PrimiLab Minors' Personal Information Protection Rules

• •"Child": a minor under the age of 14.
• •"Adolescent": a minor who is at least 14 but under 18 years old.
• •"Minor": unless otherwise stated in these Rules, collectively refers to children and adolescents.
• •"Guardian": the parents or other natural persons or organizations that have guardianship over a minor in accordance with the law.

These Rules apply to all scenarios in which minors use PrimiLab products and services via mobile clients, our official website or other channels, including but not limited to account registration and login, sticker creation, collection co-building, social interaction and customer support.

Third-party services accessed by minors (such as third-party pages they link to and third-party account systems) fall outside the scope of these Rules; the related processing is governed by the third parties' published privacy policies. We recommend that guardians help minors carefully decide whether to use third-party services.

Before collecting, using, storing, sharing or publicly disclosing the personal information of a child (under 14), we will inform the guardian in a prominent and clear manner and obtain the guardian's explicit consent. The specific means include but are not limited to:

• •On first launching the app or registering an account, presenting the guardian with a core summary of these Rules and the Privacy Policy and requiring the guardian to actively confirm after understanding;
• •Before invoking functions involving sensitive personal information (such as location, camera, album or contacts), requesting authorization from the guardian via a separate prompt;
• •Before a child's account engages in high-risk operations such as payment or public sharing, verifying with the guardian again;
• •Accepting guardians' inquiries, access requests and consent withdrawals regarding processing activities via the contact information at the end of these Rules.

For adolescent users (at least 14 but under 18), we will inform them of the main content of these Rules in a manner appropriate to their age and comprehension and obtain their own consent; where sensitive personal information processing or material changes to rights are involved, we will still request the guardian's joint confirmation.

If we discover that an account is in fact used by a child under 14 without valid guardian consent, we will take measures in accordance with Section 11 of these Rules.

We adhere to the principles of "lawfulness, legitimacy, necessity and good faith", and collect and use minors' personal information only within the minimum scope necessary to provide services to them:

1. 1.Account registration and login: phone number or third-party account, nickname and avatar. Used to create the account, verify identity and protect account security.
2. 2.Sticker creation and upload: images the minor actively selects, optional capture location (latitude/longitude) and place name, and camera/album access permissions. Used to display and share their content in collections.
3. 3.Collections and social interaction: the collections the minor creates/joins, invitation codes, following relationships and interaction records. Used to enable collection co-building and social features, which guardians can view and manage at any time.
4. 4.Device and log information: device model, operating system version, unique device identifier, IP address, network type, and crash and performance logs. Used to keep the Service running stably, troubleshoot faults and guard against fraud.
5. 5.Customer support: the issue descriptions, contact details and communication records the minor or guardian actively submits. Used to respond to and follow up on the relevant requests.

We will not compel minors to provide personal information unrelated to the services, nor collect their personal information through inducement or deception. If a function no longer needs the relevant personal information, we will stop collecting it and delete what has been collected, except as otherwise provided by laws and regulations.

To provide the corresponding functions, we may request the following device permissions from the system when the minor actively takes an action and the guardian consents. Guardians and minors can turn off authorization in system settings at any time; doing so will only affect the related function:

• •Camera permission: to take photos for creating stickers;
• •Album/media library permission: to read and save images;
• •Location permission: to record capture location in stickers (the guardian/minor may choose precise or approximate location);
• •Notification permission: to push notifications such as account security, collection interactions and system messages;
• •Network access permission: to complete data upload and download.

We do not sell minors' personal information to third parties, nor use it for purposes such as targeted marketing, user profiling or personalized advertising. Except in the following circumstances, we do not share minors' personal information with any third party:

• •With the prior explicit consent of the guardian (and, where necessary, the adolescent themselves);
• •Where necessary to provide the core functions of the Service or functions the minor actively chooses, sharing with entrusted processors such as object storage services (to store uploaded images), message push services, SMS verification-code services and map services. We sign strict data-processing agreements with such processors, clearly limiting them to processing minors' personal information only within our instructions and implementing equivalent protective measures;
• •Where necessary to respond to a public health emergency or, in an emergency, to protect the life, health and property safety of the minor;
• •As required by laws, regulations, regulators or government-authorized agencies;
• •In transactions such as mergers, acquisitions or asset transfers, where the transferee must continue to perform the obligations under these Rules; otherwise we will require it to obtain valid consent anew.

In principle, we will not publicly disclose minors' personal information. Where public disclosure is genuinely necessary, we will separately inform of the purpose and scope, obtain the guardian's separate consent, and apply necessary de-identification and blurring.

• •Storage location: minors' personal information is by default stored on servers within the territory of the People's Republic of China. Where cross-border provision is genuinely necessary, we will separately obtain the guardian's consent and fulfil assessment obligations in accordance with the law.
• •Retention period: we retain minors' personal information only for the shortest period necessary for the purposes described in these Rules, except as otherwise provided by laws and regulations; beyond that period it will be deleted or anonymized.
• •Security measures: we adopt security measures commensurate with the sensitivity of minors' information, including transport-layer encryption, access minimization, dedicated access approval and auditing, key and credential management, and regular security drills.
• •Personnel management: staff who access minors' personal information are subject to least-privilege and role-based authorization and sign confidentiality agreements; violators are held liable in accordance with the law.
• •Incident response: where a security incident such as leakage, damage or loss of minors' personal information occurs or may occur, we immediately activate our contingency plan, promptly inform the guardian and report to the regulators.

Subject to applicable laws and regulations, minors and their guardians may exercise the following rights through in-app settings or the contact information at the end of these Rules:

• •Access and copy their personal information;
• •Correct or supplement inaccurate or incomplete personal information;
• •Request deletion of personal information (including cancelling the account);
• •Withdraw consent previously given;
• •Restrict the processing of specific personal information;
• •Inquire about and understand the rules by which we process minors' personal information;
• •Obtain personal-information portability where conditions are met.

Upon receiving a request, we will verify the requester's identity (and the guardianship relationship where necessary) and respond within a reasonable period. For requests that are manifestly unreasonable or repetitive, we may decline them or charge a reasonable cost.

When minors use social features such as collections and stickers, they may share information such as their own creations and location with others. Guardians should communicate with minors in advance and make clear that they should:

• •Not expose sensitive information such as their real name, school, home address or parents' contact details in public content;
• •Obtain consent from the relevant parties before capturing or uploading content containing others' likeness or personal information;
• •Keep their account, password and verification codes safe to prevent account impersonation;
• •Immediately report any harassment, bullying, inducement or other inappropriate content via the in-app reporting feature or the contact information at the end of these Rules; we will handle it promptly.

We will continuously improve our content moderation and anti-harassment capabilities for minors and handle violations of laws, regulations or community norms in accordance with the rules.

We have integrated certain third-party SDKs into the app to enable basic capabilities such as login, message reach and content storage. Third-party SDKs are operated independently by their providers, and their personal-information processing is governed by their officially published privacy policies. For processing involving minors, we require third parties to implement minimum-necessary, security and compliance requirements consistent with these Rules, and we assess and supervise their performance. For the specific SDK list and processing purposes involving minors, please also refer to the third-party SDK section of the PrimiLab Privacy Policy.

Minors or guardians have the right to refuse the function corresponding to any SDK, but the related function may become unavailable as a result.

If a guardian discovers that:

• •A minor registered for or used the Service without the guardian's consent;
• •A minor's personal information in the Service was wrongly collected, used or disclosed;
• •A minor encountered inappropriate content or unsafe interactions;
• •Any other situation requiring protection of the minor's lawful rights and interests arises.

Please contact us via the contact information at the end of these Rules and provide the necessary proof of identity and guardianship. After verification, we will promptly take measures such as freezing the account, deleting information, stopping processing and assisting with tracing, and reply in writing on the outcome.

We may revise these Rules in response to changes in laws and regulations, business adjustments or the security situation. The revised version will be published on this page with the update date noted. Where minors' material rights and interests are affected, we will notify you prominently via in-app notice, push, website announcement or by separately informing the guardian, and will obtain the guardian's consent anew where necessary.

If minors or guardians have any questions, comments, suggestions or complaints about these Rules, the processing of minors' personal information or the exercise of related rights, you may contact our team dedicated to the protection of minors' personal information via:

• •Email: privacy@primilab.com (please note "Minors Protection" in the subject line)
• •We will respond within 15 business days after receiving the request and verifying identity.