Security Privacy Policy


Our Privacy Policy was updated September 9, 2019.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.


Introduction

Security is a mobile app provided by Xiaomi Corporation and its affiliated companies (hereinafter referred to as "Xiaomi" or "Us") to you. You can use this app to clear trash on your device, find and neutralize viruses, optimize performance for gaming, save battery, manage apps, and more.

We are committed to protecting your privacy. This Privacy Policy sets out the principles on which Xiaomi's Security app operates, and constitutes an important part of Xiaomi Privacy Policy. In the event of inconsistency between this Privacy Policy and Xiaomi Privacy Policy with respect to Security app, the former shall prevail. For the terms and conditions not stipulated in this Privacy Policy, Xiaomi Privacy Policy shall prevail. Terms and conditions regarding the protection of minors, security measures, and cross-border data transmission" can be found in Xiaomi Privacy Policy.

This Privacy Policy is designed with your needs in mind, and you must have a comprehensive understanding of our personal information collection and usage practices while ensuring that ultimately, you have control of your personal information provided to us. This Privacy Policy explains how we collect, use, disclose, process and store any information that you give us when you use our Security app. Under this Privacy Policy, "personal information" means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information about that individual available to Xiaomi. We will use your personal information strictly following this Privacy Policy.

Ultimately, what we want is the best for all our users. Should you have any questions about our personal information processing practices, please contact privacy@xiaomi.com to address your specific concerns. We will appreciate your feedback.


1. What information is collected by us and how do we use it?

1.1 Personal information that we collect and use with your authorization

The purpose of collecting personal information is to provide you with products and/or services and to ensure that we comply with applicable laws, regulations and other regulatory requirements. You have the right to choose whether or not to provide the information we have requested, but in most cases, if you do not provide your personal information, we may not be able to provide you with our services or respond to your queries. The related features include:

1.1.1 Necessary functions of the Security app

(1) Security examination

You may get to know the current health condition of your mobile phone by scanning the settings, internal storage and caches in your mobile phone. This function can help you find security problems of your mobile phone timely so that you can restore your mobile phone effectively. When checking the system condition for you, we may collect your device information, including Android ID, device model, MIUI system, type of applied version and version number, operator, and language and region settings, in order to update the checked content. The data will be stored locally only.

(2) Security trend prediction

We will, based on the use of your device, make the statistics of the usage data of every month on the Security app for the purpose of predicting the security trend of your device. For that purpose, we may collect your mobile phone number, IMSI, operator information, IMEI/OAID (specific to Android version), and mobile data and Wi-Fi usage stats, including the consumption size, usage time, consumption in spare time and busy time.

(3) Blocklist

Blocklist not only can intercept spam messages and calls marked by you, but also detect and malicious websites for you. To successfully intercept spam messages and calls, we may collect information on your Mi Account, phone number on your blocklist and exceptions list, keywords in SMS, call history, incoming call number or incoming message number, and the list of phone number in the DND mode. Your Mi Account information and call history will be stored locally only.

At the same time, we will also provide you with the interception service based on the spam messages and blocklist phone number marked by other users on the server. We may collect your device type, MIUI system and applied version information, operator information, region and language settings, IMEI/OAID (specific to Android Q version) and Android ID, blocklist phone number and list of keywords, in order to judge whether it is necessary to update the system. Besides, >services provided by us will vary from user to user based on their different settings. data will be stored locally only.

To intercept a malicious website, we will detect the security of the website you are tying in or browsing. We will collect your device model, system version, the current virus reservoir and engine version number, URL and IP site to be detected, browser information, information on network interaction error, IMEI/OAID, MAC address and Android ID, and detection result, in order to detect the malicious website. Except the URL site to be detected, IMEI/OAID (specific to Android Q version), IP site and browser information, other data will be stored locally only.

(4) Virus scan

Security app will scan the applications installed by you one by one to find out and uninstall the applications with viruses or risks for protecting the security of your mobile phone; for that, it will conduct the system security detection, application security monitoring and payment security monitoring. We may collect your GUID, IMEI/OAID (specific to Android Q version), IMSI number, MAC address, local and server IP number, device information and manufacturer, Android and system version number, operator, network type, file name, proof test value and timestamp, user's behavior, name of scanned virus and virus definitions version number, third party software version number, and information on network interaction error, in order to make a statistics and analysis of and update the virus definitions. We may collect different data based on the different products in the services provided by us.

When you use the Cloud virus scan feature, we will also collect the third party's application name, version number, application size, Wi-Fi SSID and BSSID, IMEI and mobile phone model, in order to independently determine the malicious application.

(5) Install via USB

To prevent applications from being installed maliciously or in batches, we add the switch and the limit for the number of mobile phones to the "Install via USB". For example, the switch cannot be turned on if the SIM card is not installed, and the same SIM card cannot be used for over six mobile phones within a half year. We will collect your Mi Account, IMEI/OAID (specific to Android Q version), SIM card ID, and IP site, in order to make a statistics of the number of devices initiated.

(6) Flash prevention

To protect the security of your device, we will restrict the system ROM installation packages not officially provided by Xiaomi. We will collect your Android and MIUI system version number, Android ID, device name, language and region settings, IMEI/OAID (specific to Android Q version), system configuration and usage status, system settings, network type, and default application package names.

(7) Permissions management

You may control the access to each application through the Security app. We will collect your device information, manufacturer, Android and MIUI system types and version number, region and language settings, in order to distinguish the device version and configuration and provide you with targeted services. Besides, we will also collect the list of installed applications and autostart in order to check the corresponding access to each application. The data will be saved locally only.

To prevent applications from being mutually started, we will collect your Android ID, operator, device information, MIUI system version number, region and language settings, information on installed applications, applied version number, etc. Your Android ID, operator, information on installed applications, and applied version number will be saved locally only.

(8) Data usage

You may use network assistant to control your mobile traffic consumed and realize the data traffic calibration and purchase. You may inquire the situation about your data traffic through SMS. For that purpose, we will collect your MIUI system version number, region and language settings, network assistant version number, operator information, SIM card attribution, short messages received from the operator, device information, Android ID, IMSI and phone number. Except the short messages received from the operator, other data will be saved locally only.

If you purchase data traffic through the network assistant, we will additionally collect your Mi Account, phone number, operator information, SIM card attribution, IMSI, Android ID, network assistant version number, short message verification code, and purchased data traffic product so that we provide you with services. Except your phone number, Mi Account, operator and SIM card attribution, other data will be saved locally only. If you choose to update operator information manually, we will collect your instruction number, short message content and Android ID to help us rectify the template.

(9) Battery saver

You may manage your battery, catch a glimpse of the power consumption of your mobile phone and solve problems with a button through the power-saving optimization function. For that, we will collect your Android ID, MIUI version number and version type, device information, operator information, region and language settings, and information on downloaded application. The data will be saved locally only.

(10) Application management

You may manage access to applications, realize double-opening of applications and set application locks through the application management function. We will, based on the different functions used by you, collect the encrypted IMEI/OAID (specific to Android Q version), device information, operator, Android and MIUI version information, Android ID, region and language settings, network type, API level, etc. Except IMEI/OAID (specific to Android Q version), other data will be saved locally only.

1.2 Personal information you may choose whether to authorize us to collect and use

1.2.1 In addition to the above core functions, we provide some additional functions in the Security app to your convenience of using and managing mobile applications and configuration. For example, when you start to use the additional functions, it means that you agree with us upon collecting your related information. The additional functions include:

(1) Game Turbo

Through Game Turbo, you may improve the smoothness of playing games to some extent and avoid interruptions by calls and notices when playing the games. For that, we will collect your Android and MIUI version information, device information, application information, operator, region and language settings, encrypted IMEI/OAID (specific to Android Q version) number >and Android ID, Mi Account, IMSI number of SIM card, IP site and request time. Except IMEI/OAID (specific to Android Q version) number, Mi Account and IMSI number of SIM card, other data will be saved locally only.

(2) Red envelope assistant

If you initiate the red envelope assistant, we will actively hint you of any red envelope popping up on the WeChat, QQ or Mi Talk interface. For that, we will collect your MIUI version information, device information, operator, region and language settings, IMEI/OAID (specific to Android Q version) number, configuration information and applied version data to provide you with targeted services. The data will be saved locally only.

1.2.2 To recommend and display personalized content to you, we will collect the related data from the security examination, virus scanning, power-saving optimization, game boost and optimization and acceleration functions, and bring you the information on applications or services that interest you through algorithms. For that purpose, we may collect your information, such as Android ID, encrypted IMEI/OAID (specific to Android Q version) number, device information, operator, region and language settings, applied version number, Android and MIUI version number, network type, content recommendation switch on/off, and API level. Except IMEI/OAID (specific to Android Q version) number, other data will be saved locally only.

We will get the information collected from your various devices connected so that we can provide consistent services for you through those devices. We may combine information from some service with information from other services so as to provide you with services, personalized content and suggestions. You may, at any time, turn off this function in the settings.

1.3 You are fully informed that we may collect and use personal information without your consent if:

1.3.1 The personal information is vital to national security and defense;

1.3.2 The personal information is vital to public safety, public health, and major public interests;

1.3.3 The personal information is related to criminal investigations, prosecutions, trials, or execution of judgments;

1.3.4 The personal information is essential for protecting major legitimate rights (including life and property) and interests of the personal information subject or other people, but it is hard to obtain the subject's consent;

1.3.5 The personal information collected is made public by the subject at their own discretion;

1.3.6 The personal information is collected from public sources, such as news reports or government announcements;

1.3.7 The personal information is necessary for us to sign the contract as required by you;

1.3.8 The personal information is necessary to maintain the safe and steady operation of products and/or services provided, such as for discovering and handling faults of products and/or services;

1.3.9 The personal information is required for legal news releases; and

1.3.10 The personal information is de-identified in the results of statistical or academic research based on public interest.


2. Sharing your personal information with third-party service providers

Part of the service content in this app is provided by third party service providers. For that purpose, we need to provide the third party service providers with part of your personal information. For example, we may share your personal information with the third party service providers in the following circumstance:

2.1 Cleaner service: Cleaner in this app will be provided by any of such third parties as Cheetah and Tencent. We may provide your information like device information and version information to such provider so that it may render you the cleaner service for your mobile phone.

2.2 Virus scan service: The virus scan service in this app will be provided by any of such third parties as Tencent and AVL, Avast. We may provide your information like device information and IP site to such provider so that it may render you the virus scan and cleaner services.

2.3 Game Turbo: Game Turbo in this app will be provided by any of such third parties as Xunyou. We may provide your information like IMSI number and Mi Account to such provider so that it may render you the Game Turbo service.

If we share your personal information with such third parties, we will secure your information by employing encryption. We will reasonably examine the data security environment of the companies and organizations with which we share personal information and sign data processing agreements with them; we will require third parties to take sufficient measures to protect your information and strictly abide by the relevant laws and regulations as well as regulatory requirements.


3. Retention policy

We retain personal information for the period necessary for the purpose of the information collection described in this Privacy Policy or as required by applicable laws. We will cease to retain and delete or anonymize personal information once the purpose of collection is fulfilled, or after we confirm your request for erasure, or after we terminate the operation of the corresponding product or service. An exception to this is personal information that we are processing for public interest, scientific, historical research or statistical purposes. We will continue to retain this type of information for longer than its standard retention period, where permitted based on applicable laws, even if further data processing is not related to the original purpose of collection.

Your information will be saved within the territory of the People's Republic of China.

Information collected for recommendation and display of personalized content will be saved in the server for 30 days, device information, MIUI system version information, and such data as region and language settings collected from authorized management for 90 days, and data collected for the Game Turbo function for six months.


4. Your rights

4.1 Controlling settings

We recognize that privacy concerns differ from person to person. Therefore, we provide examples of ways for you to restrict the collection, use, disclosure, or processing of your personal information and to control your privacy settings in Security app:

• Turn on or off the recommendation switch in the settings;

• Set the access to each functional module in the settings;

• Add applications or the blacklist and whitelist of phone number.

If you have previously agreed to us using your personal information for the aforementioned purposes, you may change your mind at any time by writing or emailing us at privacy@xiaomi.com.

4.2 Your rights to your personal information

Depending on applicable laws and regulations, you have the right to access, rectification and erasure of any other personal information that we hold about you (hereinafter referred to as the request).

You may contact us at privacy@xiaomi.com for more detailed information on personal information in your Mi Account.

Most laws requires that therequest made by the personal information subject follow specific requirements, and this Privacy Policy requires that your request satisfy the following conditions:

• Through our exclusive access of request and for the protection of your information security, your request should be in writing (unless the local law explicitly recognizes the oral request);

• Provide sufficient information to enable us to verify your identity and ensure that the applicant is the subject or legally authorized person of the requested information.

Once we obtain sufficient information to confirm= that your request can be processed, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws. In detail:

• Based on the requirements of applicable laws, a copy of your personal data collected and processed by us will be provided to you upon your request free of charge. For any extra requests for relevant information, we may charge a reasonable fee based on actual administrative costs according to the applicable laws.

• If any information we are holding on you is incorrect or incomplete, you are entitled to have your personal information corrected or completed based on the purpose of use.

• Based on the requirements of applicable laws, you have the right to request the deletion or removal of your personal information. We shall consider the grounds regarding your erasure request and take reasonable steps, including technical measures. If the right is upheld, we may not be able to immediately remove the information from the backup system due to applicable legal and security technologies. In that case, we will securely store your personal information and isolate it from any further processing until the backup can be cleared or be made anonymous.

We have the right to refuse to process requests that are not meaningful/entangled, requests that damage others' right of privacy, extremely unrealistic requests, requests that require disproportionate technical work, and requests not required under local law, information that have been made public, information given under confidential conditions. If we believe that certain aspects of the request to delete or access the information may result in our inability to legally use the information for the aforementioned anti-fraud and security purposes, it may also be rejected.

4.3 Withdrawal of consent

• You may withdraw your consent by submitting a request, including collecting, using, and/or disclosing your personal information in our possession or control. You may turn off the networking switch in the "Settings-Networking Permitted" to withdraw the authorization previously given. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your personal information as per your request.

• Attention: Your withdrawal of consent may result in some legal consequences. You may not be able to continue receiving the full benefit of Xiaomi’s products and services depending on the extent of our processing of information upon your authorization. The withdrawal of your consent or authorization will not affect the validity of our processing carried out upon your authorization up until the point of withdrawal.

4.4 Cancelling a service or account

If you wish to cancel a specific product or service, you may turn off the networking switch in the "Settings-Networking Permitted". We will delete your data locally and at the server end.

If you wish to cancel the Mi Account, please note that the cancellation will prevent you from using the >full range of Xiaomi products and services. Cancellation may be prevented or delayed in certain circumstances. To protect your or others' legitimate rights and interests, we will judge whether or not to support your request for cancellation based on your use of various products and services of Xiaomi.


5. Third-party websites and services

Our Privacy Policy does not apply to products or services offered by a third party. Depending on the Security app product or service you use, it may incorporate third parties’ products or services involving cleaner, virus scanning, Game Turbo. Some of these will be provided in the form of links to third parties’ websites, and some will be accessed in the form of SDKs, APIs, etc. Your information may also be collected when you use these products or services. For this reason, we strongly suggest that you spend time reading the third party’s privacy policy just like you read ours. We are not responsible for and cannot control how third parties use personal information which they collect from you. Our Privacy Policy does not apply to other sites linked from our services.

The following are the examples of when third party terms and privacy policies may apply >when you use the specific products or services listed above:

Privacy Policy of the third party Cleaner service provider:

o Tencent's Privacy Policy: http://privacy.qq.com/yszc-en.htm

o Cheetah Mobile's Clean Master Privacy Policy declaration: https://www.cmcm.com/protocol/cleanmaster/privacy-for-sdk.html

Privacy policies of the third party virus scanning service providers:

o Tencent's Privacy Policy: http://privacy.qq.com/yszc-en.htm

o Avast's Privacy and Information Security Policy: https://www.avast.com/zh-tw/privacy-policy

o License Agreement for AVL SDK for Mobile: https://www.avlsec.com/en/privacy-policy

Privacy Policy of the third party Game Turbo service provider:

o Xunyou's Privacy Policy: http://www.xunyou.mobi/article-1967.html


6. Contact us

If you have any comments or questions about this Privacy Policy or any questions relating to our collection, use or disclosure of your personal information, please contact us at the address below referencing “Privacy Policy”. When we receive privacy or personal information questions about access/download requests, we have a professional team to solve your problems. If your question itself involves a significant issue, we may ask you for more information. If you are not satisfied with the response you received, you can hand over the complaint to the relevant regulatory authority in your jurisdiction. If you consult us, we will provide information on the relevant complaint channels that may be applicable based on your actual situation.

Mailing address: Rainbow City of China Resources, No. 68, Qinghe Middle Street, Haidian District, 100085 Beijing

Email: privacy@xiaomi.com