Privacy policy

 Mejene 覓臻顏 隱私政策

版本生效日期：2026年2月16日

 引言

Mejene覓臻顏（以下統稱“Mejene”或“我們”）深知個人信息對您的重要性，並會盡全力保護您的個人信息安全可靠。我們致力於維持您對我們的信任，恪守以下原則，保護您的個人信息：權責一致原則、目的明確原則、選擇同意原則、最少夠用原則、確保安全原則、主體參與原則、公開透明原則等。同時，Mejene承諾，我們將按業界成熟的安全標準，採取適當的安全保護措施來保護您的個人信息。

本政策與您使用我們的服務關係緊密，我們建議您在使用本服務前認真閱讀、充分理解本政策條款，包括免除或限制我們責任的免責條款以及對使用本服務對您權利的限制條款，並做出您認為適當的選擇。我們努力用通俗易懂、簡明扼要的文字表達，並對本政策中與您的權益存在重大關係的條款和個人敏感信息，採用粗體字進行標註以提示您注意。

您點擊“同意”或實際使用本平臺服務，即表示您已充分閱讀、理解並接受本政策的全部內容。

本隱私政策以簡體中文和英文書寫。兩種語言文本具有同等法律效力。如中文版本與英文版本在任何條款的解釋上發生衝突，應以簡體中文版本為準。

如您對本政策有任何疑問、意見或建議，可通過以下聯繫方式與我們聯繫：

-公司名稱： Mejene Limited 美臻選數位科技有限公司（香港）、深圳雲數網科技信息有限公司

本政策將幫助您瞭解以下內容

- 一、我們如何收集和使用您的個人信息

- 二、我們如何使用Cookie和同類技術

- 三、我們如何共享、轉讓、公開披露您的個人信息

- 四、我們如何保護您的個人信息

- 五、您如何訪問和管理自己的信息

- 六、我們如何處理兒童的個人信息

- 七、我們如何存儲您的個人信息

- 八、本政策如何更新

- 九、如何聯繫我們

 一、我們如何收集和使用您的個人信息

個人信息是指以電子或者其他方式記錄的與已識別或者可識別的自然人有關的各種信息，不包括匿名化處理後的信息。敏感個人信息是指一旦洩露或者非法使用，容易導致自然人的人格尊嚴受到侵害或者人身、財產安全受到危害的個人信息，包括生物識別、宗教信仰、特定身份、醫療健康、金融賬戶、行蹤軌跡等信息，以及不滿十四周歲未成年人的個人信息。我們將在本政策中對涉及到的敏感個人信息以粗體進行顯著標識。

Mejene僅會出於本政策所述的以下目的，收集和使用您的個人信息。在您使用我們的產品及/或服務時，我們需要/可能需要收集和使用您的個人信息包括如下兩種：

- 為實現向您提供我們產品及/或服務的基本功能，您須授權我們收集、使用的必要的信息。如您拒絕提供相應信息，您將無法正常使用我們的產品及/或服務；

- 為實現向您提供我們產品及/或服務的擴展功能，您可選擇是否授權我們收集、使用的信息。如您拒絕提供，您將無法正常使用相關擴展功能或無法達到我們擬達到的最佳效果，但不影響您正常使用我們的產品及/或服務的基本功能。

 （一）您需要授權我們收集和使用個人信息的情形

 1. 賬戶註冊與會員服務

為完成創建賬號，您需提供以下信息：

- 賬號註冊與登錄：當您註冊及登錄本平臺賬號時，需提供手機號碼用於完成驗證，這是滿足網絡實名制要求的必要信息。若您不提供手機號碼，將無法完成註冊並使用服務。您註冊時使用微信授權登錄，即表示您授權我們獲取您在微信平臺已實名認證的基本信息。

- 基本信息完善：為向您提供個性化的美學健康指導服務，您可自主完善個人信息，包括您的姓名、性別、出生年月。這些信息為使用個性化服務的必要條件，若您不提供上述信息，將無法使用相關個性化服務。

- Smile ID激活：當您激活Smile ID時，我們會為您生成唯一的身份識別碼，用於關聯和管理您的所有口腔健康數據。

2. 會員權益與服務

當您購買會員服務時，我們會收集您的會員等級、會員有效期、支付記錄等信息，以向您提供相應的會員權益。

 3. 合作診所服務

為實現合作診所為您上傳診療數據的核心功能，我們需要收集以下信息：

- 診療數據：您授權合作診所上傳的口腔掃描數據（STL/PLY等格式）、X光影像、醫生診療記錄、治療方案確認文件、質保卡信息等。這些數據屬於醫療健康敏感個人信息，我們將採取特別的安全保護措施。

- 確認記錄：在關鍵診療環節（如設計方案確認、試戴確認等），我們會記錄您的確認操作，形成證據鏈。

 4. 支付功能

當您通過本平臺購買會員或產品時，我們會收集您的支付信息（如支付時間、支付金額、支付渠道等），以完成訂單履約。具體的支付信息處理由第三方支付機構負責，我們僅獲取支付結果。

 5. 訂單管理

當您通過本平臺購買牙冠、牙貼面等產品時，我們會收集您的收貨地址、收貨人姓名、聯繫方式，以完成產品交付。

6. 客戶服務

當您使用在線客服功能時，為了解答您的反饋問題，我們將收集您的用戶ID、IP地址、操作系統版本、您與客服的溝通記錄**，以及您主動提供的其他信息。若您拒絕提供前述信息，請勿使用相關功能。

（二）您可自主選擇提供個人信息的情形

為提升您使用我們產品及/或服務的體驗，我們的以下擴展功能可能會收集和使用您的個人信息。如果您不提供這些個人信息，您依然可以使用我們的產品及/或服務，但您可能無法享受到這些擴展功能給您帶來的額外樂趣和便捷。這些擴展功能包括：

- 設備信息：我們會在您安裝、使用本服務時，接收並記錄您所使用的設備相關信息（如設備型號、操作系統、系統版本、軟件版本信息）。我們需要知道您的設備類型和系統版本，以確保應用程序能夠在該設備上正常安裝、運行，避免因不兼容導致的崩潰或功能異常。

- 日誌信息：當您使用我們提供的產品或服務時，我們將收集您對我們服務的使用情況信息（如操作日誌、訪問日期和時間以及訪問時長、訪問記錄、您對我們服務的詳細使用情況），並作為有關網絡日誌保存。這些數據對於優化產品設計、提升您的體驗至關重要，同時可用於監測和防範異常訪問行為，保障您的賬戶和數據安全。

- 位置信息：我們會根據您安裝、使用本服務中授予的具體權限，接收設備所在位置信息。結合您所在地信息（如合作診所位置），我們可以提供更加個性化的服務推薦。

- 服務使用信息：您在使用本服務時提交或產生的信息、用戶行為信息。基於這些數據，我們可以為您生成年度美學健康報告。

- 緊急聯繫人信息：為確保醫療服務的連續性和安全性，我們將會收集緊急聯繫人姓名、聯繫人號碼、與本人關係。這些信息並非使用基礎服務的必要條件，您可選擇不提供。如您選擇提供給我們，請您確保在填寫相關信息時，已經獲得他人的同意或授權，不會侵犯他人的合法權益。

（三）敏感個人信息的處理說明

根據《信息安全技術 敏感個人信息處理安全要求》（GB/T 45574-2025），醫療健康信息屬於敏感個人信息。我們將嚴格遵守以下規定處理您的敏感個人信息：

1. 單獨同意：在處理您的敏感個人信息前，我們將取得您的**單獨同意**，並以增強告知的方式向您說明處理敏感個人信息的必要性以及對您個人權益的影響。

2. 目的限制：我們將嚴格按照本政策所述的目的處理您的敏感個人信息，不會超出您授權同意的範圍。

3. 安全保護：我們將採取行業領先的安全措施保護您的敏感個人信息，具體詳見本政策第四章。

4. 日誌記錄：我們會對敏感個人信息的處理和操作情況進行記錄，日誌記錄將保存三年。

5. 安全審計：我們將至少每月對敏感個人信息處理日誌和用戶權限進行安全審計，及時處理不合理的授權和操作。

 （四）我們從第三方獲取您個人信息的說明

我們從第三方間接獲取您的個人信息的類型僅為實現我們產品業務功能所必須，且僅獲取最少字段最少數量。我們承諾，我們將嚴格依據與第三方的約定獲取您的個人信息。在從第三方間接獲取您的個人信息時，我們將確認第三方個人信息來源的合法性，並在符合相關法律和法規規定的前提下，使用您的這些個人信息。我們將瞭解並審慎確認，第三方已所獲得的您的個人信息處理的授權同意範圍，包括使用目的、您是否授權同意轉讓、共享、公開披露等。我們開展業務所需進行的個人信息處理活動超出您的授權同意範圍的，我們將在獲取您的個人信息後的合理期限內或處理您的個人信息前，徵得您的明示同意。

（五）個人信息收集與權限調用說明

我們個人信息收集與權限調用情況詳見：《個人信息收集與權限調用清單》。若您拒絕我們調用相關權限，您將無法正常使用相應功能，但不會影響到其他功能的使用。

（六）營銷信息說明

我們在運營中可能會通過您在使用服務的過程中所提供的聯繫方式（聯繫郵箱），向您同時發送一種或多種類型的通知，例如：協議確認、會員權益提醒、活動通知及其他通知場景。我們也可能會以短信、彈窗推送的方式向您發送您可能感興趣的服務、功能或活動的營銷性/非營銷性消息及其他服務信息。

若您不願意接收我們的營銷性消息及其他服務信息，您可以通過短信、電話、郵件中提供的退訂方式或者通過我們的客服進行退訂或關閉。

 （七）依法豁免徵得同意的情形

根據相關法律法規規定，在以下情形中，我們處理您的個人信息無需徵得您的授權同意：

1. 為訂立、履行個人作為一方當事人的合同所必需，或者按照依法制定的勞動規章制度和依法簽訂的集體合同實施人力資源管理所必需；

2. 為履行法定職責或者法定義務所必需；

3. 為應對突發公共衛生事件，或者緊急情況下為保護自然人的生命健康和財產安全所必需；

4. 依照《個人信息保護法》規定在合理的範圍內處理個人自行公開或者其他已經合法公開的個人信息；

5. 法律、行政法規規定的其他情形。

二、我們如何使用Cookie和同類技術

（一）Cookie

為確保我們產品及/或服務正常運轉，我們會在您的計算機或移動設備上存儲名為Cookie的小數據文件。Cookie通常包含標識符、站點名稱以及一些號碼和字符。藉助於Cookie，我們能夠存儲您的偏好或瀏覽記錄等數據。我們不會將Cookie用於本政策所述目的之外的任何用途。您可根據自己的偏好管理或刪除Cookie。您可以清除計算機上保存的所有Cookie，大部分網絡瀏覽器都設有阻止Cookie的功能。但如果您這麼做，則需要在每一次訪問我們的網站時親自更改用戶設置。

（二）SDK

為保障我們的服務穩定運行、功能實現，使您能夠享受和使用更多的服務及功能，我們的產品/服務中會嵌入授權合作伙伴的SDK或其他類似的應用程序。我們接入授權合作伙伴的SDK詳見《第三方個人信息共享清單》。

我們會對授權合作伙伴獲取有關信息的應用程序接口（API）、軟件工具開發包（SDK）進行嚴格的安全檢測，並與授權合作伙伴約定嚴格的數據保護措施，令其按照本政策以及其他任何相關的保密和安全措施來處理個人信息。

（三）不追蹤信號

我們識別並尊重以下通用退出信號：

- 全局隱私控制（GPC）

- 瀏覽器“不追蹤”（DNT）設置

當我們檢測到上述退出信號時，我們將自動應用您的偏好，拒絕非必要的Cookie，並阻止相關的個人信息共享。

三、我們如何共享、轉讓、公開披露您的個人信息

為了保證您的個人信息安全，我們遵照最小化原則，在遵守適用的法律要求下，共享、轉讓或披露您的個人信息。

對我們與之共享個人信息的公司、組織和個人，我們會按照當地國家的法律要求採取組織和技術措施，要求他們按照我們的安全標準、本政策的要求及相關的保密和安全措施來處理個人信息。

 （一）共享

我們不會與Mejene運營主體以外的任何公司、組織和個人分享您的個人信息，但以下情況除外：

1. 在獲取明確同意的情況下共享：獲得您單獨同意後，我們會與其他方共享您的個人信息。

2. 與附屬公司共享：您的個人信息可能會與Mejene的附屬公司共享。我們只會共享必要的個人信息，且受本隱私政策中所聲明目的的約束。附屬公司如要改變個人信息的處理目的，將再次徵求您的授權同意。

3. **與合作診所共享**：為實現向您提供診療數據上傳服務的核心功能，我們需要將您的必要個人信息共享給為您服務的合作診所，包括您的Smile ID、歷史診療數據（需您授權）等。我們與合作診所簽署了嚴格的合作協議，要求其按照本政策的要求保護您的個人信息。

4. 與授權合作伙伴共享：僅為實現本政策中聲明的目的，我們的某些服務將由授權合作伙伴提供（如支付服務、物流服務）。我們可能會與合作伙伴共享您的某些個人信息，以提供更好的客戶服務和用戶體驗。

我們對外共享個人信息的情況請詳見：《第三方個人信息共享清單》。對我們與之共享個人信息的公司、組織和個人，我們會與其簽署嚴格的保密協定，要求他們按照我們的說明、本隱私政策以及其他任何相關的保密和安全措施來處理個人信息。

5. 法律要求：我們可能會根據法律法規規定，或按政府主管部門的強制性要求，對外共享您的個人信息。

 （二）轉讓

我們不會將您的個人信息轉讓給任何公司、組織和個人，但以下情況除外：

- 在獲取您單獨同意的情況下轉讓：獲得您的單獨同意後，我們會向其他方轉讓您的個人信息；

- 在涉及合併、分立、解散或被宣告破產時，如涉及到個人信息轉讓，我們會及時向您告知接收方的名稱或者姓名和聯繫方式，同時要求該接收方繼續受此隱私政策的約束，否則我們將要求該接收方重新向您徵求授權同意。

（三）公開披露

我們僅會在以下情況下，公開披露您的個人信息：

- 獲得您單獨同意後；

- 基於法律的披露：在法律、法律程序、訴訟或政府主管部門強制性要求的情況下，我們可能會公開披露您的個人信息。

（四）依法豁免的情形

根據相關法律法規規定，在以下情形中，我們共享、轉讓、公開披露您的個人信息無需徵得您的授權同意：

1. 為訂立、履行個人作為一方當事人的合同所必需；

2. 為履行法定職責或者法定義務所必需；

3. 為應對突發公共衛生事件，或者緊急情況下為保護自然人的生命健康和財產安全所必需；

4. 依照《個人信息保護法》規定在合理的範圍內處理個人自行公開或者其他已經合法公開的個人信息；

5. 法律、行政法規規定的其他情形。

四、我們如何保護您的個人信息

（一）安全防護措施

我們已使用符合業界標準的安全防護措施保護您提供的個人信息，防止個人信息遭到未經授權的訪問以及個人信息洩露、篡改、丟失。我們會採取一切合理可行的措施，保護您的個人信息。

特別針對醫療健康敏感個人信息，我們採取以下增強保護措施：

1. 加密存儲：您的口腔掃描數據、X光影像、診療記錄等敏感個人信息將採用行業標準的加密技術進行存儲。某醫療科技公司因患者診療數據未採取加密措施存儲，導致數據庫在未採取防護措施的情況下對互聯網開放訪問，被網信部門依法予以警告、罰款處罰。我們以此為鑑，對敏感個人信息實施強制加密。

2. 訪問控制：我們建立了嚴格的訪問控制機制，僅允許因業務需要必須接觸您個人信息的人員在最小必要範圍內訪問，並記錄所有訪問日誌。

3. 安全審計：我們至少每月對敏感個人信息處理日誌和用戶權限進行安全審計，及時處理不合理的授權和操作。

4. 水印技術：敏感個人信息顯示界面將添加包括訪問主體標識和訪問時間等內容的水印，涉及集中顯示的，默認禁用複製、打印和截屏等功能。

5. 網絡安全等級保護：我們將按照國家要求開展網絡安全等級保護測評工作，確保系統安全。

6. 數據脫敏：在保證實現業務功能的基礎上，我們對所收集的生物識別信息直接進行特徵和摘要信息提取。

在您的設備與“服務”之間交換數據時受SSL加密保護。我們會使用加密技術確保數據的保密性；我們會使用受信賴的保護機制防止數據遭到惡意攻擊；我們會部署訪問控制機制，確保只有授權人員才可訪問個人信息。

（二）安全事件處置

我們將盡力確保您個人信息的安全。如果我們的物理、技術或管理防護設施遭到破壞，導致信息被非授權訪問、公開披露、篡改或丟失，已引起您的合法權益遭受損害，我們將啟動應急預案，並按照法律法規的要求，及時向您告知：安全事件的基本情況和可能的影響、我們已採取或將要採取的處置措施、您可自主防範和降低風險的建議、對您的補救措施等。我們將及時將事件相關情況以郵件、信函、電話、推送通知等方式告知您，難以逐一告知個人信息主體時，我們會採取合理、有效的方式發佈公告。

同時，我們還將按照監管部門要求，主動上報個人信息安全事件的處置情況。

（三）免責聲明

互聯網環境並非百分之百安全，我們將盡力確保您發送給我們的任何信息的安全性。如果我們的物理、技術或管理防護設施遭到破壞，導致信息被非授權訪問、公開披露、篡改或丟失，導致您的合法權益受損，我們將依法承擔相應的法律責任。

但若因以下情況導致的信息洩露或損失，我們在已盡合理保護義務的前提下，不承擔法律責任：

- 因不可抗力（包括但不限於自然災害、戰爭、動亂、罷工等）、法律法規或政策變化、政府行為等導致；

- 因網絡攻擊、黑客攻擊、計算機病毒或其他惡意代碼導致；

- 因您自身原因導致的賬戶信息洩露或數據丟失（如您主動洩露賬戶信息、未妥善保管賬戶密碼）；

- 因電信設備或系統的技術故障、調整或維護導致。

（四）安全能力要求

我們處理10萬人以上敏感個人信息的，將指定個人信息保護負責人和管理機構。我們的數據安全能力，符合GB/T 37988三級及以上能力要求。

 五、您如何訪問和管理自己的信息

（一）訪問、更正、刪除您的個人信息

您有權隨時登錄本平臺訪問、更正、刪除您的個人信息。在您訪問、更正、刪除前述信息時，我們可能會要求您進行身份驗證，以保障賬戶安全。

 （二）數據導出

本平臺支持您隨時導出您的數據。您理解並同意，數據導出後，您需自行承擔數據在您個人設備上的安全保管責任。

 （三）改變授權同意的範圍

每個業務功能需要一些基本的個人信息才能得以完成（見本政策第一章）。對於額外收集的個人信息的收集和使用，您可以隨時給予或收回您的授權同意。

您有權隨時查看或撤銷任何第三方（如診所）對您數據的訪問權限。本平臺將逐步開發在線“數據授權管理”功能。在該功能上線前，您可通過聯繫平臺客服（郵箱/電話）完成授權的查詢與撤銷。

當您收回同意後，我們將不再處理相應的個人信息。但您收回同意的決定，不會影響此前基於您的授權而開展的個人信息處理。

（四）註銷賬戶

您有權隨時申請註銷您的賬戶。您可以通過本平臺設置的註銷功能或聯繫平臺客服提交註銷申請。

我們將在收到您註銷申請的15個工作日內完成您的賬戶註銷。請注意，國家網信辦於2025年2月通報的個人信息刪除權問題中，“用戶賬號註銷承諾時限超出15個工作日”被列為重點整改問題。我們嚴格遵守該時限要求。

在確認該用戶名下所有交易已完結且無投訴爭議的前提下，我們將：

- 您的賬戶轉為註銷狀態，您將無法再通過本平臺訪問您的數據；

- 您的原始數據我們將根據您的要求和適用法律的規定處理。如您未特別要求，我們將繼續保留您的數據，但您將無法通過平臺訪問（即轉為凍結狀態），符合法律要求需要保留的數據除外。

為避免您誤操作，30日內使用原賬號登錄，將視為放棄註銷申請，屆時可為您恢復數據。

（五）響應您的上述請求

為保障安全，您可能需要提供書面請求，或以其他方式證明您的身份。我們可能會先要求您驗證自己的身份，然後再處理您的請求。

對於您合理的請求，我們原則上不收取費用，但對多次重複、超出合理限度的請求，我們將視情收取一定成本費用。對於那些無端重複、需要過多技術手段（例如，需要開發新系統或從根本上改變現行慣例）、給他人合法權益帶來風險或者非常不切實際（例如，涉及備份磁帶上存放的信息）的請求，我們可能會予以拒絕。

 （六）例外情形

在以下情形中，按照法律法規要求，我們將無法響應您的更正、刪除、註銷信息的請求：

1. 與國家安全、國防安全直接相關的；

2. 與公共安全、公共衛生、重大公共利益直接相關的；

3. 與犯罪偵查、起訴、審判和執行判決等直接相關的；

4. 有充分證據表明您存在主觀惡意或濫用權利的；

5. 響應您的請求將導致您或其他個人、組織的合法權益受到嚴重損害的；

6. 涉及商業秘密的。

 六、我們如何處理兒童的個人信息

我們的產品、網站和服務主要面向成年人。如果沒有父母或監護人的同意，兒童不得創建自己的用戶賬戶。

對於經父母或監護人同意而收集兒童個人信息的情況，我們只會在受到法律允許、父母或監護人明確同意或者保護兒童所必要的情況下使用或公開披露此信息。

**我們將收集不滿十四周歲未成年人身份信息時，僅會在未成年人相關法律法規有明確要求時進行，並採取短信驗證、電話驗證、視頻驗證、電子郵箱驗證、書面確認和綁定實名賬戶等合理措施驗證監護人身份**。

如果我們發現自己在未事先獲得可證實的父母或監護人同意的情況下收集了兒童的個人信息，則會設法儘快刪除相關數據。

七、我們如何存儲您的個人信息

 （一）存儲地點

我們將按照法律法規的規定，將在中華人民共和國境內收集和產生的個人信息存儲於中國境內（不包括港澳臺地區）。

如需向境外傳輸您的個人信息，我們將嚴格按照《個人信息保護法》《數據出境安全評估辦法》《個人信息出境標準合同辦法》等法律法規的要求，採取以下措施之一，並獲得您的單獨同意：

- 通過國家網信部門組織的數據出境安全評估；

- 按照國家網信部門的規專業機構進行個人信息保護認證；

- 按照國家網信部門制定的標準合同與境外接收方訂立合同，約定雙方的權利和義務。

根據《促進和規範數據跨境流動規定》，自當年1月1日起累計向境外提供10萬人以上、不滿100萬人個人信息（不含敏感個人信息）或者不滿1萬人敏感個人信息的，可以通過訂立個人信息出境標準合同或個人信息出境認證方式出境個人信息。

 （二）存儲期限

我們僅在為您提供服務所必需的期限內保留您的個人信息：

- 賬戶在正常狀態下：信息保留時間自收集日期開始5年內。

- 賬戶註銷時：我們將按照本政策第五條的規定處理您的數據。

- 法律要求：對於敏感個人信息處理日誌，我們將保存三年。

超出上述存儲期限後，我們將對您的個人信息進行刪除或匿名化處理。

八、本政策如何更新

我們可能適時對本政策進行修訂。當本政策的條款發生變更時，我們會在版本更新時以頁面提示、彈窗、站內信等方式向您說明新版隱私政策的具體內容。

對於重大變更，我們還會提供更為顯著的通知（包括對於某些服務，我們會通過電子郵件發送通知，說明隱私政策的具體變更內容）。

本政策所指的重大變更包括但不限於：

1. 我們的服務模式發生重大變化。如處理個人信息的目的、處理的個人信息類型、個人信息的使用方式等；

2. 我們在所有權結構、組織架構等方面發生重大變化。如業務調整、破產併購等引起的所有者變更等；

3. 個人信息共享、轉讓或公開披露的主要對象發生變化；

4. 您參與個人信息處理方面的權利及其行使方式發生重大變化；

5. 我們負責處理個人信息安全的責任部門、聯絡方式及投訴渠道發生變化時；

6. 個人信息安全影響評估報告表明存在高風險時。

我們還會將本政策的舊版本存檔，供您查閱。

九、如何聯繫我們

如您對本政策有任何疑問、意見或建議，或需要辦理數據授權查詢、撤銷等事宜，您可以通過以下方式聯繫我們：

- 客服郵箱：support@mejene.cn

我們將在收到您聯繫後的5個工作日內予以回覆。

如果您對我們的回覆不滿意，特別是我們的個人信息處理行為損害了您的合法權益，您還可以向網信、工信、公安及市場監管等監管部門進行投訴或舉報，或向本平臺運營主體所在地有管轄權的人民法院提起訴訟。

---

您確認：在點擊“同意”之前，您已充分閱讀、理解並接受本政策的全部內容，特別是加粗標識的條款。您承諾接受並遵守本政策的約定。

Mejene  覓臻顏  Privacy Policy

Effective Date: 02/16, 2026

Introduction

Mejene覓臻顏 (hereinafter collectively referred to as "Mejene," "we," "us," or "our") understands the critical importance of your personal information and is committed to protecting its security and reliability. We are dedicated to maintaining your trust by adhering to the following principles when processing your personal information: accountability, purpose specification, consent, data minimization, security, user participation, and transparency. Concurrently, Mejene commits to adopting industry-standard security measures to protect your personal information.

This policy is closely related to your use of our services. We strongly recommend that you carefully read and fully understand this policy before using our services, including the disclaimer clauses that exempt or limit our liability and the clauses that limit your rights when using the service, and make the choices you deem appropriate. We strive to express this policy in clear, concise language and have **bolded** terms that have significant implications for your rights and obligations or pertain to sensitive personal information to draw your attention.

By clicking "Agree” or actually using our services, you acknowledge that you have fully read, understood, and accepted all the terms of this policy.

This Privacy Policy is written in both Simplified Chinese and English. Both language versions shall have equal legal effect. In the event of any conflict in the interpretation of any term or provision between the Simplified Chinese version and the English version, the Simplified Chinese version shall prevail.

If you have any questions, comments, or suggestions regarding this policy, please contact us through the following channels:

- Company Names: Mejene Limited 美臻選數位科技有限公司 (Hong Kong), Shenzhen Yunshuwan Technology Information Co., Ltd.

This Policy Will Help You Understand the Following

- I. How We Collect and Use Your Personal Information

- II. How We Use Cookies and Similar Technologies

- III. How We Share, Transfer, and Publicly Disclose Your Personal Information

- IV. How We Protect Your Personal Information

- V. How You Can Access and Manage Your Information

- VI. How We Handle Children's Personal Information

- VII. How We Store Your Personal Information

- VIII. How This Policy is Updated

- IX. How to Contact Us

I. How We Collect and Use Your Personal Information

Personal information refers to all kinds of information related to an identified or identifiable natural person recorded electronically or by other means, excluding information that has been anonymized. **Sensitive personal information refers to personal information that, once leaked or illegally used, may easily infringe upon the personal dignity of a natural person or endanger personal or property safety, including information such as biometrics, religious beliefs, specific identity, medical health, financial accounts, whereabouts, and personal information of minors under the age of fourteen. We will mark sensitive personal information involved in this policy in bold.

Mejene only collects and uses your personal information for the purposes stated in this policy. When you use our products and/or services, we may need to collect and use your personal information in the following two scenarios:

- To provide you with the basic functions of our products and/or services, you must authorize us to collect and use the necessary information. If you refuse to provide such information, you will not be able to use our products and/or services normally.

- To provide you with extended functions of our products and/or services, you may choose whether to authorize us to collect and use the information. If you refuse to provide it, you will not be able to use the relevant extended functions normally or achieve the best possible experience, but it will not affect your normal use of the basic functions of our products and/or services.

 (A) Circumstances Where You Need to Authorize Us to Collect and Use Personal Information

 1. Account Registration and Membership Services

To complete account creation, you need to provide the following information:

- Account Registration and Login: When you register and log in to this Platform, you need to provide your **mobile phone number** for verification, which is necessary to comply with real-name authentication requirements. If you do not provide your mobile phone number, you will not be able to complete the registration and use the services. Your use of WeChat authorization to log in constitutes your authorization for us to obtain your basic information that has been verified via real-name authentication on the WeChat platform.

- Basic Information Completion: To provide you with personalized aesthetic health guidance, you may choose to complete your personal information, including your name, gender, and date of birth. This information is necessary for using personalized services. If you do not provide the above information, you will not be able to use the relevant personalized services.

- **Smile ID Activation**: When you activate your Smile ID, we will generate a unique identification code for you to associate and manage all your oral health data.

2. Membership Benefits and Services

When you purchase membership services, we will collect information such as your membership level, membership validity period, and payment records to provide you with corresponding membership benefits.

 3. Partner Clinic Services

To enable partner clinics to upload your diagnostic and treatment data, a core function, we need to collect the following information:

- Diagnostic and Treatment Data: Oral scan data (STL/PLY formats, etc.), X-ray images, doctor's diagnosis/treatment records, treatment plan confirmation documents, warranty card information, etc., that you authorize partner clinics to upload. This data constitutes **sensitive personal information related to medical health** and will be subject to special security protection measures.

- Confirmation Records: For critical diagnosis/treatment stages (e.g., treatment plan confirmation, trial wear confirmation), we will record your confirmation actions, forming part of the evidence chain.

4. Payment Functionality

When you purchase memberships or products through this Platform, we will collect your payment information(such as payment time, payment amount, payment channel, etc.) to fulfill the order. The processing of specific payment information is handled by third-party payment institutions; we only obtain the payment result.

5. Order Management

When you purchase products such as dental crowns and veneers through this Platform, we will collect your shipping address, recipient name, and contact information to complete product delivery.

6. Customer Service

When you use the online customer service function, to address your feedback, we will collect your User ID, IP address, operating system version, communication records with customer service, and other information you voluntarily provide. If you refuse to provide the aforementioned information, please refrain from using the relevant function.

(B) Circumstances Where You May Choose to Provide Personal Information

To enhance your experience with our products and/or services, the following extended functions may collect and use your personal information. If you do not provide this personal information, you can still use our products and/or services, but you may not be able to enjoy the extra features and convenience these extended functions offer. These extended functions include:

- Device Information: When you install and use our services, we will receive and record device-related information (such as device model, operating system, system version, software version information). We need to know your device type and system version to ensure the application runs normally, avoiding crashes or malfunctions due to incompatibility.

- Log Information: When you use our products or services, we will collect information on how you use our services (such as operation logs, access dates, times, duration, access records, detailed usage information) and retain it as relevant network logs. This data is crucial for optimizing product design and enhancing your experience, and can also be used to monitor and prevent abnormal access, protecting your account and data security.

- Location Information: Based on the specific permissions granted during your installation and use of our services, we may receive **device location information**. Combined with your location data (e.g., partner clinic locations), we can provide more personalized service recommendations.

- Service Usage Information: Information generated or submitted during your use of our services, user behavior information. Based on this data, we can generate annual aesthetic health reports for you.

- Emergency Contact Information: To ensure the continuity and safety of medical services, we may collect emergency contact name, contact number, and relationship. This information is not necessary for using basic services; you may choose not to provide it. If you choose to provide it, please ensure you have obtained consent or authorization from the relevant individual and will not infringe upon their legitimate rights.

(C) Handling of Sensitive Personal Information

According to the Information Security Technology – Security Requirements for Sensitive Personal Information Processing (GB/T 45574-2025), medical health information constitutes sensitive personal information.We will strictly comply with the following regulations when processing your sensitive personal information:

1.  Separate Consent: Before processing your sensitive personal information, we will obtain your separate consent and explain to you the necessity of processing such information and its impact on your personal rights through enhanced notifications.

2.  Purpose Limitation: We will process your sensitive personal information strictly for the purposes stated in this policy and will not exceed the scope of your authorized consent.

3.  Security Protection: We will adopt industry-leading security measures to protect your sensitive personal information, as detailed in Chapter IV of this policy.

4.  Logging: We will keep records of the processing and operation of sensitive personal information, and these logs will be retained for three years.

5.  Security Audit: We will **conduct security audits on sensitive personal information processing logs and user permissions at least monthly, promptly addressing any unauthorized operations or permissions**.

(D) Information We Collect from Third Parties

The types of personal information we indirectly obtain from third parties are limited to what is necessary to fulfill our business functions, and we only collect the minimum fields and quantity. We promise to strictly obtain your personal information based on agreements with third parties. When indirectly obtaining your personal information from third parties, we will verify the legality of the source and use this information only in compliance with relevant laws and regulations. We will understand and prudently confirm the scope of authorization and consent obtained by the third party regarding your personal information, including the purpose of use and whether you have authorized transfer, sharing, or public disclosure. If our business requires processing personal information beyond your authorized consent, we will obtain your explicit consent again within a reasonable period after obtaining your information or before processing it.

(E) Description of Personal Information Collection and Permission Calls

Details of our personal information collection and permission calls can be found in the: "Personal Information Collection and Permission Call List." If you refuse to grant relevant permissions, you will not be able to use the corresponding functions normally, but it will not affect the use of other functions.

(F) Marketing Information Description

During our operations, we may use the contact information (phone number, email) you provided while using the service to send you one or more types of notifications, such as agreement confirmations, membership benefit reminders, event notifications, and other notice scenarios. We may also send you promotional/non-promotional messages and other service information about services, features, or activities you might be interested in via SMS or push notifications.

If you do not wish to receive our promotional messages and other service information, you can opt-out or turn them off via the unsubscribe method provided in SMS, phone, or email, or by contacting our customer service.

(G) Exceptions Requiring No Consent

According to relevant laws and regulations, we may process your personal information without your consent in the following circumstances:

1.  Where necessary for the conclusion or performance of a contract to which you are a party, or necessary for human resources management pursuant to legally established labor rules and collective contracts;

2.  Where necessary to fulfill statutory duties or obligations;

3.  Where necessary to respond to public health emergencies, or to protect the life, health, or property safety of an individual in an emergency;

4.  Where processing personal information that has been voluntarily disclosed by you or otherwise legally disclosed, within a reasonable scope as stipulated by the "Personal Information Protection Law";

5.  Other circumstances stipulated by laws or administrative regulations.

II. How We Use Cookies and Similar Technologies

 (A) Cookies

To ensure the normal operation of our products and/or services, we may store small data files called cookies on your computer or mobile device. Cookies typically contain identifiers, site names, and some numbers and characters. With the help of cookies, we can store your preferences or browsing history. We do not use cookies for any purpose other than those stated in this policy. You can manage or delete cookies based on your preferences. You can clear all cookies saved on your computer, and most web browsers have features to block cookies. However, if you do this, you may need to manually adjust user settings each time you visit our website.

(B) SDKs

To ensure the stable operation of our services, realize functions, and enable you to enjoy and use more services and features, our products/services may embed SDKs or other similar applications from authorized partners. For details on the SDKs we integrate from authorized partners, please refer to the "Third-Party Information Sharing List."

We will strictly test the Application Programming Interfaces (APIs) and Software Development Kits (SDKs) used by authorized partners to obtain information and agree on strict data protection measures with them, requiring them to process personal information in accordance with this policy and other relevant confidentiality and security measures.

(C) Do Not Track Signals

We recognize and respect the following universal opt-out signals:

- **Global Privacy Control (GPC)**

- **Browser "Do Not Track" (DNT) settings**

When we detect the above opt-out signals, we will automatically apply your preference, refuse non-essential cookies, and prevent relevant personal information sharing.

III. How We Share, Transfer, and Publicly Disclose Your Personal Information

To ensure the security of your personal information, we adhere to the principle of minimization and only share, transfer, or disclose your personal information in compliance with applicable legal requirements.

For companies, organizations, and individuals with whom we share personal information, we will adopt organizational and technical measures required by local laws and mandate that they comply with our security standards, the requirements of this policy, and relevant confidentiality and security measures when handling personal information.

(A) Sharing

We will not share your personal information with any company, organization, or individual outside of the Mejene operating entities, except in the following circumstances:

1.  Sharing with Explicit Consent: With your separate consent, we will share your personal information with other parties.

2.  Sharing with Affiliates: Your personal information may be shared with Mejene's affiliates. We will only share necessary personal information for the purposes stated in this Privacy Policy. If an affiliate changes the purpose of processing personal information, we will seek your authorization and consent again.

3.  Sharing with Partner Clinics: To provide you with the core function of diagnostic and treatment data uploading, we need to share your necessary personal information with the partner clinic serving you, including your Smile ID and historical diagnostic data (subject to your authorization). We sign strict cooperation agreements with partner clinics, requiring them to protect your personal information following the requirements of this policy.

4.  Sharing with Authorized Partners: To achieve the purposes stated in this policy, certain services may be provided by authorized partners (e.g., payment services, logistics services). We may share some of your personal information with partners to provide better customer service and user experience.

For details on our sharing of personal information, please refer to the "Third-Party Information Sharing List." For companies, organizations, and individuals with whom we share personal information, we will sign strict confidentiality agreements, requiring them to process personal information by our instructions, this Privacy Policy, and other relevant confidentiality and security measures.

5.  Legal Requirements: We may share your personal information in accordance with laws and regulations or as required by mandatory orders from competent government authorities.

(B) Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:

- Transfer with Your Separate Consent: With your separate consent, we will transfer your personal information to other parties;

- Involving Mergers, Acquisitions, or Dissolution: In cases involving mergers, divisions, dissolution, bankruptcy declaration, or similar events, if a transfer of personal information is involved, we will promptly inform you of the recipient's name and contact information. We will require the recipient to continue to be bound by this Privacy Policy; otherwise, we will require the recipient to seek your authorization and consent again.

(C) Public Disclosure

We will only publicly disclose your personal information in the following circumstances:

- With your **separate consent**;

- **Legal Disclosure**: We may publicly disclose your personal information when required by law, legal proceedings, litigation, or mandatory orders from competent government authorities.

(D) Exceptions Permitted by Law

According to relevant laws and regulations, we may share, transfer, or publicly disclose your personal information without your consent in the following circumstances:

1.  Where necessary for the conclusion or performance of a contract to which you are a party;

2.  Where necessary to fulfill statutory duties or obligations;

3.  Where necessary to respond to public health emergencies, or to protect the life, health, or property safety of an individual in an emergency;

4.  Where processing personal information that has been voluntarily disclosed by you or otherwise legally disclosed, within a reasonable scope as stipulated by the "Personal Information Protection Law";

5.  Other circumstances stipulated by laws or administrative regulations.

IV. How We Protect Your Personal Information

(A) Security Protection Measures

We use industry-standard security measures to protect the personal information you provide, preventing unauthorized access, disclosure, alteration, or loss. We will take all reasonably practicable measures to protect your personal information.

Specifically for sensitive personal information related to medical health, we adopt the following enhanced protection measures:

1.  Encrypted Storage: Your sensitive personal information, such as oral scan data, X-ray images, and diagnosis/treatment records, will be stored using industry-standard encryption technologies. A certain medical technology company was warned and fined by the Cyberspace Administration for failing to encrypt patient diagnosis/treatment data, leaving its database openly accessible on the internet without protective measures. Learning from this, we mandate encryption for all sensitive personal information.

2.  Access Control: We have established strict access control mechanisms, allowing only personnel who need to access your personal information for business purposes to do so within the minimum necessary scope, and we log all access activities.

3.  Security Audit: We **conduct security audits on sensitive personal information processing logs and user permissions at least monthly, promptly addressing any unauthorized operations or permissions**.

4.  Watermarking: Interfaces displaying sensitive personal information will include watermarks containing identifiers like the accessing entity and access time. For centralized displays, functions like copying, printing, and screenshotting will be disabled by default.

5.  Classified Cybersecurity Protection: We will carry out classified cybersecurity protection assessments as required by national standards to ensure system security.

6.  Data Masking: While ensuring business functions, we will directly extract features and summary information from collected biometric data.

Data exchanged between your device and the "Service" is protected by SSL encryption during transmission. We use encryption technologies to ensure data confidentiality; we use trusted protection mechanisms to prevent malicious attacks; we deploy access control mechanisms to ensure only authorized personnel can access personal information.

(B) Handling of Security Incidents

We will strive to ensure the security of your personal information. If our physical, technical, or managerial safeguards are compromised, leading to unauthorized access, public disclosure, alteration, or loss of information that causes damage to your legitimate rights and interests, we will activate emergency response plans. Following legal requirements, we will promptly inform you of: the basic situation and potential impact of the security incident, the measures we have taken or will take, suggestions for you to prevent or mitigate risks independently, and remedial measures for you. We will inform you of the incident status via email, letter, phone, push notification, etc. If it is difficult to inform each data subject individually, we will take reasonable and effective measures to issue a public announcement.

Additionally, we will proactively report the handling of personal information security incidents to regulatory authorities as required.

 (C) Disclaimer

The internet environment is not 100% secure, and we will strive to ensure the security of any information you send us. If our physical, technical, or managerial safeguards are compromised, leading to unauthorized access, public disclosure, alteration, or loss of information that damages your legitimate rights and interests, we will bear corresponding legal liability according to law.

However, we shall not be held legally liable for information leakage or loss caused by the following circumstances, provided we have fulfilled reasonable protection obligations:

- Events of force majeure (including but not limited to natural disasters, war, unrest, strikes, etc.), changes in laws, regulations, or policies, or government actions;

- Cyber-attacks, hacking, computer viruses, or other malicious code;

- Your own actions or omissions, such as voluntarily disclosing account information or failing to properly safeguard account passwords;

- Technical failures, adjustments, or maintenance of telecommunications equipment or systems.

(D) Security Capability Requirements

If we process the sensitive personal information of over 100,000 individuals, we will designate a person in charge of personal information protection and establish a management organization. Our data security capabilities meet or exceed Level III requirements of GB/T 37988.

V. How You Can Access and Manage Your Information

(A) Access, Correct, and Delete Your Personal Information

You have the right to log in to this Platform at any time to access, correct, or delete your personal information. When you access, correct, or delete the aforementioned information, we may require you to verify your identity to ensure account security.

(B) Data Export

This Platform supports you exporting your data at any time. You understand and agree that after data export, you assume responsibility for the secure custody of the data on your personal devices.

(C) Change the Scope of Your Authorization

Each business function requires some basic personal information to be completed (see Chapter I). For the collection and use of additional personal information, you can grant or withdraw your authorization at any time.

You have the right to view or revoke any third party's (e.g., clinic's) access to your data at any time. This Platform will progressively develop an online "Data Authorization Management" function. Before this function is launched, you may complete authorization inquiries and revocations by contacting Platform customer service (email/phone).

When you withdraw consent, we will no longer process the corresponding personal information. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

(D) Account Cancellation

You have the right to apply for the cancellation of your account at any time. You can submit a cancellation request through the cancellation function provided on this Platform or by contacting Platform customer service.

We will complete the cancellation of your account within 15 working days of receiving your cancellation request. Please note that in a February 2025 notification by the Cyberspace Administration of China regarding the right to delete personal information, "user account cancellation commitment period exceeding 15 working days" was listed as a key rectification issue. We strictly adhere to this time limit.

After confirming that all transactions under your username have been completed and there are no pending complaints or disputes, we will:

- Change your account status to "Canceled," and you will no longer be able to access your data through this Platform;

- Process your original data according to your instructions and applicable legal provisions. If you do not make a specific request, we will continue to retain your data, but you will be unable to access it via the Platform (i.e., it will be converted to a frozen state), excluding data that must be retained due to legal requirements.

To prevent accidental operations, logging in with the original account within 30 days will be considered a waiver of the cancellation request, and we can then restore your data.

(E) Responding to Your Requests

For security reasons, you may need to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

We generally do not charge a fee for reasonable requests, but we may charge a reasonable cost for requests that are repetitive or exceed reasonable limits. We may refuse requests that are clearly unfounded, require excessive technical effort (e.g., developing new systems or fundamentally changing current practices), jeopardize the legal rights of others, or are highly impractical (e.g., involving information stored on backup tapes).

(F) Exceptions

In the following circumstances, as required by laws and regulations, we will not be able to respond to your requests for correction, deletion, or cancellation of information:

1.  Where directly related to national security or national defense;

2.  Where directly related to public safety, public health, or significant public interests;

3.  Where directly related to criminal investigation, prosecution, trial, and execution of judgments;

4.  Where there is sufficient evidence of subjective malice or abuse of rights on your part;

5.  Where responding to your request would cause serious harm to your or another individual's/organization's legitimate rights and interests;

6.  Involving trade secrets.

VI. How We Handle Children's Personal Information

Our products, website, and services are primarily intended for adults. Children are not permitted to create their own user accounts without the consent of a parent or guardian.

Where we collect personal information from children with the consent of a parent or guardian, we will only use or disclose such information as permitted by law, with the explicit consent of the parent or guardian, or as necessary to protect the child.

When collecting identity information of minors under the age of 14, we will only do so when explicitly required by relevant laws and regulations concerning minors. We will take reasonable measures such as SMS verification, phone verification, video verification, email verification, written confirmation, and linking to a verified adult account to verify the identity of the guardian.

If we become aware that we have collected personal information from a child without verifiable parental consent, we will take steps to delete that information as soon as possible.

VII. How We Store Your Personal Information

(A) Storage Location

In accordance with legal and regulatory requirements, we will store personal information collected and generated within the territory of the People's Republic of China within mainland China (excluding Hong Kong, Macao, and Taiwan regions).

If it is necessary to transfer your personal information outside Mainland China, we will strictly comply with the requirements of the "Personal Information Protection Law," the "Measures for Security Assessment of Data Exports," the "Measures for the Standard Contract for the Export of Personal Information," and other relevant laws and regulations. We will adopt one of the following measures and obtain your separate consent:

- Passing the data export security assessment organized by the national cyberspace administration;

- Obtaining **personal information protection certification** from a professional institution according to the national cyberspace administration's regulations;

- Signing a contract with the overseas recipient according to the standard contract formulated by the national cyberspace administration, stipulating the rights and obligations of both parties.

According to the "Provisions on Promoting and Regulating Cross-Border Data Flow," if, from January 1 of the current year, the cumulative provision of personal information (excluding sensitive personal information) to overseas recipients is between 100,000 and less than 1 million individuals, or sensitive personal information to less than 10,000 individuals, the data can be exported by concluding a standard contract for the export of personal information or through personal information export certification.

(B) Storage Period

We retain your personal information only for the period necessary to provide you with the service:

- When Account is Active: Information is retained for 5 years from the date of collection.

- Upon Account Cancellation: We will process your data as stipulated in Section V of this policy.

- Legal Requirements: Logs concerning the processing of sensitive personal information will be retained for three years.

After the above storage period expires, we will delete or anonymize your personal information.

VIII. How This Policy is Updated

We may revise this policy from time to time. When the terms of this policy change, we will notify you of the specific changes in the new version through page prompts, pop-ups, internal messages, etc. during version updates.

For material changes, we will also provide more prominent notice (including, for certain services, sending an email notification explaining the specific changes to the privacy policy).

Material changes referred to in this policy include, but are not limited to:

1.  Significant changes to our service model, such as the purpose of processing personal information, the types of personal information processed, or how personal information is used;

2.  Significant changes in our ownership structure or organizational structure, such as changes in ownership due to business restructuring, bankruptcy, or merger;

3.  Changes in the primary recipients of personal information sharing, transfers, or public disclosures;

4.  Significant changes in your rights regarding the processing of your personal information or how you exercise those rights;

5.  Changes in the department responsible for personal information security, our contact methods, or complaint channels;

6.  When a Personal Information Protection Impact Assessment indicates a high level of risk.

We will also archive older versions of this policy for your review.

IX. How to Contact Us

If you have any questions, comments, or suggestions regarding this policy, or need to handle data authorization inquiries or revocations, you may contact us through the following methods:

- Customer Service Email: support@mejene.cn

We will respond within 5 working days of receiving your contact.

If you are not satisfied with our response, especially if our personal information processing behavior has damaged your legitimate rights and interests, you may also lodge a complaint or report with regulatory authorities such as the Cyberspace Administration, the Ministry of Industry and Information Technology, the Public Security Bureau, or the Market Supervision Administration, or file a lawsuit in the competent People's Court in the jurisdiction where the operating entities of this Platform are located.

---

You Confirm: Before clicking "Agree", you have fully read, understood, and accepted all the contents of this Policy, especially the provisions marked in bold. You promise to accept and comply with the terms of this Policy.