返回登录(Back to Login)

隐私政策(Privacy Policy)

最后更新(Last Updated): 2026年5月1日

1. 概述(Overview)

MintTech ("we", "us", or "our") operates the CBAM Compliance Management Platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. We are committed to protecting your privacy in compliance with applicable data protection laws, including the Personal Information Protection Law of the People's Republic of China (PIPL) and the EU General Data Protection Regulation (GDPR) where applicable.

MintTech(以下简称"我们")运营CBAM合规管理平台。本隐私政策说明了我们在您使用本平台时如何收集、使用、披露和保护您的信息。我们致力于按照适用的数据保护法律保护您的隐私,包括《中华人民共和国个人信息保护法》(PIPL)和欧盟《通用数据保护条例》(GDPR)。

2. 信息收集(Information We Collect)

2.1 您提供的信息(Information You Provide)

  • 账户信息:姓名、电子邮件地址、电话号码(Account information: name, email, phone)
  • 组织信息:企业名称、EORI编号、地址、行业类别(Organization information: company name, EORI number, address, industry)
  • CBAM填报数据:产品信息、排放数据、前驱体数据、生产路线(Reporting data: product info, emission data, precursor data, production routes)
  • 客户与订单信息:客户名称、订单详情(Customer and order information)
  • 证据文件:上传的凭证、底稿文档(Evidence files: uploaded vouchers, working papers)

2.2 自动收集的信息(Information Collected Automatically)

  • 使用数据:页面访问、功能使用、操作时间(Usage data: page visits, feature usage, timestamps)
  • 设备信息:浏览器类型、操作系统、IP地址(Device information: browser type, OS, IP address)
  • 审计日志:操作记录、数据变更历史(Audit logs: operation records, data change history)

2.3 AI交互数据(AI Interaction Data)

  • 您向AI助手发送的问题和指令(Questions and commands sent to the AI assistant)
  • AI助手生成的回复内容(AI assistant generated response content)
  • 交互上下文:当前填报数据作为AI辅助的参考(Interaction context: current reporting data as reference for AI assistance)

3. 信息使用(How We Use Your Information)

We use the collected information for the following purposes:

我们将收集的信息用于以下目的:

  • 提供、维护和改进平台服务(Provide, maintain, and improve platform services)
  • 处理CBAM填报数据并生成导出文件(Process CBAM reporting data and generate exports)
  • 计算排放量和CBAM成本(Calculate emissions and CBAM costs)
  • 提供AI辅助解读和建议(Provide AI-assisted interpretation and suggestions)
  • 发送服务通知和安全警报(Send service notifications and security alerts)
  • 进行安全审计和合规监控(Conduct security audits and compliance monitoring)
  • 改进产品功能和用户体验(Improve product features and user experience)

4. 数据存储与安全(Data Storage and Security)

4.1 数据存储(Data Storage)

Your data is stored on Supabase (AWS-hosted) infrastructure with encryption at rest and in transit. Data centers are located in the Beijing region (cn-north-1). We retain your data for the duration of your subscription and for 30 days after termination to allow data export.

您的数据存储在Supabase(AWS托管)基础设施上,具有静态加密和传输加密。数据中心位于北京区域(cn-north-1)。我们在订阅期间保留您的数据,并在终止后保留30天以供数据导出。

4.2 安全措施(Security Measures)

  • TLS 1.3加密传输(TLS 1.3 encrypted transmission)
  • AES-256静态数据加密(AES-256 encryption at rest)
  • 行级安全策略(RLS)隔离组织数据(Row-level security policies to isolate organization data)
  • JWT令牌认证与定期轮换(JWT token authentication with regular rotation)
  • 审计日志记录所有数据操作(Audit logging of all data operations)
  • 定期安全评估与漏洞扫描(Regular security assessments and vulnerability scans)

4.3 数据安全免责(Data Security Disclaimer)

Despite the security measures described above, no method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. Potential risks include but are not limited to:

尽管采取了上述安全措施,但没有任何电子存储或传输方式是100%安全的。我们努力使用商业上可接受的方式保护您的数据,但无法保证其绝对安全。潜在风险包括但不限于:

  • 网络攻击、数据泄露或未授权访问(Cyber attacks, data breaches, or unauthorized access)
  • 第三方服务提供商的安全事件(Security incidents at third-party service providers)
  • 零日漏洞或未知安全威胁(Zero-day vulnerabilities or unknown security threats)

In the event of a data breach, we will notify affected users within 72 hours in accordance with applicable laws and take remedial actions as soon as reasonably practicable.

如发生数据泄露,我们将依照适用法律在72小时内通知受影响用户,并在合理可行范围内尽快采取补救措施。

4.4 数据丢失风险(Data Loss Risk)

You are solely responsible for maintaining backup copies of all data you enter into the Platform. We are not liable for data loss caused by:

您有责任自行保存输入本平台的所有数据的备份。我们对以下原因导致的数据丢失不承担责任:

  • 服务器或存储系统故障(Server or storage system failures)
  • 自然灾害、战争等不可抗力事件(Force majeure events such as natural disasters or war)
  • 数据库迁移或升级过程中的异常(Abnormities during database migration or upgrades)
  • 账户终止后超过保留期的数据清除(Data purging after the 30-day retention period post-termination)
  • 网络安全事件导致的数据损坏(Data corruption due to cybersecurity incidents)

We strongly recommend that you regularly export and locally back up your CBAM reporting data, evidence files, and working papers.

我们强烈建议您定期导出并在本地备份CBAM填报数据、证据文件和底稿。

5. 数据共享与披露(Data Sharing and Disclosure)

We do not sell your personal data. We may share your information only in the following circumstances:

我们不出售您的个人数据。仅在以下情况下可能共享您的信息:

  • 服务提供商:为运营平台必要的第三方服务(Subprocessors: necessary third-party services for platform operation)
  • 法律要求:响应法律法规、法院命令或政府要求(Legal requirements: responding to laws, court orders, or government requests)
  • 组织内共享:同一组织的成员可访问共享数据(Internal sharing: members of the same organization can access shared data)
  • 业务转让:如发生合并、收购或资产出售(Business transfer: in case of merger, acquisition, or asset sale)

5.1 第三方服务(Third-Party Services)

  • Supabase: 数据库与认证服务(Database and authentication service)
  • AI服务提供商: 提供AI对话能力(AI service provider for conversational AI capabilities)

6. 跨境数据传输(Cross-Border Data Transfer)

As the Platform involves EU CBAM compliance, certain data may need to be processed across borders. We ensure that cross-border transfers comply with applicable regulations:

由于本平台涉及欧盟CBAM合规,部分数据可能需要跨境处理。我们确保跨境传输符合适用法规:

  • 遵守中国数据出境安全评估要求(Comply with China's data export security assessment requirements)
  • 对欧盟用户数据遵守GDPR跨境传输规则(Follow GDPR cross-border transfer rules for EU user data)
  • 使用标准合同条款(SCC)作为传输保障(Use Standard Contractual Clauses as transfer safeguards)

7. 您的权利(Your Rights)

Depending on your jurisdiction, you may have the following rights:

根据您所在司法管辖区,您可能享有以下权利:

  • 访问权:获取您的个人信息副本(Right of access: obtain a copy of your personal information)
  • 更正权:修正不准确的信息(Right to rectification: correct inaccurate information)
  • 删除权:要求删除您的个人信息(Right to erasure: request deletion of your personal information)
  • 可携带权:以结构化格式导出您的数据(Right to data portability: export your data in structured format)
  • 限制处理权:限制我们处理您信息的方式(Right to restrict processing: limit how we process your information)
  • 反对权:反对某些类型的数据处理(Right to object: object to certain types of data processing)

To exercise these rights, please contact us at privacy@minttech.com. We will respond within 30 days.

如需行使以上权利,请通过 privacy@minttech.com 联系我们。我们将在30天内回复。

8. Cookie与追踪技术(Cookies and Tracking)

We use essential cookies to maintain your session and authentication state. We do not use advertising trackers. Specifically:

我们使用必要的Cookie来维护您的会话和认证状态。我们不使用广告追踪器。具体包括:

  • 认证Cookie:维持登录状态(Authentication cookies: maintain login state)
  • CSRF保护Cookie:防止跨站请求伪造(CSRF protection cookies: prevent cross-site request forgery)
  • 偏好设置Cookie:记住界面偏好(Preference cookies: remember UI preferences)

We do not use third-party analytics or advertising cookies without your consent.

未经您同意,我们不使用第三方分析或广告Cookie。

9. 数据保留(Data Retention)

  • 活跃账户数据:订阅期间持续保留(Active account data: retained during subscription)
  • 注销后数据:保留30天供导出,之后删除(Data after cancellation: retained 30 days for export, then deleted)
  • 审计日志:保留5年(Audit logs: retained for 5 years)
  • AI交互记录:保留1年(AI interaction records: retained for 1 year)
  • 安全日志:保留2年(Security logs: retained for 2 years)

10. 儿童隐私(Children's Privacy)

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete such information promptly.

本平台不面向18岁以下个人使用。我们不会故意收集儿童的个人信息。如果我们发现收集了18岁以下人士的数据,将立即采取措施删除。

11. 服务费用与收费权利(Service Fees and Right to Charge)

The Platform is currently provided free of charge. During the free period, your data processing and storage are subject to the same security measures and privacy protections described in this policy. We explicitly reserve the right to:

本平台目前免费提供。在免费期间,您的数据处理和存储同样受本政策所述的安全措施和隐私保护约束。我们明确保留以下权利:

  • 在未来对部分或全部功能引入付费订阅(Introduce paid subscriptions for some or all features in the future)
  • 调整免费版的数据存储配额或功能范围(Adjust data storage quotas or feature scope of the free tier)
  • 对不同服务等级设定不同的数据处理策略(Set different data processing policies for different service tiers)

We will notify users at least 30 days before any pricing or data policy changes take effect. The introduction of paid features will not reduce the privacy protections afforded to your existing data.

我们将在任何价格或数据政策变更生效前至少30天通知用户。引入付费功能不会降低对您现有数据的隐私保护水平。

12. 隐私政策更新(Privacy Policy Updates)

We may update this Privacy Policy from time to time. We will notify you of material changes via email or Platform notification at least 15 days before they take effect. We encourage you to review this policy periodically.

我们可能不时更新本隐私政策。重大变更将在生效前至少15天通过电子邮件或平台通知您。我们建议您定期查阅本政策。

13. 联系方式(Contact Information)

For privacy-related inquiries or to exercise your data rights, please contact:

如有关隐私的查询或行使数据权利,请联系:

  • 数据保护官邮箱(DPO Email): privacy@minttech.com
  • 法律事务邮箱(Legal Email): legal@minttech.com
  • 邮寄地址(Mailing Address): 北京市朝阳区建国路88号
服务条款(Terms of Service)|返回登录(Back to Login)