Survi (“Company,” “we,” “us,” “our”) values your privacy and is committed to protecting your personal information. This Privacy Agreement (“Policy”) explains what information we collect, how we use, share, and protect it, and your rights. This Policy applies in addition to any other binding commitments (such as your User Agreement, Community Standards), but in the case of conflict, this Privacy Agreement will govern personal data.
This Policy applies to:
All personal data collected via Survi’s websites, mobile apps, APIs, widgets, chatbots, call centers, and related services (“Service”).
Users in any jurisdiction worldwide, including relevant regional frameworks (GDPR, CCPA, PIPL, COPPA, etc.).
Personal data derived from interactions with the Service or third-party linked services.
“Personal Data,” “Data Controller,” “Processing,” “Consent,” etc., are defined per GDPR standards (see Section 22).
"Special‑category Data" means sensitive data (e.g., racial origin, health, religion, sexual orientation).
"Anonymous" or "Aggregate" data cannot be used to identify individuals.
Category
Examples
Registration & Profile
Name, email, username, DOB, gender, profile photo, bio, interests, language, location
Content & Communications
Posts, comments, direct messages, feedback, imagery, audio, video
Usage & Device Data
Login/logout times, IPs, browser, OS, device type/model, in‑app navigation behavior
Location Data
IP-based geolocation, GPS data (if permitted), region, time zone
Technical & Analytics
Cookies, page views, ad interactions, crash logs, performance metrics
Payments & Transactions
Payment method, billing address, purchase history, purchase receipts
Third‑Party Data
Contacts with consent, social media integration, marketing leads
Special‑category Data
May be collected only with explicit consent (e.g. health details during support cases)
When opening an Account, you provide personal details. Some info is mandatory (e.g. email); others optional.
Any content you post or message is processed to provide the Service and moderated for policy compliance.
We automatically collect device and usage statistics to operate the Service safely.
Collected from IP or device geolocation APIs (if permitted). You can enable/disable precise location.
We log metrics for performance improvements and ad analytics.
Processed via third‑party gateways; we collect billing data as needed to process payments.
If you choose to link to social accounts or provide email contacts, we may import information with your permission.
Rarely collected, and only when opted-in by users, to facilitate health features or sensitive interactions. Always protected by enhanced controls.
You share data when signing up, posting, customizing, contacting support, or participating in promotions.
Cookies, SDKs, pixels, server logs, and analytics track usage behavior.
We receive data from services like Google, Facebook, marketing platforms, advertising networks.
With user consent, we can import contact info to help you invite friends.
For users under 16 (or local age), we require verified parental consent before collecting any data.
We process personal data for the following purposes:
Service Provision: account creation, profile display, feeds, posting content.
Personalization: tailored recommendations, search results, language/location settings.
Communication: emails, notifications, surveys, product updates.
Safety & Security: detect spam, harassment; enforce policy; fraud prevention.
Advertising: show relevant ads; upload anonymized data to partners.
Analytics: understand usage, detect errors, improve UX.
Research: internal trends, feature evaluation, machine learning improvements.
Payments: validate cards, prevent fraud, issue refunds, track subscriptions.
Legal & Enforcement: comply with investigators, court orders, tax regulations.
Each purpose is matched with the minimal data necessary and legal basis.
Relevant bases include consent, contract necessity, legal obligation, vital interests, public task, legitimate interests. See Appendix B for mapping.
Data shared within our corporate group (e.g., Survi Inc., global affiliates) for unified service.
Third-party vendors, payment processors, analytics and marketing services act as processors under contract.
We share anonymized data with ad networks; user-level data is shared only if consented.
We may disclose data in response to subpoenas, government orders, or to prevent harm.
In sale or merger, user data is transferred to new owners, who must adhere to this Policy.
We may publish non-personally identifiable metrics for benchmarking or research.
We cooperate with ad platforms; ads reflect your interests unless you opt-out.
We use internal/external analytics to track performance and optimize content.
Essential Cookies: for login, security.
Preference Cookies: language, settings.
Analytics Cookies: usage patterns.
Advertising Cookies: targeting & retargeting.
See detailed Cookie Table (Appendix C).
Options via app settings, device ad settings, browser controls, and network-level signals (Global Privacy Control).
Depending on your region, you have the following rights:
Access: Request personal data we hold.
Correction: Fix mistakes.
Data Portability: Export data in machine-readable format.
Erasure: Request deletion (“right to be forgotten”)
Restriction: Limit processing.
Objection: Stop certain uses.
Profiling: Prevent automated decision-making.
Withdraw Consent: At any time for consent-based uses.
Opt-out of Ads: Via settings or ad partners.
We respond within required timelines (e.g., 30 days under GDPR). See Appendix D for request form.
Active Account Data: kept while the account is active.
Post-Deletion Holding: retained for legal or transactional requirements (up to 30 months typically).
Automatic Deletion: inactive account deletion options after period of dormancy.
Backup Copies: for disaster recovery; removed after expiration.
Encryption in transit (TLS) and at rest, role-based access controls, regular audits, vulnerability assessments, employee training, incident drills.
We’ll notify affected users and regulators within 72 hours of a confirmed data breach, where required by law.
Vendors must implement equivalent security; contracts include security obligations.
Your data may be stored and processed globally. We use:
Adequacy decisions,
Standard contractual clauses,
Binding corporate rules,
EU–US Data Privacy Framework certification,
Other lawful mechanisms.
See Appendix F for details.
Minimum user age is 13 (or higher locally).
Under‑16 users require parental consent.
All data collection from minors is limited, and we delete data on parent request.
No targeted marketing to minors.
Our Service may contain links/plugins. We are not responsible for their privacy practices; we encourage you to review third-party privacy policies.
We integrate SDKs (crash analytics, maps) from third parties. Among them are ad networks, analytics tools, and integrated login providers. Policies for each are enumerated separately.
We may update this Policy. For substantial changes, we’ll notify via email or banner 30 days prior. Your continued use constitutes acceptance. For minor changes, they'll take effect immediately with notice within the Service.
Questions or concerns? Contact our DPO or privacy team:
Survi Inc.
Email: shiwei12650@163.com
Where required, our DPO contact details are published within EU member states.
If you're unhappy, contact us. You may lodge complaints with your local Data Protection Authority (e.g., ICO in UK, CNIL in France, APPI in Japan) if unresolved.
This Policy is governed by the laws of the State of Delaware, USA, or as overridden by local protections where more protective. Any dispute subject to Section 16 of the User Agreement.
No Waiver
Severability
Survival of Terms
Entire Agreement: with User Agreement and Community Standards.
A list of defined terms referenced throughout (e.g., Personal Data, Special‑Category Data, Consent, Processors, Controller).
A. Data Inventory Table: specifics of data types vs. legal bases and purposes.
B. Legal Basis Summary: mapping: e.g. Registration = contract; personalization = legitimate interest; ads = consent.
C. Cookie Table: name, purpose, duration, opt-out method.
D. EU Data Subject Rights Form: template for rights requests.
E. DPIA Procedures: when we identify high‑risk features.
F. International Transfers: copy of SCC text, DC‑US DPF, certification details.