Tingyun Application & MicroServices Privacy Policy

Tingyun APM Agent ("we," "our," or "the Agent") delivers comprehensive performance monitoring from a user experience perspective, addressing and optimizing performance bottlenecks that lead to application instability and degraded user experience. Through five dimensions of performance observability—Application Analytics, Service Components, Transactions, Error Analysis, and Distributed Tracing—we enable rapid issue identification and root cause analysis, helping you continuously enhance application user experience and achieve excellence in application operations management. Since inception, our mission has been to empower businesses through data-driven insights, pioneering IT management innovation from a user-centric perspective. We deliver end-to-end application performance management solutions across diverse industries, enabling enterprises to continuously optimize system performance and end-user experience while improving brand affinity, user retention, and business conversion rates.

We recognize the critical importance of your personal information and are fully committed to protecting its security and integrity. To maintain your trust, we strictly adhere to the following principles in protecting your personal information: accountability and transparency, purpose specification and limitation, informed consent, data minimization, security safeguards, individual participation, and openness. Please carefully review this Privacy Policy before using our products or services to ensure you fully understand its contents and accept all terms of service.

This Privacy Policy explains the following:

1. How We Collect and Use Your Personal Information

2. How We Share, Transfer, and Publicly Disclose Your Personal Information

3. How We Protect Your Personal Information

4. Your Rights to Manage Personal Information

5. Protection of Minors' Personal Information

6. Cross-Border Transfer of Your Information (If Applicable)

7. Updates to This Privacy Policy

8. How to Contact Us

1. How We Collect and Use Your Personal Information

Personal information refers to any information, recorded electronically or by other means, that can identify a specific natural person either alone or in combination with other information, or that reflects the activities of a specific natural person. We collect and use your personal information solely for the purposes described in this Privacy Policy:

(1) Application Performance Analytics

To assist backend developers and operations teams in analyzing application performance and behavior, the Agent may collect the following information during application runtime:

• Framework Information: The Agent instruments supported frameworks based on their criticality, collecting execution telemetry including dependency package names, paths, versions, and key code execution paths during request processing.

• Database Information: To facilitate efficient analysis of database performance and SQL execution, we collect relevant telemetry including database host address, port, database name, query duration, exceptions, and SQL statements (SQL parameters are NOT collected by default).

• Connection Pool Metrics: To monitor database connection pool health and performance impact, the Agent instruments known connection pool implementations, collecting initial pool size, maximum connections, and active connection metrics. Supported connection pools include Druid, C3P0, DBCP, HikariCP, and others.

• NoSQL Telemetry: For NoSQL datastores such as Redis and Memcached, the Agent collects operation commands, key patterns, latency metrics, and connection pool statistics.

• Message Queue Metrics: For message queue systems including RocketMQ, Kafka, and ActiveMQ, the Agent collects producer and consumer throughput rates, broker addresses, and queue/topic names.

  Important Notes:

  • Framework and log information in isolation cannot identify specific individuals. If we combine such non-personal information with other data to identify specific individuals, or if we combine it with personal information, such data will be treated as personal information during the combined period. Unless you authorize it or as otherwise required by law, we will anonymize and de-identify such personal information.
  • By default, SQL parameters are NOT collected—SQL statements are parameterized to protect sensitive data. If you explicitly enable SQL parameter collection on the platform, we will treat this as your deliberate action for application troubleshooting purposes.
  • By default, HTTP POST body parameters are NOT collected. If you enable parameter collection, we will treat this as your deliberate action for application troubleshooting purposes.

(2) Custom Data Collection Configuration

Our platform provides configurable custom data collection capabilities to help you track and analyze specific user behaviors. Through custom instrumentation configuration, you can specify method parameters for collection and statistical analysis. We do NOT proactively collect custom data items—data collection occurs only based on your explicit configuration rules, and the information collected depends entirely on your configured collection rules.

(3) Platform Improvement and Analytics

We may perform de-identified research, statistical analysis, and predictive modeling on collected information to improve platform performance and user experience, and to provide service support for rapid application iteration.

(4) Legal Exceptions

When we intend to use information for purposes not stated in this Privacy Policy, or to repurpose information collected for specific purposes, we will seek your prior consent. However, within the scope permitted by applicable law, we may collect or use your personal information without your prior authorization in the following circumstances:

(1) As required by applicable national laws and regulations.

(2) As required by legal processes involving law enforcement, prosecutorial, or judicial authorities.

(3) As required by government agencies or superior regulatory authorities.

(4) As reasonably necessary to protect the public interest, or to protect the legitimate rights and interests of our company, our users, or our employees.

2. How We Share, Transfer, and Publicly Disclose Your Personal Information

(1) Information Sharing

The Tingyun platform supports both SaaS and on-premises deployment models. We will NOT share your personal information with any company, organization, or individual outside our partners and affiliated entities, except in the following circumstances:

1. Sharing with Explicit Consent: After obtaining your explicit consent, we will share your personal information with specified third parties.

2. Legal and Regulatory Compliance: We may share your personal information as required by applicable laws and regulations or mandatory requests from government authorities.

(2) Information Transfer

We will NOT transfer your personal information to any company, organization, or individual, except in the following circumstances:

1. Transfer with Explicit Consent: After obtaining your explicit consent, we will transfer your personal information to other parties.

2. Legal Compliance: To satisfy legal requirements, mandatory government requests, or judicial orders.

3. Corporate Restructuring: In the event of a merger, division, sale, acquisition, or bankruptcy liquidation involving us or our affiliated companies, if your personal information would be transferred as part of such transaction, we will require the acquiring company or organization to remain bound by this Privacy Policy. Otherwise, we will require that entity to obtain your renewed authorization and consent.

(3) Public Disclosure

We will only publicly disclose your personal information in the following circumstances:

1. With Explicit Consent: After obtaining your explicit consent.

2. Legal Disclosure Requirements: When required by law, legal process, litigation, or mandatory government authority requirements, we may publicly disclose your personal information.

(4) Exceptions to Consent Requirements

In the following circumstances, sharing, transferring, or publicly disclosing your personal information does NOT require your prior authorization or consent:

1. Directly related to national security or defense security.

2. Directly related to public safety, public health, or significant public interests.

3. Directly related to criminal investigation, prosecution, trial, or judgment enforcement.

4. Necessary to protect vital legitimate rights and interests of you or other individuals when it is impractical to obtain your consent.

5. Personal information that you have voluntarily disclosed to the public.

6. Personal information collected from lawfully disclosed sources, such as legitimate news reports, government information disclosures, and similar public channels.

7. Necessary to execute and fulfill contracts at your request.

8. Necessary to maintain the secure and stable operation of our products or services, such as detecting and remediating product or service failures.

9. Other circumstances stipulated by applicable laws and regulations.

Note: According to applicable law, the sharing and transfer of de-identified personal information—where the data recipient cannot re-identify the data subject—does NOT constitute sharing, transfer, or public disclosure of personal information. The storage and processing of such de-identified data does not require separate notification to you or your consent.

3. How We Protect Your Personal Information

(1) Security Safeguards

We have implemented industry-standard security controls to protect your personal information from unauthorized access, disclosure, use, modification, damage, or loss. Our comprehensive security measures include:

• Vulnerability Management: Promptly identifying and remediating security vulnerabilities that could lead to information disclosure.
• Threat Prevention: Deploying protective measures against computer viruses, network attacks, and intrusions.
• Encryption in Transit: Securing data exchanged between your browser and our services using SSL/TLS encryption.
• Secure Communications: Providing HTTPS secure browsing for all platform websites.
• Data Confidentiality: Employing encryption technology to ensure data confidentiality at rest and in transit.
• Attack Mitigation: Deploying trusted security mechanisms to prevent and mitigate malicious attacks.
• Access Controls: Implementing role-based access control (RBAC) to ensure only authorized personnel can access personal information.
• Security Awareness: Conducting regular security and privacy training to enhance employee awareness of personal information protection.

(2) Data Minimization and Retention

We implement data minimization principles to ensure we do not collect irrelevant personal information. We retain your personal information only for the period necessary to fulfill the purposes stated in this Privacy Policy, unless an extended retention period is required or permitted by applicable law.

(3) User Responsibilities

The Internet is not an absolutely secure environment. Email, instant messaging, and similar communication methods with other users are typically not end-to-end encrypted. We strongly recommend that you do NOT transmit personal information through such channels. Please use strong, complex passwords to help us protect your account security.

(4) Security Incident Response

In the event of a personal information security incident, we will promptly notify you in accordance with applicable legal requirements, providing:

• The nature and scope of the security incident
• Potential impact of the incident
• Measures we have taken or will take to remediate the situation
• Recommendations for you to prevent and mitigate risks
• Remedial measures available to you

We will communicate incident information through email, postal mail, telephone, push notifications, or other appropriate channels. When individual notification is impractical, we will issue public announcements through reasonable and effective means. We will also proactively report personal information security incidents to applicable regulatory authorities as required.

4. Your Rights to Manage Personal Information

Under applicable laws and regulations in your jurisdiction, you may have the following rights regarding your personal information:

1. Access, Correction, and Deletion: You may request to access, correct, or delete the personal information we hold about you.

2. Consent Management: You may modify the scope of your authorized consent or withdraw your consent at any time. After changing the authorization scope or withdrawing consent, we will no longer provide services that depend on the changed or withdrawn consent, nor will we continue processing the corresponding information.

Please note that exercising certain rights may impact our ability to provide specific services to you.

5. Protection of Minors' Personal Information

(1) Parental Consent Requirement

We take the protection of minors' personal information very seriously. If you are under 18 years of age, you must obtain your parent's or legal guardian's consent before using our products or services. We protect minors' personal information in accordance with applicable national laws and regulations.

(2) Limited Collection and Use

We do NOT knowingly or directly collect personal information from minors. When we collect personal information from minors with parental or guardian consent, we will only use, share, transfer, or disclose such information when:

• Permitted by applicable law
• Consented to by the parent or guardian
• Necessary to protect the minor's interests

6. Cross-Border Transfer of Your Personal Information

In principle, personal information we collect and generate within the territory of the People's Republic of China will be stored within the People's Republic of China. If our products or services require cross-border transfer of your personal information, we will strictly comply with applicable laws and regulations and implement appropriate safeguards to ensure the security of your personal information.

7. Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in legal, technological, or business requirements. If such changes would result in a substantial reduction of your rights under this Privacy Policy, we will notify you before the changes take effect by posting notices on our platform. For material changes, we will provide more prominent notification (including email notifications for certain services, explaining the specific changes to the Privacy Policy).

Material changes under this Privacy Policy include, but are not limited to:

1. Significant changes to our service model, such as the purposes for processing personal information or the types of personal information processed.

2. Significant changes to our ownership structure or organizational structure, such as ownership changes resulting from business adjustments, bankruptcy, mergers, or acquisitions.

3. Changes to the primary recipients of personal information sharing, transfer, or public disclosure.

4. Significant changes to your rights regarding personal information processing or how you may exercise those rights.

5. Changes to the department responsible for personal information security, contact information, or complaint channels.

6. When a personal information security impact assessment indicates high risk.

Your Choices: If you do not agree to such changes, you may discontinue using our products and services. Continued use of our products or services after changes take effect constitutes your acceptance of the revised Privacy Policy.

8. How to Contact Us

If you have any questions, comments, or suggestions regarding this Privacy Policy, please contact us:

Customer Service Hotline: 400-898-9580

Please carefully review this Privacy Policy to ensure you fully understand its contents and corresponding legal implications.

Submitting Requests: To efficiently process your inquiries and provide timely responses, we may require you to submit:

• Proof of identity
• Valid contact information
• Written request describing your inquiry
• Relevant supporting evidence

We will process your request after verifying your identity and will handle your personal information in accordance with applicable laws, regulations, and this Privacy Policy.