media public relations expenses, third-party claim compensation, compensation payments, attorney fees, etc.).
4. Bonree Data's Use of Customer Data
Customer Data obtained by Bonree Data through customer authorization will be used strictly within the scope required by the customer and in compliance with applicable laws, regulations, and regulatory requirements.
5. Sensitive Permissions and Data Collection Involved in Bonree Data Products
Permissions Explanation for Bonree Data SDK:
5.1 HarmonyOS NEXT SDK
The Bonree Data HarmonyOS NEXT SDK requires the following system permissions to ensure normal data collection:
| Permission | Purpose | Corresponding Platform Function | Mandatory |
|---|---|---|---|
| ohos.permission.INTERNET | Send network data | Distribution and display for all platform functions | Mandatory. SDK will automatically stop without authorization. |
| ohos.permission.GET_NETWORK_INFO | Determine current network environment changes | Network-related data | Mandatory. Without authorization, network status cannot be obtained, traffic changes cannot be calculated, network state switch events cannot be generated, potentially preventing SDK normal startup and data reporting. |
Despite the Bonree Data HarmonyOS NEXT SDK requiring the above permissions:
- The Bonree Data HarmonyOS NEXT SDK will not actively request permissions beyond those listed above. If the customer detects the Bonree SDK requesting permissions beyond those listed, please contact Bonree Data promptly. Bonree Data will cooperate in troubleshooting to avoid data security incidents.
- The Bonree Data HarmonyOS NEXT SDK will not proactively initiate authorization requests to users. Bonree Data will inform the customer's development team during SDK integration that the above permissions are required for normal system operation. The customer's development team must call these permissions themselves before initializing the SDK.
- Explanation regarding ODID: For HarmonyOS NEXT platform devices, when collecting an anonymous ID, the Bonree SDK will by default collect the ODID as the unique identifier for the HarmonyOS NEXT device. The ODID is obtained using the anonymous device identifier capability provided by Huawei for developers. For detailed information, please refer to the Huawei Developer official website. If you do not wish to collect and use the ODID, you can call the custom device ID interface to replace the ODID.
5.2 Android SDK
The Bonree Data Android SDK requires the following system permissions to ensure normal data collection:
| Permission | Purpose | Corresponding Platform Function | Mandatory |
|---|---|---|---|
| ACCESS_FINE_LOCATION | Determine if GPS is enabled | Snapshot data environment information | Not mandatory. Without authorization, it defaults to showing GPS as off. |
| BLUETOOTH | Determine if Bluetooth is enabled | Snapshot data environment information | Not mandatory. Without authorization, it defaults to showing Bluetooth as off. |
| ACCESS_NETWORK_STATE | Determine current network environment changes | Network-related data | Mandatory. Without authorization, network status cannot be obtained, traffic changes cannot be calculated, network state switch events cannot be generated, potentially preventing SDK normal startup and data reporting. |
| READ_PHONE_STATE | Read mobile network information | Network-related data | Not mandatory. Without authorization, network type may not be identified or may be misidentified. |
Despite the Bonree Data Android SDK requiring the above permissions:
- The Bonree Data Android SDK will not actively request permissions beyond those listed above. If the customer detects the Bonree SDK requesting permissions beyond those listed, please contact Bonree Data promptly. Bonree Data will cooperate in troubleshooting to avoid data security incidents.
- The Bonree Data Android SDK will not proactively initiate authorization requests to users. Bonree Data will inform the customer's development team during SDK integration that the above permissions are required for normal system operation. The customer's development team must call these permissions themselves before initializing the SDK.
- Explanation regarding AndroidID: AndroidID is a randomly generated 64-bit hexadecimal number created by the system upon the device's first boot. The ANDROID_ID value is reset when the device is wiped or restored to factory settings. It is not a fixed, unchangeable ID and complies with MIIT regulations prohibiting the collection of unique identifiers that cannot be reset by the user. While there might be some compliance risks under stricter regulations, considering the accuracy of collection, the Bonree SDK still provides the method to collect the AndroidID. If you do not wish to collect and use the AndroidID, you can call the custom device ID interface to replace it.
5.3 iOS SDK
The Bonree Data iOS SDK requires the following system permissions to ensure normal data collection:
| Permission | Purpose | Corresponding Platform Function | Mandatory |
|---|---|---|---|
| Network | Allow the app to send statistical data | Network-related data | Mandatory. SDK requires this permission to send statistical data. |
Despite the Bonree Data iOS SDK requiring the above permission:
- The Bonree Data iOS SDK will not actively request permissions beyond the one listed above. If the customer detects the Bonree SDK requesting permissions beyond this, please contact Bonree Data promptly. Bonree Data will cooperate in troubleshooting to avoid data security incidents.
- Explanation regarding IDFV: For iOS platform devices, when collecting an anonymous ID, the Bonree Data SDK will by default collect the IDFV (Identifier for Vendor) as the unique identifier for the iOS device. Using IDFV carries certain compliance risks. However, considering the accuracy of collection, the Bonree Data SDK still provides the method to collect the IDFV. If you do not wish to collect and use the IDFV, you can call the custom device ID interface to replace it.
5.4 Data Collection by Bonree Data SDK
The Bonree Data SDK has automatic data collection functionality. To restore on-site information as much as possible, commonly involved data includes:
| Type | Data Items |
|---|---|
| Application Information | App ID |
| App Version | |
| App Name | |
| Channel ID | |
| App Process Name | |
| User Information | User ID |
| Additional Information | |
| Traffic Information | Traffic Consumption 「Unit: Byte」 |
| Data corresponding to key values in the status index NetworkStateInfo | |
| Device Information | Device ID |
| Permission 「root, user, system」 | |
| Brand Information | |
| Model | |
| OS Major Version | |
| OS Build Version | |
| OS Custom Version | |
| OS Type 「0: ios, 1: android, 2: windows」 | |
| Total RAM 「Unit: MB」 | |
| Total ROM Storage Space 「Unit: MB」 | |
| Language | |
| CPU Manufacturer | |
| CPU Model | |
| CPU Instruction Set | |
| Screen Resolution | |
| Device Status Information | System CPU Usage 「Unit: %」 |
| App CPU Usage 「Unit: %」 | |
| App Memory Usage 「Unit: MB」 | |
| Remaining Battery | |
| Remaining Storage 「Unit: MB」 | |
| Remaining Memory 「Unit: MB」 | |
| Bluetooth Enabled | |
| GPS Enabled | |
| Orientation Lock Enabled | |
| Screen Orientation 「1: Portrait, 2: Landscape」 | |
| Signal Strength Range [0-3000] Tcping Timeout 3000ms | |
| Network Status Information | Device Egress IP |
| Local DNS | |
| Network Type 「No Network: NaN WiFi: WiFi ...」 | |
| Thread Method Information | Thread TID |
| Is Main Thread | |
| Thread Name | |
| Method Information | |
| Method Information | Start Time 「Unit: us Timestamp」 |
| End Time 「Unit: us Timestamp」 | |
| Method Name 【Format: activity name/method name】 | |
| Parameters 「e.g., URL for network request methods」 | |
| Thread Stack Information | Thread TID |
| Thread Name | |
| Stack Information | |
| Page Performance Information | navigation start |
| unload event start | |
| unload event end | |
| redirect start | |
| redirect end | |
| fetch start | |
| domain lookup start | |
| domain lookup end | |
| connect start | |
| secure connection start | |
| connect end | |
| request start | |
| response start | |
| response end | |
| dom loading | |
| dom interactive | |
| dom content loaded event start | |
| dom content loaded event end | |
| dom complete | |
| load event start | |
| load event end | |
| Page Resource Information | Occurrence Time |
| Resource Type | |
| Resource Name | |
| Load Time | |
| fetch start | |
| domain lookup start | |
| domain lookup end | |
| connect start | |
| secure connection start | |
| connect end | |
| request start | |
| response start | |
| response end | |
| transfer size | |
| encoded body size | |
| decoded body size | |
| Page Event | Page ID |
| Request URL | |
| Page Performance Data | |
| Page Resource Data | |
| Network Event | Request URL |
| Request Method 「Uppercase only, values only for Http/Https protocols」 | |
| Target IP | |
| Target Port | |
| DNS Resolution Time 「Unit: us, with process >=999, without process 0」 | |
| TCP Connection Time 「Unit: us, with process >=999, without process 0」 | |
| SSL Handshake Time 「Unit: us, with process >=999, without process 0」 | |
| Request Time 「Unit: us, with process >=999, without process 0」 | |
| Response Time 「Unit: us, with process >=999, without process 0」 | |
| Download Time 「Unit: us, with process >=999, without process 0」 | |
| Download Size 「Unit: Byte」 | |
| CNAME String Array | |
| Protocol Type 「0: Other, 1: h1, 2: h1s, 3: h2, 5: ws, 6: wss, 7: tcp, 10: udp」 | |
| Request Headers | |
| Response Headers | |
| End-to-End Tracing Functionality | |
| Error Code Partition (http, js, mpaas, and iOS-specific domains (a string)) | |
| Error Phase 「1: SSL process, 2: DNS process, 3: TCP process, 4: Other process」 | |
| Error Code | |
| Error Message | |
| Resource Type 「Uniform response header field」 | |
| App Request Type Enum 「0: WebView unknown network request, 1: WebView main document request, 2: WebView element request, 3: WebView Ajax request, 10: Native request」 | |
| Page ID The page ID corresponding to the network request (Currently empty for native networks, empty for WebView networks that are not JS probe data) | |
| Is Custom | |
| Custom Business Headers | |
| Route Switch Event (SPA) | Target Route |
| Source Route | |
| Route Switch Duration | |
| Route Switch Status | |
| Route Address Name (Alias) | |
| Current Route's Sub-Route Address | |
| Full Route Address (without anchor) | |
| Main Page Address | |
| Framework Name | |
| Is Custom | |
| Client Type | |
| JS Error Event | H5 Page ID |
| Belonging H5 Page URL | |
| Belonging H5 Page Title | |
| JS File Name | |
| Error Type | |
| Error Message | |
| Error Line | |
| Error Column | |
| Error Stack | |
| Belonging H5 Page Creation Time 「Unit: us Timestamp」 | |
| Crash Event | Crash Reason |
| Crash Type | |
| Crash Thread ID | |
| Main Thread ID | |
| Android System Log | |
| iOS Binary Information | |
| Is Custom | |
| Parameters | |
| Thread Stack Information | |
| ANR Event | Information |
| Type | |
| ANR Reason | |
| Main Thread Stack Information at ANR Occurrence Original anr thread | |
| Trace | |
| Component | |
| View Event | View Associated ID |
| Load Duration 「Unit: us」 | |
| Dwell Duration 「Unit: us」 | |
| Mode 「1: Enter, 2: Exit」 | |
| Type 「1: h5, 2: activity, 3: fragment, 4: window, 5: controller」【Report 2 for custom events】 | |
| Parent View | |
| View Name | |
| Is Custom | |
| Parameters | |
| Did Slow Load Occur in the View | |
| Thread Method Information | |
| App Launch Event | Launch Type 「1: Cold Start, 2: Warm Start」 |
| Load Duration 「Unit: us」 | |
| Did Slow Start Occur | |
| Thread Method Information | |
| Operation Event | Operation Type 「0: Other 1: Click, 2: Gesture, 3: Keyboard」[Non-empty field] |
| Control Name | |
| Information 【Composition: monitored click method name + (control text, control id)】 | |
| Occurrence View Name | |
| Is Custom | |
| Parameters | |
| Load Duration 「Unit: us」 | |
| Did Slow Operation Occur | |
| Thread Method Information | |
| Lag Event | iOS Binary Information |
| Occurrence View Name | |
| Thread Stack Information 「Main thread only」 | |
| State Switch Event | State Switch Type 「1: Network Switch, 2: Move to Foreground, 3: Move to Background」 |
| Additional Description Information | |
| Target Network State After Network Switch | |
| Power Consumption Event | Power Consumption Type |
| Power Consumption Duration | |
| Power Consumption Start/End | |
| Foreground/Background State | |
| Custom Event | Event ID |
| Event Name | |
| Additional Information | |
| Custom Log Event | Information |
| Additional Information | |
| Custom Metric Event | Name |
| Value | |
| Additional Information |
6. Bonree Data Complies with Relevant Laws and Regulations on Data Collection
Based on self-inspection, Bonree Data's products comply with the requirements of the "Information Security Technology - Basic Specification for Personal Information Collection in Mobile Internet Applications (App) (Draft for Comments)." For the above standard, the Bonree Data SDK provides the following functionalities:
- Start/Stop data collection after initialization.
- Enable/Disable data collection for the current App.
- Prohibit data collection in mobile network environments.
- Prohibit data collection when the App is in the background.
7. How Bonree Data Stores Information and Ensures Information Security
(一) Location of Stored Information:
We comply with the provisions of laws and regulations, storing personal information collected and generated within the territory of the People's Republic of China within China.
(二) Duration of Information Storage:
Generally, we only retain users' personal information for the shortest time necessary to achieve the purposes, except in the following circumstances:
- To comply with applicable laws, regulations, and other relevant provisions;
- To comply with court judgments, rulings, or other legal procedures;
- To comply with the requirements of relevant government law enforcement agencies.
(三) Information Security:
We provide corresponding security guarantees for users' personal information to prevent loss, misuse, unauthorized access, or disclosure.
We strictly comply with laws and regulations to protect users' personal information.
We adopt various security protection measures to ensure information security at a reasonable security level.
For example, we use encryption technology and anonymization processing to protect users' personal information.
We have established specialized management systems, processes, and organizational structures to ensure information security.
For example, we strictly limit the scope of personnel who can access information, require them to comply with confidentiality obligations, and review them.
If a personal information leak or other security incident occurs, we will initiate an emergency plan to prevent the incident from expanding further, and inform the developer through push notifications, announcements, etc.
8. How Bonree Data Protects Minors' Safety
This SDK is primarily intended for adults.
If you are a developer and the end user is under 14 years old (i.e., a "child"), you must inform the child's parents or other guardians of these rules and obtain their consent before processing the child's personal information. If we discover that a developer has provided us with a child's personal information without the guardian's consent, we will immediately take measures to delete this information.
If you are the guardian of a child and believe that we have mistakenly or accidentally collected information from a child under the age of 14, you can contact us using the methods provided in Article 11 of this statement.
9. How End Users Manage Their Information
Since end users are not our direct users and there is no direct interactive interface between them and Bonree Data, to protect your rights, we have required third-party developers to promise to provide convenient functions and channels for users to exercise their rights. If you need to access, copy, modify, delete your relevant personal information, withdraw consent, restrict personal information processing, obtain a copy of personal information, or cancel your account, you can do so through the functions provided by the third-party developer.
Please note that we have limited control over the behavior of third-party developers. If a developer fails to provide these functions as promised, you can contact us using the methods provided in Article 11 of this statement. We will strive to coordinate, support, and ensure the realization of end users' rights.
10. Cybersecurity Assurance
10.1 Self-Inspection Based on the "Cybersecurity Law of the People's Republic of China"
Based on self-inspection, the Bonree Analysis products (including SDKs) provided by Bonree Data to customers do not violate the mandatory provisions of the "Cybersecurity Law of the People's Republic of China."
10.2 Self-Inspection Based on the ISO 27001 Information Security Management System
Bonree Data complies with the standards of the ISO 27001 Information Security Management System certification. Bonree Data also holds ISO 9001 and CMMI 3 certifications.
11. Complaints and Reports Regarding Personal Information Collection
Regarding personal information, Bonree Data products adhere to the principle of "not collected by default."
To meet customers' internal needs, the Bonree Data SDK offers custom interfaces, allowing customers to call these interfaces to report custom information. If the data reported by the customer through custom interfaces includes users' personal information, the customer must, in accordance with compliance requirements, provide users with a clear pop-up prompt in advance and obtain user consent before data reporting. Bonree Data commits not to perform semantic parsing on the data reported through customer custom interfaces, treating it uniformly as meaningless strings.
If users have objections regarding the data reported through the custom interfaces opened by Bonree, including but not limited to collecting information unrelated to business functions beyond the necessary scope, forcibly or frequently requesting permissions not essential for business functions, having unreasonable terms, lacking a privacy policy, or bundling business functions that cannot be used without authorization, they should contact the customer to complain or report it through the official MIIT channels.
If the aforementioned objections are related to the functionality of Bonree Data products or the actions of Bonree Data, customers can complain through Bonree Data's official channel market@bonree.com. Bonree Data commits to provide feedback and handle the issue within 14 business days.