Sinexcel takes the protection of your personal data very seriously and strictly complies with the applicable data protection laws and regulations, in particular with the provisions of the General Data Protection Regulation(GDPR). Please find below information on how we collect and use your personal data when you use our website or are in direct contact with our staff. You may access this policy at any time on our website.

When you visit our website for the first time, if you agree to our use of cookies in accordance with the terms of this policy, it means that you are allowed to use cookies every time you visit our website thereafter.

Information we collect

• Information about your computer, including your IP address, geographic location, browser type and version, and operating system;
• Information about your visit and use of this website, including traffic sources, access time, page views and website navigation paths;
• The information filled in when registering on our websites, such as your name, region, and email address;
• The information you fill out when you subscribe to our email and/ or news information, such as your name and email address;
• The information you fill out when using the services on our website;
• Information that you post on our website and intend to post on the Internet, including your user name, profile picture, and content；
• Information generated when you use our website, including browsing time, frequency and environment;
• The information you include when you communicate with us via email or our website, including the communication content and metadata;
• Any other personal information you send to us.

Before disclosing the personal information of others to us, you must obtain intermission of the disclosed party in accordance with this policy in order to disclose and use the personal information of the others.

How we collect information

In addition to the ways described in the ‘Information we collect’ section, Sinexcel may collect personal data from a variety of sources that generally fall into these categories:

• Publicly available data / Data from third parties: Data from automated interactions on non-Sinexcel websites, or other data you may have made publicly available, such as social media posts, or data provided by third-party sources, such as marketing opt-in lists or data aggregate.
• Automated interactions: From the use of technologies such as electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools.
• Electronic communications protocols: Sinexcel may automatically receive information from you as part of the communication connection itself,which consists of network routing information (where you came from), equipment information (browser type or device type), your IP address (which may identify your general geographic location or company) and date and time.
• Electronic communications protocols: Sinexcel may automatically receive information from you as part of the communication connection itself,which consists of network routing information (where you came from), equipment information (browser type or device type), your IP address (which may identify your general geographic location or company) and date and time.
• Google and other third-party analysis tools. We use a tool called "Google Analytic" to collect information about the use of our website services (for example, Google Analytic collects information about how often users visit a website, the pages they visit when they visit the website,and other websites they used before visiting the website) . Google Analytically collects the IP address assigned to you on the day of access to the website service, not your name or other identifying information. The information collected through Google Analytic will not be combined with your personal information. You can learn more about how Google Analytic collects and processes data and opt-out options by visiting http://www.google.com/policies/privacy/partners/. We also use other third-party analysis tools to collect similar information about the use of certain online-services.
• Like many companies, Sinexcel uses “cookies” and other similar tracking technology (collectively "Cookies"). Sinexcel's server will query your browser to see if there are Cookies previously set by our electronic information Channels.

Cookies：

• A cookie is a small text file which is placed on your device. Cookies help to analyze web traffic and allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Certain cookies may contain Personal Data – for example, if you click “Remember me” when logging in, a cookie may store your user name.

Cookies may collect information, including a unique identifier, user preferences, profile information, membership information and general usage and volume statistical information. Cookies may also be used to collect individualized website use data, provide electronic Information Channel penalization or conduct and measure the effectiveness of advertising in accordance with this Notice.

What do we use cookies for?

• We use first-party and third-party cookies for several reasons.Some cookies are required for technical reasons in order for our Information Channels to operate, and we refer to these as "essential" or"strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our  Information Channels. Third parties serve cookies through our Information Channels  for advertising, analytic and other purposes.
• We may place cookies or similar files on your device for security purposes, to tell us whether you have visited the Information Channels  before, to remember your language preferences, to determine if you are new visitor or to otherwise facilitate site navigation, and to personalize your experience on our Information Channels. Cookies allow us to collect technical and navigational information, such as browser type, time spent on our Information channels and pages visited. Cookies also allow us to select which of our advertisements or offers are most likely to appeal to you and display them to you. Cookies may enhance your online experience by saving your preferences while you are visiting a website.

How can you manage your cookies?

• You can choose to accept or decline cookies. Most web browsers  automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you would prefer not to accept cookies,most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it;(ii) to disable existing cookies; or (iii) to set your browser to automatically reject any cookies. However, please be aware that if you disable or reject cookies, some features and services may not work properly because we may not be able to recognize and associate you with your Sinexcel Account(s). In addition,the offers we provide when you visit us may not be as relevant to you or  tailored to your interests.

How We use Your Personal Data

• We may use the information we collect in the course of providing services to you for the following purposes: to provide services to you;
• To provide services for identification, customer service,security, fraud monitoring, archiving and Backup purposes to ensure the security of the products and services we provide to you; 
• Help us design new services and improve our existing services
• Evaluate our services to provide you with more relevant ads in place of general delivery advertising; the effectiveness and improvement of  advertising and other promotions and promotional activities;
• software certification or management software upgrades; allowing you to participate in surveys about our products and services. In order to allow you to have a better experience, improve our services or other uses that  you agree with, in accordance with relevant laws and regulations, we may use the information collected through a service to aggregate information or  personalize
• For our other services. For example, the information collected when you use one of our services may be used to provide you with specific content in another service or to show you non-generalized information about you. You can also authorize us to use the information provided and stored by  the service for our other services if we provide the corresponding option in the relevant service. How you access and control your personal information We will do everything possible to take appropriate technical measures to ensure  that you can access, update and correct your registration information or other  personal information provided when using our services. When accessing,updating, correcting, and deleting the information, we may ask you to verify your identity to protect your account.

How we collect information

We do not share your personal information with any third parties that is outside Sinexcel Electric Co., Ltd. unless one of the following circumstances applies:

• With our service partners: Our service partners may provide services for us. We need to share your registered personal information with them in order to provide you services. In the case of unique applications, we need to share your personal information to the software developers/ account  manager in order to set up your account.
• With our associated enterprises and affiliates:We may provide  your personal information to our associated enterprises and affiliates, or other trusted businesses or persons to process or store your information for us.
• With third-party advertising partners. We share limited personal information with third parties that provide online advertising services so that they can display our ads to individuals who may be considered most relevant. We share this information to satisfy our legitimate rights and interests to effectively promote our products.
• For legal reasons
• We will share your personal information with companies, organizations or individuals outside Sinexcel Electric Co., Ltd. if we have a belief in good faith that access,use, preservation or disclosure of your information is reasonably necessary to:

meet any applicable laws, regulations, legal processes or  enforceable governmental requirements;
enforce our services, including investigation of potential  violations;
detect, prevent possible fraud, infringement of security or technical issues;

protect against harm to our rights, property or data security,or other user’s/public safety.

Advertising technologies and networks

• Sinexcel uses third parties such as Google, Facebook, LinkedIn and Twitter and other programmatic advertising platforms to administer Sinexcel  advertisements on third-party electronic channels. Personal data, such as user  community or implied or inferred interests, may be used in the selection of  advertising to make sure that it has relevance to the user. Some ads may  contain embedded pixels that may write and read cookies or return session connection information that allows advertisers to better determine how many  individual users have interacted with the ad.
• Sinexcel may also use advertising technologies and participate in  advertising technology networks that collect usage information from Sinexcel and  non-Sinexcel websites, as well as from other sources, to show you Sinexcel-related  advertisements on Sinexcel’s own and third-party websites. These advertisements  may be tailored to your perceived interests using re-targeting and behavioral advertising technologies. Any retarded or behavioral advertisements served to your browser will contain information on or near it that informs you about the   advertising technology partner and how to opt-out of viewing such advertisements. Opting-out does not mean that you will stop receiving ads from Sinexcel. It means that you still stop receiving ads from Sinexcel that have been targeted to you based on your visits and browsing activity across websites over time.
• Cookie-based tools that allow you to opt-out of Interest-Based  Advertising prevent Sinexcel and other participating advertising technology companies from serving interest-related ads to you on behalf of Sinexcel. They will only work on the internet browser on which they are deposited, and they will function only if your browser is set to accept third-party cookies. These   cookie-based opt-out tools may not be as reliable where (e.g., certain mobile  devices and operating systems) cookies are sometimes automatically disabled or removed. If you delete cookies, change browsers, computers or use another operating system, you will need to opt-out again.

Legal basis for processing personal data

• Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
• We will normally collect Personal Data from you only (i) where we have your consent to do so (ii) where we need the Personal Data to perform a contract with you, or (iii) where the processing is in our legitimate interests and not over ridden by your data protection interests or fundamental rights and  freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
• If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

Limitation of liability for external links

• This Privacy Notice does not address, and we are not responsible  for, the privacy, information or other practices of any third parties,including any third party operating any website or service to which the Sinexcel Pages link. The inclusion of a link on the Sinexcel Pages does not imply endorsement of the linked site or service by us or by our affiliates or subsidiaries.
• In addition, we are not responsible for the information   collection, use, disclosure or security policies or practices of other  organizations, such as Facebook, Apple, Google, or any other app developer, app-provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal  Data you disclose to other organizations through or in connection with the Sinexcel Pages. These other organizations may have their own privacy notices, statements or policies. We strongly suggest that you review them to understand how your   Personal Data may be processed by those other organizations.

How do we secure your personal data?

• We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. The measures we use a redesigned to provide a level of security appropriate to the risk of processing   your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

How long will personal data be kept?

• Sinexcel will retain your Personal Data for as long as needed to  provide you products or services; as needed for the purposes outlined in this notice or at the time of collection; as necessary to comply with our legal   obligations (e.g., to honor opt-outs), resolve disputes and enforce our   agreements; or to the extent permitted by law.
• At the end of the retention period or when we have no ongoing   legitimate business need to process your Personal Data, Sinexcel will delete or   anonymity your Personal Data in a manner designed to ensure that it cannot be   reconstructed or read. If this is not possible, then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

Your rights

• You may at any time request information about the data which we hold about you as well as about their origin, recipients or categories of recipients to which such data is forwarded and about the retention purpose.
• You may request an immediate correction of incorrect personal    data related to you or a restriction of processing. Taking into account the   processing purposes, you are also entitled to request a completion of incomplete personal data - also by means of a supplementary declaration.
• You are entitled to receive the respective personal data   provided to us in a structured, common and machine-readable format and you are-entitled to transmit such data to other data controllers without restriction if the processing was based on your consent or if the data was processed by means of automated procedures.
• You may request that personal data about you is immediately-erased. We are, inter alia, obliged to erase such data if it is no longer required for the purpose for which it was collected or otherwise processed or if you withdraw your consent.
• You may withdraw your consent to the use of your data at anytime.
• You have the right to object to the process.

Updates to our Data Protection and Privacy Notice

• This Notice and other policies may be updated periodically and without prior notice to you, and any changes will be effective immediately upon the posting of the revised Notice on the Information Channels.
• However, we will use your Personal Data in a manner consistent with the Notice in effect at the time you submitted the Personal Data, unless you consent to the new or revised Notice. We will post a prominent notice on the Information Channels to notify you of any significant changes and indelicate the top of the Notice when it was most recently updated.

We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.

If you have any questions or comments about this Notice, concerns about our processing of your Personal Data or any other question related to data protection and privacy please contact us by emailing sales@sinexcel.com.

---

1. Vulnerability Disclosure Policy

Shenzhen Sinexcel Electric Co., Ltd (hereinafter referred to as "We" or "Sinexcel"), as a manufacturer of the products, attaches great importance to the security of its own products and business, and recognizes the importance of privacy and data security. The handling of each security vulnerability and the improvement of business security cannot be separated from the joint cooperation of all parties. If you discover or believe that you have discovered a potential security vulnerability in your use of our products, we encourage you to disclose your discovery to us as soon as possible in accordance with this Vulnerability Disclosure Policy. We promise that we have dedicated personnel to follow up, analyze and deal with the problems reported by each reporter, and will reply in time.

2. Vulnerability feedback and processing process

2.1 Vulnerability feedback

At Sinexcel, we prioritize the security experience of each user. If you encounter any potential security vulnerabilities or issues while using our products, we encourage you to report them to us immediately. Your active participation is a crucial element in helping us enhance product security.

Reporting Steps:

1.      Identify the issue: Please provide a detailed description of the security problem or vulnerability you have identified, including the product model where the issue occurred and specific circumstances.

2.      Collect information: If possible, please provide steps to reproduce the issue, the scope of its impact, and any relevant screenshots or logs.

3.      Submit the report: Please send an email to solutions@sinexcel.us to report the issue to our product security team.

2.2 Vulnerability Treatment Process

Step 1: The reporter needs to provide detailed information about the vulnerability.

Step 2: Sinexcel checks and verifies the received vulnerability information and evaluates it.

Step 3: Fix the vulnerability and verify the repair of our products.

Step 4: Release a new version of the product for updates.

Step 5: Reply to reporter with processing results.

Step 6: Monitor the stability of the product after the update.

2.3 Vulnerability Review Phase

1.      The report will be confirmed within 3 working days upon receipt and an initial assessment will be conducted.

2.      Within 7 working days the assessment will be completed and the vulnerability will be fixed or a remediation plan developed.

2.4 Vulnerability Fix & Completion phase

1.      Critical vulnerabilities will be fixed within 3 working days after completion of assessment.

2.      High risk vulnerabilities will be fixed within 7 working days after completing the assessment.

3.      Medium risk vulnerabilities will be fixed within 30 working days after completing the assessment.

4.      Low-risk vulnerabilities will be fixed within 60 working days after completing the assessment.

Certain vulnerabilities are subject to environmental or hardware limitations, and the final repair time will be based on the actual situation.

A separate emergency security bulletin is issued for severe or significant impact vulnerabilities.

3. Vulnerability rating standards

According to the degree of harm of vulnerabilities, they are divided into four levels: extreme risk, high risk, medium risk and low risk. When we receive a vulnerability report, we take a series of steps to resolve it internally with reference to ISO/IEC 30111. All reported vulnerabilities are scored according to the Common Vulnerability Scoring System CVSS 3.1 criteria.

3.1 Extreme Vulnerabilities

1.      Remote direct access to system permissions (server permissions, client permissions, smart devices) vulnerabilities, including but not limited to arbitrary code execution, arbitrary command execution, uploading and utilizing WebShell Trojans.

2.      The core business system has logical design defects, including but not limited to any account password modification without any protection restrictions, any account login, etc.

3.      It directly leads to serious information leakage vulnerabilities in the online business system, including but not limited to SQL injection vulnerabilities in the core DB.

4.      Mobile terminal: Remote code execution vulnerability that can directly affect a large number of users without interaction.

5.      Device side: Remote access to device execution permissions (such as downloading other user data, remote access to devices, etc.) in the Internet environment, there is no interactive remote command execution vulnerability in the Internet environment.

3.2 High Risk vulnerability

1.      Vulnerabilities that directly lead to the leakage of sensitive information on online servers are including but not limited to core system source code leakage, server sensitive log file download, etc.

2.      The core business system can use the identity of others to perform all functions of the vulnerability, the core business system important or sensitive unauthorized operation vulnerability.

3.      Unauthorized access to the management platform and use of administrator functions, including but not limited to sensitive background administrator account login, the activity of the relevant platform, user base, functional importance, and user information sensitivity will be considered as high risk vulnerability rating criteria.

4.      High risk information leakage vulnerability. Including but not limited to sensitive data leakage that can be directly exploited, leakage vulnerabilities that can lead to a large amount of user identity information.

5.      SSRF vulnerabilities with echoes that can access the Sinexcel Intranet.

6.      Mobile terminal: Third-party applications use mobile client functions across applications to perform high-risk operations (such as file read and write, SMS read and write, and client data read and write), and high-risk sensitive information leakage.

7.      Device: obtains device execution permission (such as downloading other user data or remotely accessing devices) from the near source or LAN. There is no interactive remote command execution vulnerability in the near source or LAN.

8.      Device: Vulnerabilities that remotely cause permanent denial of service on devices are including but not limited to remote denial of service attacks on system devices (devices can no longer be used, completely permanently damaged, or the entire system needs to be rewritten), and attacks do not allow physical contact with devices, and attacks need to be quickly replicated in batches.

3.3 Medium Risk vulnerability

1.      Ordinary information leakage, including but not limited to mobile client plaintext storage password, containing server or database sensitive information source code compression package download, etc.

2.      The logical design defects existing in the system, such as defects in the temperature protection logic design, etc.

3.      SSRF vulnerability without echo.

4.      Vulnerabilities that require interaction to obtain user identity information, including but not limited to CSRF for sensitive operations, storage XSS, JSONP hijacking for sensitive information, etc.

5.      Remote denial-of-service vulnerability that can disable some functionality of an online application (need to be proven to affect other users).

6.      A vulnerability that causes a smart device to deny service. For example, a system device is subjected to a locally initiated permanent denial-of-service attack (the device can no longer be used: completely permanently damaged or the entire operating system needs to be rewritten ), a temporary denial-of-service attack vulnerability caused by remote attacks (remote suspension or restart), and the attack needs to be able to quickly replicate in batches.

7.      A vulnerability that allows ordinary business systems to use other people’s identities to perform all functional operations beyond their authority.

3.4 Low Risk vulnerability

1.      Vulnerabilities that can be exploited in phishing attacks, including but not limited to URL redirection vulnerabilities.

2.      Low-risk logic design flaws.

3.      Minor information leakage vulnerabilities, including but not limited to path leaks, git file leaks, and server side business log contents.

4.      Vulnerabilities that can be exploited for phishing or hacking, including but not limited to arbitrary URL adjustments and reflective XSS vulnerabilities.

5.      Mobile terminal: local denial of service (including but not limited to denial of service caused by non-third-party component permissions), minor information leakage (only affecting individual users), etc.

6.      A vulnerability that causes a device to temporarily deny service. This includes but is not limited to temporary denial-of-service attack vulnerabilities caused by local attacks (devices need to be restored to factory Settings).

3.5 Ignoring the problem

1.      Bug issues unrelated to security, including but not limited to slow opening of web pages, messy formats, etc.

2.      The submitted report is too simple and cannot be reproduced according to the content of the report, including but not limited to the vulnerabilities that cannot be reproduced even after repeated communication with the vulnerability auditor.

3.      Unexploitable or harmless reports, including but not limited to hoax CSRF (no real impact on users), local denial-of-service that cannot affect others, Self-XSS, PDF XSS, non-sensitive information leak (Intranet IP, domain name), mail bomb, etc.

4.      No practical source code leakage.

5.      The security problem in the non-Sinexcel module of the hardware product, or the defect of the hardware itself.

6.      Security issues that Sinexcel proactively discloses or have been disclosed externally.

7.      Security issues on Products, apps or WEB applications that are no longer maintained.

8.      Vulnerabilities that Sinexcel is able to self-validate internally known and have been fixed.

9.      Denial of service caused by permissions of third-party components.

Any information provided to Sinexcel about vulnerabilities in products, including all information in product vulnerability reports, the information you transfer will be owned and used by Sinexcel.

Sinexcel reserves the right to modify this policy at any time.