Legal

Privacy Policy

How we collect, use, store, and protect your information.

Last updated: May 2026 (pending legal final review)

This Privacy Policy applies to the "Tingchao" product and related services operated by Mere Fusion ("we", "us", "our"), including the marketing site merefusion.com and the console at app.merefusion.com (collectively, the "Service"). For clarity, the following terms apply throughout this Policy: · "Customer": a business, organization, or sole proprietor that has entered into a service agreement with us and uses the Service. · "Authorized Account": a third-party platform account (e.g. content publishing, e-commerce, or social platforms) that the Customer provides and authorizes the Service to operate on its behalf. · "End User": a natural person who interacts with the Customer through an Authorized Account — for example, commenters, message recipients, followers, or consumers. The Service is designed for business use and is not offered for direct consumer registration. We assume layered responsibilities for different subjects: we act as a personal information controller for Customers, and as a processor acting on the Customer's instructions for End User information, where the Customer remains the independent controller and bears primary statutory responsibility.

We process the following information only to the extent necessary to operate the Service, improve experience, ensure security, or fulfill legal obligations: (a) Customer account information: name, mobile number, email, company name, unified social credit code, and payment-related information provided at registration. (b) Authorized Account information: third-party platform login credentials provided by the Customer or obtained under the Customer's authorization. This is sensitive personal information; it is stored encrypted, used only to perform tasks expressly assigned by the Customer, and invalidated upon withdrawal of authorization. (c) Operational data: task configurations, draft materials, published content, interaction messages, action records, and runtime logs generated by the Customer while using the Service. (d) End User information: third-party information unavoidably encountered during sessions under an Authorized Account — for example, an End User's display name, avatar, comment or private message content, order and shipping details. (e) Website browsing information: IP address, browser type, visit time, referring page, and necessary cookies automatically generated when you browse this site. We do not actively collect personal information unrelated to the Service. Where we need to process sensitive personal information beyond the above (such as ID documents, biometrics, financial accounts, or minors' information), we will obtain your separate consent in advance.

We process the above information only for the following purposes: · To deliver the features and services the Customer has subscribed to and to complete the operational tasks the Customer configures; · To maintain service availability, perform capacity planning, and diagnose faults; · Anomaly detection, risk control, and compliance auditing of the Service; · Product improvement and statistical analysis on de-identified or anonymized data. We commit that, without the Customer's written consent, we will not use Authorized Account information, operational data, or End User information to train general-purpose large language models, nor for purposes beyond the scope of the Customer's authorization. Automated decision-making: the Service includes capabilities that automatically generate response copy, interaction suggestions, or audience selection results through algorithms and models. The Customer, as the party ultimately responsible for business decisions, may enable human review for key actions such as outbound messaging, paid promotion, or bulk outreach. For automated decisions that materially affect End Users, the Customer should provide explanations and opt-out mechanisms as required by law.

We do not sell or rent your personal information, nor share it with unrelated third parties. Information may be shared or processed by others only in the following situations: (a) With your or the Customer's prior consent; (b) With sub-processors engaged to deliver essential service functions — for example, cloud services, object storage, SMS verification, payment gateways, customer support and ticketing systems, error monitoring, and log services. We sign data processing agreements with sub-processors that bind them to security and confidentiality obligations and prohibit processing beyond our instructions; (c) In the event of a merger, acquisition, or asset transfer, we will notify you and require the successor to honor protections no less protective than this Policy; (d) In response to lawful requests by competent authorities, regulators, or judicial bodies; (e) Where necessary to protect the lawful rights, life, or property of us, our Customers, End Users, or the public. We will publish the principal scope of sub-processors on the console or in service documentation on an ongoing basis, and give Customers reasonable advance notice before engaging new sub-processors.

All third-party platform data handled through the Service is based on the Customer's lawful rights to its own accounts and used within the scope of the Customer's written authorization. We require — and assume — that the Customer represents and warrants the following: · The Customer holds lawful operating rights or management authorization for each Authorized Account; · The Customer's use of the Service complies with the target platform's terms of service, developer agreements, and content compliance requirements; · The Customer will not use the Service for traffic fraud, fake engagement, promotion abuse, gray- or black-market activities, harassment marketing, misleading promotion, or infringement of others' lawful rights; · The Customer will not use the Service to fabricate identities, impersonate others, or engage in account trading or other activities that violate platform rules or applicable laws. If we discover any such violation, we may suspend or terminate service to the relevant account under the service agreement, and reserve the right to cooperate with platforms, regulators, or rights holders in their investigations.

Storage location: except for Customers who opt for private deployment, Customer data and operational data generated by the Service are stored on cloud nodes located within mainland China. We do not currently transfer information outside of China on our own initiative. Retention periods: · Authorized Account credentials: stored encrypted only during the validity of Customer authorization; deleted or anonymized within 7 days of authorization withdrawal or termination of service; · Operational data and logs: retained by default for 90 days for traceability and dispute resolution; Customers may configure shorter or longer retention within applicable compliance limits; · Customer account and contract information: kept for the duration of the contract and the minimum period required by applicable law. Cross-border transfers: if cross-border transfer of personal information becomes necessary in the future, we will obtain your separate consent in advance and complete the assessments, contract filings, or certifications required under the Personal Information Protection Law and the Measures on Security Assessment for Cross-border Data Transfers.

We implement security measures commensurate with the sensitivity of the data: · Encryption in transit: end-to-end TLS 1.2 or above; · Encryption at rest: sensitive fields such as Authorized Account credentials and private message content are encrypted at the application layer, with keys and ciphertext stored separately; · Access control: tiered authorization on a least-privilege basis, dual-control review, and audit logging of key operations; · Network isolation: physical separation of production and test environments; critical systems are accessible only via bastion hosts; · Security testing: regular penetration testing, dependency vulnerability scanning, and adversarial exercises; · Security awareness: employees sign confidentiality agreements and receive periodic training. In the unfortunate event of a personal information security incident, we will activate our incident response plan and, after assessing impact, promptly notify affected parties and regulators of the nature of the incident, possible impact, measures taken or to be taken, and self-help recommendations.

Under the Personal Information Protection Law and other applicable laws, you have the following rights: · Right to be informed and to decide: to understand how we process your information and to restrict or refuse processing activities; · Right of access and portability: to obtain a copy of the personal information we hold about you; · Right to rectify and supplement: to request correction of inaccurate or incomplete information; · Right to erasure: to request deletion of your personal information where statutory conditions are met; · Right to withdraw consent: to withdraw consent previously given, without affecting the lawfulness of processing prior to withdrawal; · Right to deregister: a Customer's member accounts may be deregistered by its administrator; for enterprise account deregistration, please contact your account manager. For End Users who interact with a Customer through an Authorized Account, we recommend exercising your rights directly with the relevant Customer. If you cannot reach the Customer (for example, if the Customer has ceased operations), you may contact us via the channels at the end of this Policy and we will help relay or process your request. We will respond to rights requests within 15 working days. Where we cannot satisfy a request, we will explain the reason.

The Service is intended for business users and is not directed at minors under the age of 14. If a Customer processes personal information of minors while using the Service, the Customer must obtain consent from the minor's guardian and establish dedicated handling rules. If we discover that we have collected personal information of a minor without the guardian's consent, we will delete the data as soon as possible. Guardians who become aware of such situations may contact us via the channels at the end of this Policy.

We may revise this Policy from time to time in response to changes in laws, regulatory requirements, or business needs. Revised versions will be published on this page with the latest update date. For material changes (such as new processing purposes, expanded sharing, or changes to cross-border transfer arrangements), we will provide advance notice via console announcement, email, or in-product notice, and re-obtain your consent where applicable. Continued use of the Service constitutes acceptance of the updated Policy; if you do not agree, you may stop using the Service and contact us to handle related data.

For any questions, suggestions, or complaints about this Policy, or to exercise your personal information rights, please contact us: · Email: contact@merefusion.cn · Company: Mere Fusion If you believe our handling of personal information has harmed your lawful rights and our communication has not resolved the matter, you also have the right to lodge a complaint with the competent authorities such as the cyberspace administration or market regulator.