Welcome to use the XiaoZhi Backend Service (hereinafter referred to as "the Service"). The operator of this Service is the actual deployer and administrator of the Service (hereinafter referred to as "Operator" or "we"). We fully understand the importance of your personal information and will do our best to protect your personal information security.
Please carefully read and fully understand all contents of this Privacy Policy before using the Service. Once you start using the Service, it signifies that you have read and agreed to this Privacy Policy.
This Privacy Policy applies to our collection, storage, use, sharing, and protection of your personal information when you use the Service through the Admin Console (management backend), API interfaces, and other means.
To provide services to you, we may need to collect the following information:
1.1 Account Registration Information: When you register an account, we collect your phone number or username, password, and other information to create and verify your account.
1.2 Device Information: When you bind hardware devices, we collect device identification information (such as device code, MAC address), device model, firmware version, etc., for device management and service provision.
1.3 Agent Configuration Information: When you create and configure Agents, we collect role templates, language model selections, voice parameter configurations, etc., to provide personalized AI interaction services.
1.4 Voice Interaction Data: When you use the voice interaction function, the Service uses Voice Activity Detection (VAD) to determine the start and end of your voice, processes your voice input data, and transmits it to third-party Automatic Speech Recognition (ASR) and Large Language Model (LLM) services for processing to achieve voice interaction capabilities.
1.5 Image Data: When you use the vision model function, we may process image data captured through the device camera and transmit it to third-party vision model services for analysis and understanding to achieve image recognition, scene understanding, and other functions.
1.6 Conversation Memory Data: When you enable the memory function, the Service stores summaries of your interaction history with the Agent to provide more coherent and personalized interaction experiences in subsequent conversations.
1.7 Knowledge Base Data: When you use the knowledge base function, we collect and store documents, texts, and other knowledge base content you upload for Agents to perform knowledge retrieval and Q&A during conversations.
1.8 Voice Print Data: When you use the voice print recognition function, we collect and store your voice print characteristic samples for speaker identity verification and personalized services.
1.9 Chat History Data: We store conversation history records between you and the Agents, including text conversation content, conversation time, interaction context, etc., to provide continuous conversation experience and history query functions.
1.10 Conversation Audio Data: When you use the voice interaction function, we may store audio data of your interactions with the Agents to improve voice interaction quality and enable retrieval queries.
1.11 Agent Configuration Data: When you configure Agents, we collect tags, plugin configurations, context provider settings, etc., to provide Agent customization services.
1.12 Device Firmware Data: When you use the OTA upgrade function, we record device firmware version, upgrade history, etc., for device management and firmware traceability.
1.13 Log Information: When you use the Service, we automatically collect service log information, including but not limited to access time, IP address, browser type, operation records, etc., for service operation and security assurance.
1.14 Verification Code Information: When you use phone number login, we send verification codes via SMS service for identity verification.
The information we collect will be used for the following purposes:
(1) Providing, maintaining, and improving the Service, including core functions such as account management, device management, and Agent configuration.
(2) Processing your voice interaction requests, using Voice Activity Detection (VAD) to identify voice input, calling third-party AI model services to complete speech recognition, intent recognition, semantic understanding, and speech synthesis.
(3) Processing your image data, calling third-party vision model services to complete image recognition and scene understanding.
(4) Storing and managing your conversation memory data to provide more coherent service experiences in subsequent interactions.
(5) Storing and retrieving knowledge base content you upload so that Agents can provide more accurate knowledge Q&A during conversations.
(6) Ensuring service security and stability, including identity verification, security protection, troubleshooting, etc.
(7) Complying with applicable laws, regulations, and regulatory requirements.
We will not use your personal information for purposes unrelated to the above. If we need to use information for other purposes not stated in this Privacy Policy, we will obtain your consent in advance.
We will not sell your personal information to third parties. Only in the following circumstances may we share or disclose your information:
3.1 Third-party Service Calls: To achieve voice interaction, visual understanding, and other functions, your voice data, image data, and text content may be transmitted to third-party AI service providers (such as language model, speech recognition, speech synthesis, vision model service providers) for processing. We will select service providers with reasonable security capabilities, but please note that third-party service providers will process related data according to their own privacy policies.
3.2 Legal Requirements: According to applicable laws, regulations, legal procedures, or requirements from government authorities, we may need to disclose your personal information.
3.3 Security Assurance: To protect the rights, property, or safety of the Operator, other users, or the public from damage, we may use or disclose personal information within a reasonably necessary scope.
3.4 With Consent: We may share your personal information with third parties if we obtain your explicit consent.
4.1 Storage Location: Your personal information will be stored on the server where the Operator deploys the Service, including but not limited to databases (MySQL/PostgreSQL) and cache services (Redis).
4.2 Storage Period: We will retain your personal information for the period necessary to provide you with services. After you cancel your account, we will delete or anonymize your personal information within a reasonable time, unless otherwise stipulated by laws and regulations.
4.3 Security Measures: We take reasonable technical and management measures to protect the security of your personal information, including but not limited to data encryption, access control, security auditing, etc. However, please understand that the Internet is not an absolutely secure environment, and we cannot guarantee the absolute security of information transmission and storage.
4.4 Security Incident Handling: If a personal information security incident occurs, we will promptly inform you of the basic situation of the security incident, possible impacts, and measures taken or to be taken, in accordance with legal requirements.
4.5 Special Note for Open-source Projects: The Service is an open-source project with two operation modes:
(1) Self-deployment: If you self-deploy the Service, the Operator is only the code provider, and actual data storage and processing are your responsibility. In this case, you are both the user of the Service and the data manager and protector.
(2) Test Platform: If you use the test platform deployed by the Operator, your data will be managed and protected by the Operator. The test platform is only for experience and testing purposes. We may regularly clear data. Please do not upload sensitive personal information.
If you use services deployed by others, please note that your data is managed and protected by that deployer.
4.6 Cross-border Data Transfer: When providing intelligent interaction functions, the Service may need to call interfaces from third-party AI service providers outside mainland China. In this process, your voice data, text data, image data, etc., may be transmitted to servers outside the People's Republic of China for processing. The involved overseas service providers include but are not limited to:
(1) OpenAI: Provides speech recognition (Whisper), speech synthesis (TTS), large language models (GPT), and other services.
(2) Anthropic: Provides large language model (Claude) services.
(3) Groq: Provides speech recognition (Whisper) services.
(4) Microsoft EdgeTTS: Provides speech synthesis services.
We will take necessary measures to ensure the security of your personal information during cross-border transmission in accordance with the requirements of the "Personal Information Protection Law of the People's Republic of China," "Data Cross-border Security Assessment Measures," and other laws and regulations. The Operator should clearly announce on the Admin Console whether the third-party services used involve cross-border data transfer, and inform users of the name and contact information of the data recipient, processing purposes, processing methods, and types of personal information, etc. If you do not agree to data transfer outside mainland China, you may choose to use AI services provided by domestic service providers only (such as Zhipu AI, Alibaba Cloud, Baidu Wenxin, iFlytek, etc.) or local deployment solutions (such as FunASR, FishSpeech, Ollama, etc.).
You have the following rights regarding your personal information:
5.1 Query and Access: You can view and manage your personal information such as account information, device information, and Agent configuration through the Admin Console.
5.2 Correction and Modification: When you find that your personal information is incorrect, you can correct it through the Admin Console or contact the Operator for assistance.
5.3 Deletion: Under the following circumstances, you may request us to delete your personal information:
(1) The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose.
(2) We collect or use personal information in violation of laws, regulations, or your agreement.
(3) Account cancellation.
5.4 Account Cancellation: You can cancel your account through the account settings in the Admin Console or contact the Operator for processing. After account cancellation, we will stop providing services to you and delete your personal information within a reasonable time.
5.5 Withdrawal of Consent: You may withdraw your consent granted to us at any time. The withdrawal of consent does not affect the validity of information processing activities conducted before the withdrawal.
6.1 We attach great importance to the protection of minors' personal information. If you are a minor under 18 years of age, please use the Service under the guidance and consent of your guardian and do not provide any personal information to the Service.
6.2 If a guardian discovers that a minor has provided personal information to us without consent, please contact the Operator. We will delete the relevant information as soon as possible.
6.3 For minors who use the Service with guardian consent, we will provide stricter protection for their personal information in accordance with laws and regulations.
(4) Special Protection: We will not proactively push commercial advertisements to children under 14 years of age, nor use their personal information for targeted advertising or user profiling.
7.1 When providing intelligent interaction functions, the Service needs to call third-party services, including but not limited to:
(1) Voice Activity Detection Service (VAD): Detects the start and end of voice input.
(2) Automatic Speech Recognition Service (ASR): Converts your voice input to text.
(3) Large Language Model Service (LLM): Performs semantic understanding, intent recognition, and response generation on text.
(4) Text-to-Speech Service (TTS): Converts text responses to voice output.
(5) Vision Model Service: Recognizes and understands images.
(6) SMS Verification Code Service: Used for identity verification during user registration and login.
(7) MQTT Message Broker Service: Used for message communication between devices and servers, including device control command delivery and device status reporting.
(8) Database Service: Used for persistent storage of user data, device data, Agent configuration, chat history, and other information.
7.2 The above third-party service providers will process data according to their respective privacy policies. We recommend that you understand the privacy policies of relevant third-party service providers before using the Service. The Operator should announce the third-party service information used on the Admin Console.
7.3 We will make reasonable efforts to select third-party service providers with legitimate qualifications and security capabilities. However, we are not responsible for the data processing behavior of third-party service providers themselves.
8.1 The Service may use Cookies and similar technologies to save your login status, record your preference settings, etc., to provide you with a better user experience.
8.2 You can manage Cookies through browser settings. However, please note that disabling Cookies may affect some functions of the Service.
9.1 We may revise this Privacy Policy based on business adjustments, changes in laws and regulations, and other reasons. The revised Privacy Policy will be published through the Service's announcement mechanisms.
9.2 For significant changes, we will provide notice before the revised Privacy Policy takes effect through the Admin Console announcement or other means.
9.3 If you continue to use the Service after the Privacy Policy revision, it shall be deemed that you have accepted the revised Privacy Policy. If you disagree with the revised content, please stop using the Service.
10.1 Please do not disclose sensitive personal information such as your property account numbers, bank card numbers, credit card numbers, passwords, ID card numbers, etc., in voice or text interactions with AI. Any losses resulting from this shall be borne by you.
10.2 Please properly keep your account and password secure, and do not share your account information with others or share accounts with others. The Operator is not responsible for personal information leakage caused by your intentional disclosure or sharing of accounts with others.
10.3 If you discover that personal information may have been leaked, please contact the Operator promptly to take measures.
11.1 The formulation, interpretation, execution, and dispute resolution of this Privacy Policy shall be governed by the laws of the People's Republic of China (excluding the laws of Hong Kong, Macau, and Taiwan for the purposes of this Privacy Policy).
11.2 If any provision of this Privacy Policy conflicts with the current laws and regulations of the People's Republic of China, the provisions of laws and regulations shall prevail, and the remaining provisions shall remain valid.