QUDEOX Platform Privacy Policy

Update Date: July 25, 2025

Effective Date: July 25, 2025

Preamble

QUDEOX is committed to protecting and safeguarding your privacy. This Privacy Policy explains how we collect, store, and use your personal information through the app and applies to all services. By using our services, you indicate your agreement to the terms of this Privacy Policy and agree to the use of the information you provide to us in accordance with this Privacy Policy.

This APP is provided by QUDEOX (ZHEJIANG) ESS CO., LTD. (here in after referred to as "we, QUDEOX, data controller, data processor"). The data controller is responsible for the collection and use of users' personal data involved in this APP.

Wuxi IGEN Tech Co., Ltd. is a data processing service provider entrusted by the data controller. It processes user data only according to the written instructions of the data controller, this policy and the data processing agreement (DPA) signed by both parties, and undertakes to: comply with the Personal Information Protection Law of China, EU GDPR and other applicable laws; take technical and management measures to ensure data security, including encryption, access control and regular security assessment; without the user's express consent or legal requirements, shall not use the data for any additional purposes; destroy or anonymize all relevant data within 30 days after the termination of the contract.

QUDEOX Platform is a new energy asset full-life cycle service platform provided by QUDEOX (Zhejiang) Energy Storage Co., Ltd.

Registered address: No. 198-208, Chezhan Road, Liushi Town, Yueqing City, Wenzhou City, Zhejiang Province

Tax ID: 91330382MACQD6K4XH

Email: service@qudeox.com

To explain how QUDEOX collects, uses and stores your personal information and what rights you have, we will explain relevant matters to you through this Privacy Policy, the main contents of which are as follows:

  1. We will strictly comply with relevant laws and regulations in data collection and processing activities. We will explain the types of your personal information we collect and their corresponding uses in the following three parts: the personal information we collect and process as a controller and the legal basis; the personal information we process as a processor entrusted by you; and the general part.

  2. When you use certain functions, we may request corresponding permissions. For the system permissions you have authorized to us, you can also query the types and purposes of the system permissions we have invoked or used in "My-Settings-System Permission Management", and you can also manage them uniformly. It should be specially noted that our obtaining specific sensitive permissions does not mean that we will necessarily collect your relevant information; even if we have obtained sensitive permissions, we will only use them within the necessary scope, that is, when you use relevant services or functions, we will collect your relevant information according to this privacy agreement. For example, if you use the scan code to identify the data collector, we will obtain your camera permission; when you use the function of creating a station, we will collect your mobile phone location information. Unless it is not allowed to collect this information according to relevant laws and regulations, refusing to provide this information will only prevent you from using relevant specific functions, but will not affect your normal use of other functions of QUDEOX. Specific permission requests can refer to Article 1 of the second part.

  3. We will not actively obtain your personal information from third parties. If we need to obtain your personal information from third parties for business purposes, we will verify the legality of the information source in accordance with the law and clearly inform you of the source, type and scope of use of the personal information before obtaining it. If the personal information processing activities required for QUDEOX's business exceed the scope of authorization and consent you initially provided to the third party, we will obtain your explicit consent before processing your personal information; in addition, we will strictly abide by relevant laws and regulations and require the third party to ensure the legality of the information provided.

  4. You have the right to access, modify, copy and delete your personal information. You can also withdraw your consent, delete your account, complain and report as well as other privacy functions.

  5. We do not intentionally collect personal information from children under the age of 16, because our products and services are not for individuals under the age of 16, and you must be at least 16 years old or older to create an account on the app. If we find that a child under the age of 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under the age of 16 has provided us with personal information, please contact us proactively and we will take necessary measures to delete the information we hold about the child.

  6. Definitions and Terms
    7. In this Privacy Policy, unless otherwise specified, the following terms have the following meanings:
    Personal information: refers to information recorded by electronic or other means that can identify the identity of a natural person alone or in combination with other information or reflect the activities of a specific natural person, including but not limited to name, phone number, IP address, location information, etc.
    Sensitive personal information: refers to personal information that may lead to damage to personal reputation, personal and property safety if leaked or illegally used, including ID card numbers, bank account numbers, travel tracks, etc.
    Processing: refers to the collection, storage, use, transmission, provision, disclosure, deletion and other operations of personal information.
    Personal information controller: refers to an organization or individual that determines the purpose and method of personal information processing in personal information processing activities.
    Entrusted processor: refers to an organization or individual that processes personal information according to the entrustment of the controller.
    Third party: refers to an external organization that is not the subject of this App or its directly controlled or controlled subject.
    Station: A station refers to a comprehensive power production unit that realizes the functions of solar power generation, electric energy conversion and transmission by integrating solar photovoltaic modules and related supporting facilities.
    Cookies and similar technologies: In mobile applications, although the traditional "Cookie" is mainly used for web browsers, we may use technologies with similar functions (such as Local Storage) to collect and store some of your information. We collectively refer to these technologies as "Cookies" or "similar technologies".

Part I: We collect and process your personal information and legal basis as a data controller

1. Information we collect and use

We will collect and use the information you actively provide or the information generated due to the use of services through the following ways:

1.1 When you register for QUDEOX, we will collect and use your email address and user name. The purpose of collecting this information is to help you complete the registration function of QUDEOX and protect the security of your account. If you do not provide such information, you may not be able to use our services normally.

Legal basis: According to Article 6(1)(b) of the GDPR, it is necessary for the performance of the service between you and us. Our processing of your email address and user name is necessary for completing account registration and identity verification.

1.2 In order to optimize our services, we will collect service logs (your searches and browsing in QUDEOX, service failures, referral links, etc.), installation lists, the frequency of your use of the app, crash data, overall usage, performance data and app sources.

1.3 When you contact our customer service, we may need you to provide necessary personal information for identity verification to ensure the security of your account. In order to provide services according to your requirements, within the scope of your authorization, the human customer service personnel need to query or verify your relevant information. We will take technical and management measures to ensure the security and confidentiality of your information as much as possible and use this information within the necessary scope. We may also keep your contact information (such as the phone number, Email or other contact information you use or provide), communication records and content with us and other necessary information in order to provide and record customer service for you.

Legal basis: According to Article 6(1)(f) of the GDPR: For our legitimate interests in ensuring service security, maintaining system functions, optimizing product experience and providing customer service, we collect and process such data.

1.4 If we use your personal information beyond the purpose you authorized, we will notify you again and obtain your explicit consent before using your personal information. Please understand that the functions and services we provide for you are constantly updated and developed. If a function or service does not inform you of the processing rules for collecting and using your information in the above description, we will use page prompts, interactive programs, website announcements and other methods to separately notify you of the scope, purpose and method of information collection to obtain your consent.

1.5 In accordance with Article 6(1) of the GDPR, we may collect and use your personal information without your consent, for example:

  1. It is necessary for the performance of a contract to which the data subject is a party, or to take measures at the request of the data subject prior to entering into a contract;
  2. It is necessary for the controller to fulfill its legal obligations under EU or Member State law;
  3. It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  4. It is necessary to protect the vital interests of the data subject or another person (such as emergency medical care);
  5. It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject.

2. Information Sharing

To ensure the realization of certain independent functions and enable you to use and enjoy more services and functions, we will embed third-party SDKs in the app and carefully evaluate the purposes of using these SDKs. For more information on the purposes, methods and scope of personal information processing by SDKs, please refer to the "Third-Party Sharing List".

As our business continues to develop, QUDEOX may undergo mergers, divisions and other transactions. If this involves the transfer of personal information, we will inform you of the relevant situation and continue to protect or require the new processor to continue to protect your personal information.

3. Your Rights

During your use of QUDEOX, to make it more convenient for you to consult, copy, correct, and delete your personal information, and to protect your rights to withdraw consent to the processing of personal information and cancel your account, we have provided corresponding operation settings in the product design. In addition, we have set up channels for complaints, reports and requests for explanations, and your opinions and requests will be handled in a timely manner. If you have any questions about the ways and methods of exercising relevant rights, you can contact us through the public contact information at the bottom of the agreement.

3.1 Right of Access

You have the right to request access to your personal data held by us at any time and to know how we collect, use and process your information. We will respond to your request within the time limit prescribed by law and provide you with relevant information free of charge.

3.2 Right to Data Portability

You have the right to obtain a copy of your personal data held by us and to receive such data in a structured, commonly used and machine-readable format. You may also request us to transmit such data directly to another data controller (to the extent technically feasible).

3.3 Right to Erasure

You have the right to request us to erase your personal data. We will process your request as soon as possible within the scope prescribed by law. However, if it is impossible to erase due to legal obligations or other legitimate reasons, we will inform you of the specific reasons.

3.4 Right to Rectification

You have the right to request us to rectify any inaccurate or incomplete personal data to ensure that your information is accurate. If you find that our data is incorrect, please feel free to contact us to submit a correction request. We will process your request and update your information in a timely manner within the time limit prescribed by law.

3.5 Right to Withdraw Consent

You have the right to withdraw your consent at any time, and the withdrawal of consent shall not affect the legality of processing based on consent before the withdrawal. Some information collection and processing behaviors (such as device access to the cloud, precise location acquisition, etc.) depend on your authorization. If you withdraw your consent, we will no longer conduct corresponding data processing, and some functions may be restricted or unavailable as a result.

3.6 Right to Lodge a Complaint

If you are dissatisfied with any of our actions, you may choose to complain to QUDEOX, and you also have the right to lodge a complaint with the relevant data protection supervisory authority. If you believe that we have violated the applicable data protection laws of your country in processing your personal data, you have the right to lodge a complaint with the data protection supervisory authority of the EU Member State where you are located or the data protection supervisory authority of our main place of business.

3.7 Right to Restrict Processing

Under the requirements of applicable law, in specific circumstances, you have the right to request us to restrict the way we process your personal information. For example, if you challenge the accuracy of personal information and we need a period of time to verify the accuracy of personal information, you can request us to restrict the processing of this data during that period.

3.8 Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which we carry out on the basis of legitimate interests. Once you exercise the right to object, we will stop processing your personal information unless we can demonstrate that the processing has an overriding legitimate ground, or that the processing is for the establishment, exercise or defense of legal claims. If we process your personal information for direct marketing purposes, you have the right to object at any time, and upon such objection, we will immediately stop the processing of data for such purposes.

Part II: Our Processing of Personal Information Entrusted to Us as a Processor

1. All data entrusted to QUDEOX by you is referred to as service data, which specifically includes the following parts:

1.1 You connect the devices you add to the cloud, and at the same time upload your controlled email address, phone number, business data, which includes your device model, operating system, device MAC address, unique device identifiers (such as IMEI/MEID/IMSI/Android ID/IDFA/IDFV/OAID/UAID, SIM card IMSI, ICCID information and other device identifiers), WIFI status (such as SSID, BSSID), the string assigned to your device by the manufacturer, login IP address, QUDEOX version number, network connection method, type and status, network status, device accelerators (such as gravity sensors) to the cloud, for providing you with the basic services of the app.

1.2 We will collect data uploaded by the data collector and its sub-devices (such as inverters, electric meters, charging piles, batteries, etc.) every 5 minutes according to the serial number of the data collector installed under the station and the serial numbers of its sub-devices controlled by you, and telemetry data, including device serial numbers, device status and alarm codes, to provide you with monitoring functions.

1.3 We will provide you with station management functions based on the information such as station name, area, capacity, address, GPS location provided by you when creating the station, and you can modify this information at any time. During the process of configuring the network for the device, the device itself will store the account and password used to manage the device, which are used for credential verification when you manage the device. The account and password are only stored in the device, and the password is stored in an irreversible encryption manner.

1.4 When you make a call in the app, we will request the phone permission. The purpose of applying for this permission is only to help you open the phone dialer and display the phone number, so that you can make calls in the app. Please rest assured that we will not obtain your phone number, call content or make calls without your consent. If you refuse authorization, you will not be able to use this function, but it will not affect your normal use of other functions of QUDEOX.

1.5 When you navigate in the app, we will request location permission and collect the navigation apps installed on your mobile device. The purpose of applying for this permission is only to help you open the navigation app and transmit the location of the station to the navigation app, so that you can navigate to the location of the station in the app. If you refuse authorization, you will not be able to use this function, but it will not affect your normal use of other functions of QUDEOX.

1.6 If you use the scan code to identify the data collector, we will request your camera permission. If you refuse authorization, you may not be able to use this function, but it will not affect your normal use of other functions of QUDEOX.

2. Information Sharing

To ensure the realization of certain independent functions and enable you to use and enjoy more services and functions, we will embed third-party SDKs in the app and carefully evaluate the purposes of using these SDKs. For more information on the purposes, methods and scope of personal information processing by SDKs, please refer to the "Third-Party Sharing List".

In addition, we will strictly follow your instructions for sharing. As our business continues to develop, QUDEOX may undergo mergers, divisions and other transactions. If this involves the transfer of personal information, we will inform you of the relevant situation and continue to protect or require the new processor to continue to protect your personal information.

3. Your Rights

You own and control your service data, and you enjoy the following rights:

3.1 Right to Give Instructions

You have the right to instruct us in writing to process data, including the purpose, scope and method of processing. We must execute it within a reasonable period of time.

3.2 Right to Audit and Supervision

You or a third party designated by you may audit the data compliance of the processor, and we shall provide necessary assistance. You may require us to cooperate in taking necessary measures to ensure data security.

3.3 Right to Data Return and Deletion

After the termination of the contract, we must delete or return all personal data according to your choice, unless the law requires retention.

3.4 Control Right over Sub-processors

Before the processor uses a sub-processor (such as a cloud service provider), it must obtain your prior written authorization (general or specific consent), and the sub-processor will assume the same obligations as us.

4. Requests from Data Subjects

If you believe that we store, use or process your information on behalf of our customers, and you want to access, correct, erase, restrict or export your personal data, please contact the customer. We will provide support to the customer to respond to your request within a reasonable time frame.

Part III: General Part

1. Storage of Information

1.1 Location of Information Storage

In order to better comply with data protection laws and protect personal data, we have established a data center in Europe for data storage. If your personal data in the EU, the European Economic Area or Switzerland is transmitted to a country or region not confirmed by the European Commission to have an adequate level of data protection, we will ensure that the data transmission is adequately protected through standard contractual clauses approved by the European Commission, and (if necessary) take other appropriate technical measures.

1.2 Duration of Information Storage

Generally speaking, we will retain your personal information for a necessary period of time to achieve a specific purpose, for example:

Phone number or email address: During your use of QUDEOX services, we will retain your phone number or email address (including the number or email address used to register a QUDEOX account and associated with the account) to ensure that you can use the services normally. Such information will be deleted when your QUDEOX account is deleted.

Station information: When you create a station, we need to save your station information to ensure that you can use the monitoring function normally. When you delete your station information, we will delete the corresponding information at the same time.

If we stop providing our products or services, we will notify you by sending notifications, issuing announcements or other means, and delete or anonymize your personal information within a reasonable time ("Anonymization" refers to the irreversible erasure or deletion of personal information to ensure that the identity of the information owner cannot be identified. Any anonymized information will not be regarded as personal information).

For your instruction to delete information, we will respond and execute it within 30 days, with a maximum of 60 days.

2. Instructions for the Use of Cookies and Similar Technologies

We only use functional Cookies, and they are set based on the necessity of contract performance. The purpose is for login authentication and session maintenance. You do not need to authorize the use of the above Cookies separately, but we promise not to use them for any unnecessary purposes (such as advertising or behavioral analysis) and not to share them with third parties.

3. Information Security

We are committed to protecting users' information from theft, improper use, unauthorized access or leakage. We will use various security protection measures within a reasonable security level to ensure the security of information. For example, we will use encryption technology (such as SSL/TLS), de-identification, anonymization and other means to protect your personal information. We will continuously improve technical means to enhance the security of software installed on devices and prevent the leakage of personal information. For example, we will encrypt some information on your device to ensure the security of data transmission; collect apps installed on the device or running processes, or data stored in the device memory to prevent attacks from viruses, Trojans or other malicious programs or websites; analyze and use data such as unique device identifiers, login IP addresses, operation logs and location information, take measures or issue alerts to prevent illegal acts including network fraud, account theft and impersonation, and conduct security checks. We have formulated relevant management policies, processes and teams to ensure information security. For example, we strictly restrict the personnel who can access information, require them to comply with confidentiality obligations, and conduct personnel audits. If there is an information leakage or any other incident related to information security, we will respond to the incident immediately to avoid the deterioration of the incident and further affect more users, and notify you of the incident by sending notifications or issuing announcements. We will take all possible technical and organizational measures to protect your information, but we cannot guarantee that our measures will eliminate all security risks.

4. Revision

This policy may be updated, revised, modified or changed regularly as needed. If any clause in this policy is updated, changed or revised, we will display the revised policy to you through push notifications, pop-ups or other means when you log in to QUDEOX or update the application version.

5. Contact Us

We have set up a special personal information protection team. If you have any questions, complaints or suggestions about this Privacy Policy or personal information protection, you can contact us through any of the following methods:

Send your questions to: service@qudeox.com

We will review the questions as soon as possible and respond within 30 days after receiving your request or complaint feedback. The subsequent processing period usually does not exceed 90 days. If we encounter special circumstances, we will inform you of the processing time and the reasons for the delay within 30 days after receiving your request.