Roborock App
Privacy Policy

Last Updated Date：March 31, 2025

Effective Date：March 31, 2025

This Roborock App Privacy Policy (hereinafter referred to as the “Privacy Policy”) stipulates how Beijing Roborock Technology Co. Ltd. and its affiliated companies (hereinafter referred to as “Roborock” or “we”) collect, use, disclose, share, transfer, store and protect your personal information and your rights as the personal information subject. We are well aware of the importance of personal information to you. We will take corresponding security protection measures in accordance with applicable laws and regulations, and do our utmost to ensure the security and controllability of your personal information.

This Privacy Policy applies only to our personal information processing during your use of this online application Roborock App (hereinafter referred to as the “App”) that could be paired with the Roborock smart device (hereinafter referred to as the “Device”), and does not apply to any other Roborock products, services, websites, functions, or content that may have their own privacy policies. For example, the processing of personal information when you use a Device is subject to the corresponding privacy policy of such Device; and the processing of personal information when you use the store function (if applicable) in the App is subject to the separate privacy policy displayed on the corresponding interface. Please note that our products and services may include third parties’ products, services and links to third-party websites. When you use such products or services or visit third-party websites, these third parties may also collect your personal information. This Privacy Policy does not apply to the personal information processing activities of any third-party products, services, or other third-party websites linked from the App, and we do not assume any responsibility for the personal information processing activities of third parties. We strongly recommend that you carefully read third parties’ privacy policies to make informed and prudent decisions.

Before using the App, please make sure to read and thoroughly understand this Privacy Policy. If you have any questions, opinions, or suggestions regarding the content of this Privacy Policy, please contact us through the methods described in Chapter VII of this Privacy Policy, and we will respond to you within the time limit stipulated by applicable law.

This Privacy Policy will help you understand the following contents:

I.How We Collect and Use Your Personal Information

II.How We Entrust Others to Process, Share, Transfer, and Publicly Disclose Your Personal Information

III.How We Store and Protect Your Personal Information

IV.Your Rights

V.Protection of Minors

VI.Updates To This Privacy Policy

VII.Contact Us

VIII.Additional Notice to South Korea Residents

I. How We Collect and Use Your Personal Information

i. Collection and Use of Your Personal Information for the Purpose of Providing Basic Functions

To provide you with relevant services of the App, we collect and use the personal information necessary to provide the basic functions of the App. If you use the App within the European Economic Area, we process your personal information for the purpose of fulfilling the contract on the basis of Art.6(1)(b) of the General Data Protection Regulation (hereinafter referred to as “GDPR”). If you use the service within Turkey, we process your personal information for the purpose of fulfilling the contract on the basis of Article 5(2)(c) of the Turkey PDPA. There is no legal or contractual obligation for you to provide the following personal information, however, we may not be able to offer you the basic functions of the App without such information.

1.Roborock Account Creation and Login

To assist you in successfully creating a Roborock account, you need to provide your mobile phone number or email address to us and set a password for your Roborock account. When you log into your Roborock account, we will collect your account credentials, including (1) your account username, password, mobile phone number and verification code to verify your identity; (2) and token to help you stay logged in. Besides, when you create or log in your Roborock account, we also collect the region you select and the country code to assist in identifying the data center to which your Device and mobile device are connected. If you choose to log in with a third-party account, including an Apple ID, Facebook account, or Google account, we will collect your third-party account information based on the scope of authorization you have granted. As your mobile phone number and email address are crucial to you logging in to the App, they will be stored on the mobile device on which the App runs. If you wish to delete that information, you can choose to delete your Roborock account via the method described in Chapter VII of this Privacy Policy. If you have deleted your Roborock account and want to further delete the local cache, you need to delete the App on your mobile device.

2.Maintenance of Roborock Account information

To help you manage and maintain your Roborock account, you can choose to set your profile picture and nickname, change your linked phone number, and opt to bind third-party OpenID including Apple, Facebook and Google. The profile picture you upload is only for display on your profile page.

3.Device Network Connection and Binding

Where the use of your Device requires a network connection, to enable your secure binding and control of the Device through the App, you need to connect your Roborock account, mobile device and the Device itself to your WiFi network for network configuration and binding your Device with the App. During this process, we collect your (1) Roborock Account Information; (2) Mobile Device Information: model, unique identifier (for ensuring that you safely use network and services), MAC address, operating system and version of your mobile device; (3) Device Information: model, serial number, and MAC address of the Device; (4) Time Zone Setting Information used for executing cloud-based scheduled tasks and implementing smart scenarios; (5) WiFi Network Information: current WiFi network name, WiFi mode (local or remote), IP address, received WiFi signal strength indicator (RSSI of the Device), and the WiFi password you provide; (6)Bluetooth information: name, MAC address and signal strength of Bluetooth. Your password information is only stored on the Device and will not be uploaded to our backend servers. Your password will only be stored on your Device and will not be uploaded to our server. You can clear your WiFi name and password at any time by resetting your Device or removing the App.

4.Device Information Display

To help you better understand the status of your Device, we display on the App your self-edited Device name, as well as your Device Status Information, and you can also manage the room name. For detailed information on how we collect such Device information, please refer to the privacy policy corresponding to each of your linked Devices.

5.Device Firmware Updates

We may collect Device firmware information, Device model, and the Device Binding information of all the Devices bound to your Roborock account via the App to provide you with Device firmware version upgrade function. If you choose to turn on automatic updates, we will also use the time zone information you set to complete the updates during the night without interruption.

6.App Operation Stability and Security Maintenance

During your use of the App, to maintain the stability and security of the App, we need to collect your App crash information and mobile device related information, including the system version, language settings, model of your mobile device, and model of the linked Device.

7.Issues and Feedback

The feedback you choose to provide is of great value to us as it will help us improve our services and allow us to assist you in solving any problems that you encounter during your use of the App and Device. In order to track the feedback you provide, we will collect the Roborock account username you choose to provide with us, feedback (both text and photos) you enter, the model and system version of your mobile device, App version and Device type. In addition, if you encounter any issues while using the App, you can also opt to upload your App log information so that we can help you solve issues in relation to daily usage.

ii. Collection and Use of Your Personal Information for the Purpose of Providing Additional Functions

To deliver more convenient and exceptional services for you and enrich your experience with the App, we may collect and use your personal information to provide the following additional functions. If you use the App within the European Economic Area, we process your personal information on the basis of your consent in accordance with Art. 6(1)(a) of the GDPR. If you use the service within Turkey, we process your personal information for the purpose of fulfilling the contract on the basis of Article 5(1) of the Turkey PDPA. There is no legal or contractual obligation for you to provide the following personal information. Without such information, the aforementioned basic functions of the App will remain accessible to you, but you may not be able to use those additional functions designed to offer an enhanced premium service experience.

1.User Care and Research Activities Along with Information Pushing

To enhance our products and services and further improve user experience, we may push information that interests you, inviting you to participate in activities such as free product trials, beta service experiences, or other user care and research initiatives. We will use your location, Device type, and activation time information for information pushing only after you have explicitly given your consent. You may disable this function anytime via “Device > Notifications > Allow Roborock Product and Service Updates”. If you choose to participate in such activities, we may collect your name, gender, mobile number, delivery address, Roborock account information, and any other information required for the specific activity through a questionnaire, depending on the nature of the event. If you successfully participate in the activity, this information will assist us in contacting you and providing you with testing products or gifts.

2.Widget Function and Auto-Start

When you use the App’s desktop widgets, the App will exhibit periodic auto-start behavior to ensure you receive timely updates and stay informed about your Device status. The auto-start is essential for the functionality of the widgets. If you do not use the App’s desktop widgets, the App will not auto-start.

3.Information Displaying and Pushing

We may send you Device notifications and system messages in the App, for which we will collect and use your Roborock account information, Device ID, mobile device system information, Device model and push token (operated by Google and Apple). You may request to stop the push of information at any time by contacting us through the method described in Chapter VII of this Privacy Policy.

4.User Experience Program

To better improve our products and services and provide you with a superior service experience, we invite you to participate in our “User Experience Program”. When you join our “User Experience Program”, details regarding the collection and use of your personal information can be found in the “User Experience Program”. You can view the details through “Profile > About Us > User Experience Program”.

5. Device sharing

In order to support you in sharing your device with other Roborock account users for joint control and use, when you choose to share a specific device with others, we may collect your account (phone number or email), the recipient’s account, and the shared device information. This will allow us to implement the device sharing feature and display the sharing status on the device list page. Please note that when sharing the information related to your device can be viewed and modified by the recipient. You can cancel the sharing through the App by navigating to “Profile> Device Sharing”.

iii. Requests for Mobile Device Permissions

In order to provide you with certain service functions, we need you to enable the relevant permissions of your mobile device. We will only use the relevant permissions when you trigger the relevant business functions and obtain your personal information (if applicable). For optional permissions, you can refuse or withdraw the authorization of such permissions at any time, for which you may not be able to use the corresponding service functions, but this will not affect your normal use of other functions of the App. Currently, the App may request the following permissions of mobile device:

Location (Optional): Accesses location information to connect to WiFi, find nearby devices ready for connection, and retrieve details about the current WiFi connection.
Camera (Optional): Enables the camera to scan QR codes for easier WiFi connection.
Photos (Optional): Allows access to photos for uploading profile pictures and attaching images when providing feedback. If your Device supports features like downloading obstacle images, taking screenshots, or recording during remote viewing, photos and videos can be stored.
Microphone (Optional): Used for sound transmission on devices that support remote viewing.
WLAN (Optional): Facilitates connection to WiFi networks emitted by Devices for communication and connectivity.
Bluetooth (Optional): Enables connection to Bluetooth signals from Devices for communication and Device connecting.
Notifications (Optional): Allows the App to send you device and system notifications.
Local Network (Optional): When connecting Devices on the iOS local network, grants access to the local network to connect to WiFi networks emitted by Devices..
Siri & Search (Optional): Used on iOS to interact with Siri voice commands based on previously set shortcuts in the mobile device to control the Device’s operation or movement.

II. How We Entrust Others to Process, Share, Transfer, and Publicly Disclose Your Personal Information

i. Entrusted Processing

We may entrust third-party service providers (including our mailing houses, delivery service providers, telecoms companies, data storage service providers, technology support providers, customer service providers and IOT service providers) to process your personal information in order to provide you with the corresponding products or services. In addition, These third-party service providers only process your personal information on our behalf for the purposes stated in this Privacy Policy. For the companies, organizations, and individuals we entrust with the processing of personal information, we enter into strict confidentiality agreements or other data protection related agreements with them, stipulating that they must process personal information strictly in accordance with our instructions. They are also required to adhere to the privacy protection requirements in your jurisdiction, and to implement further measures to safeguard the confidentiality and security of your personal information.

ii. Sharing

We do not sell any personal information to third parties. We do not share your personal information with other third parties (including companies, organizations, and individuals), except in the following circumstances:

Sharing With Explicit Consent: We will share your personal information with third parties after obtaining your explicit consent;
Sharing Under Legal Obligations: We may share your personal information with third parties as required by law, for the resolution of litigation disputes, or in compliance with mandatory requests from administrative or judicial authorities.
Sharing with Affiliates and Third-Party Partners: To provide you with better services, your information may be shared within Roborock’s affiliates (including those that help us manufacture or sell products or provide after-sales services), in compliance with the data protection laws of the jurisdiction you belong to. In addition, some functions in the App are provided by third-party partners through software development kits (SDK). In compliance with the data protection laws of your jurisdiction, we will share your personal information with third-party service providers to deliver the services you need, but we will only share the necessary personal information and only for the purposes stated in this privacy policy. If you use the App in South Korea, we will only share your personal information with affiliates and third-party partners with your authorized consent, and you have the right to refuse such sharing. However, refusing to share may result in an inability to fully enjoy certain App services.

iii. Transfer

We will not transfer your personal information to any company, organization, or individual, except under the following circumstances:

Transfer With Explicit Consent: We will only transfer your personal information to other parties after obtaining your explicit consent;
Transfer In the Event of Mergers, Divisions, Dissolutions, Acquisitions, or Bankruptcy: Should a transfer of personal information be involved in such circumstances, we will inform you of the name and contact details of the recipient. We will ensure that the new entity receiving your personal information continues to be bound by this Privacy Policy, or we will require that entity to seek your authorization and consent again.

iv. Public Disclosure

We will only publicly disclose your personal information under the following circumstances:

With your separate consent;
In cases where it is required by law, legal proceedings, litigation, or mandatory requests from government authorities, we may publicly disclose your personal information.

v. Exceptions to Obtaining Authorization and Consent for Sharing, Transferring, and Publicly Disclosing Personal Information

For the avoidance of doubt, to the extent permitted by the data protection laws in your jurisdiction, and solely to that extent, we may share, transfer, or publicly disclose your personal information without your consent.

III. How We Store and Protect Your Personal Information

i. The Storage Location of Your Personal Information and Its Cross-Border Transfer

Roborock uses global cloud services to process and back up your personal information. Currently, Roborock uses the data centers that are in China, Germany, Russia and the United States. Depending on the country or region you selected when registering your Roborock account, we will store your personal information in the nearest data center (specifically, for those countries that have domestic storage requirement, your personal information will be stored domestically). For example, if you use the App within the European Economic Area, your personal information will be processed and stored on the server in Germany; if you use the App in China, your personal information will be stored on the server in China; and if you use the App in Russia, your personal information will be stored on the server in Russia. For other users located outside of the aforementioned data center locations, we may store your personal information in data centers outside of your jurisdiction. In addition, we may also need to transfer your personal information to affiliated companies or third-party service providers outside of your jurisdiction. For this reason, we may transfer personal information to other jurisdictions that may have different laws and data protection compliance requirements to those that apply in the jurisdiction in which you are located.

We will only transfer your personal information outside of your jurisdiction with your explicit consent or by implementing appropriate security protection mechanisms in accordance with applicable data protection laws. However, no matter where your personal information is processed, this does not change any of our commitment to safeguard your personal information in accordance with this Privacy Policy.

ii. Retention Period of Your Personal Information

We retain your personal information within in the period necessary to achieve the purposes of personal information collection, or within that prescribed or permitted by applicable law. Once we determine that the continued retention of personal information is no longer in line with the purpose for which it was collected, we will promptly cease retention and take immediate steps to either delete or anonymize the personal information.

If personal information processing activities are based on the public interest, scientific, historical research, or statistical purposes, we may continue to retain the relevant data, even if further processing is unrelated to the original collection purposes, where permitted by applicable data protection laws.

iii. Our Protection Measures

We are committed to ensuring that your personal information is secure. To prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, electronic and organizational measures to safeguard and secure the information we collect through the App. We will use all reasonable efforts to safeguard your personal information.

Your data will be stored on a secure server and protected in a controlled facility. We classify your data based on importance and sensitivity and ensure that your personal information has the highest security level. We make sure that our employees and third-party service providers who access the information to help provide you with our products and services are subject to strict contractual confidentiality obligations; failure to fulfill these obligations may result in disciplinary action or termination of the partnership. We have special access controls for cloud-based data storage as well. All in all, we regularly review our information collection, storage and processing practices, including physical security measures, to guard against any unauthorized access and use.

We will take all practicable steps to safeguard your personal information. However, you shall be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.

In accordance with applicable legal requirements, including the personal information protection legislation in your jurisdiction, we will promptly notify the relevant regulatory authorities upon occurrence of any personal information leakage; under certain special circumstances, we will also notify the data subjects of the relevant leakage.

iv. Protection Measures You Can Take

To safeguard your personal information, please do not disclose your account information to anyone except for a person who is duly authorized by you. Roborock cannot be held accountable for lapses in security caused by third party accesses to your personal information as a result of your failure to keep your personal information private. Notwithstanding the preceding, you must notify us immediately if there is any unauthorized use of your account by any other internet user or any other security vulnerabilities. Your assistance will help us protect the privacy of your personal information.

IV. Your Rights

In accordance with the laws and regulations applicable to your jurisdiction, you or any other authorized party may have certain rights over the personal information we hold about you. Roborock ensures that you can exercise the following rights over your personal information and hereby provides relevant control settings.

Under the applicable data protection laws, we may first request you to verify your identity upon receiving your request. Once your identity has been successfully verified, we will respond to your request within the timeframes stipulated by the applicable data protection laws. Generally, we do not charge a fee for reasonable requests. However, for repetitive, excessive, or unreasonable requests, we may impose a reasonable fee based on the circumstances. Requests that are unfounded, require excessive technical means, pose risks to the legitimate rights of others, or are highly impractical may be refused in accordance with the applicable data protection laws. In cases where we cannot fulfill your request, we will provide an explanation for the refusal.

i. Delete Your Personal Information

According to the applicable data protection laws, you have the right to delete your personal information. You may delete the personal information yourself through the following methods.

You can delete your cached personal information from the App by selecting “Clear Cache” in the App.
If you wish to delete your personal information stored on our server, you can log in to the App, enter the “Profile” section, click the business card on the upper part to enter “Personal Data” interface, and click “Delete Account” on the interface.
You can also delete all of your personal information from the App by withdrawing authorization, as described in the “Withdraw Your Consent” section below.

In addition to the methods mentioned above, you can also request the deletion of your personal information by contacting us through the methods described in Chapter VII of this Privacy Policy. Please understand that, after you or we assist you in deleting relevant personal information, we may not be able to immediately remove it from backup systems due to applicable law and security technology constraints. However, we will securely store your information and isolate it from further processing until backups are cleared or anonymized.

ii. Access, Copy, Correct, and Supplement Your Personal Information

You have the right to request access to and/or correction of any personal information we hold about you. Upon your request, we can provide a free copy of the personal information records we have collected and processed about you. If you wish to request access to the personal information we hold or if you believe any information we hold about you is incorrect or incomplete, please contact us as soon as possible through the methods described in Chapter VII of this Privacy Policy.

iii. Restrict or Object the Processing of Your Personal Information

Subject to applicable law, you may have the right to restrict or object to our use of your personal information in certain scenarios. You can request to exercise this right by contacting us through the methods described in Chapter VII of this Privacy Policy.

iv. Withdraw Your Consent

When we process personal information based on your consent, you can submit a request through the methods described in Chapter VII of this Privacy Policy or withdraw your consent to our Privacy Policy at any time by tapping “Me > About Us > User Agreement & Privacy Policy” in the App and therefore withdraw consent for our collection, use, and/or disclosure of your personal information held or controlled by us in accordance with this Privacy Policy.

Please note that your withdrawal of consent may result in certain legal consequences. Depending on the scope of your withdrawal of consent, you may not be able to access certain services we provided via the App. However, your withdrawal will not affect the personal information processing activities conducted based on your previous authorization.

v. Request for Explanation

If you have any questions about our processing of your personal information, you can contact us through the methods described in Chapter VII of this Privacy Policy to request relevant explanations or clarifications.

vi. Transfer your Personal Information

Subject to applicable data protection laws, you have the right, to request the transfer of your personal information to another personal information controller in the manner prescribed by law. You can request to exercise this right by contacting us through the methods described in Chapter VII of this Privacy Policy.

vii. Other rights

Subject to the data protection laws in your jurisdiction, you may also have other rights. Specifically, if you use the App within the European Economic Area, you have the right to refuse personal information processing activities solely based on automated decision-making, and the right to lodge complaints with the relevant data protection authorities regarding our personal information processing activities. If you use the App in South Korea, you also have the right to request a suspension of personal information processing, receive appropriate compensation for damages caused by the processing of personal information, refuse the processing of personal information based entirely on automated decision-making, or request an explanation thereof.

viii. Notice to California Residents

If you are a California resident, the California Privacy Rights Act (“CPRA”) requires us to provide you with the following additional information:

Collection and Use of Your Personal information. We collect and use your personal information in the preceding 12 months as described in Chapter I above.
Disclosure of Personal Information. We disclose personal information with third parties for business purposes in the preceding 12 months as described in Chapter II above.
Your Rights. As a California resident, you may be able to exercise the following rights:
- the right to know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity: the specific pieces of personal information we have collected about you; the categories of personal information we have collected about you; the categories of sources of the personal information; the categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed; the categories of personal information we have sold and the categories of third parties to whom the information was sold; and the business or commercial purposes for collecting or selling personal information.
- the right to correct any inaccurate personal information we have about you.
- the right to request deletion of personal information we have collected from you, subject to certain exceptions.
- the right to opt-out of the sale and/or the sharing of your personal information and sensitive personal information to third parties now or in the future. You also have the right to be free of discrimination for exercising these rights. However, please note that the exercise of these rights may limit our ability to process personal information. For example, if you submit a deletion request, we may no longer be able to provide you with our products and services or engage with you in the same manner.
Limit the Use of Sensitive Personal Information. You also have the right to request limitation of use and disclosure of your sensitive personal information, subject to certain exceptions. If you would like to limit the use of your sensitive personal information, please contact us by using the contact details provided in Chapter VII of this Privacy Policy. The password of your Roborock account is sensitive personal information as defined by the CPRA. Currently, we use and disclose such data to third-party cloud service provider in order to provide you with Roborock account creation, login, and related services . We do not “sell” or “share” (as defined under the CPRA) your sensitive personal information.
Opt-out the Sale or Sharing of Your Personal Information. Based on the definition of “sell” and “share” under the CPRA, we do not believe that we engage in such activity and have not engaged in such activity in the past 12 months from the effective date of this Privacy Policy.
To submit your California Consumer Rights Requests. You may submit a request to exercise your California Consumer Rights by contacting us using the contact details provided in Chapter VII of this Privacy Policy. We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your Roborock account. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law. Subject to certain restrictions, you can have an agent exercise your rights for you. If you have an agent exercising your rights, we must be provided with your written authorization allowing that person to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
Appeal. You may appeal our refusal to take action on a request by contacting us using the contact details provided in Chapter VII of this Privacy Policy. If your appeal is denied and you are a California resident, you may contact the California Attorney General about the results of the appeal by submitting a complaint by here: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.

V. Protection of Minors

As required by applicable law and our User Agreement, we consider users under the age of 18 (and a higher age if required by the applicable law in your jurisdiction) as minors. We do not knowingly collect personal information from minors or send any marketing information to minors. If we become aware that we have collected personal information from a minor without first obtaining parental or legal guardian consent, we will endeavor to delete the relevant data as soon as possible. If a parent or guardian believes that a minor has submitted personal information to us without their prior consent, we strongly encourage you to promptly contact us through the methods described in Chapter VII of this Privacy Policy. We will delete the relevant personal information as soon as possible and ensure the minor is unsubscribed from any applicable Roborock services.

VI. Update To This Privacy Policy

We keep our Privacy Policy under regular review and may update this Privacy Policy to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you through the App, so that you are informed of the latest version of this Privacy Policy. Such changes to the Privacy Policy will be effective from the date specified in the notice or as stated on the websites. We recommend that you regularly review this page to stay informed about our privacy practices.

VII. Contact Us

If you have any comments or questions about this Privacy Policy, or if you have any concerns regarding Roborock’s handling of your personal information, please contact us using the information provided below and indicate that your inquiry or comment is related to the “Privacy Policy”:

Personal Information Handler (data controller as defined under the GDPR): Beijing Roborock Technology Co., Ltd.
Address: Room 1001, Floor 10, Building 3, Yard 17, Anju Road, Changping District, Beijing, P.R. China
Email: privacy@roborock.com or privacy@roborock-eu.com (for users from European Economic Area)
If you use the Device within the European Economic Area, you may also contact our Data Protection Officer (DPO) by sending an email to dpo@roborock.com
If you use the App in South Korea, we have designated a domestic agent as Bae, Kim & Lee LLC (representative: Soonik Kwon); Address: Tower B, Centropolis, 26 Ujeongguk-ro, Jongno-gu, Seoul 03161; Phone number: 02-3404-0103; Email address: privacyroborock@bkl.co.kr

If you are not satisfied with our response, especially when you believe that our personal information processing activities have infringed upon your legitimate rights and interests, you may also take legal action in the competent court according to applicable law or resolve your claims through external channels such as lodging a complaint with the competent authority.

VIII. Additional Notice to South Korea Residents

If you are a Korean resident, the following provisions take precedence over the Roborock App Privacy Policy.

i. Personal information items processed

We collect and use personal information to the minimum extent necessary to provide services in accordance with the Personal Information Protection Act of Korea.

1.Personal information items processed without your consent

Please find below the details of personal information processed without your consent.

Legal Basis	Category of Collection and Use	Purpose of Collection	Personal Information Collected	Use and Retention Period
Articles 15(1)(4)(Performance of a Contract) and 15(1)(6)(Legitimate Interests) of the Personal Information Protection Act	Collection and Use of Personal Information for Providing Basic Functions	Creation of a Roborock account and login	- Your account username, password, mobile phone number, email address and verification code for identity verification - Your account authentication information, including a token to maintain your login status - (When creating or logging in to a Roborock account) Your selected region and country code - (When logging in with a third-party account, including an Apple ID, Facebook account, or Google account) Your third-party account information, depending on the extent of the permissions you have granted	Until the purpose is achieved or your membership withdrawal
		Maintaining Roborock account information	- Profile photo, nickname, mobile phone number, OpenId of third-party account (if applicable)	Until the purpose is achieved or your membership withdrawal
		Device network connection and binding	- Roborock account information, mobile device information (mobile device model, unique identifier (to ensure safe use of networks and services), MAC address, operating system and its version) - Device information (Device model, serial number, and MAC address), time zone setting information used to execute scheduled tasks - WiFi network information (current WiFi network name, WiFi mode (local or remote), IP address, WiFi signal strength (RSSI) of the Device, and WiFi password provided by you) - Bluetooth information (bluetooth name, MAC address and signal strength)	Until the purpose is achieved or your membership withdrawal
		Device information display	- Device name, room name and device status information as you provided	Until the purpose is achieved or your membership withdrawal
		Device firmware update	- Device firmware information for all Devices connected to your Roborock account, Device model, and Device binding information	Until the purpose is achieved or your membership withdrawal
		App operation stability and security maintenance	- App crash information, information related to the mobile device (including system version, language settings, model of the mobile device, model of the connected Device)	Until the purpose is achieved or your membership withdrawal
		Issues and feedback	- Roborock account username, feedback entered (both text and photos), mobile device model, system version, App version and device type - App log information (only if you choose to upload app log information when you experience any problems while using the app)	Until the purpose is achieved or your membership withdrawal
	Collection and use of personal information to provide additional features and services (applicable if you choose to use such additional features)	Widget function and automatic start	- Latest information on the status of the device	Until the purpose is achieved or your withdrawal of consent
		Pushing notifications for device status	- Roborock account information(phone number or email address), Device ID, mobile device system information, Device model and push token (operated by Google and Apple)	Until the purpose is achieved or your withdrawal of consent
		Device sharing	- Your account (phone number or email), the recipient's account (phone number or email), and the shared device information.	Until the purpose is achieved or your withdrawal of consent
		Smart speaker	- User uid, device name and ID, room name and ID	Until the purpose is achieved or your withdrawal of consent

2.Personal information items processed with your consent

We process the following personal information items with your consent, in accordance with Articles 15(1)(1) and 22(1)(7) of the Personal Information Protection Act. You have the right to refuse consent for the collection and use of your personal information; however, if refused, you may not be able to access to certain services.

Category of Collection and Use	Purpose of Collection	Personal Information Collected	Use and Retention Period
Collection and use of personal information to provide additional features and services	(optional) Product and service promotion notification push	- Region, device type, activation time, push token (operated by Google and Apple)	Until the purpose is achieved or your withdrawal of consent
	(optional) User experience program (Anonymous data statistics and fault analysis to improve the user experience)	- Personal information specified in the user experience program including phone model, system version, and other click data
	(optional) User care and survey	- Name, email, phone number, and other information needed for the survey

ii.Provision and Entrustment of Collected Personal Information

Please also refer to here for device data sharing.

1.Provision to domestic third parties

We process personal information only within the scope specified in i. Personal information items processed and provide personal information to third parties only when permitted under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or when specifically required by law.

For the seamless provision of services, we provide personal information to third parties within the minimum necessary scope, with the consent of the data subject, in accordance with Article 17(1)(1) of the Personal Information Protection Act.

Recipient	Purpose of Use by Recipient	Items Provided	Retention and Use Period
Naver Corp.	Smart speaker voice control	User uid, device name and ID, room name and ID	Until the purpose is achieved or your withdrawal of consent

In accordance with Article 17(4) of the Personal Information Protection Act, we may provide additional personal information without the data subject's consent, taking into account the matters specified in Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.

In providing additional personal information without the data subject’s consent, we have taken the following factors into account:

o The personal information provided is closely related to the original purpose of collection, which includes providing IoT features (such as operation through smart speaker voice controls) in our product and supporting device performance.

o Data subjects can reasonably expect the provision of personal information as part of the service contract process due to the nature of the service.

o The information is provided at the data subject’s request to deliver our services and does not unduly infringe upon the data subject’s interests.

o We have implemented necessary security measures to minimize the exposure of personal information.

We may provide users' personal information to third parties in accordance with lawful procedures specified by other laws that include special provisions. In particular, we may provide personal information to relevant authorities without the user's consent in situations such as protecting our interests or those of third parties, dealing with a legal case, or selling or merging Roborock.

2.Provision and entrustment to overseas third parties

1)We provide and entrust your personal information to an overseas third party as follows in accordance with Article 28-8 of the Personal Information Protection Act.

2)You may refuse the transfer of your personal information to an overseas third party by notifying us of your refusal through the contact information of the personal information protection officer under chapter ix, except in cases where the transfer is necessary for the conclusion and performance of a contract. However, in such cases, your use of some services may be restricted.

Overseas entrustment of personal information

Relevant Basis under the Personal Information Protection Act	Personal Information Transferred	Destination Country	Timing and methods of the transfer	Recipient	Purpose of Use	Use and Retention Period
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	All personal information involved in this Privacy Policy necessary for daily operation and fault analysis (Account information, function information, configuration information, activity information, feedback information, device information)	China Mainland	Real Time, HTTPS	Beijing Roborock Innovation Technology Co., Ltd. (Innovation-privacy@roborock.com)	Daily operations and fault analysis	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	All personal information involved in this Privacy Policy (Account information, function information, configuration information, activity information, feedback information, device information)	United States (Privacy Policy)	Real Time, HTTPS	Amazon Web Services, Inc. (aws-korea-privacy@amazon.com)	To provide communication service (including cloud storage services, Register/log-in/forget-password via SMS or emails)	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	Device ID, device name, room name and type, IP address, time zone, country and device information	United States	Real-time, SDK	Tuya Global Inc. (privacy@tuya.com)	Provide IoT services (We have started migrating to Roborock IOT server in April 2021 and you can stop using Tuya at any time through firmware updates)	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	Phone Number	United Kingdom (Privacy Policy)	Real-time,cloud connection	Infobip Ltd. (data-protection-officer@infobip.com)	Register/log-in/forget-password via SMS (Alternative)	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	Offline maps and device logs (including device information, user information, network information, home environment information, map information, machine behavior)	United States, Singapore	Real Time, HTTPS	Xiaomi Inc. (support.global@support.mi.com)	To provide communication service (including cloud storage services)	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	Feedback image, SN, RUID, SSID, MAC address, IP address and device logs	United States, Singapore (Privacy Policy)	Real Time, HTTPS	Alibaba Cloud (Singapore) Private Limited (DPO_Intl@alibabacloud.com)	Feedback image storage	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	Device information, user information, network information, environment information and device logs	United States, China Mainland (Privacy Policy)	Real Time, HTTPS	Tencent Cloud Computing (Beijing) Co., Ltd. (cloudlegalnotices@tencent.com)	To provide communication service (including cloud storage services)	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	(When sharing the device)Device name, home name, user nickname (in other cases do not identify individuals, only uses Google's own token)	United States (Sub-processor)	Real Time, SDK	Google LLC (googlekrsupport @google.com)	To provide push notification service	Until the purpose is achieved or your membership withdrawal
Article 28-8(1)(3) (Entrustment/Storage for contract performance)	(When sharing the device)Device name, home name, user nickname (in other cases, do not identify individuals, only uses Apple’s own token)	United States(Privacy Policy)	Real Time, SDK	Apple Inc. (1-800-275-2273)	To provide push notification service	Until the purpose is achieved or your membership withdrawal

Provision of personal information to overseas third parties

Relevant Basis under the Personal Information Protection Act	Personal Information Transferred	Destination Country	Timing and methods of the transfer	Recipient	Purpose of Use	Use and Retention Period
Article 28-8(1)(1) (Consent of the Data Subject)	User uid, device name and ID, room name and ID	United States	Real Time, HTTPS	Amazon.com Services LLC (Alexa) (contracts-legal@amazon.com )	Smart speaker voice control	Until the purpose is achieved or your withdrawal of consent
Article 28-8(1)(1) (Consent of the Data Subject)	User uid, device name and ID, room name and ID	United States	Real Time, HTTPS	Google LLC (Home, Assistant) （googlekrsupport @google.com)	Smart speaker voice control	Until the purpose is achieved or your withdrawal of consent

iii.Retention and use period and destruction of personal information

1.We retain your personal information for the period during which we provide services to you in accordance with the contract between us, but when the purpose of collecting and using personal information is achieved or when you request its destruction (whichever comes first), we destroy it in a way that cannot be restored without delay. However, we may need to retain your personal information in accordance with the relevant laws and/or in accordance with the obligations under the relevant laws (e.g. product supply, order cancellation or payment records for 5 years, consumer complaint records for 3 years and labeling/advertising records for 6 months as per E-Commerce Act, and log records for 3 months and other communication confirmation data for 12 months as per Protection of Communications Secrets Act).

2.We destroy your personal information following the procedures and methods outlined below.

a. Destruction Procedure

We identify the information to be destroyed and destroy personal information when the reason for its destruction arises, under the supervision of our personal information protection officer.

b. Destruction Methods

We ensure that personal information stored in electronic files is destroyed in a manner that prevents any possibility of restoration. For personal information recorded in paper documents, we utilize shredding or incineration to ensure complete destruction.

iv.Direct overseas collection of personal information

We collect and process your personal information directly in China to provide services to you.

v.Your rights and how to exercise them

You may exercise your rights (hereinafter referred to as the “Exercise of Rights”) at any time against us, such as the right to access, correct, delete, suspend the processing of, and withdraw your personal information.
The Exercise of Rights can be made to us through the contact information of the personal information protection officer under chapter ix and we will take action without delay.
The Exercise of Rights by you can be made through your representative, such as the user's legal representative or a delegated person. In this case, a power of attorney must be submitted in accordance with the form in Attachment No. 11 of the ‘Notice on How to Process Personal Information’ of the Personal Information Protection Act of Korea.
Your right to request the suspension of the processing and access to personal information may be restricted in accordance with Articles 35(4) and 37(2) of the Personal Information Protection Act.
If the personal information is specified as the subject of collection in other laws, your request to delete the personal information may not be fulfilled.
For requests or complaints regarding our use of personal information, please contact the personal information protection officer under chapter ix.

vi. Safety measures to protect your personal information

We implement measures to protect your personal information in accordance with Article 29 of the Personal Information Protection Act and Articles 30 and 30-2 of its Enforcement Decree. These measures are designed to prevent your personal information from being lost, stolen, leaked, altered, or damaged. The specific measures we take include:

Administrative protection measures

Establishing and operating an organization dedicated to information protection, developing and implementing an information protection management system, minimizing the number of personnel who handle personal information, and providing regular training for employees on personal information protection

Technical protection measures

Implementing access controls and restrictions on access rights, monitoring systems to prevent leaks or damage to personal information, encrypting important personal information and securing communication channels, utilizing security programs, such as antivirus software, conducting regular backups and managing access logs

Physical protection measures

Installing and operating systems in areas with restricted access to the outside

vii.Installation and operation of automatic personal information collection devices and rejection procedures

We want to inform you about our use of cookies when you visit our website. Cookies are small text files stored on your device that allow your browser or device to be recognized when you return to the site, providing you with a customized online experience. Cookies enable us and third parties to monitor your online activity and display advertisements tailored to your interests.

Here’s how to disable automatic data collection in apps:

For Android OS: Go to Home > Settings > Google Settings > Ads > Opt out of personalisation
For iOS: Go to Home > Settings > Privacy & Security > Tracking > Disable App Tracking

viii.Processing of personal information for children under age 14

Our services are not intended for users under the age of 14. If you become aware that a child under 14 has registered for our services, please notify us. If we discover that we have collected personal information from a child without the consent of a legal guardian, as required by law, we will delete that information in accordance with applicable laws and regulations.

ix. Personal information protection officer and department responsible for personal information

We are committed to properly handling personal information and have appointed the following personal information protection officer to address complaints and provide remedies related to personal information management.

Department responsible for personal information protection

- Department name: Personal Information Protection Implementation Team

- Person in charge: Jia Sun

- Contact information: privacy@roborock.com

x. Remedies for infringement of your rights and interests

You can seek dispute resolution or consultation from the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency, and other organizations to receive assistance for personal information infringements. For additional reports or consultations regarding personal information issues, please contact the following organizations.

Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

xi.Disclosure and changes to the Privacy Policy

If we make any additions, deletions, or modifications to the Privacy Policy due to changes in laws, policies, or security technologies, we will inform you of the reasons and details of these changes. You will be notified at least seven days prior to the changes taking effect, and this information will be available on our website.