Privacy Policy
Effective: May 8, 2026 · Last updated: May 8, 2026
This Privacy Policy explains how INNOFUN DIGITAL ENTERTAINMENT LLC (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information of users (“you”) of the JingTu mobile app and this website (together, “JingTu”). Please read this Policy carefully before using JingTu. By continuing to use JingTu you agree to this Policy.
If you reside in the European Union, the United Kingdom, or the European Economic Area, the term “personal information” has the same meaning as “personal data” under the GDPR. If you reside in California, Section 7.2 of this Policy describes the rights granted to you by the CCPA/CPRA.
1. Data Controller
The data controller (GDPR “Controller” / CCPA “Business”) for the processing described in this Policy is:
- INNOFUN DIGITAL ENTERTAINMENT LLC
- 98 Cuttermill Road Suite 466, Great Neck, NY 11021-3019, USA
- Privacy contact: support@innofun.digital
2. Scope
This Policy covers all features of JingTu, including in-app photo enhancement, filters, asset downloads, membership, and the license-code shop and order lookup on this website. It does not cover third-party services (see Section 5).
3. Information we collect
We follow data minimization and only collect what is necessary to operate JingTu and keep it secure.
3.1 Information you provide:
- The email address you enter at checkout (used to deliver your license code and receipt).
- The JingTu app account identifier you enter at checkout (used to bind the license to that account).
- Anything you include in support emails or feedback you send us.
3.2 Information collected automatically:
- Device information: device model, OS version, screen resolution, network type, browser type and version (used solely for compatibility and troubleshooting).
- Access logs: timestamp, IP address, page visited (used for security and analytics; IPs are anonymized after 30 days).
3.3 Information collected by our payment processor:
Payments are processed by Stripe (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103). Stripe is designated as our “Service Provider” under the CCPA and may only process your data on our instructions and for the purpose of completing the payment. During checkout Stripe collects and processes the following data on our behalf:
- Billing name and billing address (at minimum country and postal code);
- Card brand, last 4 digits, and expiration month/year (we never see your full card number);
- IP address, browser and device fingerprint at the time of payment (used for fraud prevention).
Stripe is a PCI-DSS Level 1 certified payment processor. Stripe’s processing is governed by its global privacy policy at stripe.com/privacy. We receive only the minimum data needed to complete the transaction: status, brand, last 4 digits, currency, amount, and timestamp.
4. Purposes and legal bases (GDPR)
For users in the EU, UK, and EEA, we process your personal information for the following purposes and on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Order fulfilment (orders, license delivery, support) | Performance of contract (Art. 6(1)(b)) |
| Tax, accounting, audit, and statutory record retention | Legal obligation (Art. 6(1)(c)) |
| Fraud prevention, security, and abuse investigation | Legitimate interest (Art. 6(1)(f)) |
| Non-transactional product updates by email | Consent (Art. 6(1)(a)), withdrawable at any time |
For users in other jurisdictions, we process your information within the scope of this Policy and in accordance with applicable local law. We do not sell or rent your personal information. We do not disclose it to third parties except as described in this Policy or as required by law.
5. Sharing and cross-border transfers
To fulfil orders we share the minimum data with the following sub-processors:
- Stripe (payments and fraud) — data stored in the United States; may be transferred to Stripe’s servers in the EU or Singapore.
- Resend (transactional email) — used to deliver license codes and receipts; metadata stored in the United States.
- Vercel / cloud providers (hosting and logging) — data stored in the United States and other compliant regions.
Each sub-processor is bound by a data-processing agreement that complies with GDPR Art. 28 and may only act on our instructions. For transfers of EU/UK data, we rely on the EU Standard Contractual Clauses (SCCs) and supplementary technical and organizational measures.
6. Storage and security
- Order and delivery data (incl. email and JingTu account ID): retained for 5 years from the order date for tax and after-sales purposes, then deleted or anonymized.
- Access logs and device information: 30 days.
- Payment data: retained by Stripe per its policies; we retain only a transaction summary (no card numbers).
We use TLS in transit, encryption at rest, least-privilege access, and regular security review. Despite our safeguards, no internet transmission is fully secure. In the event of a personal data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR Art. 33–34, and will inform affected users where required.
7. Your rights
7.1 Rights under the GDPR (EU/UK/EEA residents)
- Right of access (Art. 15);
- Right to rectification (Art. 16);
- Right to erasure / to be forgotten (Art. 17 — invoiced transactions cannot be deleted under tax law);
- Right to restriction of processing (Art. 18);
- Right to data portability (Art. 20);
- Right to object to processing (Art. 21);
- Right to withdraw consent (Art. 7(3); withdrawal does not affect lawfulness of prior processing);
- Right to lodge a complaint with a supervisory authority (Art. 77).
7.2 Rights under the CCPA/CPRA (California residents)
Categories of personal information we have collected in the prior 12 months (per Cal. Civ. Code §1798.140):
| Category | Collected | Purpose |
|---|---|---|
| Identifiers (email, app account, IP) | Yes | Fulfilment, security |
| Commercial information (purchase history) | Yes | Fulfilment |
| Internet activity (access logs) | Yes | Security, analytics |
| Geolocation (coarse, inferred from IP) | Yes | Fraud prevention |
| Sensitive personal information (e.g. ID, biometric) | No | — |
You have the:
- Right to Know;
- Right to Delete;
- Right to Correct;
- Right to Non-Discrimination (we will not deny service or treat you differently for exercising your rights);
- Right to Limit Use of Sensitive Personal Information (we do not collect sensitive personal information, so this right does not apply).
“No Sale / No Share” statement: We do not sell your personal information, and we do not share it for cross-context behavioral advertising purposes.
7.3 How to exercise your rights
Submit a request to support@innofun.digital. We will respond within the statutory timelines:
- GDPR: within 30 calendar days of receipt (extendable by 60 days with notice);
- CCPA: within 45 calendar days of receipt (extendable by 45 days with notice);
- Other jurisdictions: confirmation within 7 business days; resolution within 30 days.
To prevent impersonation we may ask for information that allows us to verify your identity (e.g. order number, registered email). Authorized agents must provide written authorization.
8. Cookies and similar technologies
We use only the cookies required to maintain your session and shopping flow. Stripe sets fraud-prevention cookies on its checkout page. We do not use third-party advertising or cross-site analytics cookies. If we ever introduce them, we will update this Policy and provide opt-in controls.
9. Automated decision-making
We do not rely on solely automated processing (including profiling) to make decisions that produce legal or similarly significant effects on you. Stripe may perform automated fraud scoring as part of payment risk control; you have the rights afforded by GDPR Art. 22 in respect of such processing.
10. Children
JingTu does not knowingly sell to minors below the following ages:
- United States (COPPA): 13;
- EU (GDPR Art. 8, depending on member state): 13–16;
- Mainland China (PIPL): 14;
- Other jurisdictions: the minimum age set by local law.
If a guardian believes a minor has used our service, please contact us at the address below and we will promptly delete the data.
11. International users
This website is operated by a US entity, and your information will be stored and processed in the United States and the other regions named in Section 5. If you access the site from the EU, UK, mainland China, or another jurisdiction, the cross-border transfers above are protected by the safeguards described in Section 5.
12. Do Not Track signals
This website does not currently respond differently to “Do Not Track” signals because we do not collect data for advertising tracking purposes.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be posted prominently on the website and notified by email. Your continued use after changes are posted constitutes acceptance. Prior versions will be retained for reference.
14. Contact us
INNOFUN DIGITAL ENTERTAINMENT LLC
98 Cuttermill Road Suite 466, Great Neck, NY 11021-3019, USA
Customer support: support@innofun.digital