14-Day Price Match Learn More
Free Worldwide Shipping
Painless Ice-Cool Hair Removal
Log in

Cart

Your cart is currently empty.

Continue shopping
Total
$0.00 USD

Do not sell or share my personal inform ation

Do Not Sell or Share My Personal Information:


I. Legal Status and Responsible Entity
DREAME TECHNOLOGY (HK) LIMITED—acting as the entity responsible for the R&D, manufacturing, and omni-channel sales of Class II medical devices (such as IPL [Intense Pulsed Light] hair removal devices, RF [Radio Frequency] skin tightening devices, etc.) (Medical Device Production License No.: Yue Xie Zhu Zhun 20224585525)—hereby solemnly declares: This Company shall never sell, rent, exchange, or otherwise provide your personal information to any third party in exchange for monetary or other valuable consideration; nor shall we share your personal data, in any form, with unrelated third parties for the purposes of marketing, profiling, targeted advertising, or commercial analysis. This commitment constitutes a core obligation within the data processing agreement between the Company and its users; it possesses independent legal force and shall not be waived under circumstances such as business partnerships, system migrations, mergers, acquisitions, or corporate restructuring.


II. Statutory Definition of "Personal Information" and the Principle of Data Minimization
As used in this Statement, "Personal Information" specifically refers to data that is directly linked to you and enables your identification. This includes, but is not limited to:
• Basic Identity Information (Name, ID Number, Contact Details, Shipping Address);
• Device Interaction Data (Usage frequency of IPL/RF devices, selected energy levels, self-assessment results regarding skin type, and heart rate/temperature sensor readings captured via the companion App);
• Health-Related Information (Sensitive data—provided and explicitly authorized by the user—such as skin type classification, allergy history, records of prior medical treatments, pregnancy status, etc.);
• Payment and Order Information (Last four digits of bank card numbers, electronic invoice headers, and images/records of delivery receipts).
The Company strictly adheres to Article 6 of the PIPL (Personal Information Protection Law), specifically the "Principle of Minimality": We collect data only to the extent strictly necessary to facilitate the delivery of IPL/RF devices, provide after-sales support, ensure regulatory compliance, and deliver personalized services explicitly authorized by the user (e.g., the of customized skincare regimens). Furthermore, all such data is stored using AES-256 encryption within a dedicated cloud cluster located within mainland China (specifically, Alibaba Cloud's South China 1 Region, which holds Level 3 certification under China's Multi-Level Protection Scheme [MLPS]). Access to all databases requires two-factor authentication (2FA) and is subject to comprehensive audit trails to ensure accountability and security.

 

III. The Absolute Boundaries and Exceptions to the "No Sale, No Sharing" Principle
The following circumstances do not constitute a violation of this Statement, provided that strict prerequisites are met:

• Statutory Disclosure Obligations:Providing necessary information to competent authorities in accordance with the law—pursuant to court judgments, requests for investigative assistance from public security organs, or directives regarding adverse event monitoring issued by the National Medical Products Administration (NMPA). Such actions require the joint signing of a *Data Retrieval Compliance Review Opinion* by the Company’s Legal Director and Chief Privacy Officer, and are strictly limited to fields within the raw data that are directly relevant to the specific case;

• Entrusted Processing Scenarios:Synchronizing basic information—such as logistics tracking numbers, recipient names, phone numbers, and addresses—to licensed carriers (e.g., SF Express, JD Logistics) for the purpose of fulfilling orders. Such data transfers are governed by a Data Processing Agreement* (DPA), which explicitly stipulates that the data may be used solely for the purpose of performing transportation services and may not be retained, processed, or re-transmitted; furthermore, the carrier must undergo the Company’s annual penetration testing and SOC 2 Type II audits;

• Necessary Intra-Group Collaboration:Accessing device fault logs—strictly limited to the Company’s wholly-owned subsidiaries (e.g., DREAME TECHNOLOGY (HK) LIMITED)—for the purpose of providing unified after-sales services. Such access requires authentication via a Zero Trust Network Access (ZTNA) gateway; data views are automatically desensitized (e.g., by masking the last four digits of the Serial Number); and the entire operation is monitored via a security incident monitoring platform compliant with Article 32 of the GDPR.

 

IV. Technical Safeguards and User Control Mechanisms
• End-to-End Blocking of Commercial Data Sharing:** Our CRM system, CDP (Customer Data Platform), and advertising DSP platform are physically isolated from one another, with no API interfaces or data pipelines connecting them. User behavioral tags (e.g., "frequent IPL mode usage") reside exclusively within local edge computing modules and are not uploaded to central servers.
• Real-time Exercise of Withdrawal Rights:** Users may utilize the "Privacy Center" within the CordataCare App to disable all non-essential data collection permissions (such as location services and device sensor readings) with a single tap. Upon disabling, the system automatically triggers a data erasure process (in compliance with Article 47 of the PIPL regarding the "Right to Deletion") and completes the synchronized cleanup of backup systems within 72 hours.
• Third-Party SDK Audit Inventory: All SDKs integrated into the App—such as those for WeChat Login and Alipay Payment—have undergone verification via an "SDK Security Assessment Report." This verification confirms that these SDKs do not access permissions beyond their scope (e.g., device IDs, clipboard contents, or contact lists) and that all data is transmitted directly to the respective vendors' servers, without passing through our company's intermediary systems.

 

V. Liability for Breach and Oversight Mechanisms
• Should any employee unauthorizedly sell or disclose user data, their employment contract will be immediately terminated and the matter referred to judicial authorities upon verification.
• Deloitte Touche Tohmatsu issues a quarterly "Personal Information Processing Compliance Audit Report," a summarized version of which is publicly posted on our official website.