ShellBox OTA Privacy Policy
Update Date: December 31, 2025
Effective Date: January 1, 2026
ShellBox OTA is a brand under Shenzhen Yise Technology Co., Ltd. (hereinafter referred to as "we"). We are committed to respecting and protecting users' personal privacy. Due to the nature of the Internet and the requirements for realizing the functions of the APP, we need to collect a small amount of necessary information to provide you with Bluetooth hardware connection and firmware upgrade services. This Privacy Policy (hereinafter referred to as "this Policy") will help you fully understand how we collect, use, share, store and protect your personal information when you use our products or services, as well as how you can manage your personal information, so that you can make appropriate choices better.
Before you confirm and accept this Policy, please carefully read and understand this Policy, especially the clauses highlighted in bold by us, to ensure that you use the relevant products or services after fully understanding and agreeing to accept it. If you have any questions, opinions or suggestions about the content of this Policy, please suspend the use of this APP product or service, and you can contact us through the contact information provided in this Policy.
1. How We Collect and Use Your Personal Information
2. How We Use Cookies and Similar Technologies
3. How We Provide Your Personal Information to Third Parties
4. How We Protect and Store Your Personal Information
5. How You Can Manage Your Personal Information
6. Protection of Minors' Personal Information
7. Notices and Revisions
8. How to Contact Us
1. How We Collect and Use Your Personal Information
Our basic functions include Bluetooth device search and connection, firmware version detection, and firmware upgrade package download and installation. When you use the above functions, we will collect and use the necessary personal information and device-related information about you, including device serial numbers (such as IMEI/MAC address/Android ID/DEVICE_ID/IDFA), Bluetooth device identification information (such as Bluetooth name, MAC address), device model, operating system and software version, and network status. For specific fields, please refer to the information highlighted in bold in this Privacy Policy. If you do not provide the corresponding information, you will not be able to use our products and/or services normally.
Except for the basic functions, we do not provide other additional functions. Please understand that due to the different versions and scopes of products/services selected by different users, if there is any difference between the collection and use rules displayed by specific functions and this Privacy Policy, the content displayed by specific functions shall prevail. The functional scenarios we provide for you and the information collected and used are as follows:
(1) Bluetooth Device Search and Connection
When you use the Bluetooth device connection function, we need to collect your device's Bluetooth-related information (such as Bluetooth name, MAC address) and basic device information (device model, operating system version) to achieve accurate search, pairing and connection of Bluetooth devices. At the same time, we will record the information of successfully connected Bluetooth devices to facilitate your quick reconnection later without repeated search and pairing.
(2) Firmware Version Detection and Upgrade
After your Bluetooth device is successfully connected, we will collect your Bluetooth device model and current firmware version information to compare with the latest firmware version on the server side and determine whether an upgrade is needed. If there is the latest firmware version, we will show you an upgrade prompt and a description of the firmware update content. After you confirm the upgrade, we will collect your network status information to optimize the download speed of the firmware upgrade package and ensure a stable upgrade process. During the upgrade process, we will record the log information related to the upgrade progress to troubleshoot upgrade abnormalities (such as upgrade failure, interruption, etc.).
(3) Ensuring Service Security and Optimizing Experience
To ensure the stability and security of the system when you use our products and/or services, prevent your information from being illegally obtained, more accurately prevent fraud and protect device connection security, we need to collect your device information (device model, OAID/IDFA, Android ID/OPENUDID, IDFV, operating system and software version, device status, network status, running processes of this APP), log information, IP address, SIM card information (operator and country code), and battery usage to identify real natural person users. When abnormal behaviors are triggered (such as multiple connection failures, frequent interruptions during the upgrade process, abnormal crash of the APP), we will collect your location information, SSID, WIFI name, and common software list information (processed locally only, not uploaded to the server), but we will not collect the above information of normal users. We will also collect your device information to analyze system problems, count traffic and troubleshoot potential risks, and investigate when you choose to send us abnormal information. If you do not provide the above information, we will not be able to protect your service and device connection security during your use of the service.
(4) Application Permission Application and Usage Rules
To enable you to use the Bluetooth connection and firmware upgrade functions normally and improve your user experience, we need to access your system permissions to collect and use the required information. If you do not enable these permissions, you will not be able to use our core functions normally. The permissions we need to apply for and the corresponding purposes of information collection and use are as follows:
Bluetooth Permission Description:
Facilitates your use of Bluetooth device search, pairing and connection functions, and is a necessary permission for realizing core services.
Location Permission Description (for some Android devices):
According to the relevant specifications of the Android system, the Bluetooth search function of some Android devices requires obtaining location permission. We only use this permission for Bluetooth device search and will not collect your specific location information.
Read Phone Status Permission Description:
We access your phone permission to obtain your device's IMEI (International Mobile Equipment Identity), which is the basic information that must be collected to provide services, so as to complete security risk control and user statistics.
Storage Permission Description (Optional):
When you need to manually save the firmware upgrade package or upgrade log, you need to enable the storage permission to write the relevant files into local storage. If you do not enable this permission, it will not affect the normal use of the automatic upgrade function, but you will not be able to manually save the relevant files.
(5) Other Information Usage Rules
1. If we intend to use your information for purposes not specified in this Privacy Policy, or use information collected for specific purposes for other purposes, we will seek your explicit consent in advance.
2. For functions and scenarios not clearly specified in this Privacy Policy, we will show you the corresponding information collection and use rules and obtain your explicit consent when you actually use the function or scenario.
2. How We Use Cookies and Similar Technologies
1. Use of Cookies
When you use our services, we will send one or more small data files called Cookies to your computer or mobile device. The purpose is to simplify the steps of your repeated Bluetooth device connection, store your Bluetooth device connection preferences to provide you with convenient connection settings, and help judge the usage status and data security of your APP.
You can delete all Cookies stored on your computer. Most web browsers automatically accept Cookies, but you can usually modify your browser settings to refuse Cookies according to your needs; in addition, you can also clear all Cookies stored in the software. If you do so, you may need to re-search and pair Bluetooth devices every time you use the APP, and all your previously recorded connection preference information will be deleted, which may also have a certain impact on the security of the services you use.
3. How We Provide Your Personal Information to Third Parties
(1) Sharing
1. We will not share your personal information with any company, organization or individual, except in the following cases:
(1) Obtain your explicit consent or authorization in advance;
(2) Provide in accordance with the mandatory requirements of laws and regulations, administrative and judicial authorities;
(3) Handle disputes or controversies between you and others at your request;
(4) Provide in accordance with the relevant agreements signed with you (including electronically signed agreements online and the corresponding platform rules) or other legal document agreements;
(5) Use based on the public interest in line with laws and regulations and public health emergencies.
2. To provide you with relevant products or services and protect the security of your device connection and services, we may share your information with our affiliated parties or partners. For details of the shared content and purpose, please refer to here.
Please note that the information you voluntarily share or even publicly disclose when using our services may involve your personal information or that of third parties, even sensitive personal information. Please carefully consider and decide before sharing. If it involves the personal information of a third party, please ensure that you have obtained legal authorization.
(2) Public Disclosure
We will only publicly disclose your personal information in the following cases and on the premise of taking security protection measures that meet industry standards:
(1) Disclose the corresponding personal information within the scope of authorization agreed by you separately;
(2) If you seriously violate laws and regulations or relevant agreements and rules, we may disclose your relevant illegal acts and the measures we take against you.
4. How We Protect and Store Your Personal Information
(1) Technologies and Measures for Protecting Your Personal Information
We attach great importance to the security of personal information and take all reasonable and feasible measures to protect your personal information:
1. Data Security Technical Measures
We will adopt security protection measures that meet industry standards, including establishing reasonable system specifications and security technologies to prevent your personal information from being accessed, used or modified without authorization, and avoid data damage or loss. For example: The network service adopts Transport Layer Security (TLS) encryption technology and provides data transmission services through HTTPS to ensure the security of user data during transmission; when processing personal information, we will adopt a variety of data desensitization technologies including content replacement and SHA256 to enhance the security of personal information during use.
2. Other Security Measures for Protecting Personal Information
Manage and regulate the storage and use of personal information by establishing a data classification and grading system, data security management specifications, and data security development specifications; conduct comprehensive security control of data through information contactor confidentiality agreements, monitoring and audit mechanisms; establish a Data Security Committee and set up a special information protection department and a data security emergency response organization to promote and ensure the security of personal information.
The underlying cloud technology for storing your personal information has obtained the Level 3 Certification of "Trusted Cloud" issued by the Data Center Alliance, the Level 3 Certification of Public Security Bureau's Security Level Protection, and also the ISO27000 Certification. We will also hold training courses on security and privacy protection to enhance employees' awareness of the importance of protecting personal information.
3. Handling of Security Incidents
To respond to potential risks such as personal information leakage, damage and loss, we have formulated a number of systems to clarify the classification and grading standards of security incidents and vulnerabilities and the corresponding handling processes.
Once a personal information security incident occurs, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and remedial measures for you. At the same time, we will promptly inform you of the relevant situation of the incident by email, letter, telephone, etc. When it is difficult to inform each individual information subject one by one, we will issue an announcement in a reasonable and effective way. At the same time, we will take the initiative to report the disposal of personal information security incidents in accordance with the requirements of the regulatory authorities.
(2) Storage of Your Personal Information
1. Your personal information will be stored within the territory of the People's Republic of China. If it is necessary to transmit your personal information overseas due to special circumstances, we will separately obtain your authorization and consent and require the recipient to process your personal information in accordance with the data protection agreement signed by both parties, this Privacy Policy and relevant laws and regulations.
2. During your use of our products and/or services, your personal information will be stored for the period necessary to achieve the purposes stated in this Policy, and will also be determined in combination with the mandatory retention period required by law. After the expiration of the storage period, we will delete your personal information or anonymize it in accordance with the requirements of applicable laws.
5. How You Can Manage Your Personal Information
We attach great importance to your attention to personal information and make every effort to protect your rights to access, correct, delete and withdraw consent to your personal information, so that you have sufficient ability to protect your privacy and security. Your rights include:
1. Access and Correct Your Personal Information
Except as required by laws and regulations, you have the right to access and correct your personal information at any time, including:
(1) Connected Bluetooth Device Information
Mobile Path: Enter the homepage - click "Mine" to enter the personal center - click "Connected Devices".
(2) APP Operation Log Information
Mobile Path: Enter the homepage - click "Mine" to enter the personal center - click "Settings" - click "Log Management".
If you need to access or correct other personal information generated during your use of our products and/or services, please contact us at any time. We will respond to your request in accordance with the methods and time limits specified in this Privacy Policy.
2. Delete Your Personal Information
You can delete part of your personal information through the access and correction paths specified in this Privacy Policy, or delete your relevant information by uninstalling the APP or clearing the APP data, or delete all your personal information by contacting us.
You can request us to delete your personal information in the following circumstances:
(1) If our processing of personal information violates laws and regulations;
(2) If we collect and use your personal information without your consent;
(3) If our processing of personal information seriously violates the agreement with you.
If we decide to respond to your deletion request, we will also try our best to notify the entities that have obtained your personal information from us to require them to delete it in a timely manner, unless otherwise specified by laws and regulations or these entities have obtained your independent authorization.
After you or we assist you in deleting the relevant information, due to applicable legal and security technical restrictions, we may not be able to delete the corresponding information from the system immediately. We will securely store your personal information and restrict any further processing of it until it can be deleted or anonymized.
3. Change the Scope of Your Authorized Consent or Withdraw Your Authorization
You can change or withdraw your authorization through the following path:
Mobile Path: Enter the mobile phone system settings - find "ShellBox OTA" - enter the permission settings page, where you can separately enable or disable the corresponding permissions.
You can also withdraw all authorizations for us to continue collecting your personal information by uninstalling the APP.
Please understand that each business function requires some basic personal information to be completed. When you withdraw your consent or authorization, we will not be able to continue to provide you with the services corresponding to the withdrawn consent or authorization, nor will we process your corresponding personal information. However, your decision to withdraw consent or authorization will not affect the personal information processing carried out based on your authorization before.
4. Obtain a Copy of Your Personal Information
You have the right to obtain a copy of your personal information. The access path is: Enter the homepage - click "Mine" to enter the personal center - click "Settings" - click "Privacy Settings" - click "Download Personal Information".
5. Responding to Your Requests
If you cannot exercise your rights through the methods or paths specified in this Privacy Policy, you can send an email to google@shellbox.cn or contact us through other methods in this Privacy Policy. For security purposes, we may require you to provide a written request or your identity certification documents, and we will reply to your request within 15 days after receiving your feedback and verifying your identity.
We will not charge fees for your reasonable requests in principle, but for repeated requests that exceed a reasonable limit, we will charge a certain cost fee according to the circumstances. We may refuse requests that are unnecessarily repeated, require excessive technical means (for example, need to develop a new system or fundamentally change existing practices), bring risks to the legitimate rights and interests of others, or are very impractical (for example, involve information stored on backup tapes).
6. Protection of Minors' Personal Information
1. We attach great importance to the protection of minors' personal information. If you are a minor under the age of 18, you should obtain the consent of your guardian in advance before using our products and/or services.
2. For the personal information of children under the age of 14 that may be involved, we will take the following additional measures to ensure protection:
(1) For the collected personal information of children, in addition to complying with the provisions of this Privacy Policy on users' personal information, we will also adhere to the principles of legality, necessity, informed consent, clear purpose, security guarantee and legal utilization, strictly follow the requirements of laws and regulations such as the "Regulations on the Protection of Children's Personal Information in Cyberspace" for storage, use and disclosure, and will not exceed the period necessary to achieve the purpose of collection and use. After the expiration of the period, we will delete or anonymize the children's personal information. We will designate a special person responsible for the protection of children's personal information and set up a special email for the protection of children's personal information: google@shellbox.cn. We will also formulate special internal systems for the protection of children's personal information.
(2) When you, as a guardian, choose to use relevant services for your ward child, we may need to collect the personal information of your ward child from you to fulfill the relevant services for you. Please clearly know and choose carefully.
(3) Children or their guardians have the right to access and correct children's personal information at any time, and can also request us to correct or delete it. If you have any opinions, suggestions, complaints or reports on matters related to children's personal information, please contact us. We will provide you with help at any time.
7. Notices and Revisions
1. To provide you with better services and with the development of business, this Privacy Policy will also be updated accordingly. However, without your explicit consent, we will not reduce the rights you are entitled to under this Privacy Policy. We will issue an updated version on the mobile terminal and remind you of the update of relevant content through in-APP announcements or other appropriate methods before it takes effect. Please also check the APP regularly to keep abreast of the latest Privacy Policy.
2. For major changes, we will also provide more prominent notices (we will explain the specific changes to the Privacy Policy through methods including but not limited to emails, text messages or special prompts on the APP startup page).
Major changes referred to in this Privacy Policy include but are not limited to:
(1) Significant changes have taken place in our service model. Such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.;
(2) Significant changes have taken place in our ownership structure, organizational structure, etc. Such as changes in ownership caused by business adjustments, bankruptcy and mergers, etc.;
(3) Significant changes have taken place in the main objects of personal information sharing, transfer or public disclosure;
(4) Significant changes have taken place in your rights to participate in personal information processing and the way to exercise them;
(5) When the responsible department, contact information and complaint channels for personal information security handled by us change;
(6) When the personal information security impact assessment report indicates high risks.
3. We will also archive the old versions of this Privacy Policy, which can be viewed by clicking the link at the end of the text.
8. Description of Third-Party SDKs
To realize the core functions of Bluetooth connection and firmware upgrade, this APP has not integrated third-party SDKs irrelevant to the core functions such as payment. If it is necessary to integrate third-party SDKs for function optimization in the future, we will make additional supplementary explanations and obtain your consent.
9. How to Contact Us
1. If you have any questions, opinions or suggestions about this Privacy Policy or your personal information, or need to make complaints or reports, please contact us through the following methods:
Email Address: google@shellbox.cn
We will verify the situation and reply to you as soon as possible after receiving your feedback.