Update date: May 29, 2025
Sobot SDK is a customer service software development kit provided by Beijing Sobot Bochuang Technology Co., Ltd. And its affiliated companies (collectively referred to as "we" or "Sobot"). It supports multi-modal interaction features such as text, voice, images, and work orders. Developers can quickly integrate this SDK into multi-end applications like APPs and mini-programs through standardized interfaces, enabling seamless intelligent customer service access for their end-users (collectively referred to as "end users").
We hope to clearly introduce to developers and end users the way we handle end users' personal information through the "Sobot SDK Privacy Policy" (hereinafter referred to as "this policy"), in order to better protect the rights and interests of end users. As the personal information processor, the developer decides the purpose and method of processing end users' personal information. As the entrusted party handling end users' personal information, we only collect data on behalf of the developer during the process of providing this SDK, and process the data according to the developer’s entrustment and instructions.
Special Note: If you are a developer, you should:
1. Comply with laws and regulations to collect, use, and process the personal information of end users, including but not limited to creating and publishing privacy policies related to personal information protection, and embedding the Sobot SDK privacy policy;
2. Follow the requirements of this policy, make sure to upgrade Sobot SDK to the latest version, and read the detailed instructions in " Sobot SDK Visitor Compliance Configuration Guide " for more information on specific operations;
3. Inform the end users about how Sobot SDK processes their personal information, and also inform them about the personal information of end users that you provide to Sobot SDK. Obtain valid consent from the end users in accordance with the law. If you or your end users do not agree with this policy, please stop registering, accessing, and using the SDK immediately, or stop providing the SDK to end users.
4. You should call the corresponding functions of Sobot SDK, request the corresponding permissions, or process the end-user's personal information only when the user triggers specific functional scenarios based on your application’s specific functional requirements. Otherwise, you should not call the corresponding SDK functions, request the corresponding permissions, or process the end-user's personal information;
5. Provide end users with an easy-to-operate mechanism to exercise user rights that complies with legal and regulatory requirements, including but not limited to allowing users to view, copy, modify, and delete personal information, withdraw consent, transfer personal information, obtain a copy of personal information, and deactivate accounts;
6. If you cannot meet the content agreed in this policy, or if your end users do not agree that Sobot SDK collects and uses their personal information according to this policy, then you should not continue to access or use Sobot SDK, and you should not allow end users to access or use Sobot SDK; if you continue to access and use it, it will be considered that you have agreed and guaranteed to us that your end users are aware of and agree that we have the right to collect and use their personal information to provide corresponding services. In any case, if you fail to obtain valid consent from your end users in advance, which results in our inability to collect and use their personal information to provide services, all responsibilities arising therefrom shall be borne by you. If this causes any loss to us, you shall compensate us for all losses in full. If you are an end user, you acknowledge and agree:
This policy will help end users understand the following content:
1. How We Collect and Use Personal Information 2. How We Share, Transfer, and Publicly Disclose Personal Information 3. How We Store Personal Information 4. How We Protect Personal Information 5. How We Manage Personal Information 6. How We Handle Information of Minors 7. How This Policy Is Updated 8. How to Contact Us
Sobot SDK collects the following information from end users through the developer application:
| Type of Information Collected | Purpose of Information Collection |
|---|---|
| Unique device identifier (APNS Token) and (Bundle ID) for iOS apps developed by the developer | To provide message push functionality on iOS devices |
| Device information: Device and system information (including operating system type, system version, APP package name, APP version, device type, device manufacturer, device model, network type), network identity information (IP address) | To help troubleshoot issues during the operation of the online customer service |
| Sensors (accelerometer and proximity sensor) | To determine the distance between the phone and the user, allowing for switching between earpiece and speaker modes when playing voice messages, improving the listening experience |
| End-user's voice information | To provide the function of sending audio messages |
| End-user's image and video information | To provide the function of sending image and video messages |
To provide online customer service, we will obtain the following permissions through the developer application:
| Permission Name | Permission Type | Purpose and Usage | Operating System |
|---|---|---|---|
| INTERNET Network | Access network permission | Interact with business platforms for data exchange | Android / iOS / HarmonyOS |
| ACCESS_NETWORK_STATE Get network status | Obtain network information status | Monitor network state changes to maintain stable message connections | Android / iOS / HarmonyOS |
| READ_EXTERNAL_STORAGE Access storage | Access external storage data | Select and upload images or videos when contacting customer service or leaving messages | Android / iOS / HarmonyOS |
| RECORD_AUDIO Recording | Use the microphone to record audio or video | Send voice messages when consulting customer service | Android / iOS / HarmonyOS |
| CAMERA Camera | Use the phone camera | Take photos or record videos for uploading when consulting customer service or leaving messages | Android / iOS / HarmonyOS |
If the developer application integrates the Sobot SDK and requests us to provide CRM functions, the developer will pass the data types collected by their Sobot SDK as parameters to the Sobot SDK (when users come in, the developer passes corresponding data based on their business needs to provide CRM-related functions). In this case, we collect the following end-user information on behalf of the developer:
| Type of Information Collected | Purpose of Information Collection |
|---|---|
| User ID, user name, nickname, avatar, phone number, email, QQ, remarks, company name, landing page URL, and any other information defined by the developer | To help developers manage users better and contact users promptly to resolve pre-sales, after-sales, and other service needs |
Regarding the types of information collected under the developer CRM feature, please note that this list only includes common types based on what developers have previously asked us to collect. It does not mean we will necessarily collect all personal information listed. Whether the developer's app requires collection and the specific information collected depends on the privacy policy of the developer's app .
Please note that in the context of CRM functional scenarios, the information content we collect, store, and display is independently defined by the developer. We also collect, store, and display the above information based on the developer's instructions. Therefore, the developer is responsible to the end users for the legality, justification, and necessity of the above information processing (including entrusting us to process it). The developer must fulfill obligations such as informing the end users and obtaining their authorization in accordance with laws and regulations. Additionally, due to the specific nature of certain fields in the services provided by the developer or the industry they are in, the information that the developer entrusts us to collect, store, and display may fall within the scope of sensitive personal information. Examples include the end user’s ID card number (gaming industry), the age/school information of the end user’s children (education industry), the end user’s medical condition/physical status (healthcare industry), home address (housekeeping industry), etc. Developers must ensure they have fulfilled obligations such as full disclosure, obtaining separate consent, and using the information reasonably within the scope of clear authorization granted by the end user. We also remind end users again that if the end user does not agree with the developer entrusting us to process the above information, please contact the developer directly to exercise your rights related to personal information protection in a timely manner.**
According to the provisions of relevant laws and regulations, in the following cases, processing the information of end users does not require the consent of the end user: 1.3.1 It is necessary for the conclusion or performance of a contract in which an individual is one of the parties; 1.3.2 It is necessary for the performance of statutory duties or legal obligations; 1.3.3 It is necessary to respond to a public health emergency, or to protect the life, health, and property safety of natural persons in an emergency; 1.3.4 Personal information is processed within a reasonable scope for the purpose of implementing news reporting, public opinion supervision, or other actions in the public interest; 1.3.5 Personal information that the end user has voluntarily disclosed or that has been legally disclosed is processed in accordance with laws and regulations within a reasonable scope; 1.3.6 Other circumstances stipulated by laws and regulations.
In general, we do not share the personal information of end users with third parties. In the following cases, we will share the personal information of end users according to the terms of this policy: 2.1.1 With the consent of the end user; 2.1.2 In accordance with laws, regulations, or mandatory administrative law enforcement or judicial requirements; 2.1.3 Sharing the end user’s information is necessary to provide services or to handle disputes or controversies between the end user and others. We will sign strict confidentiality agreements with our sharing partners, requiring them to process and use data in accordance with this policy and to implement strict data security measures.
We will only transfer the personal information of end users in the following situations: 2.2.1 With the consent of the end user; 2.2.2 As our business continues to develop, we may undergo mergers, acquisitions, asset transfers, or similar transactions, and the personal information of end users may be transferred as part of such transactions. We will require the new company or organization holding the end users' personal information to remain bound by this policy. Otherwise, we will require that company or organization to obtain new authorization and consent.
We will only disclose the personal information of end users in the following situations: 2.3.1 With the consent of the end user; 2.3.2 Under circumstances where laws, regulations, mandatory administrative law enforcement, or judicial requirements demand the provision of relevant information, we may disclose the personal information of end users based on the type of information and disclosure method required.
2.3.2 If required to provide relevant information according to laws and regulations, mandatory administrative law enforcement, or judicial requirements, we may disclose the personal information of end users based on the type of information and disclosure method required.
Unless otherwise provided by laws, regulations or regulatory authorities, we will store the personal information of end users only for the necessary period and the shortest time required for the purposes stated in this policy. If we terminate our services or operations, we will promptly stop collecting personal information. Meanwhile, we will comply with relevant laws and regulations to notify developers and through them the end users in advance. After terminating our services or operations, we will delete or anonymize the relevant personal information, unless otherwise provided by laws, regulations or regulatory authorities.
We only store the personal information of end users within China. If developers need to store the personal information of end users overseas, developers should follow the obligations for cross-border transfer of personal information as required by China's current laws and regulations (such as obtaining separate consent from the end user, completing a security assessment for data export, etc.), and assume the corresponding risks and consequences arising from this.
4.1.1 We adopt security technical measures that meet industry standards, including encrypting the personal information of end users and isolating it through isolation technology, to prevent unauthorized access, use, or modification of the end users' personal information, and to avoid data damage or loss. 4.1.2 We have an advanced data security management system centered on personal information, covering the entire data lifecycle. We enhance the overall system security from multiple dimensions, such as organizational structure, policy design, and personnel management. We manage and regulate the storage and use of personal information by establishing a data classification and grading system, data security management standards, and data security development standards. 4.1.3 We only allow personnel who need to know this information to access the personal information of end users, and we have set up strict access control and monitoring mechanisms. We also require all personnel who may come into contact with the personal information of end users to fulfill corresponding confidentiality obligations. 4.1.4 We value information security compliance and have obtained numerous international and domestic security certifications, such as ISO27001 Information Security Management System certification and Level 3 certification for classified protection of information system security, to fully ensure the information security of end users with industry-leading solutions. 4.1.5 To address potential risks such as personal information leakage, damage, and loss, we have established multiple systems to clarify the classification and grading standards of security incidents and vulnerabilities, along with corresponding handling procedures. We have also built an emergency response team for security incidents, which follows the security incident handling specifications to initiate safety plans for different security incidents, mitigate losses, analyze, locate issues, develop remedial measures, and cooperate with relevant departments for tracing and addressing the root causes.
5.1.1 Since end users access our services through the developer's application and do not interact with us directly, to ensure that end users can exercise their rights to access, update, supplement, delete their personal information, cancel their accounts, change the scope of their consent, obtain a copy of their personal information, or transfer their personal information, we recommend that end users first exercise these rights with the developer. 5.1.2 If an end user chooses to submit a related request directly to Sobot, in order to protect the legitimate rights and interests of developers, end users, and others, we will require the user to verify their identity. The end user should cooperate with us in verifying their identity. We may also choose to verify with the developer. After verification, we will handle the end user’s request in accordance with applicable laws and regulations as well as the provisions of this policy. 5.1.3 In any case, as the processor of end users' personal information, the developer is responsible for responding to and handling end users’ requests. If we incur any losses due to the developer’s reasons, the developer shall provide full compensation.
To ensure security, the end user may need to provide a written request or otherwise verify their identity. We may first require the end user to confirm their identity before processing the request. For reasonable requests from end users, we generally do not charge fees. However, for repeated requests that exceed reasonable limits, we will charge a certain cost-based fee depending on the situation. For requests unrelated to us, groundlessly repetitive, requiring excessive technical measures (e.g., developing a new system or fundamentally altering current practices), posing risks to the lawful rights of others, or highly impractical, we may decline them. In the following situations, we will be unable to respond to the end user’s request: 5.2.1 Related to our fulfillment of legal obligations as required by laws and regulations; 5.2.2 Directly related to national security or defense security; 5.2.3 Directly related to public safety, public health, or significant public interests; 5.2.4 Directly related to criminal investigations, prosecutions, trials, and execution of judgments; 5.2.5 Where we have sufficient evidence showing that the end user has malicious intent or is abusing their rights; 5.2.6 Where it is difficult to obtain the individual’s consent, but it is necessary to protect the vital legal rights and interests of the end user or other individuals, such as life or property; 5.2.7 Where responding to the end user’s request would cause serious harm to the legitimate rights and interests of the end user or other individuals or organizations; 5.2.8 Involving trade secrets; 5.2.9 Other circumstances stipulated by laws and regulations.
6.1 We highly value the protection of minors' personal information. In principle, we do not provide services to minors. If you are an end user and a minor under the age of 14, we recommend that you read this policy and the developer's privacy-related policies under the guidance of your guardian, and use the developer's application or provide personal information only after obtaining the guardian’s consent. 6.2 Due to limitations in current technology and business models, it is difficult for us to proactively identify minors' information. If we unknowingly collect personal information of minors or collect such information without first obtaining verifiable parental consent, guardians can notify us via the contact information published in this policy to request deletion. If we discover such situations ourselves, we will also delete the information without needing the consent of developers or end users, unless the law requires us to retain such data.
We may revise the content of this Privacy Policy from time to time. Without your explicit consent, we will not
reduce any rights you are entitled to under this Privacy Policy. We will post any changes to this policy on this
page. For significant changes, we will provide more prominent notifications (for some services, we will send
notifications via email explaining specific changes to the Personal Information Protection Policy).
Major changes referred to in this policy include but are not limited to:
1. Significant changes in our service model, such as the purpose of processing personal information, the types
of personal information processed, or the way personal information is used.
2. Significant changes in our ownership structure or organizational structure, such as business adjustments,
bankruptcy, mergers, or acquisitions leading to a change in ownership.
3. Changes in the main parties with whom personal information is shared, transferred, or publicly disclosed.
4. Significant changes in your rights regarding personal information processing and how they can be exercised.
5. Changes in the department responsible for handling personal information security, contact details, and
complaint channels.
6. When the Personal Information Security Impact Assessment report indicates high risk.
You have the right to choose to accept the updated privacy terms or stop using our products and services or
close your account. However, please note that actions and activities before you close or stop using this service
are still subject to this Privacy Policy. If you continue to use products or services provided by Sobot, it means
you have accepted the revised privacy terms.
If you have any questions, comments, or suggestions about this Personal Information Protection Policy, contact
us through the following methods:
1. Call our customer service hotline: 4008-690-981 (Workdays: 09:30-18:30).
2. Send an email for personal information protection: Privacy@sobot.com.
3. Mail a letter to: Personal Information Protection Officer, 2M Floor, Building 9, Hanwei International Plaza,
District 2, Fengtai District, Beijing, China (Postal Code: 100070).
We will complete identity verification and respond to your comments and suggestions within 15 working days after
receiving them. If we cannot respond to your request, we will send you a notification and explain the reason
within the maximum time limit required by law.
If you are not satisfied with our response, or if our handling of your personal information violates your legal
rights and interests, and we fail to provide a satisfactory response and refuse to make improvements after you
inform us, you can file a complaint or report to the relevant regulatory authority.