Effective Date: January 25, 2026
Last Updated Date: January 20, 2026
Dear Users:
OSTEP (hereinafter referred to as "this APP") is independently developed and operated by OSTEP TRADING L.L.C (D-U-N-S Number®: 55-743-6430, hereinafter referred to as "we"). We deeply understand the importance of personal data and privacy security to you, and will strictly comply with Google Play Store's Developer Distribution Agreement, Data Safety Disclosure Requirements, Apple App Store's App Store Review Guidelines and Developer Privacy Policy Guidelines, as well as international privacy laws and regulations such as the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of the United States. We process your personal information in accordance with the principles of legality, fairness, transparency, and minimality.
This policy aims to clearly inform you of how we collect, use, store, share, transfer, and protect your personal data, as well as the rights you have regarding your data and how to exercise them. Please carefully read and fully understand this policy before using this APP. If you need to use functions involving data collection, it will be deemed that you agree to our processing of your relevant information in accordance with this policy. If you are a minor under the age of 14, you must read this policy accompanied by your parents or other guardians and obtain their explicit consent before using this APP.
I. How We Collect and Use Your Personal Data
We only collect the minimum scope of data necessary to achieve the purposes based on the core functions of this APP and the goal of optimizing service experience, and will not arbitrarily expand the scope of collection. Collection methods include information actively submitted by you, data automatically generated when using services, and data obtained from legitimate third parties (if any).
1.1 Collection of Data Necessary for Core Functions
To ensure the normal operation and realization of core functions of this APP, we will collect the following data. If you refuse to provide such data, the corresponding functions may not be available, but basic browsing functions will not be affected:
1. Device and Account Identifiers: When you install and launch this APP, we will automatically collect your device model, operating system version, unique device identifiers (such as Android Advertising ID, iOS IDFA, hereinafter referred to as "Advertising ID"), APP version number, and APP settings ID. Such data is used for device compatibility testing, crash troubleshooting, prevention of malicious behavior and fraud, and ensuring service stability. Among them, the Advertising ID can be reset or its collection can be turned off in your device settings (Android: Settings - Privacy - Ads; iOS: Settings - Privacy & Security - Tracking). Turning it off will not affect the use of core functions of this APP.
2. Network and Device Status Information: Automatically collect diagnostic information such as IP address, network type (Wi-Fi/cellular network), signal strength, battery level, and device operating status. The IP address is only used to estimate the approximate geographical location of the device (not precise positioning) and optimize network connection. Diagnostic information is used to analyze APP operation performance, optimize loading speed and energy consumption.
3. Information Actively Submitted by Users: If you use functions such as account login, personalized settings, and feedback submission, you need to actively submit information such as mobile phone number, email address, username, and avatar. Such information is only used for account verification, identity recognition, personalized function configuration, and responding to your inquiries and feedback.
1.2 Collection of Data for Experience Optimization and Personalized Services (Optional)
To provide you with more tailored services, we may collect the following data. You can turn off relevant functions in the APP settings at any time to stop data collection:
1. Usage Behavior Data: When you use the browsing, searching, and interaction functions of this APP, we will collect your operation records (such as clicks, swipes, stay duration), content browsing history, and search keywords. Such data is used for personalized recommendations, optimizing function layout, and content distribution strategies. You can turn off this function through [My - Settings - Privacy - Personalized Recommendations]. After turning it off, general content will be displayed.
2. Location Information (if applicable): If this APP provides location-based services (such as local service recommendations), it will obtain approximate location information through device GPS or network positioning after obtaining your explicit authorization. You can revoke the authorization at any time in device settings or APP permission management. After revocation, the corresponding location service functions will not be available.
1.3 Data Collection by Third-Party SDKs
This APP may integrate third-party SDKs to implement specific functions. Third-party SDKs will process your data in accordance with their own privacy policies and our authorization, and we will supervise and control the data processing behavior of SDKs. The main integrated SDKs and their data processing details are as follows:
1. Google Mobile Ads (GMA) SDK: Used to provide advertising services. It may collect device identifiers, IP addresses, and user interaction behavior data. Data transmission adopts TLS encryption protocol. For specific rules, please refer to Google's Privacy Policy (https://policies.google.com/privacy).
2. Google Analytics / Apple App Tracking Transparency (ATT) SDK: Used to count service usage and optimize function experience. It collects anonymized usage behavior and device information. The data is only used for our business analysis and does not identify individuals independently.
II. Data Storage and Protection
2.1 Data Storage
We will store your collected personal data on servers that meet security standards. The storage location will be reasonably selected based on your region and data type (compliant domestic/foreign servers). The data storage period strictly follows the "minimum necessary" principle and is only retained for the period required to achieve the collection purpose: core function data (such as device identifiers, diagnostic information) is retained for 6 months after you uninstall this APP; account information is retained for 30 days after you actively cancel your account (except when laws and regulations require an extended storage period); usage behavior data is retained for 1 month after you turn off personalized functions or 3 months after you uninstall the APP.
After the storage period expires, we will thoroughly process your data through anonymization, deletion, and other methods to ensure that personal identity can no longer be identified.
2.2 Data Security Protection Measures
We adopt industry-mature security technologies and management measures to ensure your data security:
1. Transmission Security: All data is encrypted using TLS (Transport Layer Security) protocol during transmission to prevent data interception, tampering, or leakage.
2. Storage Security: User data is stored in an encrypted manner, accessible only to authorized personnel. Access permissions are managed hierarchically, and a complete access log audit mechanism is established.
3. Technical Protection: Deploy firewalls, intrusion detection systems, data desensitization, and other technologies. Conduct regular security vulnerability scans and penetration tests to promptly fix potential risks.
4. Management Specifications: Establish data security management systems, conduct privacy protection training and assessments for employees, clarify data processing responsibilities, and prevent internal leakage.
In the event of a data breach, damage, loss, or other security incidents, we will immediately activate an emergency plan, take remedial measures, and notify you through APP pop-ups, emails, text messages, etc., within 72 hours (if required by laws and regulations), informing you of the incident details and response measures.
III. Data Sharing, Transfer, and Public Disclosure
We promise not to actively share or transfer your personal data to any third party unless the following circumstances are met:
1. Obtaining your explicit consent: Before sharing, we will inform you of the third party's name, data type, and purpose through pop-ups, written forms, etc., and conduct sharing only after you confirm your consent.
2. Necessary sharing for third-party services: Only share necessary data with entrusted third-party service providers (such as server hosting, payment, customer service tools) to realize the functions of this APP. We will sign a data processing agreement with the third party, clarifying the scope of data processing and security responsibilities, and prohibiting the third party from unauthorized use or secondary sharing of data.
3. Legal and regulatory requirements: Disclose relevant data when necessary to comply with applicable laws and regulations, judicial judgments, arbitral awards, or mandatory requirements of administrative authorities.
4. Corporate merger, acquisition scenarios: In the event of corporate merger, division, acquisition, asset transfer, or other scenarios, your personal data will be transferred as part of the assets. We will notify you in advance through in-APP notifications, and the transferee will continue to fulfill the protection obligations stipulated in this privacy policy after the transfer.
We will not publicly disclose your personal data unless we obtain your explicit consent or as required by laws and regulations. Before disclosure, we will take anonymization measures to ensure that personal identity cannot be identified.
IV. Your Rights to Personal Data
We guarantee your legitimate rights to your personal data, including the right to know, access, correction, deletion, restriction of processing, etc. You can exercise these rights in the following ways:
1. Access and Correction: You can view and modify the account information you actively submitted (such as username, avatar, contact information) through [My - Personal Center] in this APP.
2. Deletion and Cancellation: You can contact us to apply for the deletion of specific personal data, or actively cancel your account through [My - Settings - Account Security - Cancel Account]. After account cancellation, we will completely delete all your account data within 30 days (except when laws and regulations require retention), and the account cannot be recovered after cancellation.
3. Right to Data Portability: You can apply to us for a copy of your personal data (in a universally readable format), and we will respond and provide it within 15 working days.
4. Restriction of Processing and Objection: You can restrict data processing by turning off personalized recommendations, revoking location permissions, etc., and you can also object to the use of your data for marketing purposes. We will immediately stop the relevant processing behavior.
5. Withdrawal of Consent: You can withdraw your consent to data collection at any time through device settings or APP permission management. The withdrawal of consent will not affect the legality of data processing conducted based on your previous consent.
V. Protection of Minors' Data
We attach special importance to the privacy protection of minors. If you are a minor under the age of 14, you must use this APP accompanied by your parents or other guardians and obtain their explicit consent before submitting personal information.
If a guardian finds that a minor has submitted personal information without authorization, they can contact us to apply for the deletion of relevant data. We will verify and process it in a timely manner and take measures to prevent re-collection.
VI. Updates to This Privacy Policy
We may revise this privacy policy in response to updates to laws and regulations, iterations of this APP's functions, or adjustments to data processing methods. After revision, we will notify you in a prominent location within this APP (such as pop-ups, homepage announcements). If the revised content involves your core rights, we will explicitly seek your consent in the notification, and the revised terms will not apply until you give your consent.
You can view the latest version of this privacy policy at any time through [My - Settings - About - Privacy Policy] in this APP. Continuing to use this APP will be deemed as your acceptance of the revised policy.
VII. How to Contact Us
If you have any questions about this privacy policy, need to exercise your data rights, or make complaints or feedback on privacy-related issues, you can contact us through the following methods:
1. Contact Email: ostep@ostep.com
2. Contact Phone: +97143991508
3. Contact Address: Shop No. G22, Al Anood Center, Al Musalla Road, Deira, P.O. Box Number: 62461, Dubai, United Arab Emirates
We will verify and respond to your request within 15 working days. Complex issues will be processed and the results will be fed back within 30 working days.
OSTEP TRADING L.L.C
January 25, 2026
