Effective Date: _2026.03.26_
This Privacy Policy (“Policy”) applies to the services operated by 【XIANG DONG ENTERTAINMENT CO., LIMITED】 (“we”, “us”, or “our”), including the mobile application, website, APIs, and related services of “【Doran-Perk Video Party】”. By accessing or using our services you acknowledge that you have read and agree to this Policy. If you do not agree, please do not use our services.
We may collect the following categories of personal data:
- Identity & Account Data: display name, full name, phone number, email, avatar, profile bio, verification
documents if provided.
- Third‑party Login Data: data provided by third‑party identity providers (e.g., Facebook ID, Apple ID, Google
profile) as authorized by you.
- Usage & Interaction Data: room join/leave timestamps, listening/speaking durations, messages, hand‑raise
events, votes, gifts, follow relationships, search and browsing history.
- Device & Technical Data: device model, OS version, device ID, app version, IP address, network type, logs and
crash reports.
- Media Content: user-uploaded avatars, images, audio, video, and room recordings/playbacks (where recording is
enabled).
- Location Data: approximate location inferred from IP; precise GPS location only if you grant
permission.
- Payment & Transaction Data: payment method identifiers (not full card numbers), transaction history, invoice
details, payout account information.
- Transcriptions & Moderation Data: automated speech recognition (ASR) transcripts derived from audio for
moderation or captions.
- Other: support communications, feedback, reports, and information required by law.
- Sources: data is collected directly from you (registration, uploads, messages), automatically (logs, cookies),
from third parties (social logins, analytics/ad platforms, partners), and from lawful public or legal
sources.
- Legal Bases: processing is conducted on one or more of the following bases as applicable: (a) contract
performance (to provide the service), (b) user consent, (c) legitimate interests (fraud prevention, platform
security, product improvement), and (d) legal obligations. Where consent is relied upon, you may withdraw it at
any time (withdrawal will not affect prior processing lawfully undertaken).
We use personal data to:
- Provide and operate the App (account management, login, room creation/joining, real‑time
signaling).
- Enable real‑time audio/video transmission and interactions via third‑party RTC/SFU services.
- Process payments, orders, and payouts (tickets, gifts).
- Personalize content and recommendations (topics, rooms, creators).
- Send notifications, reminders, and system messages.
- Moderate content, detect abuse, and perform safety & compliance functions (including ASR-based
screening).
- Conduct analytics and product improvement (aggregate metrics, A/B testing).
- Respond to legal requests, enforce terms, and resolve disputes.
We and our third‑party partners use cookies, pixels, local Storage, and similar technologies to maintain sessions, measure performance, provide analytics, and deliver personalized content/ads. You may manage or disable cookies via device or browser settings, but disabling may degrade functionality.
We may share or transfer personal data to:
- Service providers and processors: cloud/CDN, RTC/SFU vendors, push/sms/email providers, payment processors,
ASR/moderation vendors, analytics and ad partners.
- Affiliates for joint service provision.
- Law enforcement, regulators, or courts when required by law or to protect rights and safety.
- A buyer or successor in the event of a merger, acquisition, or asset sale (with notice to users where
required).
We require processors to comply with data protection obligations through contracts (DPA), and to process data
only per our instructions.
Personal data may be stored or processed outside your country of residence. When transferring data cross‑border, we will apply appropriate safeguards such as contractual clauses, encryption, or obtaining your consent where required.
We retain personal data only as long as necessary to fulfill the purposes set forth or to meet legal
obligations. Example retention periods (customize to your operations and law):
- Account information: retained for 12 months after account deletion, then deleted or anonymized.
- Transaction and invoicing data: retained for 7 years (or per tax law).
- Logs and diagnostic data: retained for 6–12 months.
- Room recordings/playbacks: retention aligned to room settings and consent; default 90 days (extendable if user
purchases storage).
You may request access, correction, deletion, or export of your personal data via in‑app privacy controls or by
contacting felix.vance.core@gmail.com. Deletion requests may limit functionality.
Where applicable, you may have rights to access, rectify, erase, restrict or object to processing, data portability, withdraw consent, and lodge complaints with supervisory authorities. To exercise rights, use the in‑app privacy center or contact felix.vance.core@gmail.com. We will verify your identity before processing sensitive requests.
We implement reasonable technical and organizational measures to protect personal data, including TLS for data in transit, encryption at rest, access controls and least privilege, audit logging, periodic security testing and vulnerability management, and incident response procedures. We also require processors to maintain appropriate security.
Our Service is not intended for children below the statutory age (e.g., 13/16). If we learn that we collected
personal data from a child without verifiable parental consent, we will delete the data. Where permitted and
applicable, parental consent is required for minors.
CSAE( child sexual abuse and exploitation )
We prohibit the use of Doran- Perk Video Party apps to endanger children. This includes, but is not limited to
the use of apps to promote predatory behavior towards children, such as:
Inappropriate interaction targeted at a child (for example, groping or caressing).
Child grooming (for example, befriending a child online to facilitate, either online or offline, sexual contact
and/or exchanging sexual imagery with that child).
Sexualization of a minor (for example, imagery that depicts, encourages or promotes the sexual abuse of children
or the portrayal of children in a manner that could result in the sexual exploitation of children).
Sextortion (for example, threatening or blackmailing a child by using real or alleged access to a child’s
intimate images).
Trafficking of a child (for example, advertising or solicitation of a child for commercial sexual
exploitation).
Method for surfacing cases
User reporting and official app acts
Doran-Perk Video Party app has made in-app report mechanism that is available for users to communicate your
concerns to us. please fill in the right information of the form so we can collect and send to the National
Center for Missing & Exploited Children (NCMEC) operates the CyberTipline, a national clearinghouse for leads
and tips regarding child sexual exploitation.
If you find content elsewhere on the Internet, please contact the appropriate agency in your country directly(https://report.cybertip.org/)
You can also email us to report CASE via: felix.vance.core@gmail.com
Our delegated team member will collect information which are include images, phone to send to NCMEC. our content
censor team also will close the user account immediately and deleted the illegal content in app
soon.
If a room is recorded, we will notify participants before joining and display a recording indicator within the room. The permitted uses, access controls, retention, and monetization of recordings will be governed by room settings and any separate creator agreements. Commercial use or distribution requires explicit consent or contractual rights assignment.
Users may report content or accounts; we will investigate and may suspend or remove content per our Terms. We will respond to lawful government or court orders and will follow internal legal review procedures before disclosing data.
Our services may contain links to third‑party sites or services, including advertisements. We are not responsible for third‑party privacy practices. Review their privacy policies; we may provide opt‑outs for targeted advertising where required.
We may update this Policy to reflect changes in practices or legal requirements. Material changes will be communicated via in‑app notices or email and may require renewed consent. We will publish the effective date and keep archived prior versions.
Data Protection Officer / Privacy Contact: Lee Yayun
Email: felix.vance.core@gmail.com
Phone: +85294012335
Address: Room 602, 6/F, Kai Yu Commercial Building, 2C Argyle Street, Mong Kok, Kowloon, Hong Kong
Appendix — Data Map & Retention Table (example)
- Account profile data → Service provision → Legal basis: contract/consent → Retention: account + 12 months
after deletion → Processors: cloud provider (Country X)
- Room recordings → Moderation/Playback → Legal basis: consent/legitimate interest → Retention: default 90 days
→ Processors: media storage (Country Y)
Implementation & Compliance Recommendations
- Consent & Records: implement a centralized consent management system (CMS) that records consents with
timestamp, scope, and version. Link consent records to individual user IDs for auditability.
- RoPA & DPIAs: maintain a Record of Processing Activities. Conduct Data Protection Impact Assessments for
high‑risk processing (e.g., voice biometric profiling, large‑scale cross‑border transfers).
- Vendor Controls: use vendor questionnaires, security audits, DPAs, and periodic reviews. Restrict vendor
access on a least‑privilege basis and monitor access logs.
- Cross‑Border Compliance: prepare Standard Contractual Clauses (SCCs) for transfers from the EEA and maintain
transfer impact assessments. For China/HK/India, follow local cross‑border rules and registration/filing
requirements.
- Rights Handling: build in‑app privacy controls (data export, delete, rectification) and operational pipelines
to fulfill rights within statutory timeframes. Implement identity verification for requests.
- Recording Consent: use an explicit UI modal before enabling recording (checkbox + link to policy) and keep a
transcript of the consent action. Show in‑room recording indicator and log who enabled recording and
when.
- Security & Breach Response: maintain an incident response playbook, notification templates, and roles. Test
the IR plan with tabletop exercises. Prepare regulatory notification timelines per jurisdiction.
- Localization: translate the policy and privacy notices into languages required by target markets; adapt
retention periods and legal references to local law.
- Audit & Evidence: keep logs of policy publication dates, user notifications, and consent collection for
regulator audits.
Our app allows users to create and share content, including text, voice, and images. To ensure a safe and compliant community, we implement the following moderation measures:
1. Automated Moderation
We use AI-based systems to detect and filter:
- Sexual or explicit content
- Harassment or abusive language
- Spam and scam behavior
Content flagged by the system may be automatically removed or restricted.
2. Manual Review
We maintain a human moderation team that:
- Reviews reported content
- Monitors high-risk users and rooms
- Takes action on policy violations
3. User Reporting Mechanism
Users can report:
- Other users
- Chat messages
- Voice rooms
Reported content is reviewed within 24 hours.
4. Enforcement Actions
Violations may result in:
- Content removal
- Temporary suspension
- Permanent account ban
5. Prohibited Content
We strictly prohibit:
- Sexual or pornographic content
- Hate speech or harassment
- Fraudulent or deceptive behavior