PollenLink AI Chat App Privacy Policy

Last Updated: December 22, 2025

Operator: LAITTING TUADING LIMITED (hereinafter referred to as "we" or "us")

Company Address: Room 502C, 5F, Ho King Commercial Centre, 2-16 Fa Yuen Street, Yau Tsim Mong District, Kowloon

Contact Email: lpyikjzg@gmail.com

Data Protection Officer (DPO): Elias Voss

DPO Contact Email: lpyikjzg@gmail.com

This Privacy Policy is strictly compliant with Google Play Developer Policies and fully aligns with data protection laws and regulations in major European and American markets, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the UK Data Protection Act 2018 (DPA 2018), and the Swiss Federal Data Protection Act (FADP).

Please read and understand the entire content of this Policy carefully before using the App. By clicking "Agree" or using the App's services, you confirm that you have fully understood and agreed to all the terms of this Policy, and warrant that you are at least 18 years of age.

1. Scope of Application

This Policy applies to all functions and services you use on the PollenLink AI Chat App, including conversational interactions with the following 10 AI characters, avatar customization, and feedback submission:

• Lila Bloom: Friendly pollen intro mentor (for pollen exploration beginners)

• Kai Pollinator: Pollen & pollinator ID expert (for users needing species identification)

• Mia Green: Pollination technique consultant (for gardeners & agriculturists)

• Leo Observer: Pollen observation log keeper (for users needing observation records)

• Zara Flora: Botany & pollen science advisor (for botany knowledge seekers)

• Jax Research: Research data management helper (for citizen scientists & researchers)

• Luna Teach: Pollen teaching resource partner (for science educators)

• Ethan Thrift: Budget-friendly pollination guide (for cost-conscious gardeners)

• Sophia Local: Local plant pollen specialist (for regional plant enthusiasts)

• Noah Lens: Pollen photography guide (for nature photographers)

2. Personal Information We Collect and Collection Methods

The App has no account login function. We only collect necessary personal information in strict compliance with the principle of data minimization, and we do not collect irrelevant information.

2.1 Personal Information You Voluntarily Provide

1. Avatar Information: When using the avatar customization function, you may take photos via the camera or select images from your photo album to upload. We only collect the avatar image you ultimately confirm, which is used for personal identity identification and display. We will not access other images in your photo album or other content captured by the camera.

2. Feedback Information: Text, voice, or other content you submit through the App's feedback function will only be used to address your inquiries and optimize product experience, and will not be used for any other purposes. If you voluntarily provide sensitive information (such as personal contact details or identification information) in your feedback, you shall bear the relevant risks yourself.

3. Information Provided for Specific Services: When using certain AI character services (e.g., Kai Pollinator's species identification service, Leo Observer's observation record service, Noah Lens's pollen photography service), you may voluntarily upload photos (e.g., pollen photos, pollinator photos, observation scene photos) or input text information (e.g., observation time, location, plant species). Such information is only used to fulfill the corresponding service functions (e.g., photo analysis for identification, data organization for logs, photo optimization suggestions) and will not be used for other purposes without your explicit consent.

2.2 Automatically Collected Information

1. Device-related Information: This includes device model, operating system version, Android ID, Advertising ID, IP address, and network connection type. The purpose of collection is to adapt to different devices, ensure app stability, and prevent fraud and malicious attacks.

2. Usage Behavior Information: This includes conversation history with AI characters (e.g., questions raised to Lila Bloom about pollen knowledge, consultation content with Mia Green about pollination techniques), function usage records (e.g., usage frequency of Leo Observer's log-keeping function, access records of Luna Teach's teaching materials), access time, and duration of stay. It is used to optimize AI algorithms and enhance interactive experience. All data is statistically analyzed in an anonymized and aggregated manner, and is not linked to personal identity.

3. Voice Information: Voice data is only temporarily collected when you actively use the voice interaction or voice feedback function (e.g., voice consultation with AI characters, voice feedback submission), and is solely used for speech-to-text conversion to process your request. Original voice data is immediately deleted after processing is completed, and no voice records are stored.

2.3 Notes on Sensitive Personal Information

The App does not actively collect sensitive personal information such as race, religion, health status, financial information, or sexual orientation. If you voluntarily provide such information in conversations with AI characters or feedback, we will implement the highest level of security protection measures in accordance with GDPR and other relevant regulations, including encrypted storage and strict access control, and will not use such information for any commercial purposes.

3. Specific Notes on Data Sharing

We strictly comply with Google Play policies and will never sell, rent, or trade any of your personal information. Data sharing only occurs in the following limited scenarios, and strict protection measures are implemented in all cases:

3.1 Sharing Scenarios and Compliance Requirements

1. Obtaining Your Explicit and Separate Consent: Before sharing personal information with third parties, we will explicitly inform you of the purpose of sharing, the name of the third party, the scope of information to be shared, and the sharing period through pop-up windows and written confirmation. We will only share the information after obtaining your separate consent. For sensitive information, an additional authorization agreement must be signed.

2. Entrusting Third-Party Service Providers with Technical Support: To provide App functions (e.g., image analysis for Kai Pollinator's identification service, data storage for Jax Research's research data management service), we may entrust qualified third-party service providers (such as server hosting providers, image recognition SDK providers) to process data. We will sign a special confidentiality agreement with third parties, requiring them to:
        We will conduct quarterly compliance audits on third-party data processing activities.

￮ Only use data within the scope of authorization and not exceed the agreed purpose;

￮ Comply with relevant regional laws and regulations;

￮ Adopt end-to-end encryption (E2EE) for data transmission;

3. Mandatory Disclosure as Required by Law: We may disclose necessary information without your consent in the following circumstances:
        When disclosing information, we strictly adhere to the principle of "minimum necessity", only providing the minimum amount of data required to achieve the purpose, and will explain the App's 18+ service attribute to the regulatory authorities.

￮ To comply with applicable laws, regulations, legal procedures, or mandatory requirements of regulatory authorities;

￮ To protect the vital legitimate rights and interests of us, users, or the public;

￮ To prevent illegal and criminal activities such as fraud and malicious attacks targeting the App.

3.2 Compliance Notes on Third-Party SDKs

Third-party SDKs integrated into the App (such as Google Analytics for Firebase) are only used for statistical analysis and have obtained compliance certification. Data collected by SDKs includes IP addresses and device identifiers, which are solely used to optimize service experience and are not linked to personal identity information. You may reset your Advertising ID or disable relevant permissions through device settings. SDK providers are prohibited from using the data for targeted advertising.

3.3 Prohibited Sharing Scenarios

We are prohibited from sharing your personal information with service providers targeting minors, third parties without data protection compliance certification, and advertising platforms for commercial marketing purposes.

4. Storage and Security of Personal Information

1. Storage Location: Data is stored on compliant servers in Europe and the United States that meet GDPR and CCPA requirements (and have obtained ISO 27001 certification). Data will not be transferred to countries or regions without data protection certification.

1. Storage Period: In accordance with the principle of "minimum necessary", the storage period is strictly limited to the shortest time required to achieve the intended purpose:
        

￮ Avatar Information: Permanently deleted within 7 working days after you actively delete it or uninstall the App;

￮ Feedback Information: Retained for 15 days after processing for after-sales verification, and automatically deleted upon expiration;

￮ Conversation History and Behavior Data: Retained for 30 days from the date of your last use, and irreversibly anonymized upon expiration;

￮ Device Information: Only retained for 15 days after you stop using the App for security audit purposes;

￮ Photos and Text Information Uploaded for Specific Services (e.g., identification photos, observation records): Retained for 90 days from the date of upload if not actively saved by you; if you choose to save them (e.g., save observation logs via Leo Observer), they will be retained until you actively delete them or uninstall the App, and will be permanently deleted within 7 working days after deletion or uninstallation.

1. Security Protection Measures: We adopt industry-leading security protection measures:

￮ Data Storage: All personal information is encrypted using the AES-256 encryption algorithm;

￮ Access Control: Implement the principle of "minimum privilege". Only authorized personnel can access data, and multi-factor authentication (MFA) is required;

￮ Security Audit: Daily audits of data access logs, monthly vulnerability scans, and quarterly penetration tests are conducted;

￮ Emergency Response: A special emergency response plan for data breaches is established. In the event of a breach, regulatory authorities and affected users will be notified within 24 hours.

5.Exclusive Rights Granted by Laws in Different Regions

Your rights are protected by the laws and regulations of your region. We provide convenient channels for you to exercise your rights and will not degrade service quality due to your exercise of such rights:

5.1 EU (GDPR) and UK (DPA 2018)

1. Core Rights: Right to access (you may request access to your personal data and obtain details about its processing, including the purposes of processing, categories of data, recipients of the data, and the retention period), right to rectification (you may request corrections to inaccurate or incomplete personal data without undue delay), right to erasure (right to be forgotten; you may request the deletion of your personal data particularly when the data is no longer necessary for the collected purposes, you withdraw consent with no other legal basis for processing, you object to processing with no overriding legitimate grounds, or the data has been unlawfully processed), right to data portability (you may receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller), right to restriction of processing (you may request restriction particularly when you contest data accuracy, the processing is unlawful but you don't want data erased, or we no longer need the data but you require it for legal claims), right to object (you may object to processing based on legitimate interests or public interest, including direct marketing), and right to withdraw consent.

2. Instructions for Exercising Rights: You may withdraw permission authorization at any time, which will not affect the legality of data processing activities conducted prior to withdrawal; you may request permanent deletion of all personal data (including uploaded photos and saved records), and we will complete the deletion and provide written confirmation within 7 working days; you may request to export your personal information (e.g., observation logs from Leo Observer) in a structured, commonly used, and machine-readable format (such as JSON) for migration to other services; if you believe that data processing violates GDPR or DPA 2018, you may file a complaint with the EU Data Protection Authority (DPA) or the UK Information Commissioner's Office (ICO).

5.2 United States (CCPA/CPRA and VCDPA)

1. Core Rights (CCPA/CPRA): Right to know (you have the right to request disclosure of detailed information about your personal information collected, used, shared or sold in the past 12 months, including specific categories and content of personal information, processing purposes, and specific categories of third-party recipients; you may submit such requests up to twice a year free of charge), right to delete (you may request deletion of your collected or stored personal information, except in circumstances such as completing your initiated transactions, detecting security incidents, complying with legal obligations, or exercising legal rights), right to opt-out of sale (you may direct us not to sell your personal data to third parties, and we will cease selling unless you later provide explicit consent to resume), right to opt-out of targeted advertising (you may opt out of the use of your personal data for targeted advertising that delivers ads tailored to your interests or behavior across different platforms), right to data portability, and right against discrimination (we will not deny services, increase prices, or degrade service quality solely because you exercised your CCPA/CPRA rights).

2. Core Rights (VCDPA, for Virginia Residents): Right to opt-out of targeted advertising (you may opt out of the use of your personal data for targeted advertising based on data collected across non-affiliated websites or applications), right to opt-out of sale (you may opt out of the sale of your personal data, where "sale" refers to the exchange of personal data for monetary or other valuable consideration), right to opt-out of profiling (you may opt out of profiling that supports decisions producing legal or similarly significant consequences for you, where profiling refers to automated processing to evaluate, analyze, or predict your behavior, health, or preferences), right to access, correct, and delete (you may request access to your personal data including collected categories, processing purposes, and third-party sharing; request corrections to inaccurate or incomplete data; request deletion unless retention is required by law or legitimate business purposes), and right to appeal (if we deny your request, you have the right to appeal, and we will review and provide a written response within a reasonable time).

3. Instructions for Exercising Rights: You may request disclosure of the categories and sharing status of personal information collected in the past 12 months; you may submit an "opt-out" request for data sharing or targeted advertising or profiling at any time; we will not deny services, increase service prices, or degrade service quality due to your exercise of CCPA/CPRA or VCDPA rights.

5.3 Switzerland (FADP)

1. Core Rights: Right to access, right to rectification, right to deletion, right to restriction of processing, and right to request an explanation of the legality of data processing.

2. Instructions for Exercising Rights: Data processing must be based on your explicit consent. You may withdraw consent at any time, and we will immediately stop processing and delete relevant data upon withdrawal.

5.4 Brazil (LGPD)

1. Core Rights: Right to access (you may request information about the personal data we hold about you, including processing purposes, data categories, and data recipients), right to correction (if your data is inaccurate, incomplete, or outdated, you may request corrections or updates), right to erasure (you may request deletion of your personal data from our systems where legally permitted, such as when the data is no longer necessary for the collected purposes or you withdraw consent), right to information (you may inquire about organizations we share your data with, sharing reasons, and sharing scope), right to revoke consent (you may withdraw consent for specific data processing activities at any time, without affecting the lawfulness of prior processing), right to object (you may object to processing based on legitimate interests, and we will cease processing unless we can demonstrate compelling legitimate grounds overriding your interests), right to data transfer (you may request transfer of your personal data to yourself or a third party of your choice in a structured, commonly used, and machine-readable format), and right to file a complaint.

2. Instructions for Exercising Rights: You may exercise your above rights through the designated channels; if you believe your data protection rights have been violated, you may file a complaint with the National Data Protection Authority (ANPD) of Brazil. The withdrawal of consent will not affect the legality of data processing activities conducted prior to withdrawal.

5.5 Methods for Exercising Rights

You may submit a request to exercise your rights via the contact email or the DPO's dedicated email. You need to provide identity verification information when submitting the request (no additional personal information will be collected). We will verify and respond within the timeframe required by applicable law: generally within 10 working days, with a maximum of 15 working days for complex requests; for rights under CCPA/CPRA, VCDPA, or LGPD that require longer processing periods as stipulated by relevant laws, we will comply with such legal requirements and notify you in advance if additional time is needed, along with an explanation.

6. Notes on Specific Function Permissions

The App only requests necessary permissions when corresponding functions are used, in compliance with Google Play runtime permissions requirements:

1. Camera Permission: Used for two scenarios: (1) taking avatars; (2) taking photos for specific services (e.g., taking pollen photos for Kai Pollinator's identification service, taking observation scene photos for Leo Observer's log service). It has no background running permission. You may enable or disable it at any time in device settings. Disabling it will not affect the ability to select images from the photo album for avatar customization or service-related photo uploads.

2. Photo Album Permission: Used for two scenarios: (1) selecting avatar images; (2) selecting photos for specific services (e.g., selecting existing pollen photos for Kai Pollinator's identification service). It does not involve accessing other content in the photo album. It can be disabled at any time. A clear prompt "Access only selected images" will be displayed when accessing the photo album.

3. Microphone Permission: Only used for voice interaction with AI characters and voice feedback submission, and is activated only when you actively trigger the function. It has no background recording function and can be disabled at any time. Text interaction and text feedback are available as alternatives when the permission is disabled.

We will not request permissions unrelated to the App's services (such as location, contacts, or SMS).

7. Special Provisions on Minor Protection

This App is an 18+ exclusive service and prohibits minors under the age of 18 from downloading, installing, or using it.

1. Age Verification Mechanism: The App will verify the user's age through Google Play's 18+ age verification mechanism during download, installation, and initial launch. Users who fail the verification will not be able to use the services.

2. Processing of Minor Data: If a minor under the age of 18 is found using the App, we will immediately:
        

￮ Suspend all service functions;

￮ Delete all data of the user (including avatar, feedback, conversation history, uploaded photos, and saved records);

￮ Record the relevant situation and report it to the Google Play regulatory team.

3. Guardian Complaint Channel: If a guardian discovers that a minor is using the App, they may submit a complaint via the DPO's email. We will complete data deletion and provide written confirmation within 3 working days.

4. We will not actively collect personal information of any minors under the age of 18.

8. Updates to the Privacy Policy

We may revise this Policy based on changes in laws and regulations, updates to Google Play policies, or adjustments to product functions. In the event of material changes (such as expansion of data collection scope or adjustment of sharing methods), we will provide you with a review period of no less than 30 days through the following methods:

1. Mandatory pop-up window prompts within the App;

2. Emails sent to the feedback email you provided;

3. Publication of revised content on the official website.

Your continued use of the App constitutes your agreement to the updated Policy. The latest version can be viewed at "Settings - Privacy Policy".

9. Contact Information and Dispute Resolution

1. Data Protection Officer (DPO): Elias Voss is responsible for handling data protection-related inquiries, complaints, and requests to exercise rights. Email: lpyikjzg@gmail.com.

2. General Inquiries and Complaints:        

￮ Contact Email: lpyikjzg@gmail.com

￮ Company Address: Room 502C, 5F, Ho King Commercial Centre, 2-16 Fa Yuen Street, Yau Tsim Mong District, Kowloon

3. Dispute Resolution

￮ EU Users: Contact the DPO first. If the dispute cannot be resolved through negotiation, you may file a complaint with the data protection authority of your country/region;

￮ US Users: You may file a complaint with the California Consumer Privacy Office (CCPA);

￮ Users in Other Regions: If the dispute cannot be resolved through negotiation, you may initiate legal proceedings with the court having jurisdiction over our company's location.

We will verify and respond within 10 working days after receiving your request.