Privacy Policy

MATATALAB Co., Ltd. (hereinafter referred to as "Matatalab" or "we," including its parent company, subsidiaries, and affiliated entities) is a limited liability company established under the laws of the People's Republic of China. We place a high value on maintaining and protecting the personal information of our users. When you use Matatalab's products or services (including the websites nous.matatastudio.com and vinci.matatastudio.com, or their subdomains), we may collect and use your personal information. This Privacy Policy is designed to inform you about how we collect, store, use, or share your personal information. We encourage you to read this Privacy Policy carefully to make informed decisions when necessary.

By using or continuing to use Matatalab's products or services, you signify your consent to our collection, storage, use, and sharing of your personal information as described in this Privacy Policy.

Last updated: June 14, 2024.

If you have any questions, comments, or suggestions, please contact us via:

Email: support@matatalab.com

This policy will help you understand the following:

1. How we collect and use your personal information
2. How we use cookies and similar technologies
3. How we share, transfer, and publicly disclose your personal information
4. How we protect your personal information
5. Cyber security
6. Your rights
7. How we handle children's personal information
8. How this policy is updated
9. How to contact us

Matatalab fully understands the importance of your personal information and is committed to ensuring its security and reliability. We strive to maintain your trust by adhering to the following principles to protect your personal information: principle of accountability, principle of clear purpose, principle of consent and choice, principle of minimum necessity, principle of ensuring security, principle of subject participation, and principle of openness and transparency. Additionally, Matatalab promises to implement appropriate security measures in accordance with relevant security standards to protect your personal information.

Please read and understand this Privacy Policy carefully before using our products or services.

1. How We Collect and Use Your Personal Information

Personal information refers to various types of information recorded electronically or by other means that can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information.

Matatalab will collect and use your personal information solely for the purposes described in this policy:

(i) To Provide You with Software Programming Services

1. Information Provided During Account Registration: When you register an account, you can log in directly using your email or provide personal information including your username and password. You may also choose to add an email address and phone number to your account for logging into the website or app.
2. Information Submitted Through Customer Service or Events: Information such as your name, phone number, email address, and student ID may be collected when you participate in online activities or submit information via our customer service or during Matatalab-hosted events.
3. Information Submitted Through Other Means: When using our services, you may voluntarily provide information such as a nickname, gender, birthday, and location. This information may be used to create a user profile to offer you more accurate and personalized products and services.
4. Operation Log Information: When you use Matatalab's online products or services, the system may automatically collect certain information through cookies or other methods as part of network logs. The purpose of collecting this information is to improve and optimize product experience, ensure service stability, and maintain network security through data analysis. This information includes detailed usage information when using the app, browsing information when logging into the website, records of product and service usage, network status, Bluetooth permissions, language preferences, access dates and times, location permissions, storage permissions, voice permissions, and image acquisition (facial recognition statement blocks).

(ii) To Push and Display Customized Content

Based on the collected information, we can recommend content that you may be interested in, including but not limited to recommending and displaying your programming content and conducting user surveys.

(iii) Continuous Development and Optimization of Product Services

We use the collected information to ensure our business operations, such as evaluating, maintaining, and improving the performance of products and services. When software system failures occur, Matatalab's open platform will record and analyze the information generated during the system failure to optimize platform services. For the iteration and development of new products and services, we may statistically analyze the collected information to assist in decision-making, but the data analysis results will not contain any of your identifiable information.

When we intend to use the information for purposes not specified in this policy, we will seek your prior consent.

When we intend to use information collected for a specific purpose for other purposes, we will seek your prior consent.

2. How We Use Cookies and Similar Technologies

(i) Cookies

To ensure the proper functioning of our software, we store small data files known as cookies on your computer or mobile device. Cookies typically contain identifiers, site names, and some numbers and characters. Cookies enable websites to store your preferences and other data. We will not use cookies for any purpose other than those stated in this policy.

(ii) Web Beacons and Pixel Tags

In addition to cookies, we also use other similar technologies such as web beacons and pixel tags on our websites and apps. For example, the emails we send to you may contain a clickable URL that links to content on our website.

(iii) Bluetooth

Bluetooth technology is a global standard for wireless data and voice communication that facilitates low-cost, short-range wireless connections, enabling communication between fixed and mobile devices. When you use Matatalab's products or services, you need to enable Bluetooth on your device to connect with the products.

3. How We Share, Transfer, and Disclose Your Personal Information

(i) Sharing

We do not share your personal information with any companies, organizations, or individuals outside of Matatalab, except in the following circumstances:

1. With Your Explicit Consent: We will share your personal information with other parties with your explicit consent.
2. As Required by Law: We may share your personal information as required by laws and regulations or in response to mandatory requests from government authorities.

For companies, organizations, and individuals with whom we share personal information, we will sign strict confidentiality agreements, requiring them to handle personal information according to our instructions, this privacy policy, and any other relevant confidentiality and security measures.

(ii) Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:

1. With Your Explicit Consent: We will transfer your personal information to other parties with your explicit consent.
2. In the Event of Mergers, Acquisitions, or Bankruptcy: If personal information transfer is involved in mergers, acquisitions, or bankruptcy liquidation, we will require the new company or organization holding your personal information to continue to be bound by this privacy policy; otherwise, we will require the company or organization to seek your authorization and consent again.

(iii) Disclosure

We will only disclose your personal information under the following circumstances:

1. With Your Explicit Consent: We will disclose your personal information publicly with your explicit consent.
2. Legal Disclosure: We may disclose your personal information as required by law, legal processes, litigation, or mandatory requests from government authorities.

4. How We Protect Your Personal Information

1. Security Measures: We employ security measures to protect the personal information you provide from unauthorized access, disclosure, use, modification, damage, or loss. We take all reasonable and feasible measures to protect your personal information. For instance, data exchanged between your browser and our services (such as credit card information) is protected by SSL encryption; our software apps offer secure browsing modes; we use encryption technology to ensure data confidentiality; we implement trusted protection mechanisms to prevent malicious attacks on data; we deploy access control mechanisms to ensure only authorized personnel can access personal information; and we conduct security and privacy protection training courses to raise employee awareness about the importance of personal information protection.
2. Minimization and Retention: We take all reasonable and feasible measures to ensure that we do not collect unrelated personal information. We will retain your personal information only for the period necessary to achieve the purposes stated in this policy, unless an extension of the retention period is required or permitted by law.
3. Safe Use Practices: The internet is not an absolutely secure environment, and email, instant messaging, and communication with other app users are not encrypted. We strongly recommend that you do not send personal information through these methods. Please use complex passwords to help ensure the security of your account.
4. Security Assurance: The internet environment is not completely secure, and we will do our best to ensure the security of any information you send to us. We remind you to be aware of potential internet risks such as physical, technical, or managerial safeguards being compromised, which could lead to unauthorized access, disclosure, alteration, or destruction of information.
5. Incident Response: In the unfortunate event of a personal information security incident, we will promptly inform you, as required by laws and regulations, about the incident's basic situation and possible impacts, the measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and remedial actions for you. We will notify you of the incident's relevant information through email, letter, phone, or push notification. When it is difficult to inform each personal information subject individually, we will take reasonable and effective means to publish an announcement.

Additionally, we will proactively report the handling of personal information security incidents to regulatory authorities as required.

5. Cyber Security

1. No universal default passwords

• In any situation that requires Internet access, the system will be inaccessible unless the user logs in to their registered account or manually enters a custom account password.
• In Nous's networking system, each device needs to obtain a special and unique authorization code, which is generated through an encryption mechanism.
• The authentication mechanism used to authenticate users uses cryptography, with characteristics that apply to the technology, risks, and usage.
• The device has a limit on the number of authentication attempts within a certain time interval. It also uses an increasing time interval between attempts to prevent brute force attacks.

2. Implement a means to manage reports of vulnerabilities

• Firmware should receive regular ongoing updates, even to fix potential vulnerabilities. In addition, users who have not updated the firmware will be prompted to update the software in a timely manner through the web page.
• We continue to monitor, identify and correct security vulnerabilities in the products and services we sell, produce, commission and operate during defined support periods.
• During the development period, we exercise due screening and review of all software and hardware components and related service providers used in the product.

3. Keep software updated

• All devices and software applications can be updated
• Anti-rollback strategy based on version checking can be used to prevent downgrade attacks
• Updates are simple and easy for users
• Use automatic detection mechanism to prompt users for software updates
• If encounter major security vulnerabilities, we will urgently push update services
• Our devices verify the authenticity and integrity of each update through a trust relationship.
• Valid trust relationships include: authenticated communication channels, presence on a network that requires a device to have critical security parameters or passwords to join, or user confirmation.

4. Securely store sensitive security parameters

• Sensitive security parameters are securely stored in persistent storage in VinciBot and Nous devices. Currently only WiFi passwords will be stored.
• Devices can only request interfaces on official servers

5. Communicate securely

• Access to device functionality via the network interface is only possible after authentication on this interface.

6. Ensure that personal data is secure

• Only user-defined data actively operated by the user can be transmitted between VinciBot and Nous devices and services.
• All external sensing capabilities of VinciBot and Nous devices are transparent and clear to the user. Can only be logged via user-defined means.

7. Make it easy for users to delete user data

• User's data can be wiped from the device in a simple way, with user confirmation. Click Delete on the web or application to delete
• Users will receive clear confirmation that personal data has been deleted from the Services, Devices and Applications.

8. Data protection

• The personal data provided by the consumer regarding each device and service processed can only be used and processed by the user himself.
• The server is currently deployed in Hong Kong

9. Camera module

Usage process:

1. The user logs in to the account on the coding page
2. Connect to Nous HUB via Bluetooth or USB
3. Enter the image collection page
4. Enter the WiFi account password
5. The user clicks to take a picture
6. Save the picture to the Alibaba Cloud server

Nous HUB only saves basic WiFi information locally and does not collect any personal sensitive data. This means that your network connection information will be used to transmit the picture to the coding page through WiFi image transmission after the picture is taken, and will not be used for personal identification or tracking.

We have adopted strict privacy protection measures for picture data. All pictures will only be sent to the Alibaba Cloud server if the customer manually operates and clicks to take the picture. This ensures you have complete control over when your pictures are taken and uploaded.

6. Your Rights

In accordance with relevant laws, regulations, and standards in China, as well as common practices in other countries and regions, we ensure that you can exercise the following rights regarding your personal information:

(i) Access Your Personal Information

You have the right to access your personal information, except as provided by laws and regulations. If you wish to exercise your right to access, you can do so through the following means:

• Account Information: If you want to access or edit personal information in your account, change your password, add security information, or close your account, you can perform these actions by visiting the main page of the app.
• For other personal information generated during your use of our products or services, we will provide it to you as long as it does not require excessive effort. To exercise your right to access, please send an email to support@matatalab.com.

(ii) Correct Your Personal Information

If you find any errors in the personal information we process about you, you have the right to request a correction. You can contact us at any time using our web form or by sending an email to support@matatalab.com. We will respond to your correction request within 15 days.

(iii) Delete Your Personal Information

You can request the deletion of your personal information in the following situations:

1. If our handling of personal information violates laws and regulations.
2. If we collect and use your personal information without your consent.
3. If our processing of personal information violates our agreement with you.
4. If you no longer use our products or services, or if you cancel your account.
5. If we no longer provide products or services to you.

If we decide to respond to your deletion request, we will also notify entities that have obtained your personal information from us to promptly delete it, unless otherwise required by laws and regulations or if these entities have your independent authorization.

After you delete information from our services, we may not immediately delete the corresponding information from the backup systems but will delete it during the next backup update.

(iv) Change the Scope of Your Authorization and Consent

Each business function requires some basic personal information to function (see "Part 1" of this policy). For the collection and use of additional personal information, you can grant or withdraw your authorization and consent at any time. You can notify us of your authorization by sending an email to developer@makeblock.cc.

After you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw consent will not affect the processing of personal information previously conducted based on your authorization.

(v) Obtain a Copy of Your Personal Information

You have the right to obtain a copy of your personal information. You can request your information by sending an email to support@matatalab.com.

(vi) Restrict Automated Decision-Making Systems

In certain business functions, we may make decisions solely based on non-human, automated decision-making mechanisms such as information systems and algorithms. If these decisions significantly affect your legitimate rights and interests, you have the right to request an explanation from us, and we will provide appropriate remedies.

(vii) Responding to Your Requests

To ensure security, you may need to provide a written request or prove your identity by other means. We may first require you to verify your identity before processing your request.

We will respond within 15 days. If you are not satisfied, you can file a complaint by sending an email to support@matatalab.com.

For reasonable requests, we do not charge a fee. For requests that are unfounded, repetitive, require excessive technical means (for example, developing new systems or fundamentally changing current practices), pose a risk to the legitimate rights of others, or are highly impractical (for example, involving information stored on backup tapes), we may refuse them.

We will not respond to your request in the following cases as required by laws and regulations:

1. Related to national security and national defense security.
2. Related to public safety, public health, and significant public interests.
3. Related to criminal investigations, prosecutions, trials, and execution of judgments.
4. There is sufficient evidence that you have subjective malice or abuse of rights.
5. Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations.
6. Involving trade secrets.

7. How We Handle Children's Personal Information

Our products, websites, and services are also designed for students. Children are not allowed to create their own user accounts without the consent of their parents or guardians.

When we collect children's personal information with parental consent, we will only use or disclose this information as permitted by law, with explicit consent from parents or guardians, or as necessary to protect the child.

Although definitions of children may vary according to local laws and customs, we consider anyone under the age of 14 to be a child.

If we discover that we have collected personal information from a child without verifiable parental consent, we will promptly delete the relevant data.

8. How This Policy Is Updated

Our privacy policy may undergo changes.

Without your explicit consent, we will not reduce your rights under this privacy policy. Any changes made to this policy will be posted on this page.

For significant changes, we will provide more prominent notice (including for certain services, we may send notifications via email detailing the specific changes to the privacy policy).

Significant changes referred to in this policy include but are not limited to:

1. Major changes in our service model, such as the purposes of processing personal information, types of personal information processed, or the ways personal information is used.
2. Significant changes in our ownership structure, organizational structure, such as business adjustments, bankruptcy mergers, or changes in ownership due to other reasons.
3. Changes in the main entities with whom personal information is shared, transferred, or publicly disclosed.
4. Significant changes in your rights concerning the processing of personal information and how you can exercise these rights.
5. Changes in the department responsible for the security of personal information, contact methods, and complaint channels.
6. When the personal information security impact assessment report indicates high risk.

We will also archive previous versions of this policy for your reference.

9. How to Contact Us

If you have any questions, opinions, or suggestions regarding this privacy policy, please contact us via email at support@matatalab.com.