AI VENDING Privacy Policy
Release Date: 03, 2026
Effective Date: 03, 2026
Version No.: 03, 2026 v1.0
Introduction
AI VENDING and its related services (hereinafter referred to as “Product”, “Service”) are provided by Wuhan Haha Bianli Science and Technology Co., Ltd. and its affiliated companies (hereinafter referred to as “we”, “us”, or “our”).
We highly value your privacy. This Privacy Policy (hereinafter referred to as “Policy”) describes how we collect, use, disclose, process, and store any personal information that you provided to us or that we collect from you when you use our products and services. If you are under 16 or otherwise regarded as a minor in your jurisdiction, please do not use our product and/or service and provide your any personal information with us.
This Policy only applies to the Product that refers to or links to this Privacy Policy. It also describes your rights and available choices regarding your personal information.
Data Controller: Wuhan Haha Bianli Science and Technology Co., Ltd. and its affiliated companies are the controller (or similar term under applicable laws) of any information processed in connection with this Policy.
We reserve the right to change the provisions of this Policy from time to time. The up-to-date version of the Privacy Policy can be accessed directly via “AI Vending APP→ME→Settings→Privacy Settings” at any time. We encourage you to periodically review this page for the latest information on our privacy practices.
The Privacy Policy consists of two parts: (I) General Provisions and (II) Special Provisions.
The " General Provisions" shall apply to our users in the EU and the United States.
The " Special Provisions", as an integral part of this Policy, shall apply only where AI VENDING provides products and/or services in specific jurisdictions, and only to AI VENDING users located in such applicable jurisdictions.
In the event of any inconsistency between the General Provisions and the Special Provisions, the Special Provisions shall prevail to the extent necessary.
The Policy will help you understand the following:
Section I: General Provisions 3
1. How We Collect and Use Your Personal Data 3
2. Cookies and Other Similar Technologies 6
3. How We Store Your Personal Information 6
4. How We Entrust, Share, Transfer and Publicly Disclose Your Personal Information 7
5. How We Protect Your Personal Information 8
7. How We Process Children’s Personal Information 11
8. How Your Personal Information is Transferred Globally 11
9. How This Policy is Updated 11
Section II: Special Provisions 13
12. Special Provisions for the United States 13
The term of “personal information” or “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal information does NOT include “anonymized” information, which is data we collect about the use of our Service or about a group or category of products, services or users, or other data from which individual identities or other personal information has been removed so that the individual concerned cannot be identified directly or indirectly. Such data helps us understand trends and our users’ needs so that we can better consider new features or otherwise tailor our Service. This Policy in no way restricts or limits our collection and use of such information.
We may collect information that is automatically collected by us, as well as certain information that you choose to provide. More information about the categories and sources of information is provided below.
Creation and Use of AI VENDING Account
When you register for AI VENDING, you need to provide us with your country, time zone, device language, company name, email address, password, phone number to create an account for you. We will record the email address and password you set and verify them when you log in again to ensure account security.
If you choose to complete your account information, you will need to provide us with your contact person’s name, contact address, and administrator’s name.
The legal basis for processing the aforementioned data is the performance of a contract between you and us and your prior consent. We only collect and use the email address to the extent necessary to create the AI VENDING account and verify them when you log in again, and to send important service-related communications, such as, billing notifications. We do not process your email address for any additional purposes.
Support service information
If you contact our customer care team, we will collect the information you give us during the interaction. If you choose not to provide the relevant information, we may be unable to effectively respond to your inquiry, process your request, or provide the necessary customer support services.
The legal basis for processing the aforementioned data is our legal obligation to provide after-sale support and your prior consent. Should you wish to withdraw your consent, you may contact us via the contact information listed in Section 11 of this Policy.
Apply online
For users located in America applying for a payout account, you are required to provide us with the following information: your location information including address and phone number, owner information including name, home address, cellphone number, email address, social security number(SSN) and date of birth, company information including legal name, ownership type, corporate address, fed tax id and date of business commencement, ACH authorization information including account type, routing number, account number, name on account, void check, drive license photo, and electronic signature for the purpose of processing withdrawals.
The legal basis for processing the aforementioned data is your prior consent.
We do not currently collect your personal information from third parties.
For users located in America applying for a payout account, you are required to provide us with the following information: your location information including address and phone number, owner information including name, home address, cellphone number, email address, social security number(SSN) and date of birth, company information including legal name, ownership type, corporate address, fed tax id and date of business commencement, ACH authorization information including account type, routing number, account number, name on account, void check, drive license photo, and electronic signature for the purpose of processing withdrawals.
We also want to kindly remind you to exercise caution and avoid sharing such sensitive information about yourself (or others) when using our Services.
Certain functions of AI VENDING require your prior consent for us to access relevant system permissions to collect and use your personal information. You can check the specific personal information access permissions and their opening status through “AI Vending APP → ME → Settings → Privacy Settings → Permission Settings” and decide to turn them on or off.
By turning on these permissions, you authorize us to collect and use such personal information, and we will only use your system permissions when you use the relevant functions. By closing these system permissions, you are withdrawing your authorization, and we will no longer collect and use your personal information but will also not be able to provide you with the functions that correspond to these authorizations. The decision to turn off the above-mentioned permissions will not affect the processing of personal information based on your previous authorizations.
The details of our request of permissions are as shown in the table below.
| Android Version Permission Request List | |||
|---|---|---|---|
| No. | Permission Name | Permission Function Description | Usage Scenario or Purpose |
| 1 | Camera Permission | Scanning and Taking photos | When you use AI VENDING, we may apply for access to your devices’ camera permission to scan code for device activation, restocking, product identification. |
| 2 | Photos Permission | Recognition Image | When you use AI VENDING, we may apply for access to your devices’ photos permission to take product photos and use image recognition. |
| 3 | Microphone Permission | Sound reception | When you use AI VENDING, we may apply for access to your devices’ microphone permission to receive sound input. |
| iOS Version Permission Request List | |||
| No. | Permission Name | Permission Function Description | Usage Scenario or Purpose |
| 1 | Camera Permission | Scanning and Taking photos | When you use AI VENDING, we may apply for access to your device’s camera permission to scan code for device activation, restocking, product identification. |
| 2 | Photos Permission | Recognition Image | When you use AI VENDING, we may apply for access to your device’s photos permission to take product photos and use image recognition. |
| 3 | Microphone Permission | Sound reception | When you use AI VENDING, we may apply for access to your device’s microphone permission to receive sound input. |
Many browsers enable you to control the use of cookies at the individual browser level. Cookies are small text files that are stored on your device by us to ensure that the Services’ normal operation and your convenient access to it. Cookies usually contain identifiers, site names, and some numbers and characters. These cookies do not store information that directly identifies you. However, where Internet Protocol (IP) addresses or other identifiers collected through these technologies are considered personal data under applicable law.
You can manage or delete cookies through your browser or device settings. Most browsers allow you to block or delete cookies, though doing so may affect the availability or functionality of certain features. Certain strictly necessary cookies may not be disabled, as doing so would prevent the Services from operating correctly.
For details on our use of Cookies and similar technologies, please read the Cookie Policy.
The personal information we collect and generate in our operations is stored in a third-party cloud storage located in United States of America. Tencent Cloud serves as our selected cloud service provider.
We store your Personal Data in strict compliance with our internal data retention policies. To determine the appropriate retention period for personal information, we will consider the following factors on a case-by-case basis:
the amount, nature and sensitivity of the personal data;
the potential risk of harm from unauthorized use or disclosure of your personal data;
the specific purposes for which we process your personal data and whether we can achieve those purposes through other means; and
the applicable legal, regulatory, tax, accounting, or other statutory requirements.
The retention period for Personal Data shall be the minimum time necessary to achieve the stated purposes. We shall immediately cease retaining such personal data, and implement measures to delete or anonymize it without undue delay, upon the earliest of the following events: (i) the fulfillment of the original collection purposes; (ii) the termination of the operation of the corresponding product or service; or (iii) our confirmation of your valid erasure request.
We may retain your personal information for a longer period only if one of the following conditions is met: (i) a complaint has been filed in connection with our services; (ii) we hold a reasonable and substantiated belief that litigation may arise in relation to our relationship with you; (iii) such retention is mandated by applicable laws and regulations; or (iv) we have obtained your prior explicit consent. Once the legitimate basis for extended retention no longer exists, we will promptly remove the relevant personal data from our systems and records and/or take steps to anonymize it, ensuring that you can no longer be identified from the processed data.
We have entrusted Tencent Cloud to store your Personal Data as listed in Section 3 of the Privacy Policy. We have entered into data processing agreements to ensure that appropriate technical and organizational measures are adopted to protect your rights and interests regarding Personal Data.
For the performance of certain features or to provide you with better Services and a better user experience, some components of our Services will be supported by our authorized partners. For users in America applying for a pay out account, you need to provide us with the following information: your location information including address and phone number, owner information including name, home address, cell phone number, email address, social security number (SSN) and date of birth, company information including legal name, ownership type, corporate address, fed tax id and date of business commencement, ACH authorization information including account type, routing number, account number, name on account, void check, drive license photo, and electronic signature, and we will share it with PAX for the purpose of processing withdrawals.
We uphold the principles of data minimization, necessity, and legality to carry out such disclosing. Before disclosing information, we will require authorized partners to take relevant confidentiality and security measures to process personal information in accordance with this Policy and applicable laws in your jurisdiction.
We will not share your personal information with third parties for their own marketing or commercial purposes.
Where a merger, acquisition or bankruptcy liquidation takes place, if transfer of personal information is involved, we will request the new company or organization which obtains your personal information to be subject to this Policy, otherwise we will ask such company or organization to acquire your authorization and consent again.
We will only publicly disclose your Personal Data after obtaining your express consent or it is mandatorily required by laws, such as in compliance with subpoena, legal proceedings, legal actions or compulsory request by supervisory department of government agencies.
We encrypt a lot of information. We periodically review practices regarding information collection, storage and possessing (including physical security measures), to prevent various systems from unauthorized access.
With regard to the security control of data access and use, we have implemented a strict data authorization control mechanism. The core production database is restricted to internal network access and does not open public network ports. The production and testing environments are isolated by network segments. Manual execution of SQL is conducted through the auditing function built into the data management tool. The database operates in a primary-backup mode.
The security of your information is extremely important to us. Therefore, we endeavor to ensure the security of your Personal information and implement measures such as security encryption during storage and transmission to prevent your information from unauthorized access, use, or disclosure.
As the subject of the personal information, you are entitled to have the rights provided by the privacy laws in your jurisdiction. Your rights may include part or all of those described underneath. You can exercise your rights entitled by the privacy laws in your jurisdiction at any time by sending requests to service@hahavending.com, dialing +1(323)767-7987 or contacting us via our official website.
Your rights may include:
We publish this Policy to inform you of how we handle your personal information, how we use it, and who we share it with. We are committed to the transparency of the use of your information.
You have the right to access personal information we hold about you.
You have the right to correct your information where that information is not accurate. You can correct your personal information by contacting us via the methods stated in this Policy. When your identity is confirmed, we will rectify it accordingly.
You can remove certain personal information that we have stored about you. However, please note that we may need to retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defense of legal claims or freedom of expression) but we will respond to you and let you know if that is the case.
You are entitled to request us to restrict processing of your personal data under the following circumstances:
You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
The process is unlawful, and you oppose the erasure of your personal data and requests the restriction of their use instead;
We no longer need your personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims;
You have objected to processing, pending the verification whether the legitimate grounds of us override those of you.
You can request a copy of certain data in a machine-readable form that can be transferred to another provider if such right is requested by the privacy laws in your jurisdiction.
You have the right to object at any time to processing of personal data concerning you which is based on performance of a task carried out in the public interest or in the exercise of official authority vested in us or based on the purposes of the legitimate interests pursued by us or by a third party. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You may withdraw your consent for the processing of your personal information by submitting a request to us via email. We will deal with your request within a reasonable time frame from the time when the request was received, and thereafter not process your personal information as per your request.
Please note that your withdrawal of consent could result in certain legal consequences. Depending on the extent to which you authorize us to process your personal information, it may mean that you will no longer be able to enjoy the use of our services. However, any decision on your part to withdraw your consent or authorization will not affect personal information processing previously performed with your permission.
You may have rights not to be bound by automatic decisions, including user profiling, if such right is requested by the privacy laws in your jurisdiction. However, at present, we do not use your Personal Data for automated decision-making, including user profiling.
To help us verify that you are the subject of the personal information and exercise your rights outlined above, we may require you to provide sufficient proof of identification. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you are concerned about the way in which we manage your personal information and think we may have breached any relevant laws and obligations, please contact us.
We will respond and reply to you as soon as possible. Generally, we will reply to you within one (1) month upon receipt of your request (If necessary, we may extend it by an additional forty-five (45) days as permitted by law. We will inform you of the reason for the extension within the aforementioned 30-day period, such as the request is too complicated or too much in volume).
If you feel we have not resolved your concern, you have the right to get in touch with us and/or lodge a complaint with your local privacy or data protection regulator.
Our Services are mainly adult-oriented, and we do not offer services directly to a child or use personal information of children for the purposes of marketing. A child should not create his/her own user account. We treat anyone under 16 years old (or equivalent minimum age in relevant jurisdiction) as a child. We do not knowingly collect any information about or market to children, minors or anyone under the age of 16. If you are less than 16 years old, we request that you do not submit information to us. If we become aware that a child, minor or anyone under the age of 16 has registered with us and provided us with personal information, we will take steps to terminate that person’s registration and delete relevant personal information immediately.
Generally, data from users is stored in a third-party cloud storage located in United States of America. For necessary maintenance of the Services, your personal data may be accessed by our personnel in China. We will implement corresponding protective measures in accordance with the requirements of applicable data protection laws to ensure data security. By agreeing to this Privacy Policy and using our products, you consent to our processing of such international data transfers.
Where personal data is generated within the European Economic Area (“EEA”) is transferred to countries outside the EEA, we will ensure that appropriate protective measures are taken to comply with General Data Protection Regulation (“GDPR”).
If you have any question regarding your personal data’s security and/or our international transfer manners or would like to withdraw your consent to the international transfer, please contact us via: service@hahavending.com.
We reserve the right to update or modify this Policy from time to time. For significant changes to our Privacy Policy, we will push the updated Privacy Policy to you.
In case of any inconsistency between this Policy and other privacy policies on personal information management related to the Services, the latest policy content shall prevail.
If you have any concerns or doubts about our Privacy Policy, please contact us via:
Phone:+1(323)767-7987
Email: service@hahavending.com
If you are residents of the United States and where we meet the relevant threshold tests, the following additional terms apply. If any conflict arises between the main Privacy Policy, the following terms shall prevail:
1) De-identified information. Where we maintain or use de-identified data, we will continue to maintain and use the de-identified data only in a de-identified fashion and will not attempt to re-identify the data.
2) Your Rights. You are able to exercise your privacy rights described in the “6. Your Rights” of the Privacy Policy in accordance with the applicable law as well as subject to certain limitations at law. These rights are not absolute and are subject to certain exceptions.
We do not sell personal information and do not use personal information for the purpose of targeted advertising and profiling, and therefore we do not process requests for opt-out of sale, targeted advertising and profiling.
We will not unlawfully discriminate against you for exercising your rights.
If we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by sending emails to service@hahavending.com.
Once we receive your request, we may verify it by requesting information sufficient to confirm your identity. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. Not all kinds of requests can be made by authorized agents in all states.
If you are a consumer resident in California and where we meet the relevant threshold tests, the following provisions shall apply.
1) Notice at Collection, Use, and Disclosure of Personal Information
As described above, we have disclosed the information about our collection, use and disclosures of your personal information in “1. How We Collect and Use Your Personal Data ”, “4.How We Entrust, Share, Transfer and Publicly Disclose Your Personal Information”of the Policy. As required by certain state laws, we use extra tables below to explain the personal information we collected and disclosed in the preceding 12 months.
Category of Personal Information (Corresponding to the categories listed in CCPA § 1798.140 (v)(1)) | Collected | Data source | Business or commercial purpose for collecting and using | Disclosed | To whom we disclose and the purposes of disclosures |
|---|---|---|---|---|---|
| A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | email address, password, the information you give us during the interaction, name, social security number (SSN), drive license photo, electronic signature, cookies, contact person’s name, contact address, and administrator’s name |
|
| √ |
|
| B. Personal information as defined in the related California customer records law, such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | phone number, cellphone number, account type, routing number, account number, name on account, void check | provided by you |
| √ |
|
| C. Characteristics of protected classifications under California or federal law. | date of birth | provided by you | help you to apply for a payout account | √ |
|
| D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | N/A | N/A | N/A | N/A | N/A |
| E. Biometric information. | N/A | N/A | N/A | N/A | N/A |
| F. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement. | device language | provided by you | create an account for you | √ | To data storage providers, for safe data storage |
| G. Geolocation data. | country, time zone, address, home address, | provided by you |
| √ |
|
| H. Audio, electronic, visual, thermal, olfactory, or similar information. | Camera Permission, Photos Per mission, Microphone Permission | provided by you |
| √ |
|
| I. Professional or employment-related information. | company name | provided by you | create an account for you | √ | To data storage providers, for safe data storage |
| J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). | N/A | N/A | N/A | N/A | N/A |
| K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | N/A | N/A | N/A | N/A | N/A |
| L. Sensitive personal information | Address, home address, social security number (SSN), routing number, account number, name on account, void check, driver license photo, and electronic signature | provided by you |
| √ |
|
We do not knowingly collect the personal information of consumers under 13 years of age thus we do not sell personal information of consumers under 13 years of age or share personal information of consumers under 13 years of age for cross-context behavior advertising.
In the preceding 12 months, we have not sold personal information (including sensitive personal information) or shared personal information (including sensitive personal information) for cross-context behavior advertising.
We do not use or disclose sensitive personal information for purposes not permitted by applicable laws.
As described above in more detail in “4. How We Entrust, Share, Transfer and Publicly Disclose Your Personal Information”, we may also disclose your personal information as part of, or during negotiations of, any merger, sale, divestiture, or transfer of all or a portion of the company assets, financing or acquisition or in any other situation where personal information may be transferred as one of our business assets. We may also disclose personal information as required by law, regulations or court order; to respond to governmental and/or law enforcement requests.
As described above in more detail in “3. How We Store Your Personal Information” of the Policy, we retain personal information only as long as necessary to provide you with the Services, our legitimate interests or our business purposes. For the criteria used to determine the period of time your personal information will be retained, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. And we may continue to retain certain data to the maximum extent permitted by applicable laws.
2) Your Rights
You have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Acts (“CCPA”), and you may exercise your following extra privacy rights by sending your requests through the contact information described in Section 6 of this Policy. Please note that if you submit a request to exercise the following rights, you will be asked to verify your identity in accordance with the law.
(i)The right to know: You have the right to request that we disclose to you the following information covering the 12 months preceding your request:
the categories of personal information we collected about you and the categories of sources from which we collected such personal information;
The business or commercial purpose for collecting, selling, or sharing personal information;
The categories of third parties to whom the business discloses personal information (if applicable) and the purposes for disclosing personal information;
The specific pieces of personal information we have collected about you.
(ii) The right to correct. You have the right to request the correction of your personal information if it is inaccurate.
(iii) The right to delete: You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions. Subject to certain exceptions, we will notify service providers or contractors, where applicable, to delete your personal information from their records.
(iv)The right to non-discrimination for the exercise of your privacy rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
3) Authorized Agent
If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
We do not sell personal information or share personal information for cross-context behavior advertising and do not use personal information for the purpose of targeted advertising and profiling, and therefore we do not process requests for opt-out of sale, sharing for cross-context behavior advertising, targeted advertising and profiling.
We only use or disclose (if applicable) sensitive personal information for purposes set forth in applicable laws thus do not process requests to limit use and disclosure of sensitive personal information.
We do not provide any financial incentives tied to the collection, sale, or deletion of your personal information.
In addition, under California law, operators of online services are required to disclose how they respond to “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. Currently, we do not track individuals’ personal information over time and across third-party online services. This law also requires operators of online services to disclose whether third parties may collect personal information about their users’ online activities over time and across different online services when the users use the operator’s service. We do not knowingly permit third parties to collect personal information about an individual’s online activities over time and across different online services.
4) California “Shine the Light” Law
For consumers located in California, we do not share your personal information with third parties for those third parties’ direct marketing purposes.