top of page

Privacy Policy

I. Notice clause

Company has always placed a particularly high priority on data protection. We will need to process your personal data when you use our service. We have prepared this policy to inform the users about the nature, scope, and purposes of our collection, use, and processing of personal data. This policy also informs data subjects of their rights. As the data controller, Gongniu has established a range of technical and organizational measures to ensure that personal data processed is protected as comprehensively as possible. As such, data subjects also have the option to send their personal data to us using other means (e.g., by e-mail).

The privacy policy can be revised and updated in time, and it will be notified in the app in time.



Ⅱ.The data we collect

We collect personal data for a variety of purposes, including maintaining efficient business operations and providing you with the best product experience. At Gongniu, we collect the data you provide, data about your interaction with Gongniu, and data regarding product usage. Users provide data directly, such as when they create an Gongniu account. Other types of data are collected through the interaction process with our products, your use of and experience with our products, and related communications.

We also obtain data from third parties. We protect any data obtained from third parties in accordance with the purposes described hereinafter, as well as any other restrictions posed by the data sources.

You may reject our request for your personal data. You may have to provide your personal data to keep our products operational or to enjoy our services. If you choose not to provide such data, you will not be able to use our products or some services.

Types of data that we collect include:

Contact data: email address, contact address, contact person and phone number.

Credentials: password and check code used to authenticate and access accounts.

Statistics: data related to you, such as country, city, zip code, time zone and your preferred language.

Interaction: data regarding your usage of the Gongniu platform. This is provided by you when you submit search inquiries to use our products and is provided by us when errors are reported. Interaction data includes:

Device and usage data: data about your device, the products and the functions that you use, including information about your hardware and software, the performance of our products, and your settings. For example:

Device and configuration data: data about your device, device configuration, and neighboring networks. For example, the IP address, SN, device identifiers, location and language settings, and neighboring WLAN access points of the device. Such data are used for device interaction only and not for any other purposes.

Troubleshooting and help data: data submitted when you contact Gongniu for help, such as authentication information and data related to your device and its corresponding products.

Location data: data related to your device’s location (the neighborhood block where it is located). We deduce the location via national addresses and postal codes.

WIFI configuration: data about your WIFI configuration. We need to access your geographic location authorization and current WIFI SSID while you use Gongniu mobile application to configure WIFI. Refuse to access will limit the WIFI configuration related functions.


Ⅲ. Purposes of using personal data

We have outlined the purposes of using personal data in the following section.

Personal data Purposes of usage

Email address User registration, user login, password retrieval, product suggestions, customer complaints, authentication

Contact address User registration, after-sales services, such as on-site maintenance services

User name User registration, password retrieval, product suggestions, customer complaints

Password User registration, identity verification

IP address Obtaining local time zones via the IP address; analyzing issues via the IP address whenever the device malfunctions

Device identifiers System identification device

WLAN access point information, such as WiFi configuration and GPS To access the local network to communicate with hardware

Running log Help solve problems may occur on equipment


As per GONEO’s request, when helping end-users file customer complaints, installers/distributors/service providers must obtain the User’s consent before using the email address, phone number and user names. Please confirm that the above three vendors have obtained your consent before helping you file customer complaints. During this process, those installers/distributors/service providers become the controller of part of your private personal data. The safety of your private personal data will then be protected by them.

Users have the responsibility to update their detailed address and contact information with GONEO in a timely manner and to allow GONEO’s after-sales personnel to modify the information bound with their devices accordingly to ensure the accuracy of data. Otherwise, you may not be able to use the software on your device. If in the process of using our products, you have any objections to the purposes and permissions of the use of your personal data as outlined in this policy, you may withdraw consent to this Privacy Policy and exercise your rights as a data subject by deleting private personal data or canceling your account.


Ⅳ. Rights of the data subject

a) Right to confirm

As authorized by European legislators, each data subject shall have the right to confirm whether their data are being processed by data controllers. Data subjects may contact us or other controller employees at any time to exercise their right of confirmation.

b) Right to access

As authorized by European legislators, each data subject shall have the right to obtain information about their personal data, regardless of the time of storage, and to obtain copies of such information free of charge. European directives and regulations have also entitled data subjects with the rights to obtain the following information: purposes of the process; types of such personal information; receivers or types of receivers whose personal data have been or are going to be disclosed, especially receivers in other countries or receivers of international organizations; the expected storage period of personal data (if possible), or when such period is impossible to obtain, the criteria to determine such a period; whether data subjects have the right to request controllers to modify or delete their personal data, or to restrict the processing of any personal data of data subjects, or to object to such processing; the right to file a complaint to the regulating authorities; and if personal data were not collected from data subjects themselves, any useful information about the data sources.

c) Right to rectify

As authorized by European legislators, each data subject shall have the right to rectify any of their incorrect personal data held by data controllers in a timely manner. Considering the purposes of the processing, data subjects have the right to complete any incomplete personal data, including by providing supplemental statements. If data subjects wish to exercise this right of rectification, they may contact us or other controller employees at any time.

d) Right to delete (Right to be forgotten)

As authorized by European legislators, each data subject shall have the right to ask their data controllers to delete any personal data about them in a timely manner. Data subjects shall withdraw their consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there shall be no other legal basis for the processing. Data subjects object to the processing in accordance with Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or data subjects object to the processing in accordance with Article 21(2). Personal data have been processed illegally. Personal data must be deleted to ensure that controllers comply with their legal obligations as stated by the laws of the alliance or any member states. Personal data collected must be related to the provision of informational social services as described in Article 8(1) of the GDPR.

If any of the above apply, and data subjects wish to delete their personal data stored by Gongniu, they may contact us or other controller employees at any time. Gongniu must comply with the request for deletion without delay and shall notify all positions that are engaged in the processing of personal data of the request. If users wish to delete data on their own, they may do so by canceling their account by going to [Setting] - [Security] - [Delete Account].

If controllers have already made the personal data public and are required to delete such personal data in accordance with Article 17(1), they shall consider available technologies and the costs of implementation and take reasonable measures, including technical measures, to notify other controllers who process personal data requested by data subjects that such controllers delete any links, reproductions or copies of such personal data where such processing is not required. Under specific circumstances, Gongniu may arrange necessary measures.

When end-users submit their request to delete their personal data to Gongniu or delete personal data on their own, any private personal data held by Gongniu at its installers/distributors/service providers shall also be deleted. For cases in which Gongniu acts as the processor only and not the data controller, Gongniu will notify the data controllers of the User’s request to delete data by email and phone.

e) Right to restrict data processing

Each data subject shall possess the right, as granted by the European legislators, to restrict the data controller from processing his/her personal data, in any one of the following cases:

The data subject questions the accuracy of their personal data; the data controller can verify the accuracy of personal data within a certain time limit. The data processing is illegal, and the data subject requests that the use of personal data be restricted, rather than deletion.

Personal data for processing purposes are no longer required by the data controller, but continue to be required by the data subject, in order to establish, exercise, or defend a legal claim. The data subject has objected to processing data under Article 21(1) of the GDPR, and is awaiting confirmation of whether the legal grounds of the data controller will take precedence over his/her own.

A data subject who requests restrictions upon the processing of personal data stored by Gongniu in any one of the above cases may contact us or another employee. One of these will make arrangements to restrict data processing.

f) Right to data portability

Each data subject shall possess the right, as granted by European legislators, to receive their personal data in a structured, commonly used and machine-readable format from the data controller. The data subject shall have the right to transfer such data to another data controller without hindrance by the data controller providing the data, provided that such data are processed based on consent given under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or under a contract entered into pursuant to Article 6(1)(b) of the GDPR, and the data are automatically processed, unless the processing is necessary for tasks performed in the public interest or the exercise of the data controller’s official authority. In addition, in exercising his/her right to data portability under Article 20(1) of the GDPR, each data subject shall possess the right to have his/her personal data directly transferred from one controller to another, provided that doing so is technically feasible and will not adversely affect the rights and freedoms of others. In order to safeguard their right to data portability, data subjects may contact us or another employee designated by Gongniu

g) Right to object

Each data subject shall possess the right, as granted by European legislators, to object at any time to the processing of their personal data on grounds related to their particular circumstances in accordance with Article 6(1)(e) or (f) of the GDPR. This also applies to analyses made based on these provisions. In case of objection by a data subject, Gongniu will cease to process his/her personal data, unless we can establish persuasive legal grounds for the processing of such data that take precedence over the interests, rights and freedoms of the data subject, or for the purpose of establishing, exercising or defending legitimate claims.

In addition, each data subject shall have the right to object, on grounds related to their particular circumstances, to the processing of their personal data by Gongniu for scientific, historical research or statistical purposes, under Article 89 (1) of the GDPR, unless this processing is necessary for tasks performed in the public interest.

In order to exercise the right to object, a data subject may contact us or other employees of Gongniu directly. In addition, notwithstanding Directive 2002/58/EC, the data subject can freely exercise the right to object using automatic means, in accordance with appropriate technical standards when using socialized services for the data.

h) Automatic personal decision-making, including analysis

All data subjects shall have the right, as granted by European legislators, not to be subject to a decision based solely on automatic data processing (including analysis), which produces legal effects concerning him or her, or similarly significantly affects him or her, provided that the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller, or authorized by the laws of the Union or Member State to which the controller is subject, which also stipulates that appropriate measures should be taken to safeguard the rights, freedoms and legitimate interests of data subjects, or the explicit consent of data subjects is obtained.

Gongniu shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject where a decision is made as required for the conclusion or performance of a contract between the data subject and the data controller, or with the explicit consent of the data subject.

i) Right to withdraw consent for data protection

All data subjects shall possess, as granted by European legislators, the right to withdraw their consent to the processing of their personal data at any time. Any data subject who intends to exercise this right to withdraw consent may contact us or other employees of Gongniu.


Ⅴ. How We Use Your Personal Data

Gongniu will only share/disclose your personal data to relevant parties, and in a way that you are aware of, or in the circumstances mentioned below:


We will share your user data with your explicit consent. After obtaining your express consent, we will transfer your user information to other parties, with the list of specific permissions as follows:

Other Party Information for Use Purpose

Alibaba Cloud Email, user name, country, time zone and running log Data storage

Tuya Cloud Network and Device information AIoT service


We will disclose your personal data to third-party service providers who provide us with certain business-related services, such as network hosting, data analysis, infrastructure provision, customer support services, email sending services and other similar services, so as to ensure that such third parties can provide services for us. See the purposes of use of personal data, above, for details.


There is an ODM cooperation relationship between Gongniu and other companies(hereafter referred to as ODM companies). In this cooperation, Gongniu is responsible for the manufacturing and design of products, and ODM, as a partner, will brand package and sell Gongniu’s products. We value your privacy and promise to protect your personal information. Please pay attention to the following matters concerning the privacy policy concerning ODM cooperation and brand:

ODM companies have independent privacy policy responsibilities in terms of brands. Before you interact with ODM, please read and understand the privacy policy of ODM carefully. The privacy policy of ODM companies will detail how they collect, use and protect your personal information.

We will share the necessary personal information with ODM companies to support the product sales process. We promise to share only the minimum necessary information related to product sales, and will not authorize ODM companies to use personal information for purposes other than ODM sales.


In the process of interacting with Gongniu, you still have the right to choose to exercise your personal information rights. If you have any questions about the brand privacy policy of ODM companies or want to exercise relevant rights, please contact ODM companies directly, and they will provide you with further guidance.

Gongniu will cooperate with ODM companies to ensure that ODM companies comply with applicable privacy laws and regulations in terms of brands. We will work together to ensure the compliance of the privacy policy in the process of ODM cooperation, and take appropriate measures for violations of relevant laws and regulations.

We recommend that you carefully read our privacy policy and ODM’s independent privacy policy before interacting with us and ODM. This will help you better understand how we handle and protect your personal information and the ODM company’s privacy policy responsibility in terms of brand.


Ⅵ. How We Process Children’s Personal Data

We do not provide service to minor who is under 18 years old or collect their personal data. And we require users to not provide any personal data from minors. If we are awarded that a child’s personal data was collected accidentally, it will be deleted as soon as possible.


Ⅶ. Security Measures

We will maintain the integrity and security of your personal data by taking commercially reasonable physical, administrative and technical safeguards. Gongniu employs a variety of security measures to guarantee the data security of users and devices.


Security algorithms and transmission encryption protocols are adopted for data communications.


Strict data filtering and verification and a complete data review process are adopted for data processing.


Concerning data storage, all users’ data are securely encrypted and stored on Alibaba Elastic Compute Service and continuously monitored by Gongniu’s software team on a 24/7 basis in order to prevent unauthorized access to data, unauthorized actions and guard against environmental risks, and to guarantee the security of the transmission process and the completeness and accuracy of data transmitted.

As a global company, your personal data collected by Gongniu may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Gongniu or its affiliates, subsidiaries, service providers or business partners have a presence. These jurisdictions may have different data protection laws. In such circumstances, Gongniu will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes when transferring the data subject’s personal data from the EU to a country or region which have been acknowledged by the EU commission as having an adequate level of data protection, we may use a variety of legal mechanisms, such as signing standard contractual clauses approved by the EU Commission, obtaining the consent to the cross-border transfer of a data subject in the EU, or implementing security measures like anonymizing personal data before cross-border data transfer.


In addition to the above technical security measures, Gongniu has also developed a series of security measures at the institutional and control levels, such as defining job descriptions and roles, offering training on security and privacy, raising employees’ level of data protection awareness, and controlling access permissions, in order to prevent the loss, illegal usage, unauthorized access to, disclosure of, tampering with or destruction of data.

If, for any reason, you believe that data transmission to or from Gongniu is no longer secure, please inform us immediately by sending an email to

We will inform you of any security incident that affects the security of your personal data via email, telephone, or push message as soon as possible, along with suggested measures to reduce or avoid related risks, and other information. When necessary, we will adopt timely remedial measures in accordance with our internal emergency plan for security incidents, and report to the relevant competent authorities in accordance with regulations.


Ⅷ. Methods for Exercising Your Rights to Privacy

We respect your rights and protect your personal data. You may exercise any of the following rights in the following ways:


Email us at

You can exercise your personal rights free of charge. According to the relevant requirements of local data protection laws, we will reply to your request within 15 business days if your account service is provided within the Chinese mainland, and within 30 days if your account service is provided outside mainland China.

In your request, you should state what data you intend to change and whether you wish to have your personal data deleted from our database, or specify any restrictions you wish to place on our use of your personal data. Please note that we may require verification of your identity for security reasons.

You may:

Request access to personal data of yours which we process

Request correction of your personal data where it is inaccurate or incomplete

Request the deletion of your personal data

Request temporary or permanent restrictions upon the processing of part or all of your personal data

Request the processing of your personal data with your consent or under a contract entered into by and between us, or that your personal data is transmitted to you or a third party when we automatically process it

When we are using your personal data on the basis of your consent or our legitimate interests, you may express your objection or refusal to permit this by sending an email to We will comply with your requests as far as is reasonably practicable.

Ⅸ. Data Retention Period

We will process your personal data for the purposes stated in this Policy as quickly as possible, unless specific legal requirements exist demanding its retention for a longer period of time. We will determine an appropriate retention period based on the amount, nature and sensitivity of personal data, and destroy your personal data after the retention period ends. Where you explicitly request deletion of your personal data, we will delete it and cease to retain it. In case of inability to destroy the data for technical reasons, we will take appropriate measures to prevent its further use.


Ⅹ. Third-Party SDK Data Collection and Usage Instructions

We may access software development kits (SDKs) provided by third parties in order to ensure the stable operation of Gongniu services or implement related functions. We will strictly test the security of the application programming interfaces (APIs) and SDKs used by authorized partners for the acquisition of relevant information, and conclude agreements with them concerning strict data protection measures, in order to ensure that they process personal data in accordance with this Policy and other relevant confidentiality and security measures.

The third-party SDKs we access mainly provide services to meet your and other users’ needs, so we may change them to fulfill new service needs, or due to changes in our service functions. We will provide you with information on our access to third party SDKs by keeping the relevant information in this Policy up to date.

Gongniu accesses the following third-party SDK(s) (the personal data collected is dependent on whether you use the following third-party services):

Name of third party Purpose Details of personal data collected Privacy Policy Website

Alibaba Cloud SDK Cloud computing and data storage Email, user name, country and time zone


Tuya SDK Application development Network, Device information

bottom of page