Country-specific privacy addendum for users and operations in China
Last updated: January 15, 2026
This addendum supplements the ZhiYin global privacy policy with requirements specific to China. Where this addendum conflicts with the global policy, this addendum takes precedence for users located in China.
Cyberspace Administration of China (CAC), Ministry of Public Security
Applicable legislation: Personal Information Protection Law (PIPL), Cybersecurity Law, Data Security Law
ZhiYin currently stores data in a single region outside mainland China. We obtain your separate consent for cross-border processing at signup, apply PIPL-aligned safeguards (minimal retention, encryption, access controls), and are evaluating the PIPL cross-border transfer mechanisms (CAC standard contract / security assessment) as we expand. PIPL localization duties apply to critical information infrastructure operators and large-volume processors.
Under PIPL, processors must immediately take remedial measures and notify the regulator and affected individuals when a breach occurs or is likely to have occurred.
ZhiYin aligns its incident-response process with these requirements and will notify the relevant regulatory authority and affected individuals within the timeframe required by applicable law.
Data retention must be the minimum period necessary. Deletion required when purpose is fulfilled or consent is withdrawn.
In addition to the rights outlined in our global privacy policy, users in China have the following specific rights under local law:
For privacy inquiries related to your region, please contact our Data Protection Officer.
Email: privacy@talentbridge.com