Effective date
March 17, 2026
Legal
Privacy Policy
The wowkey Privacy Policy explains how Beijing Xieshu Technology Co., Ltd. collects, uses, shares, stores, and otherwise processes information related to the website, applications, accounts, and sync services.
Privacy Policy The Chinese version is the authoritative legal text. If any difference exists between the Chinese and English versions, the Chinese version controls.
1. Scope
This Privacy Policy applies to the processing of personal information by Beijing Xieshu Technology Co., Ltd. in connection with wowkey products and services, including:
- the wowkey website and related pages;
- wowkey client applications and their functional modules;
- account registration, sign-in, authentication, and account management;
- credential sync, device association, service security protection, and customer support; and
- future paid features, subscriptions, payment flows, or related supporting services.
If a specific service is accompanied by a separate privacy notice, order term, or in-product disclosure, that document and this Privacy Policy will apply together. If there is a conflict, the more specific document will control within its own scope.
2. Categories of information we process
2.1 Information you provide directly
When you register, sign in, contact support, submit feedback, send an application, or otherwise interact with us, we may process information you provide directly, including:
- your email address, username, nickname, and other account identifiers;
- feedback, support tickets, communication records, and attachments;
- information submitted for identity verification, account recovery, complaint handling, or compliance review; and
- in future paid-service scenarios, invoice, order, billing contact, or related transaction information you provide.
2.2 Account and service operation information
To create accounts, manage sessions, maintain device associations, and keep sync services operating, we may process service-operation information such as:
- account creation time, sign-in time, authentication status, and account status;
- device identifiers, device names, client version, operating system version, region, and language settings;
- timestamps, action records, risk flags, abnormal sign-in records, and sync task states related to account security and service administration; and
- information tied to service capacity, quotas, subscription eligibility, or test eligibility.
2.3 Device, log, and network environment information
When you access the website, download the app, sign in, or use sync and support services, we may automatically process necessary technical information such as:
- IP address, network type, request time, accessed path, error logs, and crash logs;
- browser type, device model, operating system, app version, language settings, and time zone information; and
- Cookies, local storage, or similar technologies used to maintain page interaction, language preferences, sign-in state, or security checks.
We do not treat all available data as fair game. Information that is unrelated to the service or not reasonably necessary should not become default collection.
2.4 Support and communication information
When you send us an inquiry, complaint, legal request, privacy request, or business contact, we may process:
- your contact details, identity explanation, and request content;
- records related to ticket handling, troubleshooting, and response history; and
- evidence reasonably needed to document handling results, fulfill legal obligations, or resolve disputes.
2.5 Future billing and transaction information
wowkey may introduce paid subscriptions, premium services, or other commercial features in the future. If that happens, we may process information reasonably necessary for order handling, billing, payment verification, invoicing, or refunds. When those features actually launch, we will provide additional disclosures based on the live checkout, payment, and order flow.
3. How we use information
We process personal information only within lawful, legitimate, and necessary bounds, primarily to:
- create and manage accounts, complete registration, sign-in, authentication, recovery, and access control;
- provide application functions, sync services, device association, session management, and core operational support;
- protect service security by identifying abnormal access, abusive behavior, attacks, account risks, and system failures;
- respond to inquiries, handle complaints, solve technical issues, and improve the website, apps, and support process;
- send notices relating to account security, service changes, policy updates, billing, orders, or other necessary communications;
- comply with legal, regulatory, dispute-handling, and internal audit obligations; and
- if paid services later launch, support order processing, eligibility management, settlement review, refund handling, and fraud prevention.
If we need to use information for a new purpose that is not reasonably related to the purposes above, we will explain that change through a policy update, in-product notice, separate consent flow, or another appropriate method as required by applicable law.
4. Device permissions and local system capabilities
To provide specific functions on different devices, wowkey may request or use device permissions and local system capabilities when you actively use the related function, enable the related service, or when the operating system requires authorization. Permission names, authorization flows, and settings pages may differ by operating system, and the prompts shown by your device control.
You may refuse or disable relevant permissions. If you do so, related functions such as QR scanning, notifications, autofill, security-key authentication, or file import and export may become unavailable, but other core functions will not be affected. We do not continuously use a permission outside the functional context for which it was granted.
| Permission or system capability | Purpose and scenario | Platforms |
|---|---|---|
| Network access and network state | Used for account registration, sign-in, authentication, sync services, device association, feedback, service connection, and basic network-state checks. | Android, iOS / iPadOS, macOS, Windows, website |
| Camera | Used only when you actively use QR scanning, for example to import account configuration, verification codes, or other content you choose to scan. | Android, iOS / iPadOS |
| Notifications | Used to show account-security notices, sync status, export or download progress, one-time-code reminders, and other necessary service notices. | Android, iOS / iPadOS, macOS, Windows |
| Autofill service, credential service, or passkey capabilities | After you enable or use the relevant system capability, used to identify sign-in contexts, fill credentials, save credentials, and handle passkey creation or sign-in requests. | Android, iOS / iPadOS, macOS, Windows |
| Installed-app query | Used to determine whether a target app is installed when you use autofill, credential matching, or app-association features. This check is usually performed locally on your device. Except where necessary to provide those features, we do not upload a complete installed-app list or use it for advertising profiling or marketing purposes. | Android |
| Foreground service | Used to keep necessary tasks running during sync, export, download, or other tasks initiated by you or directly related to service operation, and to show task status through system notifications. | Android |
| Special-use foreground service | Used to show or update one-time-code notifications after you enable the related function, so that you can view or copy verification codes when needed. | Android |
| NFC, USB, or security-key capabilities | Used to connect, identify, and use security keys or similar authentication devices for authentication or security actions that you initiate. | Android, macOS, Windows |
| Storage, file access, or file picker | Used when you actively import, export, download, back up, or save files. On Android 10 and earlier, writing to external storage may require the external-storage write permission. | Android, iOS / iPadOS, macOS, Windows |
| Clipboard | Used when you actively copy, paste, or temporarily use credentials, verification codes, or similar content. If you enable one-time-code related functions, it may be used to automatically copy verification codes for quick pasting. We do not use clipboard content for purposes unrelated to copy and paste functions. | Android, iOS / iPadOS, macOS, Windows |
| Vibration or haptic feedback | Used for local interaction feedback such as long press, copy, unlock, or authentication results. | Android, iOS / iPadOS |
If a future platform feature requires an additional sensitive permission or local system capability disclosure, we will explain it through this Privacy Policy, in-product notices, separate authorization, or another appropriate method based on the actual launch of that feature.
5. Cookies, local storage, and similar technologies
The wowkey website and related services may use Cookies, local storage, or similar technologies to:
- preserve necessary session state, language preferences, or page settings;
- maintain core signed-in interactions;
- support security checks, troubleshooting, and access protection; and
- measure service health and runtime stability.
You may manage these technologies through your browser or device settings, but disabling them may affect certain functions.
6. When we share, entrust, or disclose information
Except in the situations below, we do not sell personal information to unrelated third parties, and we do not expand disclosure simply because it is commercially convenient.
6.1 Entrusted processing and service support
To provide website hosting, accounts, security protection, sync capabilities, notifications, support, infrastructure, storage, payments, or other supporting functions, we may engage carefully reviewed service providers to process necessary information on our behalf. We require them to process information only within the entrusted scope and to use reasonable confidentiality and security measures.
6.2 Third-party SDKs and similar components
The wowkey Android client distributed through domestic Chinese app stores currently does not integrate third-party SDKs for advertising, behavioral analytics, third-party push, or marketing profiling. If we later integrate a third-party SDK or similar service that processes personal information, we will update the relevant third-party service notice or list based on the actual integration, including the third party’s name, purpose, categories of information processed, and privacy policy link.
6.3 Legal and regulatory requirements
We may disclose necessary information when required by applicable law, regulatory demand, judicial process, administrative investigation, or a legitimate public-security or national-security obligation.
6.4 Protection of lawful rights and interests
When necessary to protect wowkey, Beijing Xieshu Technology Co., Ltd., other users, or the public, including to address fraud, attacks, abuse, infringement, service disruption, or dispute evidence preservation, we may use or disclose relevant information within a necessary scope.
6.5 Corporate reorganization or transaction
If a merger, split, asset transfer, equity transaction, liquidation, or similar deal occurs, relevant information may be transferred as part of that transaction. We will require the recipient to continue processing the information under standards not materially lower than those described here, or otherwise obtain any authorization required by law.
7. Cross-border processing
wowkey currently primarily uses servers located in China to provide account, sync, and related online services for users in China. In general, personal information of users in China is stored in China.
If cross-border processing becomes necessary in the future because we provide services to users outside China, deploy cross-border infrastructure, provide customer support, handle compliance matters, or because you actively choose to use a related overseas service, we will explain the situation based on the actual circumstances and fulfill notice, consent, assessment, contractual, or other compliance obligations required by applicable law.
8. Data security
We use reasonable technical and organizational measures to protect information security, including access controls, authentication, security reviews, logging, backup and recovery measures, transmission protection, internal authorization rules, and vendor management.
No networked service can honestly promise zero risk. You remain responsible for safeguarding your account, master password, authentication factors, devices, and session environment, and for avoiding disclosure of sensitive information through insecure channels.
9. Retention
We retain information for the period reasonably necessary to fulfill the purposes described in this Privacy Policy. Retention depends on factors including:
- whether you still maintain a wowkey account or use the service;
- operational needs relating to sync, account security, logging, support, and dispute resolution;
- obligations arising from law, regulation, settlement, tax, or judicial cooperation; and
- the need to investigate abuse, infringement, security incidents, or compliance issues.
After you close your account, stop using the service, or the relevant processing purpose has been satisfied, we will delete or anonymize the relevant information as required by law and business needs. If immediate deletion is not technically feasible or not legally permitted, we will restrict processing until deletion becomes possible.
10. Your rights
To the extent provided by applicable law, you may request to:
- access and understand how your information is processed;
- correct or update inaccurate or incomplete information;
- delete personal information or close your account;
- withdraw consent where processing depends on consent;
- request an explanation, object to processing, or submit a complaint; and
- request copying, transfer, or restriction of processing where applicable law provides those rights.
You may contact us using the details at the end of this Privacy Policy. To protect account security and prevent unauthorized requests, we may ask for reasonable identity verification before fulfilling a request.
11. Minors
wowkey is intended for users with full civil capacity or otherwise permitted to use the service under applicable law. Children under the age of fourteen should not independently register, use the service, or submit personal information without guardian consent. If you believe we have collected a child’s information without appropriate consent, please contact us so we can address it in accordance with law.
12. Policy updates
We may update this Privacy Policy as product functions, sync services, payment capabilities, legal requirements, or business arrangements evolve. The updated version will be published on the website, in the product, through account notice, or by another reasonable method, and it will take effect on the stated effective date. Where a change materially affects your rights, we will try to provide more prominent notice.
13. Contact
If you have questions, comments, complaints, or requests about this Privacy Policy, our handling of personal information, or your related rights, you may contact us at:
- Company: Beijing Xieshu Technology Co., Ltd.
- Email: contact@xieshukeji.com
The Chinese version controls if there is any difference between the Chinese and English versions.