Milesight Platform Personal
Information Protection Policy

Overview

The Milesight Platform is provided by Xiamen Milesight IoT Co., Ltd. (hereinafter referred to as "we", "Milesight" ) for web and mobile software and service products. Milesight Platform includes Milesight Development Platform and Milesight Device Portal, etc. On Milesight Platform, you can connect, manage, configure, and control Milesight smart hardware devices (hereinafter referred to as "Milesight Devices"). You can also view events and data reported by Milesight Devices, and use the above services through Restful API to build your own applications.

Thank you very much for your trust in Milesight! We are well aware of the importance of personal information to you and that providing effective protection for your personal information is the cornerstone of the healthy and sustainable development of our business. Thank you for using and trusting our products and services! We understand that this trust is hard-earned, so we adhere to the principles of openness and transparency, clearly outlining the rules for how we handle your personal information. We use legitimate and proper methods and clear and reasonable purposes to process your personal information. We will take corresponding security measures to protect your personal information in accordance with mature industry security standards, making this trust even stronger.

We hope to explain through this Personal Information Protection Policy (hereinafter referred to as "this Policy") how we handle your personal information and device information when using Milesight Platform, as well as your rights and the methods for exercising them. Please read and understand this Policy carefully before using Milesight Platform, and use it only after confirming that you fully understand and agree to it. Once you start using Milesight Platform, it means you have fully understood and agreed to this Policy and consent to our handling of your relevant information according to this Policy. If you have any questions, comments, or suggestions regarding the content of this Policy, you can contact us through the various contact methods provided in this Policy.

This Policy will help you understand the following:

• How We Collect and Use Your Personal Information.
• How We Store Your Personal Information.
• How We Share, Transfer and Publicly Disclose Your Personal Information.
• How We Protect Your Personal Information.
• Your Rights in Managing Personal Information.
• Protection of Minors' Personal Information.
• Scope of this Policy.
• Changes and Revisions to this Policy.
• How to Contact Us.
• Effectiveness of this Policy.

How We Collect and Use Your Personal Information

We will collect and use your personal information as described in this Policy, including your sensitive information such as name, company name, email address, phone number, and account avatar. The purposes and uses of collecting and using this sensitive information are detailed in the following functional description section. We will use compliant technology to encrypt and store the sensitive information you have explicitly agreed to and voluntarily provided, ensuring the security of your personal information.

We will not indirectly obtain your personal information through channels such as sharing, transferring, or collecting publicly available information. If, in the future, there is a need to indirectly obtain your personal information through other channels, we will only collect the minimum amount of information necessary to fulfill the business functions of the product or service. Before collecting and using the information, we will inform you clearly and seek your explicit consent. At the same time, we will ensure the legitimacy of the information sources before collection, and understand the scope of authorization and consent obtained by the personal information provider, including the purpose of use, authorized transfer, sharing, and public disclosure. If our processing activities of personal information exceed the scope of authorization and consent, we will obtain your explicit consent within a reasonable period after obtaining the personal information or prior to processing it.

The purposes and uses of collecting and using your information are detailed as follows:

(1) Enable Core Features of Milesight Platform

Core features refer to the essential functionalities that support the normal operation and provision of services of Milesight Platform. If you do not agree to the collection and use of personal information necessary for providing you with services, you will be unable to use Milesight Platform.

Information collected through account registration: When you register a Milesight Platform account, we collect your name, email address, and password. This information is collected to assist you in completing the registration process and to protect the security of Milesight Platform account. If you refuse to provide this information, you may not be able to successfully register a Milesight Platform account. You also have the option to add a profile picture, company name, or phone number to Milesight Platform account.

You can modify your profile picture, name, company name, password, and mobile phone number through "My Account."

When you delete your Milesight Platform account, we will cease using and delete the aforementioned information or anonymize your personal information unless otherwise required by applicable laws and regulations.

(2) Provide Security Assurance, Resolve Technical Issues, and Handle Your Inquiries about Devices and Services

Provide security assurance, resolve technical issues, and address your inquiries about devices and services. In order to safeguard the security of accounts and devices, handle your inquiries regarding Milesight Platform and services, continuously improve our products, eliminate and reduce product crashes, as well as provide you with better product functionality and services, we may collect the following information through the browser's public interfaces: unique identifiers, browser type and settings, device type and settings, operating system, and application version number. We may also collect relevant information about your interactions with Milesight Platform services, including IP addresses, crash reports, system activities, and the dates, times, and referral URLs of corresponding requests, for the purpose of troubleshooting crashes and optimizing Milesight Platform functionality. This information does not involve your personal identity-related information.

Ensure the security of services. To enhance the security of your use of our services, as well as the services provided by our affiliated companies and partners, protect you or others from harm to personal and property safety, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, and intrusions, and accurately identify violations of laws, regulations, or Milesight's related agreements and rules. We may use or integrate Milesight Platform account information, smart hardware information, app usage information, as well as information authorized by you or obtained in accordance with the law from our affiliated companies and partners, for the purposes of identity verification, detection and prevention of security incidents, and to take necessary record-keeping, auditing, analysis, and disposal measures in accordance with the law.

(3) Exceptions to Obtaining Authorized Consent

In accordance with relevant laws, regulations, national standards, and industry guidelines, your personal information may be processed without obtaining your authorized consent in the following circumstances:

• Related to national security and defense;
• Related to public safety, public health, and significant public interests;
• Related to criminal investigations, prosecutions, trials, and enforcement of judgments;
• Necessary to protect the vital legitimate rights and interests of individuals or others when it is difficult to obtain your consent;
• The personal information collected is publicly disclosed in accordance with the law or voluntarily made public by you;
• Personal information collected from legally disclosed information sources, such as lawful news reports, government information disclosure channels, etc.;
• Necessary for entering into and fulfilling contracts at your request;
• Necessary for ensuring the secure and stable operation of the provided products or services, such as detecting and resolving product or service malfunctions;
• Necessary for lawful news reporting;
• Necessary for statistical or academic research conducted by academic research institutions based on public interest, provided that the results are de-identified when disclosing the research or describing the results to external parties;
• Other circumstances as stipulated by laws and regulations.

How We Store Your Personal Information

The personal information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China and will not involve cross-border transmission. In the future, if it is necessary to transfer the relevant personal information collected domestically to overseas institutions in the event of cross-border data processing, we will implement it in accordance with laws, administrative regulations and relevant regulatory authorities, and seek your consent and permission again before cross-border data transfer. At the same time, we ensure that we will provide detailed information such as the location, purpose and recipient of data transfer in this Policy or through separate prompts such as pop-up windows, telephone calls or email notifications, so that you can know where your personal information is stored at any time. At the same time, we will adopt corresponding encryption, anonymization and other technologies to ensure that your personal information is adequately protected during transmission. We will only store your personal information for the shortest period necessary for the purposes of this Policy and the time limit required by laws and regulations. If we cease to operate Milesight's products or services, we will promptly stop collecting your personal information, notify you of the cessation of operation in the form of delivery or announcement, and delete or anonymize the personal information we store.

How We Share, Transfer, and Publicly Disclose Your Information

(1) Sharing of Your Information

We will not share your personal information with any company, organization or individual except in the following circumstances:

• We will share your personal information with other parties with your explicit consent.
• We may share your personal information with external parties in accordance with laws and regulations, litigation dispute resolution needs, or as required by administrative or judicial authorities in accordance with the law.
• Within the scope permitted by laws and regulations, it is necessary to share your personal information in order to safeguard the interests, property, or safety of Milesight, its affiliates or partners, and the public interest.
• Sharing among Affiliated Companies: When affiliates of Milesight provides services to you or us, we may share your personal information with our affiliated companies. However, we only share necessary personal information and not beyond the purposes you have agreed to. The processing of your information by affiliated companies is governed by this Policy. If the affiliated company wants to change the purpose for which it processes your personal information, it will seek your authorization and consent again.
• Sharing with Partners: We will only share necessary personal information (such as the phone numbers you report for SMS or calls) or aggregated, anonymized, or other non-identifiable information (for example, how many people have installed an app developed by an application developer) with our suppliers, service providers, consultants, agents, third-party advertisers, app developers, Milesight Platform, or other partners for legitimate, proper, necessary, specific, and clear purposes, as well as to achieve the objectives stated in this Policy, and with your explicit authorization. We may also share such information to provide better customer service and user experience. These suppliers, service providers, consultants, and agents may offer us technical infrastructure services, analyze how our services are used, measure the effectiveness of ads and services, provide customer service and payment services, conduct academic research and surveys, or offer legal, financial, and technical advisory services. None of our partners have the right to use the shared personal information for purposes unrelated to the product or service.

We have strict data protection agreements with the companies, organizations, and individuals with whom we share your personal information, requiring them to handle personal information according to our instructions, this Policy, and any other relevant confidentiality and security measures.

(2) Transferring of Your Information

We will not transfer your personal information to any other company, organization, or individual, except under the following circumstances:

• In the event of corporate development such as mergers, acquisitions, asset transfers, or similar transactions involving our company or affiliated companies. If the transfer of your personal information is involved in such transactions, we will require the new holders of your personal information to continue to be bound by this Policy. Otherwise, we will require the new holders to obtain your authorization and consent again.
• To meet the legal requirements of laws, regulations, legal procedures, mandatory government requests, or judicial orders.
• Transfer with your explicit consent, meaning that after obtaining your explicit consent, we will transfer the personal information we have collected from you to other parties.

(3) Publicly Disclosing of Your Information

We will only disclose your personal information in the following circumstances:

• With your explicit consent.
• In cases where legal requirements, legal procedures, litigation, or government authorities require mandatory disclosure, we may publicly disclose your personal information.
• Within the scope permitted by laws and regulations, it may be necessary to disclose your personal information to protect the interests of Milesight, Milesight's affiliated companies or partners, you, or other Milesight users or the public from harm to their interests, property, or safety.
• Other circumstances stipulated by laws and regulations. According to legal provisions, sharing and transferring de-identified personal information, ensuring that the data recipient cannot reconstruct and re-identify the individual to whom the personal information belongs, does not qualify as sharing, transferring, or publicly disclosing personal information. Notice and consent are not required separately for the storage and processing of such data.

How We Protect Your Personal Information

We have implemented industry standard security measures to protect the personal information you provide us, in order to prevent unauthorized access, disclosure, use, modification, damage, or loss of data. We will take all reasonable and feasible measures to protect your personal information.

• We attach great importance to the security of your personal information and will make every effort to implement reasonable security measures. Currently, Milesight has passed the internationally authoritative ISO 27001 information security management system certification.
• If you register a Milesight Platform account, we may analyze information such as your login time, IP address, and login frequency to ensure proper risk management. For data exchange between your browser and Milesight Platform, we use our customized encryption scheme and http dual encryption to ensure the security of data transmission.
• If our application adopts WebView technology, we will verify the URL of all file protocols used in WebView and restrict access to sensitive data of this application and SD Card data, so as to avoid malicious theft of any private files and sensitive information of Milesight products without special permission, thus causing your personal information leaks.
• We deploy access control mechanisms on the server side and follow the principle of granting minimum necessary authorization to personnel who may come into contact with your personal information. We regularly review the list of authorized personnel and access records.
• The server systems where we store your personal information are secured and run on hardened operating systems. We conduct account audits and monitoring of server operations. If any security issues are detected in the publicly announced server operating systems, Milesight will promptly perform server security upgrades to ensure the security of all Milesight server systems and applications.
• We regularly provide training to our employees on personal information protection laws and regulations to strengthen their awareness of protecting your personal information.
• In the event that our physical, technical, or managerial security measures are compromised, we will promptly activate emergency plans to prevent the escalation of security incidents. We will report to the competent authorities according to legal requirements and inform you in a timely manner about the basic situation of the security incident, potential impacts, measures already taken, or to be taken, through reasonable and effective means such as notifications or announcements.

Your Rights in Managing Personal Information

During your use of Milesight Platform, you have the following rights to access and manage your personal information:

(1) Accessing and Correcting Your Personal Information

You can access your personal information through the specific paths and methods described in the "How We Collect and Use Your Personal Information" section of this Policy.

If you are unable to correct your personal information through the above methods, you can also contact us using the contact information provided in this Policy to request corrections.

(2) Deleting Your Personal Information

You have the right to request Milesight to delete your personal information under the following circumstances:

• We collected your personal information without obtaining your consent.
• Our processing of your personal information violates legal and regulatory requirements.
• We have violated our agreement with you regarding the use and processing of your personal information.
• You have canceled your Milesight account, uninstalled our products, or ceased using our services.
• We have ceased to provide services to you.
• Your withdrawal of consent, but please note that if you withdraw your consent and request the deletion of personal information, it does not affect the personal information processing based on your consent before the withdrawal.

You can contact us using the means provided in Section Nine of this Policy to request the deletion of your personal information, and we will respond within 15 working days. After deleting your personal information from our servers, we may not immediately delete the corresponding data from backup systems but will do so when updating backup information.

When you make a request to delete information, we may ask for additional information to verify your identity and ensure that the request is made by you.

(3) Deleting Your Personal Account

You can delete your Milesight Platform account at any time by accessing and logging into Milesight Platform account through the browser ("My Account > Manage > Delete" - https://account.milesight.com/account). Please note that if you choose to deactivate your Milesight account, it will become unusable, related account information will be cleared, and you will no longer be able to access the features and services of Milesight's products through your Milesight account (but it will not affect your use of services and functions that do not require account login).

After you delete your Milesight Platform account, except in cases where legal and regulatory requirements necessitate the retention of relevant information, we will cease to provide corresponding products or services to you and promptly delete or anonymize your personal information.

(4) Copying Your Personal Information

If you wish to copy your personal information, you can make a request by contacting us using the contact information provided in this Policy.

(5) Limitations on Your Rights in Managing Personal Information

Please understand that we may be unable to accommodate your request in certain situations, including:

• Situations related to our fulfillment of legal and regulatory obligations.
• Situations directly related to national security and defense.
• Situations directly related to public safety, public health, or significant public interests.
• Situations directly related to criminal investigations, prosecutions, trials, and enforcement of judgments.
• Situations involving your subjective malice or abuse of rights.
• Situations that may significantly affect the legitimate rights and interests of other individuals, organizations, or yourself in terms of life, property, etc.
• Situations that may cause serious harm to your or other individuals' or organizations' legitimate rights and interests.
• Situations involving our commercial secrets or third-party commercial secrets.

Protection of Minors' Personal Information

Milesight Platform is not specifically designed for minors. Minors under the age of eighteen must obtain the consent and authorization of the minor themselves or their guardian when using Milesight Platform. Minors under the age of fourteen must have their parents or other guardians read this Policy before using the platform, and minors should seek the consent and guidance of their parents or other guardians before submitting personal information. If you are a parent or guardian of a minor, you can contact us through the contact information provided in Section Nine of this Policy if you have any questions about the personal information of the minor under your guardianship.

Scope of this Policy

This Policy applies only to Milesight Platform. It is important to note that this Policy does not apply in the following situations:

• When Milesight Devices (or services) are embedded within third-party products (or services), and the information collected by those third-party products (or services).
• When third-party services, advertisements, or other companies, organizations, or individuals collect information accessed through Milesight products (or services).

We would like to remind you that when using third-party products and/or services, please carefully read the relevant user agreements and personal information protection policies presented by those third parties. Safeguard and exercise caution when providing your personal information to them.

Changes and Revisions to this Policy

This Policy may be subject to changes. We will not limit your rights under this Policy without your explicit consent. For significant changes to this Policy, we will provide prominent notice (such as timely notifications in the form of pop-ups when you log in or during Milesight Platform upgrades or revisions). Significant changes referred to in this Policy include, but are not limited to:

• Significant changes in our service model, such as the purposes for processing personal information, types of processed personal information, or methods of using personal information.
• Significant changes in control, such as changes in ownership resulting from mergers or reorganizations.
• Major changes in the main entities with whom we share, transfer, or publicly disclose personal information.
• Significant changes in your rights and their exercise regarding the processing of personal information.
• Changes in the department responsible for the security of personal information handling, contact information, or complaint channels.
• When the personal information security impact assessment report indicates a high risk.

How to Contact Us

If you have any questions about our practices or this Policy, please contact us as follows:

Email to Milesight at: iot.support@milesight.com.

Postal Mailing Address: Building C09, Software Park Phase III, Xiamen 361024, Fujian, China.

In principle, we do not charge any fee for your reasonable requests, but we will charge a certain cost fee at our discretion for repeated requests that exceed reasonable limits. We may refuse requests that require the use of technology beyond industry norms to achieve or substantially affect the legitimate rights and interests of others.

Effectiveness of the Personal Information Protection Policy

This version of this Policy is updated on【18】【June】2025 and will take effect on【18】【June】 2025.

Appendix One: Definitions

Personal Information: Refers to various information recorded electronically or by other means that can individually identify a specific natural person or reflect specific activities of a natural person. Personal information includes: basic information (including personal name, date of birth, gender, address, personal phone number, email); personal identification information (such as ID card, military officer card, passport, driver's license, etc.); personal biometric information (including voiceprint, fingerprints, facial features, etc.); network identity information (including system accounts, IP addresses, etc.); personal property information (including bank accounts, transaction and consumption records, virtual asset information such as game redemption codes); personal communication information (including contents of the address book); personal internet browsing records (including website browsing history, software usage records, click records, etc.); personal device information (including hardware model, device MAC address, software list, unique device identifiers such as IMEI/IDFA/AndroidID/OPENUDID/GUID/SIM card IMSI information, etc., which describe the basic information of personal devices used on a regular basis); personal location information (including travel trajectories, precise location information, accommodation information, latitude and longitude, etc.).

Sensitive Personal Information: Refers to personal information that, once disclosed, illegally provided, or abused, may endanger personal safety, property security, cause harm to reputation, mental and physical health, or lead to discriminatory treatment. Sensitive personal information includes: personal property information (including bank accounts, transaction and consumption records, virtual asset information such as game redemption codes); personal biometric information (including voiceprint, fingerprints, facial features, etc.); personal identification information (such as ID card, military officer card, passport, driver's license, etc.); other information (including address book, travel trajectories, web browsing records, accommodation information, precise location information).

De-identification: The process of processing personal information through technical means so that the data subject cannot be identified without the use of additional information.

Anonymization: The process of the process of processing personal information through technical means, so that the data subject cannot be identified and the information cannot be re-identified or reconstructed.

Personal Information Deletion: The act of removing personal information from systems involved in daily business functions, making it unsearchable and inaccessible.

Minor: In consideration of varying definitions of minor across different jurisdictions, for the purposes of this Policy.Refers to individuals under the age of fourteen.

Processing: Activities involving the collection, storage, use, processing, transmission, provision, disclosure, etc. of personal information.

Appendix Two: Third-Party Services and Shared Information Explanation

To ensure the secure and stable operation of relevant functions and applications of Milesight Platform, we may use third-party services to achieve these purposes.

Explanation of Third-Party Data Processing Entities: Third-party data processors are used to provide better product services, and these subprocessors provide sufficient protection for personal data and comply with applicable data protection laws. The list of subprocessors is as follows: