Privacy Policy

Effective Date: February 27, 2026

Due to the characteristics of anaphylactoid purpura, which include high recurrence, complex triggers, and significant individual differences, this application provides health data management, intelligent analysis, patient communication, and medication reminders. "Purpura Elf" (hereinafter "this App") is a digital health management application designed specifically for patients with anaphylactoid purpura, aiming to help patients and their families achieve more systematic and scientific long-term disease recording and management.

To respect and protect the personal privacy of all users using the service and to provide you with more precise and personalized services, this App will use and disclose your personal information in accordance with the provisions of this Privacy Policy. Except as otherwise provided in this Privacy Policy, this App will not disclose this information to the public or to third parties without your prior permission.

This policy will help you understand the following:

• I. How We Collect and Use Your Personal Information
• II. Disclosure and Sharing of Information
• III. How We Retain, Store, and Protect Your Personal Information Security
• IV. How to Manage Your Personal Information
• V. Auto-Start and Associated Start Instructions
• VI. How We Use Cookies and Similar Technologies
• VII. Protection of Minors
• VIII. How to Contact Us

I. How We Collect and Use Your Personal Information

We collect your personal information primarily to make it easier and more satisfactory for you and other users to use our product and services. This personal information helps us achieve this goal. We may collect your information in the following situations:

1. Information You Actively Provide

• Account Information (Nickname, phone number, password)
• Basic User Profile Information (Age, gender, region, occupation, anaphylactoid purpura type such as cutaneous anaphylactoid purpura, time of first onset)
• Health Record Data (e.g., routine urine test values, routine blood test data, body temperature, diet records, symptom descriptions)
• Images you upload (e.g., medical reports, photos of petechiae/purpura spots)
• Content and comments you post in the "Square" community

2. Information Collected to Implement Core Functions

• Device Information (Device model, OS version)
• App Usage Logs (Used to optimize product functions)
• Notification Permissions (Used for medication and health reminders)

3. Purpose of Information Use

We collect the above information solely for:

• Providing health records and data visualization functions
• Generating data-based trend analysis (AI-assisted analysis)
• Providing medication and behavior reminders
• Optimizing product experience and technical support

II. Disclosure and Sharing of Information

We will not sell your personal information to any third party.

We may disclose your information under the following circumstances:

• With your explicit authorization or consent
• To comply with legal regulations or judicial organ requirements
• To protect the legitimate rights and interests of you or others

If third-party technical services (e.g., cloud storage, push notifications) are involved, we will sign data protection agreements with them and require them to protect your information legally.

III. How We Retain, Store, and Protect Your Personal Information Security

(a) We retain your personal information only for the period necessary to achieve the purposes stated in this policy and within the limits required by laws, regulations, and regulatory requirements. If we terminate operations or services, we will promptly stop collecting your personal information, notify you in advance in accordance with relevant laws and regulations, and delete or anonymize your personal information after termination, unless otherwise provided by law or regulatory authorities.

(b) The personal information we collect and generate during our operations in the People's Republic of China is stored within China, except in the following cases:

• When explicitly required by law or regulations;
• When your authorization and consent are obtained.

(c) We attach great importance to personal information and take the following measures to protect it:

1. Data Security Technical Measures: We employ security protection measures that meet industry standards, including establishing reasonable institutional norms and security technologies to prevent unauthorized access, use, or modification of your personal information, and to avoid data damage or loss. Network services utilize multiple encryption technologies. For example, we use HTTPS for transmission and store users' sensitive data in databases using one-way irreversible HMAC-SHA256 hash encryption.
2. The Internet is not an absolutely secure environment, and the form of communication with other users (such as email, instant messaging, social software, etc.) cannot be guaranteed to be fully encrypted. We recommend that you use complex passwords and pay attention to protecting your personal information.
3. We will do our best to ensure or guarantee the security of any personal information you send to us. If our physical, technical, or administrative protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of personal information, thereby damaging your legitimate rights and interests, we will bear corresponding legal liabilities.

(d) Handling of Security Incidents: In the unfortunate event of a personal information security incident, we will promptly inform you according to legal and regulatory requirements of: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to independently prevent and mitigate risks, and remedial measures for you. We will notify you via email, letter, SMS, phone call, or push notification. If it is difficult to inform individual subjects, we will take effective methods to issue a public announcement. Meanwhile, we will proactively report the handling of personal information security incidents to regulatory authorities as required.

IV. How to Manage Your Personal Information

We encourage you to update and modify your personal information to ensure its accuracy and validity. Please understand that your decision to correct, delete, withdraw authorization, or stop using this product does not affect personal information processing previously conducted based on your authorization. Unless otherwise stipulated by law, when you correct or delete your personal information or apply to cancel your account, we may not immediately delete or correct the corresponding information from the backup system but will do so when the backup is updated.

You can manage your personal information in the following ways:

1. View and modify your personal information
2. Cancel your account
3. Withdraw certain permissions (e.g., notification permissions)

We will be unable to respond to your request in the following situations:

1. Related to our fulfillment of obligations stipulated by law and regulations;
2. Directly related to national security or national defense security;
3. Directly related to public security, public health, or major public interests;
4. Directly related to criminal investigations, prosecutions, trials, and executions of judgments;
5. We have sufficient evidence to show that you have subjective malice or abuse of rights;
6. Out of the need to protect the life, property, and other major legitimate rights and interests of you or other individuals, but it is difficult to obtain your consent;
7. Responding to your request will result in serious damage to the legitimate rights and interests of you, other individuals, or organizations;
8. Involving trade secrets.

V. Auto-Start and Associated Start Instructions

To ensure the normal operation of the message reminder function, this App may, with your authorization, run in the background to send health reminder notifications.

We will not implement forced auto-start or associated start of other applications without authorization.

You can turn off related permissions at any time in your device settings.

VI. How We Use Cookies and Similar Technologies

To optimize user experience, we may use Cookies or similar technologies to:

1. Record login status
2. Analyze app usage
3. Optimize page loading efficiency

You can manage or clear Cookies in your device or browser settings.

VII. Protection of Minors

Given that many patients with anaphylactoid purpura are minors, this App attaches special importance to protecting minors' information. Users under the age of 18 should use this App with the consent and guidance of their guardians. If you are a guardian, you have the right to manage or delete the minor's information. We will not proactively collect minors' information irrelevant to health management. If we discover that minors' information has been collected without the guardian's consent, we will delete the relevant data as soon as possible. We protect minors' personal information in accordance with national laws and regulations.

VIII. How to Contact Us

We will protect your personal information in accordance with this policy. If you have any complaints or reports regarding personal information security, or any questions, comments, or suggestions regarding personal information matters in this policy or this product's privacy measures, please contact us at: junxibao2007@gmail.com. Generally, we will reply within fifteen days of receiving your questions, comments, or suggestions.