privacyPolicy
Effective Date: December 5, 2025
Welcome to Scrva (hereinafter referred to as "this App").This Privacy Policy is formulated and implemented by JUNTTING TRADING LIMITED (the Data Controller).Address: Room 502C, 5F, Ho King Commercial Centre, 2 - 16 FA YUEN STREET, YAU TSIM MONG DISTRICT, KOWLOON.Contact Email: help@junttingtrading.com. This App is a creative interactive platform specifically designed for scarf and shawl enthusiasts, operated by JUNTTING TRADING LIMITED (hereinafter referred to as "we"). For any inquiries related to privacy, you may contact us via our official email: help@junttingtrading.com. Protecting your privacy is our core principle; we strictly comply with relevant laws and regulations and process the information generated during your use of this App in a transparent and necessary manner. This Privacy Policy is intended to inform you about how we collect, use, store and protect your information, as well as the rights you are entitled to.
Please carefully read and understand this Privacy Policy before using the App. By using the App, you acknowledge that you have fully read, understood and agreed to be bound by all provisions of this Policy. If you do not agree, please stop using the App immediately.
1. Information We Collect
We strictly adhere to the "minimum necessity" principle.We do not collect any of your personal information (including but not limited to name, contact details, ID number, geolocation, communication records, or any other information that can identify an individual). We only collect the following non-personal data and necessary device-related information to ensure the normal operation of the App's core functions.
This practice complies with key privacy laws applicable to global users, including:
• General Data Protection Regulation (GDPR) (for users in the European Economic Area and the UK): Mandates the "data minimization" principle and restricts unnecessary collection of personal data.
• California Consumer Privacy Act (CCPA/CPRA) (for users in California, U.S.): Requires transparency in data collection practices and prohibits excessive collection of non-essential information.
1.1 Non-Personal Content Information You Voluntarily Provide
To realize core functions such as sharing styling ideas, you may voluntarily upload styling photos, enter titles and step descriptions (hereinafter referred to as "Shared Content"). Please note: This shared content is strictly non-personal. We will not extract any personal information from it, nor will we associate it with any information that can identify you.Such information is only used for display within the App, community communication and local storage. We will not upload it to servers nor associate it with any personally identifiable information. You can delete the Shared Content you posted at any time, and the local data will be completely cleared after deletion.
1.2 Automatically Collected Non-Personal Data
To ensure the stable operation of the app and optimize your user experience, we automatically collect the following non-personal, non-identifiable information (all information is anonymized and cannot be linked to your personal identity under any circumstances):
• Basic Device Information: Including device model, operating system version and App version number. It is only used to adapt to different device models, fix technical issues such as App crashes, and ensure the App operates normally on various devices.
• Device Identifier (Device ID): We collect the unique device identifier only for two purposes: 1) Verifying device compatibility and troubleshooting functional abnormalities on specific devices; 2) Preventing malicious use and ensuring App usage security. We store the Device ID in encrypted form and will not use it for advertising pushes or share it with third parties.
• Advertising IDs: If your device supports it, we will collect the Advertising IDs solely to display non-intrusive advertisements related to scarves and styling to you, and to statistics on advertisement display effects to optimize advertising experience. We will not associate the Advertising IDs with any personal information, nor use it for user profiling or precise tracking. You can reset the Advertising IDs or disable personalized advertising through the "Settings > Google > Ads" path on your device.
• Wi-Fi Environment Information: We collect Wi-Fi connection status (such as signal strength, connection type) only to optimize the loading speed of images in the App (e.g., automatically adjusting image resolution in weak network environments) and avoid content loading failures caused by network issues. We will not collect information that can be linked to location, such as Wi-Fi name or MAC address.
• Local Usage Data: Including your category preferences when accessing the "Tie Inspo Hub", likes and collection behaviors. Such data is only stored locally to optimize the display order of content recommendations for you and improve user experience, and will not be uploaded to servers.
1.3 Temporarily Generated AI Interaction Data
When you use the AI Assistant function in "Style Chat", temporary interaction data will be generated (such as your styling consultation questions and AI-generated suggestion content). Such data is only used to respond to your consultation needs in real time and will be automatically cleared after the conversation ends. It will not be stored or used for other purposes. We will not retain your conversation history during AI interactions.
1.4 Legal Basis for Data Processing
We process your data in strict compliance with major global privacy regulations (such as the GDPR, CCPA/CPRA, etc.). The specific legal bases are as follows:
• Your Explicit Consent: When you voluntarily provide non-personal content information (e.g., content you submit within Scrva, preference settings), this constitutes your explicit consent for us to process such data to support Scrva’s core functions (e.g., content display, personalized experience optimization). You may withdraw this consent at any time via Scrva’s settings (withdrawal will not affect processing activities lawfully completed based on your prior consent).
• Necessity for Contract Performance: Your use of Scrva constitutes the formation of a service agreement with us. Processing device-related data (e.g., basic device information, locally stored data) is a necessary operation to ensure the normal operation of Scrva’s core functions, and is a legally required step for performing our service agreement with you.
• Legitimate Exercise of Legitimate Interests: Without impairing your legitimate rights and interests (such as privacy rights, freedom of choice), we will process non-personal information (e.g., session caches) based on our legitimate commercial interests in "optimizing the Scrva user experience and enhancing service security." This processing will not cause unreasonable negative impacts to you, and you have the right to object to such processing by contacting us.
2. Permission Acquisition and Usage
This app only requests necessary permissions with your active authorization. The scope of permission usage is strictly limited to corresponding functions and will not be used for other purposes. The purposes of data collection for the following permissions are clearly specified (including details for the recording and image upload functions):
• Camera Permission:Purpose of Collection: Exclusively for capturing styling photos when you use the "Post Your Style" feature, to complete content publication.
Permission Details: The camera is only activated when you actively trigger the shooting operation; it will not be enabled in the background without authorization. You can disable it at any time via "Device > Settings > Apps > Scrva > Permissions". After disabling, you can still upload local photos to post content.
• External Storage Permission:Purpose of Collection: ① To support you in uploading styling photos from your local album to the app; ② To allow you to export AI-generated styling suggestions and your posted styling content to external storage for easy content retention.
Permission Details: Only accesses photo files you actively select; it will not read, modify, or delete other storage data. After disabling, you cannot import/export photos, but other app functions remain unaffected.
• Network Permission:Purpose of Collection: For real-time interaction of the AI Assistant feature (transmitting interaction instructions and results), app version update detection, and ad content loading.
Permission Details: Data transmission only occurs in the above scenarios; no other network data transmission takes place.
• Album Permission (Image Upload Function):Purpose of Collection: Exclusively for you to select and upload styling photos from your local album to the app, to complete content publication.
Permission Details: Only accesses photo files you actively select; it will not read, modify, or delete other album content. After disabling, you cannot upload photos from the album, but other app functions remain unaffected.
• Microphone Permission (Recording Function):Purpose of Collection: Exclusively for recognizing your voice commands when you use the "Voice Describe Request" feature, to generate corresponding styling suggestions.
Permission Details: The microphone is only activated when you actively trigger the voice function; it will not record in the background. After disabling, you cannot use the voice function, but you can still submit requests via text input.
3. Ways of Using Information and Detailed Data Sharing Provisions
We strictly limit the sharing of any information collected through the App.You have the right to know whether your personal data has been shared. We only engage in such sharing under the following legally compliant circumstances, with strict contractual safeguards to protect data security:
1. Ensuring Core Function Operation: Such as using camera and external storage permissions to support styling content publishing; optimizing image loading through Wi-Fi environment information; and resolving compatibility issues with device information.
2. Optimizing User Experience: Adjusting the display order of "Tie Inspo Hub" content based on local usage data to help you find interesting styles more conveniently; pushing styling-related advertisements through Advertising IDs to improve advertisement relevance.
3. Providing AI Assistant Services: Temporarily using AI interaction data to generate styling suggestions and respond to your consultation needs.
4. Ensuring Usage Security: Identifying abnormal usage behaviors through Device ID to prevent malicious operations and protect the security of the App ecosystem.
5. Sharing with Authorized Third-Party Service Providers: We may share non-personal data (e.g., anonymized device model, encrypted Advertising IDs) with trusted third-party service providers who assist us in operating the App and providing services. These providers include:
○ AI technical service providers (Moonshot AI): Only receive temporary AI interaction data to support real-time styling consultations, and are contractually obligated to not retain, store, or further share such data.
○ Advertising service providers: Receive anonymized Advertising IDs solely for delivering scarf/styling-related advertisements, and are prohibited from linking it to personal information or using it for user profiling.All third-party service providers are required to implement equivalent data protection measures and are subject to regular compliance audits.
6. Sharing for Legal or Safety Purposes: We may share information if required by a court order, subpoena, or other legal process, or to protect the safety of users, the public, or our legitimate business interests. Such sharing will be limited to the minimum scope necessary and accompanied by anonymization where possible.
7. Sharing in Business Transfer Scenarios: In the event of a merger, acquisition, asset sale, or other business transfer, non-personal data may be transferred to the transferee. The transferee will be bound by this Privacy Policy and must continue to uphold the same privacy protection standards.We will never share, sell, or rent personal information (which the App does not collect) with third parties for commercial purposes without explicit user consent.
4. Data Retention Rules
4.1 Data Retention Methods and Durations
• Local Data Self-Management: Your shared content, favorite records, usage preferences, and other information are stored locally on your device via an SQLite database, visible only on your device—these data will not be uploaded to our servers. You have full control over the retention period of these local data: you may manually delete them through your device’s functions, or they will be automatically cleared when you uninstall the app.
• Temporary Data Immediate Deletion: Temporary data (such as AI interaction data and session caches) will be automatically deleted immediately after the corresponding function is used. Non-personal data (such as ad IDs and basic device information) will also be completely removed from your device when you uninstall the app, with no additional retention.
• Temporary Server Data Retention: When using the AI Assistant feature, temporary interaction data will be encrypted and transmitted to the server. However, the server only retains this data temporarily during function processing and will delete it immediately after the function is completed—no long-term storage is involved.
4.2 Security Protection Measures
We adopt multiple security technical measures to protect your information security:
• Information stored locally is processed with encryption algorithms to prevent unauthorized access by third-party applications;
• The TLS 1.3 encryption protocol is adopted during network transmission to ensure the security of data during transmission;
• Regular security inspections are conducted on the App to fix potential vulnerabilities and prevent data leakage risks;
• Internal personnel permissions are strictly restricted, and there is no possibility for internal personnel to access or obtain your local information.
5. Information Sharing and Disclosure
We will never sell or rent any of your information. You have the right to know whether your personal data has been shared. We will only share relevant non-personal data in the following limited circumstances, while strictly fulfilling protection obligations:
• Third-party service providers: To ensure the normal operation of the AI Assistant function, we transmit temporary interaction data to the third party that provides AI technical support. This third party undertakes to use the data only for providing technical services, and will not retain the data or use it for other purposes. For ad display, we will share anonymized ad identifiers with ad service providers, and require them not to associate these identifiers with personal information.
• Legal compliance requirements: If required by laws, regulations, judicial authorities, or administrative regulatory departments, we may disclose relevant information. However, we will make every effort to ensure that the disclosed information is only within the necessary scope and is anonymized.
• Business transfer scenarios: In the event of business changes such as mergers, acquisitions, or asset transfers, relevant personal data may be transferred to the transferee, who shall continue to fulfill the privacy protection obligations specified in this Privacy Policy.
5.1 Methods to Opt Out of Data Sharing
You may opt out of non-essential data sharing through the following channels:
• Opt out of third-party service data sharing: If you wish to stop sharing temporary interaction data with the AI technical support party, you may send a request to us via email at: help@junttingtrading.com. If you wish to opt out of ad identifier sharing, you may disable the sharing of anonymized ad identifiers in your device’s system settings.
• Opt out in business transfer scenarios: If you do not want your personal data to be transferred to the transferee in the event of a business transfer, you may submit an account cancellation request via “Me > Contact Customer Service” in the App within 15 working days after receiving the business change notification. We will completely delete your personal data during the cancellation process to prevent it from being transferred.
5.2 Information Sale Provisions and Your Rights
• No Information Sale Commitment: We will never sell your personal information to any third party in exchange for money, resources, or any other form of benefit.
• Right to Know About Information Sales: You have the right to verify with us whether your personal information has been sold. If you have such inquiries, you may contact us through the channels listed in "10. Contact Us," and we will respond truthfully.
• Right to Opt Out of Information Sales (Clarification): Since we do not engage in the sale of personal information, you currently do not need to exercise the right to opt out of information sales. If our policies related to information sales change in the future, we will notify you in advance and provide clear opt-out channels for your selection.
6. Your Rights
You have full control over the information in the App and can exercise relevant rights through the following methods:
• Access and Manage Shared Content: You can view all Shared Content you posted through "My Recovery Space" at any time, and directly delete unnecessary content. The data will be completely cleared after deletion.
• Permission Management: You can enable or disable permissions such as camera and external storage at any time through the "Settings > Apps > Scrva > Permissions" path on your device. After disabling, relevant functions may not be available, but other functions will not be affected.
• Advertising Preference Settings: You can reset the Advertising IDs or disable personalized advertising through the "Settings > Google > Ads" path on your device. After disabling, we will no longer push advertisements based on your preferences.
• Data Deletion Right: After uninstalling the App, all locally stored information (including Shared Content and usage preferences) will be automatically deleted; if you need to clear all local data in advance, you can contact us through "Settings > Feedback" to obtain operation guidelines.
• Right to Know: If you want to know the scope of non-personal data related to your device collected by us, you can contact us through the following contact information, and we will reply within 15 working days.
6.1 Explanation of Globally Applicable Legal Bases
For users in different regions, our legal bases are further refined in accordance with local privacy regulations:
• Users in the European Economic Area (EEA) and the UK: Pursuant to the General Data Protection Regulation (GDPR), we process your data primarily based on: ① Your explicit, voluntary consent (for data related to non-essential functions); ② The necessity of performing the service contract with you (for data necessary to support Scrva’s core functions); ③ Our legitimate interests (which must meet the GDPR’s assessment criteria of "legitimate interest and no impairment of your rights and interests").
• Users in California, U.S.: Pursuant to the California Consumer Privacy Act (CCPA/CPRA), we process your data based on: ① Your active authorization (for non-essential data); ② The necessity of providing the services you request (for data required for core functions). You also have the rights stipulated by the CPRA, such as "data access, deletion, and opt-out."
• Users in Other Regions: Pursuant to applicable local privacy laws (e.g., Australia’s Privacy Act, Brazil’s General Data Protection Law), our bases for processing data are "the necessity of performing the service agreement" and "legitimate commercial interests," while ensuring compliance with local regulatory requirements for "data minimization and transparency."
7. Additional Rights for Users in Google-Required Regions
If you are a user in "Google-required regions" such as the European Union/European Economic Area (EEA), the United Kingdom, and the State of California, USA, in accordance with applicable local privacy laws and regulations (such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), etc.) and Google's privacy-related requirements, you are entitled to the following additional rights in addition to the general rights specified in Section 6 of this Policy. We will protect the exercise of your rights in accordance with the corresponding regulations:
Users in the European Union/European Economic Area and the United Kingdom (Applicable to GDPR/UK GDPR):
• Right to Withdraw Consent: If you have authorized us to collect information such as Advertising IDs, you can withdraw your consent at any time through device permission settings or by contacting us. Withdrawal of consent will not affect the information processing activities based on legal authorization before withdrawal.
• Right to Object to Processing: You have the right to object to our processing of the Advertising IDs for optimizing advertising experience. You can disable personalized advertising through "Settings > Google > Ads" on your device or contact us to request termination of relevant processing, unless we can prove that there are legitimate and compelling reasons that take precedence over your interests.
• Right to Data Portability: You can request us to provide the non-personal data related to your device collected by us (such as basic device information, anonymized usage preferences) in a structured, machine-readable format to you or a designated third party. We will respond and provide the data within 1 month.
• Right to Lodge a Complaint: If you believe that our information processing activities violate the GDPR/UK GDPR, you can lodge a complaint with the data protection authority in your region (e.g., EU users can contact the local data protection authority, and UK users can contact the Information Commissioner's Office (ICO)).
Users in the State of California, USA (Applicable to CCPA/CPRA):
• Right to Know and Access: You have the right to know whether your personal data has been shared.You can request us to confirm whether we have collected your "personal information" (as defined by CCPA/CPRA) and obtain information such as the category, source, processing purpose and sharing status of the collected personal information.
• Right to Delete ("Right to Be Forgotten"): You can request us to delete all information collected about you. We will complete the verification and delete relevant data (if any) within 45 days and feedback the processing result to you.
• Right to Opt-Out of Sale/Sharing: You have the right to direct us to stop "selling" or "sharing" your personal information for cross-context behavioral advertising. While we do not engage in CCPA-defined "sale" activities by default, we’ve added a prominent "Do Not Sell or Share My Personal Information" control in the app and on our website for easy exercise of this right.
• Right to Non-Discrimination: When you exercise the rights stipulated by CCPA/CPRA, we will not refuse to provide services to you, reduce service quality or charge additional fees on this basis.
Users in Virginia, USA (Applicable to VCDPA): Right to Correction: If you believe that there is inaccurate information in the non-personal data collected by us (such as incorrect device model records), you can request us to correct it. We will verify and complete the correction within 45 days (if an extension is needed, we will inform you in advance and explain the reason).
• Right to Opt-Out: You can opt out of our processing of the Advertising IDs for targeted advertising purposes, and you can exercise this right through device settings or by contacting us.
Methods for Users in Google-Required Regions to Exercise Rights: You can exercise the above additional rights by sending an email to help@junttingtrading.com. The subject of the email should be marked as "[Corresponding Region] Privacy Right Request - Device Model", and you should provide your device model, App version and explanation of right exercise. We will respond within the time limit required by the corresponding regulations (1 month for GDPR, 45 days for CCPA/CPRA, and 45 days for VCDPA). If identity verification is required, we will only ask for basic information related to your use of the App (such as nickname in the App, screenshot of posted content). The verification information is only used for identity verification and will be deleted immediately after verification.
8. Protection of Minors' Privacy
We attach great importance to the protection of minors' privacy and strictly comply with international and regional laws and regulations on minors' data protection, such as the General Data Protection Regulation (GDPR) and the Children's Online Privacy Protection Act (COPPA). Combined with the functional characteristics of the App as a "scarf styling creative sharing platform", we have formulated the following special protection measures:
• Clear Age Restriction and Access Norms: The App explicitly limits its services to adult users aged 18 and above. The definition of "minors" shall be subject to the legal provisions of the corresponding region (e.g., under 16 in the EU and under 13 in the US). Regardless of the local legal definition, the App uniformly requires users to be at least 18 years old to use it. When the App is first launched and after each version update, we will prompt you to confirm your age through a pop-up window. You can only enter the App and use core functions (such as posting content, participating in community interactions, using AI Assistant, etc.) after clicking "Confirm that I am 18 years old or above". Although the age confirmation is a self-declaration by the user, we will use technical means to prevent minors from bypassing the confirmation process.
• Commitment to Zero Collection of Minors' Data: We will not intentionally collect, store or use minors' personal information (including but not limited to name, date of birth, contact information, family information) in any form, nor will we actively provide functions such as App registration and content publishing to minors. If a minor bypasses the access restriction and uses the App by means of falsely declaring age, since the core data of the App is stored locally on the user's device and no personally identifiable information is collected, the Shared Content and interaction records generated during their use will also only be retained locally on the device and will not be uploaded to our servers.
• Guardian Supervision and Intervention Mechanism: We encourage guardians to strengthen supervision over minors' use of smart devices and Apps. If a guardian finds that a minor has used the App by mistake, they can exercise supervision rights through the following methods: ① Directly view the Shared Content posted by the minor through "My Recovery Space" on the device used by the minor, and clear the relevant data through the delete function on the content detail page; ② Uninstall the App to completely clear all locally stored usage data (including Shared Content and collection records); ③ Contact our privacy protection team (email: help@junttingtrading.com) and provide the device model, App version and guardian's identity certification materials. We will provide guardians with detailed guidelines for local data clearing and App usage restriction tutorials (such as device-level App lock setting methods).
9. Updates to This Privacy Policy
We may update this Privacy Policy from time to time in response to functional iterations or changes in laws and regulations. For material changes (such as changes in the scope of information collection or purpose of use), we will prompt you through in-app pop-ups, push notifications and other methods, and the changes will take effect after your confirmation and consent; for non-material changes (such as text optimization, contact information update), we will directly update the policy content and mark the update date on the "Settings > Privacy Policy" page in the App.
Your continued use of the App after the effective date of the updated Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree, you may stop using the App.
10. Contact Us
• We have appointed a Data Protection Officer (DPO) to oversee compliance with applicable privacy laws and regulations (including GDPR, CCPA/CPRA, etc.) and handle privacy-related inquiries. The DPO is responsible for monitoring our data processing activities, conducting privacy impact assessments, and coordinating with regulatory authorities. For privacy-related communications with the DPO, please contact:
• Email: help@junttingtrading.com
• Company Address: Room 502C, 5F, Ho King Commercial Centre, 2-16 Fa Yuen Street, Yau Tsim Mong District, Kowloon, Hong Kong
We will reply to your inquiry or process your request within 30 working days.