Privacy Policy

Introduction

Houzishuohua (Wuhan) Technology Co., Ltd. ("we", "us", "our") takes your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use ViceMe (the "Service") via mobile apps, web, or API.

Please read this Policy carefully before using the Service, especially the bolded sections. By clicking "Agree" or continuing to use the Service, you acknowledge that you have read, understood, and agreed to this Policy.

If you have any questions, see Section 13 (Contact Us).

1. Information We Collect and How We Use It

We only collect information necessary to provide the Service, following data minimization.

1.1 Account Registration and Sign-In

Email sign-in: We collect your email address and verification code.
Sign in with Apple: We collect the Apple ID identifier, email (may be relayed), and name that Apple shares upon your authorization.
Google Sign-In: We collect the Google account ID, email, name, and avatar that Google shares upon your authorization.

1.2 Conversations with the AI Assistant

When you use the AI conversation features, we collect:

The text, voice, images, and files you input;
Conversation context, session ID, and timestamps.

These are used to:

Generate real-time responses by calling the AI model;
Save your conversation history under your account so you can review it later;
Provide security risk control (e.g., identifying abuse, preventing API misuse).

Important: Your conversation content is sent to the following third-party AI model providers to generate responses:

Google LLC (Gemini via Vertex AI) — the primary model for the international version.

We only transmit Input necessary for response generation, and the provider does not use such data to train its model under our agreement (see Section 3).

1.3 Agent Creation and Operation

When you create, publish, or use an Agent, we collect:

The name, description, prompt, configuration, and connected tools you provide;
Input parameters, invocation records, and output results generated during execution.

1.4 Tool Calls and Third-Party Account Authorization

When you authorize an Agent to access third-party accounts (e.g., calendar, email, Lark, Notion):

We obtain an access token through the standard OAuth flow upon your consent; we do not store your third-party account passwords;
We access only data within the scope you have authorized;
Access stops immediately when you revoke authorization in Settings.

For sensitive data (calendar, email, files, contacts): Without your additional explicit consent, we do not use such data for model training.

1.5 Memory and Personalization

To help the AI assistant understand you better, we extract and save user memories (e.g., your preferences, habits, long-term goals) during your use. You can view, edit, or delete any memory in Settings.

1.6 Payments and Subscriptions

Where the Service offers paid features, we use third-party payment channels such as Apple In-App Purchase or Google Play Billing, and collect order ID, product, amount, payment time, and status. We do not directly collect your card details or other sensitive payment data.

1.7 Push Notifications

We deliver push notifications via APNs (iOS) and FCM (Android). Specific data collected by these SDKs is governed by their respective privacy policies.

1.8 Customer Support and Feedback

When you contact support or submit feedback, we collect the contact information, problem description, attachments, and device information you provide, to respond to your request.

1.9 Security and Risk Control

To safeguard your account and our Service, we collect:

IP address, device model, OS, app version, network type;
Device identifiers (iOS: IDFV; Android: AAID);
Sign-in logs and activity logs.

These are used to detect unusual sign-in, prevent abuse, fulfill anti-fraud requirements, and comply with applicable record-keeping requirements.

1.10 Device Permissions

Permission	Purpose	Required
Notifications	Receive push messages	No
Microphone	Voice input	No (only for voice features)
Camera	Capture and upload images	No (only for camera features)
Photos / Storage	Upload images or files	No (only for upload features)
Contacts	"Find a person / contacts Agent" features	No (only for relevant features)
Calendar	Agent reads/writes events	No (only after explicit authorization)
Location	Location-based reminders	No
Clipboard	Read only when you actively paste	No

You may revoke any permission at any time in your system settings. Relevant features may be unavailable, but other features remain unaffected.

1.11 Improvement and Training (Opt-In)

We may wish to use your conversations to improve our product and models. This option is off by default. You may turn it on or off at any time in Settings → Privacy → Help improve the product. When enabled, we will only use your Input and Output after de-identification and anonymization.

1.12 Legal Basis (EEA / UK)

Where GDPR applies, we rely on the following legal bases:

Contract — providing the Service you requested;
Consent — for optional features such as model improvement;
Legitimate interest — for security, fraud prevention, and product analytics;
Legal obligation — for compliance with applicable laws.

2. Cookies and Similar Technologies

On the web, we use cookies to maintain session and remember preferences. On mobile, we use localStorage, SQLite, and Keychain to store authentication tokens and cache. You can clear these via your browser or system settings; doing so may require you to sign in again.

3. How We Share Your Information

3.1 Processors

We engage qualified third parties to process certain data on our behalf, under written agreements consistent with this Policy:

Category	Processor	Purpose
Infrastructure	Zeabur and underlying cloud providers	Server, database, object storage hosting
AI Model	Google LLC (Vertex AI / Gemini)	AI inference and response generation
Push Notifications	Apple (APNs), Google (FCM)	Device-level message delivery
Error Monitoring	Sentry or equivalent	Crash logs to help fix bugs

3.2 Sharing

We share information in the following limited situations:

Sign-in providers — When you use Apple Sign In or Google Sign-In, the relevant sign-in information is collected by the respective SDK and transmitted to its provider;
Payment providers — Order information is shared with Apple, Google, or other payment channels when you make a purchase;
Third-party plugins / OAuth grantees — When you authorize an Agent to access a third-party account, request and response data within the authorized scope flows between your device and that service provider.

See Appendix A: Third-Party SDK Disclosure for a complete list.

3.3 Transfers

We do not transfer your personal information to any third party except:

With your prior explicit consent;
In connection with a merger, acquisition, or asset transfer, in which case we will require the receiving party to continue to honor this Policy.

3.4 Disclosure

We will not publicly disclose your personal information unless:

You give explicit consent; or
Disclosure is required by applicable law, regulation, or governmental or judicial authority.

4. How We Store Your Information

4.1 Storage Location

Your personal information is stored on cloud infrastructure managed by Zeabur (databases: MySQL, MongoDB, Redis, ClickHouse, LibSQL; object storage: RustFS).

4.2 Retention

Account information and conversations: until 30 days after you delete your account;
Payment and transaction records: retained as required by applicable law (typically 5–10 years for tax/accounting);
AI-generated content–related logs: at least 6 months, in accordance with applicable record-keeping requirements;
Otherwise as required by applicable law.

After the applicable retention period, we delete or anonymize the data.

5. How We Protect Your Information

All network traffic is encrypted via HTTPS / TLS;
Database access is controlled by role-based least-privilege policies;
Sensitive fields (e.g., email) are encrypted at rest;
We maintain an incident response plan and will notify you and the relevant authorities within statutory timeframes if a data breach occurs.

Despite these measures, the internet is not 100% secure. If you notice any unusual activity on your account, contact us immediately (see Section 13).

6. Your Rights

Subject to applicable law (including GDPR and CCPA / CPRA where applicable), you have the following rights:

Right	How to Exercise
Access / Copy	View in `Settings → My Profile`; email hi@viceme.ai to request a copy of your data
Correct / Supplement	Edit in `Settings → My Profile`
Delete	Delete conversation: long-press → Delete; delete file: in the conversation; delete memory: `Settings → Memory → Delete`
Withdraw consent	Disable the relevant system permission, or toggle off the corresponding switch in `Settings → Privacy`
Delete account	`Settings → Account → Delete Account`
Data portability (EEA / UK)	Email hi@viceme.ai for a machine-readable export
Object to / restrict processing (EEA / UK)	Email hi@viceme.ai
Lodge a complaint (EEA / UK)	Contact your local data protection authority
Do Not Sell / Share (California)	Email hi@viceme.ai with the subject "Do Not Sell or Share"

We respond to verifiable requests within 30 days (or sooner where required by applicable law).

7. Children's Privacy

The Service is intended for users aged 18 or older.

Users under 13 (or the minimum age required by your jurisdiction, including 16 in some EEA member states under GDPR) must not use the Service. If we identify such an account, we will close it and delete associated data.
Users between the local minimum age and 17 must use the Service with parental consent and supervision.
Parents or guardians may email hi@viceme.ai to request access, correction, or deletion of their child's personal information.

8. Your AI Input and Output

8.1 We Do Not Train on Your Conversations (Unless You Opt In)

We do not use your conversations with the AI to train our own models. If you wish to help improve the Service, you may opt in via Settings → Privacy → Help improve the product. This option is off by default and can be turned off at any time.

8.2 Third-Party Model Provider Training

According to our agreement with Google Cloud (Vertex AI), Google does not use customer data sent through the API to train its models, in line with Google Cloud's Data Processing Addendum.

8.3 No Training on Sensitive Scopes

For content accessed by Agents from sources such as calendar, email, files, and contacts, we do not use such data for any model training without your additional explicit consent.

9. Third-Party AI Data Sharing Disclosure (Apple Compliance)

In accordance with Apple App Store Review Guideline 5.1.2(i), we disclose the following:

When you use the AI conversation, Agent execution, or generative features of the Service, your Input (including text, voice, images, and files) is sent to third-party AI model providers to generate responses:
- International version: Google LLC (Vertex AI / Gemini)
Such data is used only for real-time response generation, and these providers do not use it to train their models under our agreement;
Before you first use the AI features, we will display an in-app notice and obtain your explicit consent.

10. International Data Transfers

Your personal information may be processed and stored on infrastructure located outside your country of residence. We rely on appropriate safeguards (such as Standard Contractual Clauses, where required) to protect your data during cross-border transfers.

If you are located in the EEA, UK, or Switzerland and would like more information on transfer safeguards, email hi@viceme.ai.

11. Region-Specific Notices

11.1 European Economic Area, UK, Switzerland

The controller is Houzishuohua (Wuhan) Technology Co., Ltd.;
We rely on the legal bases described in Section 1.12;
You may lodge a complaint with your local data protection authority.

11.2 California (CCPA / CPRA)

We do not "sell" your personal information for monetary consideration;
We may "share" personal information with third-party service providers for the operation of the Service, as described in Section 3;
You have the right to know, delete, correct, and opt out of sale / sharing. Email hi@viceme.ai to exercise these rights.

11.3 Other Jurisdictions

We will comply with applicable local law.

12. Updates to This Policy

We may update this Policy from time to time. Material changes will be communicated via in-app pop-up, in-app messaging, or email, with at least 7 days' notice before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Previous versions are archived at: https://viceme.ai/legal/archive/privacy-policy/

13. Contact Us

Company: Houzishuohua (Wuhan) Technology Co., Ltd.
Address: Room 1107, 11/F, Building B, No. 30 Shendun 5th Road, Donghu New Technology Development Zone, Wuhan, Hubei, China
Privacy: hi@viceme.ai
Support: hi@viceme.ai
Legal / IP notices: hi@viceme.ai

Appendix A: Third-Party SDK Disclosure

The list below is updated alongside this Policy.

SDK	Provider	Purpose	Data Collected	Privacy Policy
Sign in with Apple	Apple Inc.	iOS account sign-in	Apple ID identifier, email (may be relayed), name	https://www.apple.com/legal/privacy/
Google Sign-In	Google LLC	Account sign-in	Google account ID, email, name, avatar	https://policies.google.com/privacy
Apple In-App Purchase	Apple Inc.	iOS in-app payments	Order info, Apple ID associations	https://www.apple.com/legal/privacy/
Google Play Billing	Google LLC	Android in-app payments	Order info, Google account identifier	https://policies.google.com/privacy
APNs	Apple Inc.	iOS push notifications	Device token	https://www.apple.com/legal/privacy/
FCM	Google LLC	Android push notifications	Device token	https://policies.google.com/privacy
Google Vertex AI (Gemini)	Google LLC	AI inference	User Input and conversation context	https://cloud.google.com/terms/data-processing-addendum
Sentry	Functional Software, Inc.	Crash / error monitoring	Device info, error stack, IP	https://sentry.io/privacy/