UGREEN Cloud Developer

English

简体中文

English

简体中文

UGREEN NAS Developer Platform Privacy Policy

Effective Date: May 21, 2026

This UGREEN NAS DEVELOPER PLATFORM PRIVACY POLICY (hereinafter referred to as this "Policy") applies to the processing of personal information by Ugreen Group Limited (hereinafter referred to as "UGREEN", "we", or "us") in the course of operating the UGREEN NAS Developer Platform website (developer.ugnas.com, hereinafter referred to as the "Website") and providing UGREEN NAS application developers with related services.

This Policy primarily covers the following two scenarios:

    • Access by general visitors: You only browse the UGREEN NAS Developer platform website to view application development documentation, application listing process descriptions, policies and rules, or submit complaints or reports through the website.
    • Developer services: As a developer, you interact with UGREEN in the course of application development, testing, listing, updates, maintenance, operations, and related communications and support, during which personal information is exchanged.

This Policy aims to help you understand:

I. What personal information we process

II. How we share, disclose and assign your personal information

III. How we store your personal information

IV. Cross-border transfer of personal information

V. How we protect your personal information

VI. Your rights as a data subject

VII. Personal information of minors

VIII. Privacy policy updates

IX. Contact information

X. Supplementary provisions for different regions

This Policy does not apply to:

    • personal information of end users that is collected and processed by applications you develop after they are deployed on the UGREEN NAS private cloud, for which you, as the developer, are solely responsible for data protection; and
    • the privacy practices of other UGREEN products or services (such as the UGREEN NAS official website or UGREEN NAS devices). Please refer to the privacy policy of the specific product for further details.

I. Personal information that we process

(I) General visitors

When you view documentation on the platform or submit a complaint or report through the platform as a visitor, we may collect the following information:

    • Browsing and log information: When you browse our website, we may automatically collect necessary browsing and log information, such as terminal device type, IP address (for the purpose of inferring your approximate location), pages visited, session duration, and language preference. This information is used to ensure the secure operation of the platform, optimize user experience, conduct anonymized traffic statistics, and troubleshoot technical issues.
    • Complaints, reports, and feedback: If you submit a complaint or report through the platform, we will collect the name of the reported application, issue category, detailed description, and optional image evidence, as well as your contact email address (to provide you with feedback on the handling results).

(II) Developers

If you submit an application for listing, maintain an application, or communicate with us, we will collect your personal information within the minimally necessary scope required to achieve the corresponding functions, in order to fulfill contractual obligations or comply with applicable laws and regulations, or with your consent.

1. Developer identity verification and account management

To comply with all applicable laws and regulations of the jurisdictions where applications are intended to be listed, and for the purposes of platform governance, we may process real-name authentication information provided by developers.

    • Real-name authentication information of individual developers: full name, ID card number, identity document photos (e.g., passport, ID card, driver's license, and residence permit), credit card photos, utility bills with address information, insurance policies, credit card or bank statements, and contact information (email address or phone number)
    • Contact information of contacts of enterprise developers: name, job title, work email address, phone number, and identity documents with photos

UGREEN only collects such information that you voluntarily submit or with your explicit consent. If you do not provide the information required for real-name authentication, you will be unable to register as a developer on the platform or submit applications for listing.

2. Application listing review

When you submit an application for listing, or update or modify relevant information, UGREEN will review the relevant materials and information of the application submitted by you in accordance with platform rules and applicable laws and regulations, which may include but are not limited to the basic information of the application, information of the operating entity, compliance commitment letters, qualification certification materials, or authorization documents. The aforementioned materials and information may contain personal information, such as the signatory’s name, identification information, and contact information.

We only process such information within the scope necessary to fulfill our obligations under applicable laws and regulations, our duties in platform review, and for risk management purposes, and will not use it for any other purposes unrelated to the application listing review.

3. Complaint handling and communication support

In scenarios such as application listing, version updates, complaint and report handling, communication on platform rules, or compliance reminders, UGREEN will process your email address, phone number (if voluntarily provided by you), and communication records for the purposes of completing reviews, providing you with feedback, and offering technical support.

Please be advised that identity document photos and credit card photos may be deemed as sensitive personal information in certain jurisdictions. UGREEN will only process the aforementioned information as necessary to comply with applicable laws and regulations and to fulfill specific, justified purposes. We will implement stricter protection measures, including but not limited to encrypted storage, access control, minimal use of data, and regular security audits, to prevent unauthorized access, disclosure, alteration, or loss of such information. If we are required to process relevant information only after obtaining your separate consent or meeting other special conditions in accordance with the law, UGREEN will provide you with clear explanations and obtain your authorization as required by law before collecting such information.

II. How we share, disclose and assign your personal information

(I) Sharing

We will not share your personal information with third parties.

We will not share your personal information with any third party, unless:

(1) we have obtained your explicit authorization or consent;

(2) we provide the details you filled in and image evidence to the party being reported/complained against, provided that we do not disclose your email address;

(3) we are required to disclose your personal information by judicial or administrative authorities in legal proceedings;

(4) we initiate legal proceedings or arbitration against users to protect our legitimate rights and interests;

(5) such sharing of personal information is mandatory under the service agreement or usage rules between you and UGREEN; or

(6) the sharing of personal information is conducted pursuant to an agreement reached between you and a third party.

(II) Disclosure

We will not publicly disclose your personal information, unless:

(1) we display the developer name on the application's details page as required by law;

(2) we have obtained your prior explicit consent to do so; or

(3) we disclose your personal information in order to comply with applicable laws, legal processes, litigation requirements, or government orders.

(III) Assignment

We will not assign your personal information to any third party, unless such assignment occurs in the event of corporate merger, division, reorganization, asset transfer, or similar circumstances.

In the event of any of the aforementioned circumstances, we will require the recipient of your personal information to continue to be bound by this Policy and to fulfill the notification obligation in accordance with the law.

(IV) Exceptions for the sharing, disclosure, or assignment of your personal information

Please note that we may share or disclose your personal information without obtaining your prior authorization or consent if:

(1) it is directly related to national defense or security;

(2) it involves public safety, public health, or other major public interests;

(3) it directly concerns criminal investigation, prosecution, trial, or the enforcement of court orders;

(4) we need to protect important legal rights, such as the life and property of the data subject or other individuals, where obtaining your consent is not feasible;

(5) the personal information has been publicly disclosed by the data subject; or

(6) we obtain personal information from lawfully disclosed sources, including, but not limited to, news reports, government information disclosures, and other legal channels.

III. How we store your personal information

We retain your personal information only for the minimum period necessary to achieve the purposes described herein. The retention period of your personal information is determined based on the following circumstances:

mandatory or minimum requirements for data retention periods stipulated by applicable laws and regulations;

    • your exercise of your right to deletion or right to withdraw consent;
    • our retention of your personal information for the purpose of the existence and performance of the contractual relationship between you and us;
    • our retention of your personal information for a reasonable period necessary for business risk control, dispute resolution, and compliance audits (such as obligations related to taxation and anti-money laundering);
    • the type of information and the potential impact on your rights and interests; and
    • deletion or anonymization of your personal information when the retention period expires or we no longer have a legal basis for processing your personal information

If we are unable to delete your personal information immediately due to technical reasons, we will take security isolation measures to prevent it from being used for any further business purposes and will delete your personal information once technically feasible.

IV. Cross-border transfer of personal information

We maintain servers located in the Chinese mainland for storing your personal information and, in principle, do not transfer your personal information across borders.

However, we operate the website and provide the UGREEN NAS application developer services across multiple countries and regions. When providing unified services to developers, we may transfer your personal information, as necessary, to servers located outside your country or region, or to locations where our affiliates are based.

In such circumstances, UGREEN will adopt corresponding legitimate mechanisms to transfer your personal information in accordance with applicable laws and regulations governing cross-border data transfer, and implement security safeguards (including but not limited to signing standard contractual clauses, conducting cross-border data transfer impact assessments, and implementing technical and organizational measures such as encryption and access control), to ensure that UGREEN's cross-border transfer of your personal information complies with applicable laws and regulations and provide adequate protection for your personal information. In addition, UGREEN will notify you of the relevant details (e.g., legal requirements) prior to the transfer.

V. How we protect your personal information

We implement appropriate technical and organizational measures to ensure the security of your personal information.

We have taken suitable security measures to protect your personal information against unauthorized access, manipulation, damage, or loss. We employ encryption technology to protect your personal information during transmission. We utilize appropriate encryption, access control, and authentication technologies to protect your personal information retained by us. We also implement appropriate restrictions on our employees' access to your personal information. In addition, we regularly back up your personal information to restore access to your personal information in case of physical or technical incidents.

We have developed response plans to address potential risks of personal information breaches, damage, or loss, and conduct regular drills to test these plans.

While we strive to protect your personal information, please note that no method of internet transmission or security system is flawless, and we cannot guarantee the absolute security of your personal information under all circumstances. At the same time, we advise you to properly safeguard your account information and communication devices to help minimize the risk of information leaks.

VI. Your rights as a data subject

(I) Your rights

1. Right to information and inquiry

You have the right to know whether we are processing your personal information, the specific categories, purposes, methods, and retention periods of such processing, and to inquire about relevant details with us.

2. Right to obtain a copy

Subject to applicable laws and regulations, you have the right to obtain a copy of your personal information retained by us.

3. Right to correction

If you identify any inaccuracies or incompleteness in the personal information we process, you have the right to request us to correct or supplement it.

4. Right to deletion (right to be forgotten)

You have the right to request that we delete your personal information if:

    • the purpose of processing your personal information has been achieved or is no longer necessary;
    • you have withdrawn your consent and no other legal basis for processing your personal information exists;
    • we have processed your personal information in violation of laws or regulations; or
    • other circumstances stipulated by laws and regulations occur.

5. Right to restriction of processing

You have the right to request that we temporarily restrict the processing of your personal information if:

    • you raise an objection to the accuracy of your personal information, which is pending verification by us;
    • the processing of your personal information is unlawful, but you oppose its deletion and request restriction of its use instead;
    • we no longer need your personal information, but its retention is still necessary for the establishment, exercise, or defense of legal claims; or
    • you have raised an objection to the data processing based on legitimate interests (if applicable), which is pending our assessment.

6. Right to objection

Where UGREEN processes your personal information based on legitimate interests (where applicable), you have the right to object on grounds relating to your particular situation. We will then assess whether there are legitimate grounds for continuing the processing.

7. Right to withdraw consent

Where we process your personal information based on your consent, you may withdraw your consent at any time. However, such withdrawal will not affect the lawfulness of any processing conducted based on your consent prior to such withdrawal.

8. Right to data portability

Subject to applicable laws and regulations, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and have the right to request that we transmit such data to a designated third party.

9. Right related to automated decision-making

If we adopt automated decision-making based solely on information systems or algorithms in specific business scenarios, and such decisions produce significant impact on you, you have the right to request an explanation from us and to request manual review.

10. Right to lodge complaints and seek remedies

You have the right to file a complaint with the competent data protection regulatory authority against UGREEN's processing of your personal information, and to seek judicial or administrative remedies in accordance with the law.

(II) How to exercise your rights

You may contact us at [email protected]. Please clearly state your identity, the specific matter of your request, and your contact information in the email.

For security purposes, we may need to verify your identity as required by law before processing your request. Once your identity is verified, we will respond to you within the time frame stipulated by law, typically within fifteen (15) working days.

UGREEN will not charge any fees for your reasonable requests in principle. However, UGREEN may reject requests that are unreasonably repetitive, require excessive technical measures (such as developing a new system or fundamentally altering current practices), pose risks to the legitimate rights and interests of others, or are highly impractical (for example, involving information stored on backup tapes).

In accordance with applicable laws and regulations, UGREEN may be unable to respond to the following requests made by you:

1. requests related to UGREEN’s fulfillment of obligations prescribed by laws and regulations;

2. requests directly related to national security or national defense security;

3. requests directly related to public security, public health, or major public interests;

4. requests directly related to criminal investigation, prosecution, trial, judgment enforcement, and other such matters;

5. requests made by any data subject with subjective malice or who abuses his/her rights as confirmed by sufficient evidence;

6. requests made for the purpose of safeguarding the major legitimate rights and interests (such as life and property) of the data subject or other individuals, where it is difficult to obtain the said individual’s consent;

7. requests responding to which would cause serious harm to the legitimate rights and interests of the data subject, other individuals, or organizations; or

8. requests involving trade secrets.

VII. Personal information of minors

This Platform and the developer services provided herein are primarily intended for adults. We do not actively collect personal information from minors who have not reached the age of majority stipulated by applicable local laws and regulations. If you believe we have inadvertently collected information from a minor, please contact us to request its deletion.

VIII. Privacy policy updates

We conduct regular reviews of this Policy. To reflect changes in our information practices, we may update this Policy. We will notify you of any material changes made to this Policy (if any) through announcements on our website or other means, and will obtain your consent again in accordance with applicable laws and regulations.

Any changes to this Policy will take effect from the effective date specified in the notification or on the website. We recommend that you periodically review this page to stay informed about our latest privacy practices. Your continued use of our website or services will be deemed as your acceptance of the updated Policy.

IX. Contact information

If you have any questions or concerns about this Policy, please contact us at [email protected].

X. Supplementary provisions for different regions

A. Users in the European Economic Area/United Kingdom

If you are located in the European Economic Area or the United Kingdom, we will process your personal information in accordance with the General Data Protection Regulation or the UK General Data Protection Regulation, respectively.

In addition to the rights set forth in Section VI hereof, you shall also be entitled to the following rights:

    • To lodge a complaint with the data protection regulatory authority in your jurisdiction; and
    • To request that we restrict cross-border transfers or provide an explanation of the corresponding protective measures.

B. Users in California, USA

If you are a resident of California, you have the following rights under the California Consumer Privacy Act and its amendment, the California Privacy Rights Act:

    • Right to opt out of the sale or sharing of personal information: UGREEN does not sell your personal information, nor does it share your personal information for cross-context behavioral advertising purposes.
    • Right to non-discrimination: The exercise of your privacy rights will not result in a reduction in the quality of services we provide to you, nor will it subject you to price discrimination by UGREEN.

C. Other jurisdictions

UGREEN will process your personal information in accordance with the applicable data protection laws and regulations of your jurisdiction.