Velmi Privacy Policy

Last Updated: April 2, 2026

Effective Date: April 2, 2026

1. Introduction

Welcome to Velmi. This Privacy Policy is formulated by Dingzhou Linbing Technology Co., Ltd. to clearly and transparently explain how we collect, use, store, share and protect your personal data generated during your use of this application, as well as the rights you enjoy as a data subject.

This application is only for adult users aged 18 and above; minors are not allowed to use it. By using this application, you confirm that you are 18 years of age or older, and have fully read, understood and agreed to all the terms of this Privacy Policy. This application does not require registration or login. You only need to confirm and agree to this Privacy Policy and the Velmi User Terms to access all functions.

2. Data Controller and Data Protection Officer (DPO)

Data Controller

Company Name: Dingzhou Linbing Technology Co., Ltd.

Registered Address: Room 604, 6th Floor, Anyuan Building, Xiguan North Street Community, Xicheng Sub-district, Dingzhou City, Hebei Province

Contact Email: odessicwuckirvinw@gmail.com

Data Protection Officer (DPO)

Name: Lin Bing

Contact Email: odessicwuckirvinw@gmail.com

Contact Address: Room 604, 6th Floor, Anyuan Building, Xiguan North Street Community, Xicheng Sub-district, Dingzhou City, Hebei Province

Responsibilities: Supervise the compliance of data processing activities of this application, and handle your consultations, complaints and right requests related to data protection.

3. Personal Data We Collect and Collection Methods

3.1 Device and Technical Information (Automatically Collected)

When you use this application, we will automatically collect non-identifiable and identifiable technical information related to your device, including but not limited to device model, operating system version, unique device identifier, advertising identifier, screen resolution, device manufacturer; application version, installation source, crash logs, usage duration, function click behavior, scene selection and perfume preference data; IP address, internet service provider, network connection type; and information related to external storage required for the normal operation of the application.

3.2 Information You Voluntarily Provide (Related to Permissions)

This application requests the following device permissions. We will only access the corresponding data after obtaining your explicit authorization and strictly limit its use:

1. Camera Permission

Usage Scenario: Only used in the feedback module of this application, where you can take photos and upload them to report usage problems, share atmosphere matching results or submit suggestions.

Data Scope: The photo data you take with the camera is only used for the feedback content you voluntarily upload. We will not automatically scan or collect other photos on your device.

2. Photo Library (Image) Permission

Usage Scenario: Only used in the feedback module of this application, where you can select existing images from your device's photo library and upload them to report problems or share atmosphere matching achievements.

Data Scope: The gallery images you voluntarily select. We will not access, read or collect other gallery content that you do not actively select.

3. Microphone Permission

Usage Scenario: Only used for the voice chat function with the fragrance assistant in this application. You can communicate with the AI atmosphere matcher through voice input to obtain services such as fragrance diagnosis and atmosphere planning.

Data Scope: The audio data generated when you actively initiate a voice conversation is only used for real-time speech-to-text conversion and AI interaction. After the conversation ends, the original audio files will not be stored for a long time.

4. External Storage Permission

Usage Scenario: Used to store application caches, atmosphere scheme configuration files, and the feedback images and videos you upload to ensure the normal operation of application functions.

Data Scope: Only stores files related to this application. We will not access or modify other irrelevant files on your device.

5. Application Information Reading Permission

Usage Scenario: Used to identify application installation status, version updates and crash abnormalities, and optimize compatibility and stability.

Data Scope: Only reads the installation and operation information of this application. We will not collect information about other third-party applications on your device.

6. Advertising Identifier Permission

Usage Scenario: Used for personalized advertising delivery, advertising effect statistics and application promotion attribution analysis.

Data Scope: Only collects advertising identifiers for anonymous advertising data processing. These identifiers will not be associated with other personal data to identify you.

3.3 Other Information

The text content, problem descriptions and other non-personal identification information you voluntarily provide when using the feedback function are only used for problem handling and service optimization.

4. Purposes and Legal Bases for Collecting Personal Data

4.1 Collection Purposes

We only collect and use your personal data within the following clear, legal and necessary scope:

1. Provision of Core Services: Generate personalized fragrance atmosphere matching schemes based on your scene selection, fragrance preferences and voice interaction content, and realize the atmosphere guidance function based on artificial intelligence dialogue.

2. Optimization of Application Experience: Analyze usage behavior and crash logs, fix application vulnerabilities, optimize function processes, and improve stability and compatibility.

3. Feedback and customer support: Process feedback content you upload via camera or photo gallery and respond to your questions and suggestions in a timely manner.

4. Advertising and promotion: Provide personalized advertisements based on advertising identifiers, measure advertising effectiveness and conduct application promotion activities.

5. Compliance and security: Ensure application and data security, prevent fraud and abuse, and fulfill obligations prescribed by laws and regulations.

4.2 Legal Bases for Processing

We process your personal data in strict compliance with major global privacy regulations. Legal bases include but are not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Lei Geral de Proteção de Dados (LGPD), Federal Data Protection Act (FADP) and other relevant rules. Specifically, they include your explicit consent, performance of contractual obligations with you, our legitimate interests (which do not override your privacy rights), and compliance with legal obligations.

5. Sharing and Transfer of Personal Data

5.1 Sharing Principles

We will not sell, rent or disclose your personal data to third parties without your explicit consent. We only share data in the following circumstances:

1. Authorized service providers: To implement application functions, we entrust qualified third-party service providers to process data, including cloud storage providers, speech recognition providers, advertising providers and data analysis providers. We sign strict data processing agreements with such third parties, requiring them to process data only for agreed purposes and adopt equivalent security measures.

2. Legal requirements: We may disclose your personal data within the legally required scope when required by laws, regulations, regulatory authorities or judicial bodies.

3. Protection of legitimate rights and interests: Disclose data to the extent necessary to protect the legitimate rights, interests and property safety of us, you or third parties, and to prevent fraud and security risks.

5.2 Right to Know About Data Sharing (CCPA Definition Explanation)

According to the legal definition of CCPA/CPRA, "share" refers to the act of us disclosing, providing, or transferring your personal data to third parties (including sharing behaviors other than data sales). You have the right to fully know whether we share your personal data, the types of recipients, and the specific scenarios of sharing, and this chapter has fully disclosed relevant information to you.

5.3 Cross-Border Data Transfer

Your personal data may be transferred to countries or regions where we and our service providers are located. We take adequate protection measures to ensure cross-border transfers comply with GDPR, CCPA and other regulations, including signing standard contractual clauses and ensuring recipients maintain an adequate level of data protection.

6. Data Storage and Security

6.1 Storage Period

We store your personal data only for the shortest period necessary to fulfill the purposes of collection:

Device technical information and usage behavior data are stored for 12 months, then anonymized or deleted automatically.

Feedback images and speech-to-text records are stored for 6 months for issue handling and service optimization, then deleted.

Advertising identifier data is stored for 12 months for advertising statistics, then anonymized.

Data required to be retained by laws and regulations is stored for the minimum statutory period.

6.2 Security Protection Measures

We implement industry-standard technical and administrative measures to protect your personal data, including encryption of data transmission and storage, strict access control, regular security audits and a complete data security incident response mechanism to prevent data leakage, tampering and loss.

7. Your Personal Data Rights (Global Users)

As a data subject, you have the right to access, rectify, erase, restrict processing, data portability, object, withdraw consent and file complaints with relevant supervisory authorities in accordance with GDPR, CCPA/CPRA, VCDPA, LGPD, FADP and other regulations.

7.1 Right to Rectify Personal Data

You have the right to request us to rectify and update your personal data. If the information we collect and store about you is inaccurate, incomplete or outdated, you may submit a rectification request at any time, and we will verify and complete the modification within the time limit required by law.

7.2 Method of Exercising Rights

You may exercise these rights by sending a written request to odessicwuckirvinw@gmail.com. Please mark the email subject as “Velmi Data Rights Request – [Type of Right, e.g. Access/Erasure/Opt-Out of Sale/Rectification]” and include necessary device information and request details in the email for identity verification. We will respond to and process your request within the period required by applicable laws and regulations.

8. Opt-Out Mechanism for “Sale of Data”

We solemnly state that we do not sell any of your personal data at present. If we engage in the sale of personal data for business purposes in the future, we will update this Privacy Policy in advance, notify you via in-app notices and provide a convenient opt-out mechanism. You may submit a request to opt out of data sharing or sale at any time by emailing odessicwuckirvinw@gmail.com, and we will immediately cease relevant processing activities.

9. Supervisory Complaint Channels

If you are dissatisfied with our data processing practices or the handling of your rights requests, you have the right to file a complaint with the competent supervisory authority in your region, including data protection authorities in EU member states, the California Attorney General’s Office, the Virginia Attorney General’s Office, the National Data Protection Bureau (ANPD) of Brazil, the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland, among others.

10. Updates to the Privacy Policy

We reserve the right to update this Privacy Policy at any time. In case of material changes, we will publish notices within the application, update the “Last Updated” date of this policy and seek your consent again before material changes take effect where required. Your continued use of the application constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, comments or rights requests regarding this Privacy Policy, please contact us at:

Contact Email: odessicwuckirvinw@gmail.com

Data Controller Address: Room 604, 6th Floor, Anyuan Mansion, Xiguan North Street Community, Xicheng Sub-district, Dingzhou, Hebei Province

Data Protection Officer (DPO) Name: Lin Bing