Privacy Policy

Privacy Policy

Inner Mountain Privacy Policy (English Version)
Last Updated: November 21, 2025
Effective Date: November 21, 2025
Inner Mountain (hereinafter referred to as “the Product” or “the Application”). This privacy statement applies solely to this product. If you have any questions, comments, or suggestions, please contact us at: social@innermountain.org
Beijing Neifeng Technology Co., Ltd. (hereinafter referred to as “we” or “us”), as the operator of this Application, fully understands the importance of personal information to you and will make every effort to protect the security and reliability of your personal information. We are committed to maintaining your trust in us and adhere to the principles of accountability, clear purpose, informed consent, data minimization, security assurance, user participation, and transparency. We pledge to adopt industry-standard security measures to protect your personal information.
Before using the Application and related services, please read this Privacy Policy carefully and ensure you fully understand all terms, especially those involving disclaimers or limitations of liability, and any separate agreements required to activate or use specific services. Any clauses involving limitations or exemptions may be highlighted in bold or underlined to draw your attention.
If you begin to use the Application without giving explicit consent to this Privacy Policy, we will only collect the information necessary for the Application to function, which may prevent us from providing full products and services. Even so, we will still protect such information using anonymization, encryption, and other measures. After you explicitly agree and continue using the Application, we will consider your use as acceptance of our processing of relevant information as described in this Privacy Policy.
To provide better services, we may update this Privacy Policy in accordance with product updates or changes to applicable laws and regulations. These updates form part of this Policy. If the Privacy Policy changes after your use begins, we will notify you through in-app messages or other methods. If you continue using the services, please review the updated policy carefully. You may choose to stop using the Application if you do not agree with the updated policy.
If you violate this Agreement, we may limit, suspend, or terminate the services we provide to you and pursue related responsibilities.
If you are under 18 years old, please read this Agreement with a parent or legal guardian and obtain their consent before using the Application. If you are a guardian of a minor and have questions about the minor’s personal information, please contact us via the contact methods listed in this Privacy Policy.

---
This Privacy Policy will help you understand:
1. How we collect and use personal information
2. How we store personal information
3. How we use Cookies and similar technologies
4. How we share, transfer, and publicly disclose personal information
5. How we protect personal information
6. Your rights
7. Terms for minors
8. How your personal information is transferred globally
9. Scope of application
10. How this Privacy Policy is updated
11. Other provisions
12. How to contact us

---
I. How We Collect and Use Personal Information
1. Personal Information We Collect
We collect the information you provide proactively during your use of the services, as well as information generated automatically through the functions or services you use. This includes:
(1) Product Security Functionality
To ensure the security of your account and system operation, we need to obtain your device MAC address, device serial number, IMSI, Android ID, IP address, hardware model, OS version, unique device identifiers (IMEI, etc.), network hardware address (MAC), software version, network access type & status, network quality data, operational logs, hardware serial number, and service log information.
① UMeng+ SDK Integration
Our product integrates UMeng+ SDK, which requires collecting:
- device MAC address
- unique device identifiers (IMEI / ANDROID ID / IDFA / OAID / OPENUDID / GUID / ICCID / SIM IMSI)
These enable statistical analysis and ensure anti-fraud accuracy, including background data retrieval when necessary.
② Device Identification for Login
To facilitate your use, after launching the App and agreeing to the Privacy Policy, we collect your device information (Android ID, IMEI, OAID) as an anonymous unique identifier. These identifiers are MD5-encrypted and anonymized.
These device-level data cannot identify a specific natural person and are used solely to identify you as an Application user unless otherwise permitted by law or authorized by you.
If you decline such permissions, you may be unable to use the corresponding functions, but other core features remain unaffected.
If you agree to provide sensitive personal information (*), you authorize us to process such information as described.
(*) Sensitive personal information refers to data which, if leaked or misused, may endanger personal or property safety or lead to discrimination. Examples include ID numbers, biometric data, bank accounts, communication content, or health-related data, as defined by GB/T 35273 Personal Information Security Specification.

---
(2) Application Account (Login & Deletion)
The Application currently supports mobile phone number login.
When logging in via SMS code, we collect your phone number.
When you delete your account, all associated information will be erased.
Phone numbers will be encrypted and masked when displayed (e.g., 123****2222).
(If the product does not support phone login, please disregard this section.)

---
(3) Application Functionalities
For functions such as photo uploads in feedback or tool usage, you may be asked to grant access to your photo album or other sensitive permissions. Declining such permissions prevents the related features from functioning but will not affect other functionality of the Application.

---
(4) App-Related Features and Data Collection
To provide you with paid course purchasing, learning, and related services, we collect the following necessary information in accordance with the principles of lawfulness, legitimacy, and necessity:
- Identity and Purchase Verification Information:
Account ID and, where applicable, real-name verification information, used to verify the purchaser’s identity and ensure account security.
- Payment-Related Information:
Payment method, transaction order number, payment amount, and payment time, used to complete transactions, reconcile records, and support after-sales inquiries.
- Learning Activity Information:
Course purchase history, viewing/listening records, learning progress, and interaction records, used to synchronize learning status, improve services, and ensure a consistent learning experience.
- Sensitive Information Notice:
If you voluntarily submit information related to your psychological state, emotional concerns, or similar content through Q&A features or community interactions, such information will be used solely to provide relevant services. It will be stored with separate encryption and subject to strict access controls.

---
(5) Firebase Analytics Data Collection
To improve app stability, optimize product functionality, and enhance user experience, we use Firebase Analytics, a data analytics service provided by Google LLC, which collects the following information:
- Device Information:
Device model, operating system version, anonymized unique device identifiers (such as IMEI or Android ID), network type, IP address, and Wi-Fi status.
- Usage Information:
App launch frequency, page navigation paths, feature usage frequency, session duration, and operation logs.
- Collection Method:
Data is collected automatically in the background without requiring additional user action and does not affect normal app usage. The collected data does not include information that directly identifies you as an individual.
---


2. Providing Related Services
When using certain features, we may request additional device permissions, including:
- Access installed app list
- Modify/delete external storage
- Read external storage
- Access coarse location
- Read phone state and identity
- Read system video files
- Access Wi-Fi status
(Device-level information is not used to identify natural persons.)

---
3. Use of Personal Information
(1) Personal information is used only to achieve the functions described above under the principles of legality, legitimacy, and necessity.
(2) Limitations on the Use of Paid Course Information
Paid course–related information is used solely for purchase confirmation, provision of learning services, after-sales support, and course improvement, and will not be used for unrelated purposes.
Your learning records and related communications will not be used for advertising, targeted promotions, or third-party marketing.
(3) Limitations on the Use of Analytics Data
Analytics data is used only to analyze feature usage, diagnose technical issues, optimize product interactions, and improve overall user experience.
We act as the data controller for such data. Firebase processes the data only in accordance with its Data Processing Terms (see: https://firebase.google.com/terms/data-processing-terms) and our instructions, and does not use the data for its own purposes or share it with third parties.
You may stop further data collection by uninstalling the App. Any previously collected anonymized data will be used only for aggregated product optimization purposes.
---
Legal Exemptions From Consent
We may collect or use your personal information without consent under circumstances such as:
1. National security or defense
2. Public safety or public health
3. Criminal investigation or legal enforcement
4. Protection of vital interests (life/property)
5. Publicly disclosed information
6. Information from lawful public sources
7. Contract fulfillment
8. Ensuring software/service security
9. News reporting
10. Academic research with anonymization
11. Other legal scenarios
II. How We Store Personal Information
We attach great importance to the security of your personal information and will take reasonable security measures—both technical and managerial—to protect your data from improper use or unauthorized access, disclosure, modification, damage, loss, or leakage. Before using certain features, you must successfully register an account, which requires providing your mobile phone number and verification code (if applicable). We encrypt and securely store your account information and will not collect, use, or disclose it without authorization.
You are responsible for safeguarding your account credentials. If your personal information is leaked due to your own actions (such as improper password management), we will not bear any resulting responsibility.

---
1. Storage Location
We store personal information collected within mainland China strictly within mainland China, in accordance with relevant laws and regulations.
We currently do not transfer personal information overseas. Should such transfer occur in the future, we will comply with applicable legal requirements and obtain your authorization.

---
2. Storage Period
In general, we retain your personal information only for the minimum time necessary to achieve the stated purposes. For example:
- Account information: retained for as long as your account remains active.
Once you delete your account, we will delete or anonymize related information.
In the following circumstances, we may be required by law to prolong retention:
1. To comply with applicable laws or regulations
2. To follow court rulings or legal procedures
3. To comply with requirements of government authorities
4. When we reasonably believe retention is necessary for legal compliance
5. For the execution of service agreements, or to protect users, the public, or our company
6. When our services cease operations—we will notify you and delete or anonymize data within a reasonable period

---
3. Handling of Expired Personal Information
We retain personal information only for the minimum duration necessary. After that period, we will delete or anonymize it unless extended retention is legally permitted. If we discontinue a specific service, we will notify you at least 15 days in advance and then delete or anonymize relevant personal information.

---
III. Use of Cookies and Similar Technologies
We may use Cookies or anonymous identifiers to collect and store information about your usage of the Application. These technologies help us:
- Ensure secure and efficient operation
- Verify login status
- Detect fraud or abnormal activity
- Improve service response and performance
Cookies also help us enhance your user experience and security.

---
IV. How We Share, Transfer, and Disclose Personal Information
1. Sharing Personal Information
We will not share your personal information with other companies, organizations, or individuals except under the following circumstances:
- When required by laws or regulations
- When required by government authorities

---
2. Transfer of Personal Information
We will not transfer your personal information except:
(1) With your explicit consent
We may transfer your information after obtaining your authorization.
(2) Corporate changes
In cases such as mergers, acquisitions, asset transfers, or bankruptcy, your personal information may be transferred.
We will ensure the receiving party continues to protect your information at least to the same standards. Otherwise, the receiving party must obtain your renewed consent.

---
3. Public Disclosure of Personal Information
We will publicly disclose your personal information only:
(1) With your explicit consent
If public disclosure is necessary, we will notify you in advance of the purpose, data type, and scope, and obtain your consent.
(2) Legal exemptions
We may disclose information without consent in the following cases:
1. National security or defense
2. Public safety or major public interests
3. Criminal investigation or enforcement
4. Protection of your or others’ vital interests
5. Information you disclosed publicly
6. Information collected from lawful public sources
V. How We Protect Personal Information
We strive to ensure the security of user information and prevent loss, misuse, unauthorized access, disclosure, alteration, or destruction of data.
1. Security Protection Measures
We have adopted ISO 27001, international information security management systems, and TRUSTArc-certified security measures to protect the personal information you provide. For example:
1. SSL encryption for data exchanged between your browser and our services
2. HTTPS secure browsing for the Application’s website
3. Encryption technologies to ensure confidentiality
4. Trusted security protection mechanisms to prevent malicious attacks
5. Access control mechanisms ensuring only authorized personnel can access data
6. Security and privacy protection training for employees

---
2. No Collection of Irrelevant Personal Information
We take all reasonable measures to ensure no unnecessary personal information is collected.
We retain information only for the shortest period needed unless lawfully extended.

---
3. Reminding Users to Protect Personal Information
You understand that networks and systems outside our control may encounter risks.
We strongly recommend you use complex passwords, change passwords regularly, and avoid sharing your credentials.

---
4. Regular Security Risk Assessments
We conduct regular security and personal information impact assessments.
You may contact us using the methods provided to inquire or supervise.

---
5. Legal Responsibility for Accidental Data Breaches
Although no internet environment is completely secure, if any breach of our physical, technical, or managerial systems results in unauthorized access, disclosure, alteration, or destruction of your information, we will bear corresponding legal liability.

---
6. Active Handling and Remediation in Case of Data Breaches
If a personal information security incident occurs, we will promptly inform you of:
- Basic facts of the incident
- Possible impacts
- Measures taken or to be taken
- Recommendations for mitigation
- Remedial actions
We will notify you by email, letter, phone, or push notifications. If individual notification is impractical, we will issue a public announcement.
We will also report the incident to supervisory authorities as required.

---
7. Emergency Response
We maintain emergency response plans and will immediately initiate them when a security incident occurs to minimize harm.
We will notify you and relevant authorities in accordance with laws.

---
8. Limitations After You Leave the Application
Once you leave the Application and use third-party websites or services, we no longer have the ability or obligation to protect personal information you submit elsewhere, regardless of whether you reached those sites via links from the Application.
This Privacy Policy applies only to our Application and services.

---
VI. Your Rights
We highly value your rights regarding personal information. In accordance with PRC laws and international practices, you are entitled to access, correct, delete, and withdraw your consent.

---
1. Access to Your Personal Information
You may access personal information except where restricted by law.
You may access:
- Account details
- Password
- Security settings
- Personal profile
via your personal homepage → account management.
Paid Courses:
You can view your purchase history and learning progress in “My Courses”, and check your payment records in “My Orders.”

---
2. Correction of Your Personal Information
If you discover errors in your personal information, you may request correction.
Some information (e.g., real-name authentication details) may not be editable without manual verification.
You may contact us at social@innermountain.org.
We will verify your identity and respond within 10 days.

---
3. Deletion of Personal Information
You may request deletion under these circumstances:
1. We processed information unlawfully
2. We collected/used information without consent
3. We violated agreements with you
4. You no longer wish certain information to be publicly visible
5. You no longer use the services or have deleted your account
6. We no longer provide the service
If deletion is granted, we will also instruct third-party recipients (if any) to delete the data unless otherwise required by law.
Deleted data may still temporarily appear in system backups until overwritten.

---
4. Changing or Withdrawing Consent
You may withdraw permissions through deleting information, disabling device functions, or adjusting privacy settings.
Withdrawal will not affect prior processing already conducted based on your valid consent.
However, certain functions will no longer work without the necessary information.

---
5. Account Deletion
To delete your account:
- Account must be in normal status
- All outstanding assets or virtual items must be settled or forfeited
You may request deletion via email: social@innermountain.org
Once deleted, the action is irreversible.
We will delete or anonymize all related information unless legally required to retain it.

---
6. Obtaining a Copy of Your Personal Information
You may request a copy of your personal information at any time via:
📧 social@innermountain.org
We will respond within 10 days.
Where technically feasible, we can transmit data directly to a third party specified by you.

---
7. Complaints and Reports
If you believe your rights are infringed or find clues of violations, you may submit a complaint via:
My → Feedback
We will verify and respond within 10 days.

---
8. Accessing the Privacy Policy
You may view the full Privacy Policy from:
- The registration page
- “My” → “Privacy Link” within the Application

---
9. Automated Decision-Making Constraints
If certain services rely solely on automated decision-making (e.g., algorithms), and such decisions significantly impact your rights, you may request an explanation or remedial measures.

---
10. Right to Know Service Termination
If we cease operations, we will:
- Stop collecting personal information immediately
- Notify you individually or via announcement
- Delete or anonymize stored information

---
11. Responding to Your Requests
To ensure security, you may need to provide proof of identity.
We will respond within 10 days unless:
- National security concerns
- Public safety
- Criminal investigation
- Malicious or excessive requests
- Requests harming others’ legitimate rights
- Requests involving trade secrets
Reasonable requests are free; excessive requests may incur costs.

---
VII. Terms for Minors
If you are under 18 years old, you must read this Privacy Policy with a parent or guardian and obtain consent before using the services.
If a guardian believes a minor’s information was collected without authorization, they may contact us for prompt deletion.
If we discover that personal information of a minor was collected without prior verifiable parental consent, we will delete it as soon as possible.
Guardians may contact us for any concerns regarding minors’ information via the methods listed in this Privacy Policy.

---
VIII. How Your Personal Information Is Transferred Globally
In principle, personal information collected and generated within the People’s Republic of China (“PRC”) will be stored within the PRC.
However, as we provide products or services through resources and servers located around the world, this means that—with your explicit authorization and consent—your personal information may be transferred to, or accessed from, jurisdictions outside the country/region where you use our services.
Such jurisdictions may have different data protection laws, or may not have any data protection laws at all. In such cases, we will ensure that your personal information receives adequate protection equivalent to that required within the PRC. For example:
- We will seek your consent for cross-border transfers
- We will implement measures such as data de-identification before transfer

---
IX. Scope of Application
This Privacy Policy applies to all services provided by Shenyang Xiyan Network Technology Co., Ltd., Hangzhou Branch, and its affiliates.
This Privacy Policy does not apply to:
1. Third parties that provide advertising or promotion services for the Application
2. Third-party products or services with independent privacy policies that have not been incorporated into this Privacy Policy
Your use of such third-party services (including any personal information you provide to those third parties) is governed by their service terms and privacy policies. Please read those terms carefully and protect your personal information cautiously.
The actual products and services referenced in this Privacy Policy may vary depending on your device model, system version, or application version.
In all cases, the final version is the version presented within the Application that you are using.

---
X. How This Privacy Policy Is Updated
We may amend this Privacy Policy from time to time. These amendments constitute part of this Privacy Policy and carry the same legal effect.
We will not reduce your rights under the currently effective version without your explicit consent.
After an update, we will publish the new version on:
- This page
- The Application client
- The official website
And before the updated terms take effect, we will notify you in an appropriate manner.
If updates involve collection of sensitive personal information (audio/video, contacts, location, etc.), we will prominently seek your consent again.
Major Changes Include (but are not limited to):
1. Major changes in our service model (purpose of processing, type of personal information, method of using personal information, etc.)
2. Major changes in ownership structure or organizational structure
3. Changes in primary recipients of personal information when shared, transferred, or disclosed
4. Significant changes in your rights regarding personal information or how those rights may be exercised
5. Changes in the department responsible for personal information protection, or in contact information or complaint channels
6. Assessment results indicating high personal information security risks
We will archive older versions of the Privacy Policy for your review.
Our employees and agents have no authority to modify this Privacy Policy.

---
XI. Other Provisions
1. All notices under this Agreement may be sent via on-page reminders, email, SMS, or conventional mail. Notices are deemed delivered on the date sent.
2. The formation, effectiveness, performance, interpretation, and dispute resolution of this Agreement shall be governed by the laws of the mainland People’s Republic of China, excluding conflict-of-law rules.
3. Any disputes arising between you and us shall first be resolved through friendly negotiation. If negotiation fails, you agree to submit the dispute to a court with jurisdiction in the region where our company is registered.
4. Article titles in this Agreement are for convenience only and do not affect interpretation.
5. If any provision of this Agreement is deemed invalid or unenforceable, the remaining provisions shall remain valid and binding.

---
Special Statement
According to Article 496 of the PRC Civil Code: when using standard terms in a contract, the provider of the terms must draw the other party’s attention to clauses that significantly affect their rights and obligations—particularly those regarding exemption or limitation of liability.
We hereby make the following special statement:
We fulfill the obligation of drawing your attention by using bold text, italics, underlining, color highlighting, or other reasonable methods for clauses that may significantly affect your rights (including those containing terms like “no liability,” “exempt,” “not permitted,” etc.). These clauses may cause inconvenience or disadvantage; please read them carefully before confirming your agreement.
Both parties confirm that these clauses do not fall under the prohibited categories listed in Article 497 of the Civil Code (i.e., clauses that unreasonably exempt the provider’s responsibility, increase your responsibility, or restrict your primary rights).
You confirm that you have fully read and understood all terms of this Agreement and voluntarily agree to be bound by them.

---
XII. How to Contact Us
If you have any questions, comments, or suggestions regarding this Privacy Policy, you may:
- Visit the “Feedback” page in the Application
- Email us at social@innermountain.org
We will generally respond within 10 days.