R2 Cycling App Privacy Policy

Last Updated：Jan 22, 2025
Effective Date：Jan 22, 2025
R2 Cycling App Privacy Policy (hereinafter referred to as “the Privacy Policy”) outlines how RockRoad (Shenzhen) Technology Co., Ltd. and its affiliated companies (hereinafter referred to as “RockRoad”, “we” “us” or “our”) collect, use, disclose, share, transfer, store, and protect your personal information, as well as the rights you have. We fully understand the importance of personal information to you, and we will take appropriate security measures in accordance with laws and regulations to protect your personal information security and keep it under control.
This Privacy Policy only applies to the processing of your personal information when you use the R2 Cycling App (hereinafter referred to as “the App”), which is associated with smart devices (hereinafter referred to as “Devices”). It does not apply to any other RockRoad products, services, websites, features, or content that have their own independent privacy policies. For example, the processing of personal information when using a Device will be subject to the privacy policy corresponding to the Device. 
Before using the App, please make sure to carefully read and thoroughly understand this Privacy Policy. In order to provide you with services, we may collect your sensitive personal information. Please pay special attention to this. If you have any questions, comments, or suggestions regarding this Privacy Policy, please contact us according to the information listed in Chapter VII. We will respond to you within the time required by law.
This Privacy Policy will help you understand the following:
I. How we collect and use your personal information
II. How we entrust the processing, share, transfer, and disclose your personal information
III. How we store and protect your personal information
IV. Your rights
V. Protection of minors
VI. Updates to this Privacy Policy
VII. Contact us
I. How we collect and use your personal information
A. Collection and use of your personal information for providing basic functions
In order to provide you with App-related services, we will collect and use the personal information necessary to provide the basic functions of the App. You are not legally obligated to provide the following personal information, but without this information, we may be unable to offer you the basic functions of the App.
1. Registration and login of R2 account
In order to help you successfully create a R2 account, you need to provide us with your phone number and set a password for your R2 account. When you log into your R2 account, we will collect your account credentials, including a) account name, password, phone number, and verification code for identity verification; b) login token to help you maintain your login session. Additionally, when you create or log into your R2 account, we will also collect the region and country code you select to assist in determining the data center to which your Device and mobile device are connected. Since the phone number is important information for logging into the App, this information will be stored on the mobile device running the App. If you wish to delete your R2 account information, you may choose to delete your R2 account through the method described in Chapter IV below. If you have deleted your R2 account and wish to further delete local cache, you will need to remove the App from your mobile device.
2. Maintenance of R2 account information
In order to help you manage and maintain your R2 account, you may choose to set your profile picture and nickname.
Your profile picture will only be used for display on the profile page and in the member center. When you upload or change your profile picture, we will request permission to access your photo album and external storage, and collect the image information you upload or change. If you deny these permissions, you will not be able to set your profile picture, but it will not affect your use of other functions of our products and/or services.
3. Device network connection and binding
When the Device needs to be used while connected to the network, in order to support you in securely connecting and controlling the Device through the App, you need to bind your Device within the App. During this process, we will collect the following information: (1) your R2 account information; (2) your device information, including device model, SN code, and bluetooth MAC address; (3) time zone setting information for performing cloud-based scheduled tasks and enabling smart scenarios. 
4. Device information display
In order to help you better understand the status of your Device, we display the device name you edit and the device status information on the App. For detailed information on the device data we collect, please refer to the privacy policy corresponding to each Device you have bound.
5. Device firmware updates
We may collect the firmware version information, device model, and binding status of the Device associated with your R2 account through the App, in order to provide you with device firmware upgrade functionality. 
6. Maintaining App stability and security
During your use of the App, in order to maintain the stability and security of the App, we need to collect your App crash information and mobile device-related data, including your mobile device’s system version, language settings, mobile device model, and the model of the connected device.
B. Collection and use of your personal information for providing additional functions
In order to provide you with more convenient and high-quality services, and to enhance your experience using the App, we may collect and use your personal information when providing the following additional services. If you choose not to provide the information required for these additional services, you can still use the basic functions of the App mentioned above, but you may not be able to enjoy these additional services that can offer you a better experience.
1. Network Intercom
When you use the network intercom feature, in order to enable mutual identification among users during intercom communication, we need to collect your R2 account. To ensure the proper functioning of the network intercom, with your authorization, we will use microphone permissions to collect your voice data. Please be assured that the voice data transmitted during network intercom communication will not be retained on our backend servers.
2. Emergency SOS
When you use the emergency SOS feature, with your authorization, we will use precise location permissions to obtain your current location information and send it to your designated emergency contacts. To notify your emergency contacts, we will collect the name and phone number of your emergency contacts as provided by you.
3. Widget Function and Auto-Start
When you use the App desktop widget, in order to ensure you receive and understand the status information of your device in a timely manner, the App will have a certain frequency of auto-start behavior, which is necessary to enable the widget functionality. If you do not use the App desktop widget, the App will not auto-start.
In addition to the above scenarios of personal information collection, in accordance with applicable laws, we may process data that cannot be used to identify a specific individual and cannot be restored, through technical and other necessary measures, for statistical analysis, data mining, product improvement, and business decision-making. This includes the anonymized data used for algorithm model training in the intelligent customer service scenario mentioned above. RockRoad will determine the purpose and method of collecting, using, processing, transferring, or disclosing such data in accordance with applicable laws. If such data is combined with your other personal information, we will still treat it as personal information and protect it according to the rules outlined in this Privacy Policy.
C. Situations in which Mobile Device Permissions are Requested
In order to provide you with specific service functions, we will, with your consent, request relevant permissions and collect your personal information (if applicable) when you trigger related functions. You can refuse or withdraw the authorization for these permissions at any time. However, doing so may prevent you from using the corresponding service functions, though it will not affect your use of other features of the App. The mobile device permissions that the App may request are as follows:
- Location Information: Used for Emergency SOS, and helping the user quickly input the delivery address.
- Camera Permission: Used for changing user avatars.
- Album Permission: Used for changing user avatars.
- Microphone Permission: Used for Devices that support audio call functions to enable audio calls or voice transmission.
- Bluetooth Permission: Used during Device network configuration to connect to the device’s Bluetooth for communication and connection.
- Siri & Search Permission: Used on iOS devices to enable Siri settings. Based on previously set shortcuts on the mobile device, Siri interacts through voice to control the device’s operation or movement.
II. How We Entrust the Processing, Share, Transfer, and Disclose Your Personal Information
A. Sharing
We will not sell any personal information to third parties. We will not share your personal information with any third party (including companies, organizations, and individuals), except in the following circumstances:
1. Sharing Explicit Consent: With your explicit consent, we may share your personal information with third parties.
2. Sharing in Legal Situations: We may share your personal information with third parties based on legal requirements, dispute resolution needs, or compulsory requests from administrative or judicial authorities according to applicable laws and regulations.
3. Sharing with Affiliates and Third-Party Partners: To provide you with better services, and in compliance with the data protection laws of your jurisdiction, your information may be shared within RockRoad’s affiliated companies (involved in manufacturing, product sales, after-sales services, etc.). 
B. Transfer
We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:
1. Transfer with Explicit Consent: With your explicit consent, we may transfer your personal information to other parties.
2. Involving Mergers, Divisions, Dissolutions, Acquisitions, or Bankruptcy: If personal information transfer occurs in the context of a merger, division, dissolution, acquisition, or bankruptcy, we will notify you of the name and contact information of the party receiving your personal information. We will require the new holder of your personal information to continue to be bound by this Privacy Policy, or we will ask them to seek your consent again.
C. Public disclosure
We will only publicly disclose your personal information in the following circumstances:
1. With Your Separate Consent;
2. When required by law, legal proceedings, litigation, or mandatory requests from government authorities, we may publicly disclose your personal information in such cases.
D. Exceptions to obtaining prior consent for sharing, transfer, and public disclosure of personal information
To avoid unnecessary confusion, within the scope permitted by applicable laws, we may share, transfer, or publicly disclose your personal information without your consent in the following situations:
1. As necessary to enter into or perform a contract at your request.
2. As required for the performance of legal duties or obligations: We may share your personal information based on legal requirements, litigation, dispute resolution needs, or as required by competent authorities such as administrative, judicial, or supervisory bodies, or for the fulfillment of other legal obligations.
3. To respond to public health emergencies or in emergency situations to protect the life, health, and property of natural persons.
4. To implement public interest activities such as news reporting, public opinion supervision, etc., within a reasonable scope, in accordance with the law.
5. To process personal information you have publicly disclosed, or other personal information that has been legally made public (e.g., personal information legally disclosed through channels such as news reports, government information releases, etc.).
6. Other circumstances as specified by law or regulation.
III. How we store and protect your personal information
A. Storage location of your personal information
RockRoad uses globally deployed cloud services to process and back up personal information. Currently, RockRoad uses data centers located in China and China Hongkong. Depending on the country or region you selected when registering your R2 account, we will store your information in the nearest data center. If you choose to use the App in the People’s Republic of China (excluding Hong Kong, Macau, and Taiwan), your personal information will be stored in data centers located in mainland China (excluding Hong Kong, Macau, and Taiwan).
B. The protective measures we take
We are committed to ensuring the security of your personal information. To prevent unauthorized access, disclosure, or other similar risks, we take reasonable physical, electronic, and organizational measures to protect the personal information we collect through the App. We will take all reasonable measures to protect your personal information.
Your data is stored on secure servers and protected in controlled facilities. We classify your data according to its importance and sensitivity, ensuring that your personal information is given the highest security level. We ensure that employees and third-party service providers who need access to this information to help provide products and services to you are bound by strict contractual confidentiality obligations. Any failure to fulfill these obligations will result in disciplinary action or termination of cooperation. Similarly, we have implemented dedicated access control measures for cloud-based data storage. In summary, we regularly review our data collection, storage, and processing practices, including physical security measures, to prevent any unauthorized access and use.
We will take all feasible measures to protect your personal information. However, you should be aware that the use of the Internet is not always secure. Therefore, we cannot guarantee the security or integrity of any personal information during transmission over the Internet in both directions.
In accordance with applicable laws, including personal information protection legislation in your jurisdiction, in the event of a personal information breach, we will promptly notify the relevant regulatory authorities; in certain special circumstances, we will also notify you of any personal information breach that relates to you.
D. Measures you can take to protect your information
To protect your personal information, please do not disclose your account details to anyone unless that person is officially authorized by you. Roborock is not responsible for any security breaches resulting from your failure to maintain the confidentiality of your personal information. However, if you discover that any other internet user has unauthorized access to your account or any other security vulnerability, you must notify us immediately. Your cooperation will help us protect the privacy of your personal information.
IV. Your rights
You or any other authorized party can exercise the relevant rights regarding any personal information we hold about you. RockRoad ensures that you can exercise the following rights over your personal information, and we provide relevant control settings for you.
In accordance with applicable data protection laws, upon receiving your request, we may first ask you to verify your identity. Once your identity is successfully verified, we will respond to your request within 15 business days. For reasonable requests, we generally do not charge a fee; however, for repeated requests or those that exceed reasonable limits, we may charge a reasonable cost. For requests that are unnecessarily repetitive, require excessive technical efforts, pose risks to the legal rights of others, or are unrealistic, we may refuse them in accordance with applicable data protection laws. If we are unable to respond to your request, we will explain the reasons to you.
A. Deleting your personal information
In accordance with applicable data protection laws, you have the right to delete your personal information. If you wish to delete your personal information stored on our servers, see the section “Account Cancellation” below.
In addition to the above methods, you can also contact us through the channels outlined in Chapter VII of this Privacy Policy to request the deletion of your personal information. Please understand that after you or we assist in deleting your personal information, due to applicable laws and security technologies, we may not be able to immediately delete the corresponding information in backup systems. However, we will securely store your personal information and isolate it from further processing until the backup is cleared or anonymized.
B. Accessing, copying, correcting, and supplementing your personal information
You have the right to request access to and/or correction of any personal information we hold about you. Based on your request, we can provide free of charge a record of the personal information we have collected and processed about you. If you wish to access the personal information we hold, or if you believe any information we hold about you is inaccurate or incomplete, please contact us promptly through the methods outlined in Chapter VII of this Privacy Policy.
C. Limiting or refusing the processing of your personal information
In accordance with applicable laws, you may have the right to restrict or refuse our processing of your personal information in certain circumstances. You can contact us using the methods described in Chapter VII of this Privacy Policy to exercise your right.
D. Transferring Your Personal Information
In accordance with applicable data protection laws, you have the right to request the transfer of your personal information to another data handler in accordance with legal provisions. You can exercise this right by contacting us through the methods described in Chapter VII of this Privacy Policy.
E. Account Cancellation
You can apply for account cancellation through the following methods:
1. Log into the App, go to the "Settings>Profile>Accounts" section, click on “Delete Account” to proceed with the corresponding operation.
2. Contact us using the methods described in Chapter VII of this Privacy Policy to request the cancellation of your account.
After you cancel your account, we will stop providing you with products or services and will delete or anonymize your personal information within 15 days of your cancellation request and after identity verification. Please note that account cancellation is irreversible, and once your data is deleted, it cannot be recovered. Please consider your decision carefully.
F. Other rights
In addition to the rights listed above, you also have other rights related to your personal information under applicable laws and regulations.
In certain business functions, decisions may be made solely based on automated decision-making systems, including algorithms, without human intervention. If such decisions significantly affect your legal rights, you have the right to request an explanation from us and to refuse decisions made solely through automated processes.
Furthermore, in accordance with the provisions of the Personal Information Protection Law, we will protect the personal information of deceased individuals. After a user’s death, their close relatives, for their legitimate and proper interests, may exercise the rights to access, copy, correct, or delete the deceased user’s personal information by contacting us using the contact methods provided in Chapter VII of this Privacy Policy, unless the deceased user had made other arrangements during their lifetime.
If you are dissatisfied with our response, especially if you believe that our processing of personal information has harmed your legal rights, you may also resolve your issue by filing a lawsuit with the competent court or by lodging a complaint with the relevant regulatory authorities in accordance with applicable laws.
V. Protection of Minors
We take the protection of minors’ personal information very seriously. If you are a minor aged 14 to 18 years old, you should read and agree to this privacy policy together with your parents or other guardians before using our products and services. We do not provide services to minors under the age of 14. If we discover that we have collected personal information from a minor without prior consent from the minor’s parents or legal guardians, we will make efforts to delete the relevant data as soon as possible. If parents or guardians have reason to believe that a minor has submitted personal information to us without their prior consent, we strongly recommend that you contact us promptly using the contact methods provided in Chapter VII of this Privacy Policy. We will promptly delete the relevant personal information and ensure that the minor unsubscribes from any applicable RockRoad services.
VI. Update to This Privacy Policy
We regularly review and may update this Privacy Policy to reflect changes in our personal information processing practices. If we make significant changes to this Privacy Policy, we will notify you through the App so that you are aware of the latest version of this Privacy Policy. Such changes will take effect from the date of notification or as specified in the Privacy Policy. We recommend that you regularly review this page to stay informed about our privacy practices.
VII. Contact Us
If you have any comments or questions regarding this Privacy Policy, or if you have any concerns about how RockRoad handles your personal information, please contact us using the following details and indicate that your inquiry or comment is related to the “Privacy Policy”:
▪ Email Address: privacy@r2cycling.com