Marz Privacy Policy
Last Updated: February 20, 2025
Effective Date: February 20, 2025
I. Introduction
Hainan Marz Network Information Technology Co., Ltd. (hereinafter referred to as "we" or "us"), as a professional sports event data service platform, fully recognizes the importance of personal information security. This policy describes in detail how we collect, use, store, and protect your personal information when you use our website, mobile applications, and related services, and clarifies your data rights. Please read this policy carefully before using our services. You may contact us at any time via [Support Email] or [Online Form] for policy inquiries.
II. Scope of Information Collection
(1) Device and Log Information
- Device Identifiers: Including IMEI, MAC address, device model, operating system version, screen resolution, and other hardware parameters
- Network Environment: IP address, connection type (Wi-Fi/4G/5G), internet service provider, and other network data
- Usage Patterns: Page click heatmaps, feature usage frequency, service response times, and other interaction logs
- Diagnostic Information: App crash reports, performance data, error codes, and other system operation logs
(2) User-Submitted Information
- Account Details: Phone number/email address, username, avatar, and bio provided during registration
- Social Linking: OpenID, avatar, and nickname from X/Google third-party login (requires separate authorization)
- Subscription Preferences: Followed league lists (e.g., Premier League/NBA), favorite teams, and event reminder settings
- Interactive Content: Comments, match predictions, live chat messages, and other user-generated content
(3) Third-Party Source Information
- Advertising Partners: Advertising identifiers (IDFA/AAID) obtained through SDKs
- Analytics Services: Cross-matched data between user devices and Google Analytics/Firebase
- Payment Providers: Transaction reference numbers and partial order information from payment services
III. Data Processing Purposes and Legal Basis
| Purpose | Data Type | Legal Basis |
|---|---|---|
| User account registration and identity verification | Phone number, third-party OpenID | Contractual obligation |
| Event data push and personalized recommendations | Subscription preferences, device info | Explicit user consent |
| Payment settlement and order management | Transaction records, device identifiers | Contractual obligation |
| Anti-fraud system and security protection | IP address, operation logs | Public interest |
| Product iteration and market research | Click heatmaps, crash logs | Legitimate business interest (impact assessed) |
IV. Data Sharing Mechanisms
(1) Necessary Sharing Scenarios
- Cloud Service Providers: Cloud storage for event databases, using TDE transparent data encryption
- Analytics Services: Feature usage statistics via Google SDK, with anonymized data processing
(2) Optional Sharing Scenarios
Social platform integration, targeted advertising
(3) Legally Required Disclosure
Based on formal legal requests from judicial authorities, we may provide relevant data to regulatory agencies. We will notify users in advance via [In-App Notification] of the scope of disclosure (except for confidential investigations).
V. User Rights Protection
(1) Data Access and Export
Through "Account Settings - Data Dashboard", you can view device login records and data subscription lists for the past 12 months, with support for exporting basic information in JSON format.
(2) Correction and Deletion
- Online Modification: Non-identity information such as avatar and nickname can be updated in real time
- Deletion Request: Submit a support ticket to request removal of comment records (content ID and posting time required)
- Account Cancellation: After identity verification, all account data will be deleted (except for legally required retention periods)
(3) Withdrawal of Consent and Right to Refuse
- Disable location data collection and personalized recommendations in "Privacy Center"
- Deny access to photos/contacts and other sensitive permissions through device system settings
- Use advertising identifier reset tools (e.g., iOS "Limit Ad Tracking") to opt out of targeted marketing
VI. Security Measures
(1) Technical Protection
- Network Protection: TLS 1.3 encryption enabled site-wide, with Web Application Firewall (WAF) deployed
- Data Storage: AES-256 segmented encryption for user passwords, with PBKDF2 algorithm for salt values
- Access Control: Principle of least privilege enforced, database operations require dynamic token re-authentication
(2) Management Mechanisms
- Quarterly ISO 27001 compliance audits, with audit trails retained for at least 3 years
- Confidentiality agreements signed with all employees, with annual cybersecurity awareness training
- Data breach emergency response plan established, ensuring regulatory notification within 72 hours
VII. International Data Transfers
Due to CDN acceleration requirements, some static resources may be cached on AWS Hong Kong nodes. All cross-border transfers undergo security assessments, with enhanced channel encryption using the Schannel protocol.
VIII. Children's Personal Information Protection
We strictly prohibit minors under 14 years of age from registering accounts. If a guardian discovers that a child's information has been collected inadvertently, please submit guardianship documentation to legal@marsaidata.com to request data deletion.
IX. Policy Update Mechanism
Revisions to this policy will be communicated 15 days before taking effect through the following methods:
- Floating announcement banner at the top of the website homepage
- In-app push notifications for logged-in users
- Change summary sent to registered email addresses
Material changes (such as changes in processing purposes) will require renewed user consent.