UGREEN NAS Privacy Policy
Initial Effective Date:17/05/2024
Last Updated Date:18/10/2025
Welcome to UGREEN NAS and sign up for a global unified account! UGREEN(hereinafter referred to as "We") appreciate the trust you place in us when providing your personal data. Our commitment is to safeguard the privacy of your personal data, ensuring full compliance with legal requirements in doing so. Therefore, we have prepared this UGREEN NAS Privacy Policy (hereinafter referred to as "this Policy") to help you fully understand how we collect, utilize, share, secure, and store your personal information, and how you can effectively manage your data while using our products and services to make more informed decisions.The data controller of your personal data is UGREEN( AMERICA UGREEN LIMITED, UGREEN GROUP LIMITED,HONG KONG UGREEN LIMITED,UGREEN GROUP (SINGAPORE) PTE. LTD.,UGREEN GROUP GMBH) .
This Policy applies to UGREEN NAS and the applications we provide for use with UGREEN NAS,including mobile apps, desktop apps, TV apps and WeChat apps.
This Policy describes how Ugreen collects, uses, shares, secures, protects and stores your personal information in order to effectively manage your data to make more informed decisions when using our NAS and NAS application.
The use of information collected through our Products shall be limited to the purpose of providing the service for which our Customers have engaged Ugreen NAS. We maintain a separate privacy policy with respect to our website. To view our Website Privacy Policy, click here.
We urge you to thoroughly read this Policy, paying particular attention to the boldfaced sections, and confirm your complete understanding and agreement before using our products or services.
In addition to this Policy, we may also use real-time notifications (such as pop-ups and page alerts) and feature updates to explain the objectives, extent, and use of the collected information. These real-time notifications and updates form an essential part of this Policy and have the same legal effect. We aim to define all terms used in this policy in a clear, accessible manner for better comprehension. For inquiries, feedback, or suggestions regarding this Policy, please reach out to us using the contact details provided at the end of Section10 of this Policy should you have any questions, comments or suggestions about this Policy.
By accepting this Policy, you acknowledge the features of UGREEN NAS and consent to the necessary collection of personal data to facilitate the operation of these features. We will process such information for the features or services you select, or as required by law, upon your activation or use of UGREEN NAS. Apart from the essential data needed for UGREEN NAS's core functions and services, and information mandated by legal requirements, you reserve the right to opt-out of additional data processing. Be aware, however, that this may limit access to certain features or services.
This Policy will help you understand:
1. Applicable Scope
2. How We Collect and Use Your Personal Information
3. Use of Cookies and Other Similar Technologies
4. How We Store and Protect Your Personal Data
5. How We Share, Assign, and Disclose Your Personal Information
6. How to Exercise Your Right to Manager Personal Information
7. How We Process Minors' Personal Data
8. How Your Personal Information is Transferred Globally
9. Policy Updates
10. Contact us
Appendix
11. Appendix for the European Economic Area (EEA) , UK, and Switzerland
12. Appendix for Singapore
13. Appendix for Japan
14. Appendix for California
15. Appendix for Tennessee, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Nevada,Delaware, Iowa, Nebraska, New Hampshire and New Jersey
16. Appendix for the Republic of Korea
1. Applicable Scope
For the purposes of this agreement, "UGREEN NAS" encompasses the products and services accessed and used via the UGREEN Client, websites, UGREEN software development kit (SDK) for third-party websites or apps, application programming interfaces (APIs), mini-programs, and any new products and services resulting from technological advancements (collectively "UGREEN NAS"). Variations in features may exist among different UGREEN NAS versions. We collect and process your personal information in accordance with this Policy unless otherwise specified by separate policies of other UGREEN NAS versions. In cases where other UGREEN NAS versions have separate policies, those policies shall also apply. In the event of any conflicts between this Policy and those of other UGREEN NAS versions, the latter shall control. Please be aware that certain search paths and operations may differ across UGREEN NAS versions, and should be considered in the context of the actual usage.
Except for the activities that the information would be collected and used for in this Policy, this Policy does not cover third party services, and such third parties are responsible for describing how they collect and use your personal information.
2. How We Collect and Use Your Personal Information
We collect and use personal information provided by you, generated during your use of UGREEN NAS, or obtained from third parties with your consent. This is done in order to satisfy your use of UGREEN NAS, communicate with you, and improve or optimize our products or services. As our offerings evolve, we might alter our products or services. Should we use your information for purposes not covered in this Policy, or use information collected for specific purposes for other uses, we will inform you and seek your consent, except where legal grounds or justifications exist for processing your data without consent. See the UGREEN NAS Personal Information Collection Check list for an overview of the personal data we gather.
2.1.Contexts for Collecting Personal Data
(1)Registration and Login
Throughout the use of your NAS device, UGREEN has no access to your photos, documents, videos, etc. stored on your NAS device. Your data can only be accessed by you personally and your friends who accept your sharing.You can log in with your created Local account (excluding official UGREEN Cloud website). The Local account is divided into an administrator account and a non-administrator account; if you use the Local account , all data is stored locally on your NAS device and your cell phone (or computer), UGREEN does not collect any personal data of you. You may also log in to UGREEN NAS through a Local account, during which none of your personal information will be collected. We shall collect and process your personal information under this Policy if required in other circumstances.
If you encounter difficulties recalling your UGREEN NAS login credentials, you can utilize the password retrieval feature. For enhanced account security, we may request identity verification through one of four methods: your UGREEN cloud account details, device information, Local account, and password, or the device sharer's account information.
You can enable the two-factor authentication feature to log in with your Local account when your phone is lost or you forget your password. To enable the two-factor authentication feature, you need to provide your email address as a secondary login method. When your phone is lost or you forget your password, you can use this email address to receive a verification code for logging in to UGREEN NAS. Your email address is encrypted and stored locally on your NAS device. You can go to Account Settings > Account Security > Two-Factor Authentication to disable the two-factor authentication feature.
When you log in to UGREEN NAS on your app, go to the home page, and scan the QR code to log into the TV/PC client or to identify your NAS device, we will invoke the sensor information of your mobile device (such as direction sensor, rotation vector sensor (underlying physical sensors, including accelerometer, magnetometer, and gyroscope), and light sensor) to automatically adjust the direction and light of the scanning interface, thereby improving the convenience and accuracy of scanning. Please understand that device sensor data alone does not involve any personal information and cannot be combined with other information to identify a specific natural person.
(2)UGREEN cloud account
When logged in with a Local account, if you need to use the UGREENlink service, Configuration Backup and Restoration, or the SMS alert function for important NAS device information, you need to bind and use a UGREEN cloud account to register and log in. At this time, you need to provide your phone number (for users in mainland China) or email (for users in other countries or regions), along with additional identification information (such as a profile picture and nickname). This enables us to assist with the registration process, enhance your account details, maintain account security, and support account recovery. We may link the basic information you provide to your UGREEN NAS device and send important device notifications via SMS or email. Registration or login to UGREEN NAS is contingent on this information.
(3)Bind device
To successfully bind and manage your UGREEN NAS device, we need to collect the following information when you bind the device: UGREEN NAS Device model, device system version, device serial number SN and MAC address, IP address, UGREENlink ID (if you enable the UGREENlink feature) and your customized device name, device system status (online/offline/sleeping), device holding role (owner/sharer), and warranty expiration time (visible only to administrators). Collecting this information is to assist you in device binding, identifying your device, and associating it with your account. This ensures you can inquire and manage the devices you have bound with your account. This enables you to monitor the status of your device in real time and ensures that the management rights of the device are allocated appropriately. For device administrators, we also gather the device's warranty expiration date to provide prompt warranty expiration reminders and the device system version for statistical analysis to guide product optimization planning.
(4)Login History and Trusted Device Management
①To protect your account against unauthorized access, swiftly identify and address abnormal activities, and safeguard against security threats, we collect the following login history details when you access UGREEN NAS:
1) Login Time: Recording the precise login times, accurate to the second;
2) Operation Record: Documenting your account logins and unbinding actions;
3) Location Information: Determining your login city by analyzing and identifying your IP address;
4) IP Address: Used to pinpoint the login network's location (accurate to city);
5) Operating System: Identifying the operating system used during login, such as iOS, Android, macOS, Windows;
6) Access Method: Determining whether access to UGREEN NAS is via the website or other clients.
②We permit the setting of "trusted devices" to bypass repeated verification for easier and more secure login on these devices. This feature simplifies the login process while maintaining security and ease of use.
1) Collection of Login Details: To improve account security, we record the device model and name, login location (identified by IP address, accurate to city), and your most recent login time. This helps us promptly verify who is logging into the account and take the necessary security precautions.
2) User Management: You can review your login history and trusted device list, and are entitled to remove any suspicious devices. Should you detect any unusual activity, we advise changing your password and removing suspicious devices to ensure account security.
Trusted Device Information Collection Aims to:
1) Enhance Account Security: By monitoring login history, we effectively monitor for and prevent unauthorized access, maintaining account security. We can take prompt action, including by notifying you and taking further precautions, whenever our system detects any unusual login attempts or security threats.
2) Manage Trusted Devices: You are entitled to manage your trusted devices, minimize verification on frequently used devices, and effortlessly delete any suspicious or outdated devices from our system.
(5)Technical Support Ticket (Web)
The "Ticket" feature is available for technical assistance at any time while using UGREEN NAS. To provide optimal support, we may collect and use data such as your: UGREEN NAS device's serial number, device model and system, client model, other access methods to UGREEN NAS(such as via LAN or wireless network), and phone number or email address (optional). This information aids in understanding your product usage, allowing us to offer tailored technical support and solutions. Our primary aim in collecting this data is to help users identify and resolve technical issues effectively. We warrant that this information is solely utilized for addressing your technical issues related to our products and services.
(6)LAN Device Search via find.ugnas.com
When you use the WebFind service on find.ugnas.com to search for and activate LAN devices, we collect device-specific data including the device name, IP address, Mac address, serial number, operating system version, model name, and status. This data ensures accurate and efficient identification of LAN devices for your convenience.
(7)UGREENlink Services
Accessing UGREENlink services requires an initial login to your UGREEN cloud account. Upon login, you may opt to activate the UGREENlink feature for quick and remote connection to your UGREEN NAS device. To provide this feature, we will collect the product serial number, IP address, and routing port of your UGREEN NAS device. These details are essential for establishing a secure connection and optimizing user experience. Serial numbers help ensure precise and secure linkage to your UGREEN cloud account, enabling access to UGREENlink services. We gather your IP address and routing port information when you use UGREENlink features to facilitate remote connectivity to your device, allowing you to access and manage your UGREEN NAS device from afar. In addition, your UGREENlink or DDNS domain name will be transmitted to a third-party certification authority, Let's Encrypt or ZEROSSL, to generate an SSL certificate in order to ensure the security of the connection with your Ugreen Cloud via HTTPS. For details about on how Let's Encrypt and ZEROSSL use your data, please refer to the privacy policies of Let's Encrypt and ZEROSSL. Please note, that this information is only collected for UGREENlink features. If you choose not to use UGREENlink features, we will not collect or use this information for the aforementioned purposes.
When you enable our UGREENlink service in a LAN environment, we will collect some information on your device. Such information includes IPv4 address, IPv6 address, MAC address, DDNS address, device status information (whether the device has been initialized or whether it is currently online), WOL (Wake-on-LAN) switch status, device hostname, and device boot time. The abovementioned information is collected to ensure a better connection and access experience when you access the device in a LAN environment.
(8) Biometric Unlock for UGREEN NAS Safes
After Biometric Unlock (including authentication via face ID and fingerprint on supported models) is activated, UGREEN invokes the APIs provided by the operating system (e.g., iOS, Android) on your device (e.g., mobile phone) to obtain anonymous authentication results ("Pass" or "Fail") for unlocking your UGREEN NAS Safes. Your other personal information will not be used, and your unlocking behaviors will not be recorded. All biometric data (such as fingerprint templates and facial data) is collected, stored, and matched within your device's secure local environment by its operating system. UGREEN neither access to, store, nor transmit any raw biometric information.
You may disable Biometric Unlock on the client app and switch to password-based authentication. You may permanently disable Biometric Unlock on the system settings screen of your device. Disabling Biometric Unlock does not affect core functionality of the UGREEN NAS Safes on your device.
(9) Baby Album
To create a baby album in the Gallery, you need to enter the baby's nickname, date of birth, and any other desired details. The nickname is used to name the baby in the album, while the date of birth is used to organize and display the baby’s photos by age.
(10)Technical Support
When seeking assistance from our technical support team, we may collect the following information:
①Device Information: This includes your device SN number, UGREEN NAS device system version, network conditions (including your IP address and network connection status), operational logs (including system activities and logs of user-initiated system operations, and) client information (including operating system type and version, and software version information).
②Personal Files in UGREEN NAS Devices Our technical support team may access your personal files stored on UGREEN NAS devices only with your explicit authorization and after granting the appropriate permissions:
This information is collected for the following purposes:
①Efficient Technical Support Services: By gathering device information, we can swiftly identify and resolve issues, providing you with precise technical support.
②Specific User Permissions: Initially, our technical support staff will request general user permissions to access device information. This ensures that our access to your device is limited to what is necessary only.
③Comprehensive Diagnostics: For complex technical issues, additional permissions may be requested with your consent. This involves creating and providing an administrator account for the technical support team to access. Access to personal files is only permitted under these specific circumstances.
(11)User Experience Survey (Excludes Mainland China Users)
UGREEN may invite you to participate in user experience surveys to continually optimize our products and services, aiming to deliver a more personalized user experience.
①Email Address Collection: We collect your email address to distribute survey questionnaires, helping us understand your real experiences and feedback regarding UGREEN NAS. Participation is voluntary, and you decide whether to provide this information.
②Survey Distribution: Upon your agreement to participate, we may send surveys to your provided email address. These surveys help us collect your usage experiences, preferences, and suggestions for UGREEN products, informing our product improvements and optimizations.
③Marketing Information: In addition to surveys, we may also send marketing communications to your email. However, we will send those only after obtaining your explicit consent.
Prior consent will be sought before conducting any user experience surveys or sending marketing information via email. We warrant that no surveys or marketing materials will be sent without your explicit agreement.
(12)Independent and Third Party Services
UGREEN NAS contains information or links we have legally obtained, as well as other independent services we are licensed to operate. These services may be presented as separate features within UGREEN NAS (such as the UGREEN NAS Application Center). UGREEN NAS may also integrate or include links to third party content. We reserve the right to add, reduce, or adjust the content, form, and specific sectors within independent services at any time to expand our service offerings or optimize user experiences. While we will notify users of these changes in advance, some modifications may be implemented immediately under certain circumstances.
You may activate and use the above independent services and features via UGREEN NAS. You may be required to enter into additional agreements or accept separate terms between you and the service provider when using certain independent services or features. The primary service provider for independent services can be determined through the independent service agreements or information disclosed within such services. When necessary, we will make these agreements or terms available for you to review in a reasonable manner. Your use of the above services shall be deemed as your agreement and understanding of the associated agreements and rules.
Some services or features in UGREEN NAS may be provided by third parties either independently or in partnership with us. Such services may require separate user agreements, privacy policies, or other binding rules. Carefully review all agreements and rules (if any) before using third-party services, and ensure you fully understand and agree with them, assessing any risks involved. Exercise judgment and assess any potential risks when using third party websites or applications. You shall independently resolve any disputes, damages, or losses arising from the use of third party services with the third parties concerned. UGREEN NAS shall not be held liable for any direct or indirect damages caused by third parties.
The APIs of third-party cloud storage services (such as Quark Cloud Drive, Baidu Cloud, OneDrive, and Google Drive) have been integrated to Ugreen, enabling users to upload files to third-party drives or download files stored on third-party drives to Ugreen. To use this feature on Ugreen, users need to set corresponding permissions for third-party cloud storage services. Otherwise, if users deny such permissions, users aren’t able to use the third-party cloud storage services for file uploads and downloads. Read and write permissions are required for file migration and management between Ugreen and third-party cloud drives. Those permissions are only required for file uploads, downloads, and synchronization, and do not involve the specific file content. Except for those permissions, Ugreen does not share users’ personal information with third-party cloud storage service providers. Users can choose whether to mount third-party cloud storage services to Ugreen. If not, users can still use other services and features provided by Ugreen.
Be aware that some third parties may use your account ID for data collection and processing. The third party service provider shall be responsible for the data collection, storage, use, and transmission. UGREEN is not involved in the processing of such data, nor will it process, access, control, or modify this data. Please choose and use third party services carefully, as your personal information and data security will be subject to the third party service provider's terms and policies when using such services.
We recommend consulting with legal experts or professionals before enabling any third party service should you have any concerns regarding the third party service provider's agreement or terms. UGREEN NAS may not be able to directly notify you of any changes to third party agreements or terms. Therefore, we recommend regularly reviewing the agreements or terms for any third party services you use to ensure your rights are protected.
(13)Operation and Security
To ensure the smooth operation and security of our products and services, and to protect the legal rights of users, the public, and ourselves, we may collect the following information:
①For secure and efficient software and service operations, we collect your hardware model, operating system version, device identifiers (Android includes IMEI/MEID, AndroidID, OAID, IMSI, SIM card details, GAID, Hardware SN; iOS includes IDFV, IDFA; identifier validity, reset capability, and acquisition methods vary), Network Device Hardware Address, hardware SN, IP address, WLAN access points (including SSID, BSSID), Bluetooth, base stations, software version, and network access mode, type, status and quality.
②To analyze product usage, optimize user experience, enhance application stability, and develop and improve product features, we may collect data related to user behaviors. For example, when you use features such as Gallery, Music, and Docker, we collect data including page view, click interactions, browsing behaviors, search queries, feature usage, visit duration, interaction frequency, and crash logs. Such data is used solely for statistical analysis and cannot be linked to your personal identity.
③Your account, device, and service log information may be used and shared with our affiliates and partners for account security assessments, identity verification, violation detection, security incident prevention, and to record, analyze, and address such violations.
④We may collect serve log data and error log data in the event of unusual errors in UGREEN NAS to analyze and help resolve these issues and assist you in addressing such issues.
(14)Configuration Backup and Restoration
To preserve your device settings, you can back up your configurations using the "Configuration Backup and Restoration" function. When you repair your device or carry it from the original country or region to use abroad, you can actively restore your backup data. For this purpose, we need to collect and use the following setting information from you:
①Connectivity and Access: Users and user groups (permissions and advanced settings), file services, device connection data (UGREENlink, DDNS, portal settings), end devices, domains, and LDAP;
②General Settings: Time and language, notification, network, security, and indexing services;
③System Services: System updates, resets, configuration backups, and restorations.
2.2.Personal Information Processing Pursuant to the Law
We may collect and use your personal data pursuant to applicable laws under the following legal circumstances:
(1)With your consent;
(2)For contract fulfillment as requested by you;
(3)To comply with legal obligations such as those for anti-money laundering, anti-terrorism, anti-telecommunications fraud, and real-name management;
(4)The request is directly related to national defense and security;
(5)Whenever necessary in response to public health emergencies, or to protect the life, health, or property of a natural person in emergencies;
(6)For criminal investigations, prosecutions, trials, or executing court judgments;
(7)When you publicly disclose your personal data;
(8)When the data is sourced from legally disclosed information, including legitimate news reports and government disclosures;
(9)For maintaining the security and stable operation of our products/services, including fault detection and resolution;
(10)Any other circumstances provided by law.
Please note, in scenarios from (2) to (10) above, we may process your personal data in accordance with applicable laws without requiring your consent.
2.3.Use Permissions
UGREEN NAS may request certain permissions to provide services. Rest assured that UGREEN NAS will not activate these permissions by default. Only if you approve and confirm to grant those permissions will UGREEN NAS use them to collect your data, which will only be used in the necessary contexts specified. It is worth noting that granting UGREEN NAS a specific permission does not necessarily mean your data will be collected. Although you have granted such permissions to UGREEN NAS, your data will only be collected under lawful, valid, and necessary circumstances. Refusing to grant permissions may lead to the unavailability of specific features reliant on said permissions, but that will not affect you using other UGREEN NAS features. For more information on permissions and their uses, refer to the UGREEN NAS Permission Application and Usage Description.
3. Use of Cookies and Other Similar Technologies
Cookies and device identifiers are commonly utilized across the Internet. We may use such technologies to store cookies or anonymous identifiers on your device when accessing our platform or services, allowing us to collect and identify data during your use of our product. We warrant not to use cookies for any purposes other than those stated in this policy. Cookies and similar technologies are primarily used to facilitate product and service usage, enhance security and efficiency, improve login and response speed, and provide a more effective access experience. Most browsers allow users to delete browser cache data, including cookies. You can delete cookie data in your browser settings when using UGREEN NAS on the web. However, deleting cookies may render cookie-dependent features or services unavailable.
4. How We Store and Protect Your Personal Data
4.1.Data Retention Period
Your personal information will be retained only for the duration necessary to fulfill the purposes outlined in this policy when using our services (unless a longer retention period is required or permitted by law). If you wish to delete your personal data, please contact us using the contact information provided in Section 10 of this Policy. Following the necessary retention period, we will delete or anonymize your personal information, except where legal obligations mandate otherwise.
Date Retention Criteria:
(1) The length of time we maintain an ongoing relationship and provide UGREEN NAS products and services to you (such as the duration of your UGREEN cloud account or ongoing use of our products);
(2) Whether the information is modified by the account owner, or deleted by users through their accounts;
(3) Legal obligations to retain data (for example, certain laws may necessitate retaining your transaction records for a specific period before deletion);
(4) Our legal team's recommendations for data retention (such as considerations related to contract performance, dispute resolution, legal validity, litigation, or regulatory investigations).
4.2.Data Residency
Generally, personal information collected and generated within the People's Republic of China is stored in the People's Republic of China, but as UGREEN NAS offers global services, we may transfer your personal information to our affiliates outside China. For more information, refer to "8. How Your Personal Information is Transmitted Globally".
4.3.Security Measures
We prioritize the security of your personal information and adhere to prevailing information security standards. Our aim is to remain at the forefront of industry security practices. Our security strategy includes advanced security technologies such as encrypted transmission, secure data storage, intrusion detection, firewall protection, and regular vulnerability scanning to safeguard your data. Beyond technical solutions, we implement comprehensive management systems to bolster information security. This includes staff training in data protection and meticulous scrutiny and improvement of all data processing and storage procedures. Recognizing that no system is infallible, we continuously identify potential risks and implement precautions to mitigate the likelihood of information leaks, destruction, misuse, unauthorized access, disclosure, or alteration of your personal information. In the event of a security incident, we have established protocols and response mechanisms to promptly notify affected users, rectify security vulnerabilities, and take steps to prevent future occurrences.
(1) Your information is collected and used in accordance with industry-standard security practices, and you will be informed of the purposes and scope of data use through our user agreement and privacy policy.
(2) Our network services employ encryption technologies, such as transmission security protocols, to protect your data during transmission.
(3) Your personal information is encrypted and stored using advanced encryption and isolated through state-of-the-art technology.
(4) When processing personal information, such as when disclosing personal information and measuring the degree of association, we apply data desensitization techniques, including substitution and encryption-based methods, to enhance the security of any personal data we process.
(5) Our stringent data access control and multiple identity authorization systems are designed to prevent misuse of personal data and ensure compliance with regulations. Staff authorized to access personal information undergo identity verification, and access control measures, and sign confidentiality agreements, ensuring only authorized employees have access to your data.
While we implement robust security measures, we acknowledge that no system can guarantee absolute security. As such, we cannot promise complete data security, especially in instances beyond our control. Please be aware that despite our best efforts, security issues beyond our control, such as malicious attacks, may occur when using our products and services.
4.4.We appreciate your cooperation!
Despite implementing these effective measures and complying with legal standards, we cannot assure the security of your personal information when transmitted over unsecured channels. Therefore, we strongly encourage you to take precautions to protect your personal information, including without limitation, the use of complex passwords, regularly changing your password, keeping your account password confidential, and helping us maintain the security of your account and personal data.
4.5.Resolving Information Security Incidents
We have established emergency response plans for cybersecurity incidents. Should a personal information security breach occur, we will promptly activate these plans and assemble an emergency response team to identify the cause, minimize losses, and report to authorities as required by law. Additionally, we will inform you about the basics of the security incident, its potential impacts, our response plans, suggestions for mitigating risks, and any remedial measures we can offer. Communication will be through the contact information we have, such as notifications on our platform, messages, calls, or emails.
5. How we share, assign, and disclose your personal information
5.1.Application Programming Interfaces (API) and Software Development Kits (SDK)
To guarantee the secure and stable operation of our products and services, UGREEN NAS incorporates software development kits (SDKs)and Application Programming Interfaces (APIs).When using products and services supported by these SDKs/APIs, third-party SDKs/APIs may collect and process your personal information. We perform security monitoring and assessments of third-party SDKs/APIs and adhere strictly to legal and regulatory requirements to safeguard data security. To maximize the protection of your personal information, we urge you to thoroughly understand the privacy policies of these third-party SDKs/APIs before use, as these entities are solely liable for your data under their respective privacy and data protection policies. This policy does not cover third-party products or services that you may access or initiate. We are not liable for the collection, use, and processing of your personal information by these third parties when you utilize their products or services. If you are concerned about the risks associated with these SDKs or APIs, we advise discontinuing their use and contacting us promptly. For circumstances involving UGREEN NAS's use of third-party SDKs/APIs for personal information processing, please refer to the UGREEN NAS Third-Party Personal Information Sharing List.
5.2.Sharing
Your personal information will not be shared with any entities other than UGREEN or its affiliates, except under the following circumstances:
(1) We receive your or your guardian's explicit authorization or consent.
(2) Judicial or administrative agencies demand disclosure as part of legal proceedings;
(3) We engage in legal action or arbitration against a user to protect our legal rights;
(4) Such sharing is necessitated by the service agreement or usage rules between you and UGREEN;
(5) To prevent infringement of the legal rights of UGREEN, its affiliates, users of our service, and the public to the extent permitted by law;
(6) The sharing complies with agreements made between you and third parties.
(7) The information is utilized for academic research purposes.
5.3.Assignment
We will not transfer your personal information to any company, organization, or individual outside of UGREEN's affiliates, except under the following circumstances:
(1) With your express prior authorization and consent;
(2) To comply with legal obligations, legal proceedings, mandatory government directives, and court orders;
(3) In cases of mergers, separations, bankruptcy liquidation, or acquisition/sale of our or our affiliates' business, your personal information may be transferred as part of the transaction. We will ensure confidentiality during the transfer and require the successor entity to adhere to this Policy, or otherwise, seek your reauthorization.
5.4.Disclosure
We will only publicly disclose your personal information under the following circumstances:
(1) 1. With your express prior consent;
(2) 2. In compliance with laws, legal proceedings, lawsuits, or government orders.
5.5.Exceptions to Obtaining Your Consent when Sharing, Assigning, or Disclosing Your Personal Data
Please be aware that in certain instances, we may share, assign, or disclose your personal data without prior authorization or consent:
(1) The request is directly related to national defense and security;
(2) The request is related to public security, public health, and other material public interests;
(3) In circumstances directly involving criminal investigations, prosecutions, trials, or court order execution;
(4) To protect vital legal rights, such as the life and property of the data subject or other individuals, when obtaining consent is not possible;
(5) If the personal data has been publicly disclosed by the data subject;
(6) Personal data obtained from legally disclosed information sources, including without limitation news reports, government information disclosure, and other legal channels.
6. How to Exercise Your Right to Manage Personal Information
6.1.When you register or log in using a Local account, all data is stored on your UGREEN NAS device and your mobile phone (or computer). We do not collect any of your personal data. At this time, to facilitate the management of your information, you can perform the related operations by following these paths:
(1) Accessing Path: Profile picture - Homepage (access to Profile picture and email) or Control Panel - User Management (access to Profile picture, username, role, email, etc.)
(2) Correction Path: Profile picture - Homepage (for editing Profile picture and email) or Control Panel - User Management (for editing Profile picture, username, role, email, etc.)
(3) Change or Withdraw Your Consent Authorization:
① Path to change the scope of related permission applications and usage: Personal Profile picture - Privacy Management - System Permission Management.
② Path to withdraw privacy policy authorization on mobile devices: Personal Profile picture - Privacy Management - Privacy Statement - Withdraw Consent.
(4) Deletion Path: Log in with an administrator account, go to Control Panel - User Management to delete a user, or go to Control Panel - Update and Restore to reset the device to factory settings (Local accounts are stored on the device, so the device administrator can manage and delete Local accounts, or even reset to factory settings to delete all user accounts).
6.2.When you bind and use a UGREEN cloud account for registration and login, we ensure that you can exercise the following rights regarding your personal information:
(1) Accessing Your Personal Information
Official Website Online Account Path: Home page - account and security (access to profile picture, username, password, phone number, email)
For information not accessible through these methods, you can contact us anytime using the details in Section 10 of this Policy. We will respond to access requests within 15 business days after verifying your identity.
(2) Correcting Your Personal Account Information
Official Website Online Account Path: Home page - account and security (modify profile picture, username, password, phone number, email)
For information not amendable via these methods, contact us anytime using the details in Section 10 of this Policy. We will respond to correction requests within 15 business days after verifying your identity.
(3) Modifying Authorization Scope or Withdrawing Consent
①To change authorization scope for permissions: Profile picture - privacy management - system permission management.
②To withdraw consent for this Policy on mobile: Profile picture - privacy management - privacy statement - withdraw consent.
③Rejecting marketing or withdrawing the consent for marketing (not applicable to users in the Chinese Mainland): We shall only send marketing information under applicable laws and with your consent, and you have the right to require us not to use your personal information for marketing. You may unsubscribe from our emails according to the unsubscribe guidelines shown in such emails for rejection and withdrawal.
Following the withdrawal of consent, we will cease processing the related personal information. However, your withdraw of consent will not affect the processing of personal information previously conducted based on your authorization. If you encounter issues during this process, contact us anytime using the details provided in Section10 of this Policy.
(4) Deleting Your Personal Information
You can delete your information as follows:
To delete device information:
Official Website Online Account Path: UGREEN NAS devices - unbind device.
If we process your personal information unlawfully, collect or use it without your consent, or if you seek deletion due to account closure and cessation of our product or service use, you may request the deletion of your personal information. Contact us using the information in Section10 of this Policy at any time. We will address your deletion request within 15 business days. Upon deletion, your personal data will no longer be used. However, immediate deletion may not occur to comply with legal or policy requirements or to maintain necessary data for normal operations. We will store or back up your data for the required period, after which it will be permanently deleted.
(5) Account Closure
You have the right to close your UGREEN cloud account using the following methods:
https://web.ugnas.com/account/login/#/login
Home page - account and security - close this account;
For additional assistance, contact us using the information in Section10 We will process your account closure by deleting your personal information associated with the registered cellphone within 15 business days after verifying your identity.
(6) Obtaining a Copy of Your Personal Information
You are entitled to obtain a copy of your personal information. To request this, please use the following method:
Application Email: ugreennascss@gmail.com
(7) Constraint-based Information System Automated Decision-Making
Certain functions involve decisions made by automated systems, including information systems and algorithms. If you believe these automated decisions significantly impact your legal rights, you can request explanations or corrections, and we will provide appropriate solutions. For inquiries, contact us at ugreennascss@gmail.com.
(8) Response to Your Requests
For security, you may need to submit a written request or provide additional identification. We may ask you to verify your identity before processing your request.
We aim to respond within 15 business days.
Reasonable requests are typically processed free of charge. We reserve the right to refuse requests that are unjustifiably repetitive, technically burdensome (such as by necessitating the development of new systems or fundamentally amending current practices), infringe on others' legal rights, or are impractical (such as requests involving data on backup tapes).
Pursuant to applicable law, we are unable to accept requests under the following circumstances:
①The request involves the personal information controller's legal obligations;
②The request is directly related to national defense and security;
③The request is related to public security, public health, and other material public interests;
④The request is directly related to a criminal investigation, prosecution, trial, or enforcement of a judgment;
⑤If the personal information controller has evidence of the request being made in bad faith or as an abuse of rights;
⑥To protect vital legal rights, such as the life and property of the data subject or other individuals, when obtaining consent is not possible;
⑦When responding to a request made by a subject of the personal information will materially infringe upon the legal rights of the subject of the personal information or other individuals or organizations;
⑧A commercial trade secret is concerned.
This Policy does not create, extend, or modify rights for data subjects and consumers in mainland China, Hong Kong, China, the European Union, any U.S. state (including California), or UGREEN's obligations unless otherwise required by the GDPR, CCPA, or other privacy laws.
7. How We Process Minors' Personal Data
Our products and services are primarily intended for adult users. If you are a minor under the laws of your country or region, please ensure that your parent or guardian reviews this Policy thoroughly. We require that you use our services or share information with us only with the explicit consent of your parent or guardian.
We are committed to the protection of minors' personal information. If you are a parent or guardian, please ensure that any child under your care uses our services with your authorized consent. For inquiries regarding a child's personal information, please contact our dedicated personal information protection department. If you are considered a minor under the laws of your area, it's important to review this policy with your guardian before using our product/service. Please make certain that you have your guardian's explicit consent both for using this product and for sharing your personal information with us. Once a child's personal data is collected with parental consent, we will use or disclose it only as explicitly agreed by the parent or guardian, in compliance with applicable laws, or when necessary for the child's protection. If a guardian believes we have collected a minor's personal information without consent, please contact us at ugreennascss@gmail.com, and we will delete the relevant data promptly upon request.
8. How Your Personal Information is Transmitted Globally
8.1.As of now, we have deployed servers in Hong Kong (China), Singapore, Germany, the United States, Japan, the Republic of Korea, and mainland China. When you use your UGREEN NAS device, the system will automatically assign you to the nearest server based on your country/region. (The Hong Kong data center is used solely for ensuring the global uniqueness of your UGREEN cloud account and helping to identify your account's home country/region). Specifically, after your registration of your UGREEN cloud account, we will transfer the hashed value of your UGREEN cloud account (the hashed phone number for users in mainland China or the hashed email address for users in other countries/regions) and your home country/region information to the Hong Kong server to ensure the global uniqueness of your UGREEN Cloud account. When you enable the UGREENlink feature, your UGREENlink ID (a nickname you define for your UGREEN NAS device) will be transmitted between the server nearest to where you initiate the access request and the Hong Kong server. The Hong Kong server then determines your UGREEN Cloud account's home country/region in order to assign you to the server in your account's original home country/region.. These data processing activities are designed to ensure you can efficiently access your UGREEN NAS device from anywhere in the world, especially while traveling globally.
8.2.File transfers that you initiate between UGREEN NAS and third-party cloud storage services may involve cross-border data transfer. These activities are entirely under your control, and we have no means to access or monitor them. You are responsible for ensuring that any such cross-border data transfers comply with the requirements of applicable laws and regulations.
9. Policy Updates
We may periodically update this policy. Without your explicit consent, we will not reduce your rights under the current Privacy Policy. Any changes to this Policy will be posted on this page. For significant updates, we will inform you through push notifications, pop-ups, emails, etc., and seek your consent again.
The Ugreen NAS device can be connected and used by multiple users at the same time, but only the administrator account has the full control over the device. The administrator controls the purpose, scope, privacy policy, and updates of the device information, and its decisions directly affects all non-administrator accounts under the same device. Please note that we are not liable for any issues or potential impacts that may arise to non-administrator users as a result of any update decided by the administrator.
10.1.For any inquiries, comments, or suggestions regarding this agreement or our services, please reach out to us using the contact details provided below.
(1) Contact us through the "Help Center - Contact Us" feature within UGREEN NAS;
(2) Our dedicated Personal Information Protection Officer can be contacted at: ugreennascss@gmail.com
(3) Contact us by mail at the following address:
Registered Addresses: San Po Kong, 19H WAN DI PLAZA 3 TAI YU STREET, San Po Kong, Kowloon Hong Kong SAR
(4) Contact numbers and service hours:
(Global/US) +1 (888) 820-8830 Mon-Sun 9:00-17:00 PST
(DE) +49 800 989 8988 Mon-Fri 8:00-17:00 CET
10.2.To ensure efficient handling of your inquiries and timely feedback, please provide proof of identity, valid contact information, written requests, and relevant evidence. We aim to process your request within 15 working days after verifying your identity.
10.3.If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Appendix
11. Appendix for the European Economic Area (EEA) , UK, and Switzerland
This section is addressed exclusively to residents of the EEA, UK, and Switzerland (you). This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevail.
11.1.Collection, Use, Disclosure, and Retention
For the categories of personal data we process, the purposes of the processing, the categories of recipients of the personal data, and the criteria used to determine the period for which the personal data will be stored, please refer to the following sections of the main body of this Policy, respectively:
2. How We Collect and Use Your Personal Information
4. How We Store and Protect Your Personal Data
5. How We Share, Assign, and Disclose Your Personal Information
We are required by law to have a legal reason, or ‘legal basis’, to process your personal data. Below, for each category of data, we have outlined the specific legal basis we rely on. We will also inform you of the possible consequences of a failure to provide such data.
|
Feature |
The data that we collect and use |
Legal bases |
|
(1) Registration and Login |
• Phone number, email address, profile picture, nickname. |
• We collect this data as it is necessary to perform our contractual obligations. If you fail to provide such data, we will not be able to create your account, enable login, save your account settings, link your UGREEN NAS device, ensure the security of your account, or provide you with other account-related services. |
|
(2) Bind Device |
• Device model, device system version, device serial number (SN), MAC address, IP address, UGREENlink ID, customized device name, device system status, device holding role, warranty expiration time. |
• We collect this data as it is necessary to perform our contractual obligations. If you fail to provide such data, you will not be able to link UGREEN NAS device with your account or manage it through your account in accordance with your requests. |
|
(3) Login History & Trusted Device Management |
• Login time, operation record, location information, IP address, operating system, access method, device model, device name. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to prevent unauthorised logins, conduct security monitoring or fraud prevention. |
|
(4) Technical Support Ticket (Web) |
• UGREEN NAS device serial number, device model, device system, client model, access method information, phone number (optional), email address (optional). |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to provide efficient technical support to help you solve your technical problems in accordance with your requests. |
|
(5) LAN Device Search |
•Device name, IP address, Mac address, serial number, operating system version, model name, device status. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to locate or identify the LAN device in accordance with your requests. |
|
(6) UGREENlink Services |
• Product serial number, IP address, routing port, UGREENlink/DDNS domain name, IPv4/IPv6 address, MAC address, device status information, WOL switch status, device hostname, device boot time. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to provide a secure and efficient remote connection in accordance with your requests. |
|
(7) Biometric Unlock |
• Anonymous authentication result ("Pass" or "Fail") (UGREEN does not process raw biometric data). |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to provide the biometric unlock feature in accordance with your requests. |
|
(8) Baby Album |
• Baby's nickname, date of birth, and other optional details you provide. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to create the Baby Album or organize and display your baby’s photos by age in accordance with your requests. |
|
(9) User-Experience Survey |
• Email Address |
• We collect this data with your consent. Without such data, we will not be able to invite you to participate in user-experience surveys or send you marketing communications. |
|
(10) Operation & Security |
• Hardware model, OS version, device identifiers (e.g., IMEI, AndroidID, IDFA), MAC address, IP address, WLAN/network information, user behavior data, service logs, and error logs. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to efficiently detect technical problems, maintain product functionality or prevent security incidents. |
|
(11) Configuration Backup & Restoration |
• User and group settings, file service settings, device connection information (UGREENlink, DDNS, portal settings), network settings, notification settings, security settings, and system service settings. |
• We collect this data as it is necessary to perform our contractual obligations. Without such data, we will not be able to provide backup and restoration functionality in accordance with your requests. |
11.2.Data Subject Rights
As residents in the EEA, UK, and Switzerland, you are entitled to the following rights regarding the personal data we process as a personal data controller:
l Access and portability. You may ask us to confirm whether we are processing your personal data, provide you with details about such processing, and give you a copy of your personal data. You may ask us to provide your personal data in a structured, commonly used, machine-readable format, or you can ask to have it ported directly to another controller.
l Erasure or deletion. You may ask us to delete the personal data that we hold about you.
l Rectification or correction. You may ask us to correct any inaccurate or incomplete personal data that we hold about you.
l Objection to processing. You may request that we stop processing your personal data for specific purposes including marketing and profiling.
l Restriction of processing. You may request that we restrict the processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
l Lodge a complaint to your local Data Protection Authority. You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
l Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us or updating your preferences. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
l Automated decision-making. We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions are decisions made automatically based on computer determinations (using software algorithms), without human review. If you are to be subjected to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.
To exercise these rights, you may follow the procedures outlined in Section 6.2 (“How to Exercise Your Right to Manage Personal Information”) of this Policy, or contact us using the contact information provided in Section 10 (“Contact Us”).
11.3.International Data Transfer
.UGREEN operates globally. As of now, we have deployed servers in Hong Kong (China), Singapore, Germany, the United States, Japan, the Republic of Korea, and mainland China. When you use your UGREEN NAS device, the system will automatically assign you to the nearest server based on your country/region. (The Hong Kong data center isused solely for ensuring the global uniqueness of your UGREEN cloud account and helping to identify your account's home country/region).
When you enable the UGREENlink feature, to help us assign you to the server in your home country/region and ensure the global uniqueness of UGREEN cloud accounts, your UGREENlink ID and Account Information (email) may be transferred to Hong Kong (China). The European Commission has not issued an adequacy decision for Hong Kong.
We safeguard your data to ensure it receives a level of protection equivalent to that in the EEA, UK, and Switzerland after being transferred, by entering into the EEA, UK, and Swiss Standard Contractual Clauses with the data recipient (HONG KONG UGREEN LIMITED) and implementing a data transfer impact assessment. If you wish to obtain a copy of the SCCs, please contact us through the contact information in Section 10 (“Contact Us”).
11.4. User's Right to Lodge a Complaint Under Data Act
In accordance with the EU Data Act (Regulation (EU) 2023/2854), you, as a user, have the right to lodge a complaint if you consider that your rights under this Regulation have been infringed.
This complaint can be lodged, individually or collectively, with the relevant competent authority designated pursuant to Article 37 of the Data Act in the Member State of your habitual residence, place of work, or establishment. This right is without prejudice to any other administrative or judicial remedy available to you.
The competent authority with which the complaint has been lodged will inform you of the progress of the proceedings and of the decision taken, in accordance with national law.
12. Appendix for Singapore
This section is addressed exclusively to residents of Singapore (you). This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevail.
12.1.For the purposes of our collection, use, and disclosure of your personal data, please refer to Section 2 (How We Collect and Use Your Personal Information).
12.2.By accepting this Policy, you consent to the cross-border transfer of your information to any country or region where we have data centers or affiliates and, in particular, the locations specified in Section 8 (How Your Personal Information is Transmitted Globally). We shall adhere to data protection standards equivalent to those prescribed by Singapore law, thereby ensuring uniformity in safeguarding measures.
12.3.You have the right to access your personal data and know how we use or disclose it, and how we disclose it. You have the right to correct any error or omission in the personal data. You also have the right to withdraw any consent given, or deemed to have been given at any time.
12.4.Our designated data protection officer designated pursuant to the Personal Data Protection Act 2012 can be contacted as set out in Section 10 (Contact Us).
13. Appendix for Japan
This section is addressed exclusively to residents of Japan. This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevail.
13.1.For the purposes of our collection of your personal information, please refer to Section 2 (How We Collect and Use Your Personal Information) for further details.
13.2.Unless otherwise required or permitted by applicable laws, we will not process your personal information beyond the scope necessary for achieving the original purpose of use specified herein without obtaining your consent to do so in advance, except as otherwise required or permitted by applicable laws. Please note, however, that we may modify the purpose of processing pseudonymized information for internal data analytics without obtaining your prior consent, as permitted by law.
13.3.The categories of personal information specified in Section 2 (How We Collect and Use Your Personal Information) may include sensitive information as defined by applicable laws. We may only process such sensitive personal information would only be conducted after obtaining your explicit consent, except as otherwise required or permitted by applicable laws.
13.4.In conducting our business, we will/may need to provide your personal data to our third party service providers, and/or our affiliates or related corporations, and/or other third parties. These recipients may be located in Japan or outside of Japan. For the purposes of our provision of your personal information, please refer to Section 2 (How We Collect and Use Your Personal Information) for further details.
13.5.By accepting this policy, you consent to the provision of your personal information to third parties, which may include third parties in foreign countries. Specifically, your personal information would be transferred to and stored in our data center located in Japan and Singapore, where the data center located in Japan is solely used for data forwarding purposes, aiming to accelerate the remote access for users in Japan. The Personal Data Protection Act (PDPA) provides robust protection for personal data by stipulating legal requirements for data collection, use, disclosure and cross-border transfers. For more details about measures taken to protect your personal information, please refer to Section 8 (How Your Personal Information is Transmitted Globally) for further details.
13.6.You have the right to access, review, and correct your personal information held by us. You may also withdraw your consent and request the deletion of your personal data under our control. To exercise these rights, please submit a request through our established procedures. We may need to verify your identity and apply relevant administrative fees. For detailed instructions on submitting your request, please refer to Section 10 (Contact Us) of this Policy.
14. Appendix for California
This section is addressed exclusively to California residents (you). This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevail.
For information on how we collect your personal information, use and disclose your personal data, please refer to Section 2 (“How We Collect and Use Your Personal Information”) and Section 5 (“How We Share, Assign, and Disclose Your Personal Information”). Should we intend to utilize your personal information for purposes beyond those for which it was initially collected, we shall endeavor to obtain your further consent.
The California Consumer Privacy Act of 2018 , as amended by the California Privacy Rights Act,(collectively referred to as the "CCPA"), provides certain rights to California residents regarding personal information. This section details your rights under the CCPA and explains how to exercise these rights.
14.1.Your Personal Information Rights
(1) Right to Know of the Collection, Disclosure, and Sale of Your Personal Information
You are entitled to request that a business collecting their personal information disclose the following:
①categories, purposes, and sources of personal information collected in the past 12 months;
②specific personal information collected in the past 12 months; and
③types of personal information disclosed for commercial purposes in the past 12 months;
④the categories of third parties with whom we share personal information.
You are entitled to submit up to two free, verifiable consumer access or data portability requests to us within a 12-month period.
(2) Right to Request the Deletion of Personal Information
California residents are entitled to request businesses to delete any personal information they have collected, subject to exceptions as outlined in the CCPA. We will provide a clear explanation for any denied requests for deletion.
(3) Right to Limit Use of Sensitive Personal Information
You have the right to restrict the use of your sensitive personal information to purposes other than those legally authorized, such as providing you with goods or services, and helping to ensure your safety and security.
(4) Right to Opt-Out of the Sale or Sharing of Personal Information
We do not, and have not in the past 12 months, sold or shared any personal information. For the purposes of this section, “sale” means the disclosure of personal information to a third party for monetary or other valuable consideration, and “sharing” means the disclosure of personal information to a third party for cross-context behavioral advertising, whether or not for monetary consideration.
(5) Right to Non-Discrimination
UGREEN will not discriminate against individuals exercising their rights under the CCPA.
14.2.How to Exercise Your Rights
To exercise any of the above rights you may submit a verifiable consumer request to us using the contact information provided in Section 10 (“Contact Us”) of this Policy. Only you or your authorized agent can make a verifiable consumer request related to your personal information. Your authorized agent must submit your written permission and, if applicable, proof of registration with the California Secretary of State.
14.3.Validating Your Request
To respond to your CCPA request, we need to verify your identity or your authorized agent's authority. If the initial verification is unsuccessful, we may request additional information for verification purposes. Any personal information provided for verification will solely be used for that purpose. For verification, you may need to provide your name, address, phone number, and email address. We will compare this information with what we already hold and may request additional documentation, including identification documents, to minimize fraud risks. We may deny or partially accept certain requests as permitted or required by law. For example, if you request the deletion of CCPA Personal Information, we may retain necessary information for legal purposes, like tax accounting.
California consumers also have the right to file a complaint with the California Attorney General's Office if they believe their rights under the CCPA have been violated. The Attorney General's Office can be contacted via https://oag.ca.gov/contact/consumer-complaint-against-business-or-company or by phone at (916) 210-6276.
Contact us using the methodsin Section 10 (“Contact Us”)and we will respond within 45 days: Should more time be needed to process your request, we will inform you within the initial 45days.
15. Appendix for Tennessee, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Nevada,Delaware, Iowa, Nebraska, New Hampshire and New Jersey
This section is addressed exclusively to residents of Tennessee, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Nevada, Delaware, Iowa, Nebraska, New Hampshire, and New Jersey. This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevail.
15.1. Collection, Use, and Disclosure
For information on how we collect your personal information, use and disclose your personal information, please refer to Section 2 (“How We Collect and Use Your Personal Information”) and Section 5 (“How We Share, Assign, and Disclose Your Personal Information”). If we use your personal information for new purposes, we will seek additional consent from you.
15.2. Your Rights
According to the applicable laws, you possess the entitlement to demand that we:
l Affirm whether we are currently processing your personal information and furnish a duplicate of said data;
l Rectify inaccuracies within your personal information;
l Eliminate your personal information;
l Withdraw consent for the subsequent applications of your personal information: (i) targeted advertising, (ii) sale, or (iii) profiling for decisions that could potentially have legal or similarly significant ramifications for you.
15.3. Minors’ Rights
We take the privacy of minors seriously and comply with applicable U.S. state privacy laws, including but not limited to the laws of Tennessee, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Nevada, Delaware, Iowa, Nebraska, New Hampshire, and New Jersey.
l Children Under 13
If you are a resident of one of the above states and are under 13 years of age, we will not knowingly collect, sell, share, or use your personal information without verifiable consent from your parent or legal guardian.
Parents or legal guardians may exercise privacy rights on behalf of their child, including requesting access to, deletion of, or correction of their child’s personal information.
l Connecticut Residents Aged 13–17
Connecticut residents between 13 and 17 years of age may request deletion of their account and/or opt out of targeted advertising, sale, or sharing of their personal information.
Parents or legal guardians of Connecticut residents under 16 years of age may request deletion of their child’s account.
l How to Submit Requests
To submit a request relating to a minor’ s personal information, please contact us using the information in Section 10 (“Contact Us”) and include proof of your identity and, where applicable, proof of parental or guardian status. We may request additional information to verify the request as required by law.
16. Appendix for the Republic of Korea
This section is addressed exclusively to residents of the Republic of Korea (you). This Appendix supplements the information contained in the main body of this Policy. In the event of any conflict or inconsistency between this Appendix and the main body of this Policy, this Appendix shall prevaila.
16.1. Purposes of processing, categories of personal information, and retention periods
16.1.1. Personal information processed without consent from you
To the extent necessary for the provision of the services, we collect and use the following personal information pursuant to Article 15(1)(4) (inevitably necessary to execute and perform a contract with a data subject) of the Personal Information Protection Act.
|
Scenario |
Data |
Purpose |
Retention Period |
|
UGREEN cloud account registration and login |
Phone number, email address, password, and verification code |
To create and manage your UGREEN cloud account, authenticate your identity, secure your UGREEN cloud account, support account recovery, link your basic information to your UGREEN NAS device, and send important notifications regarding your devices and services |
Verification codes are retained for 7 days, and all other data is retained until you delete your account. |
|
NAS device binding |
UGREEN cloud account |
To identify and associate the user with the device, manage device permissions, monitor device status, and send warranty-expiration reminders |
Retained until you delete your UGREEN cloud account |
|
Unique device identifier, device model, MAC address, IP address, UGREENlink ID, device name, device status, device owner, and warranty expiration date |
Retained until the user unbinds the device |
||
|
UGREEN cloud account login history and trusted device management |
UGREEN cloud account |
To protect your account against unauthorized access, identify abnormal activities, and manage trusted login devices |
Retained until you delete your UGREEN cloud account |
|
Login time, operation record, IP address, operating system, access method, device model and name, your most recent login time, location information, login location, login history, and trusted device list |
Retained for 30 days after the user's account deletion request is accepted. |
||
|
Technical support ticket (Web) |
UGREEN cloud account (to identify the person reporting the issue), user’s country of origin, UGREEN NAS device's serial number, device model, client type, and access methods to UGREEN NAS |
To contact the user, help the user identify technical issues, and provide effective solutions |
Retained for 3 months after the issue is resolved.
|
|
LAN device search via find.ugnas.com |
IP address, unique device identifier, device name, MAC address, operating system version, model name, and device status |
To ensure accurate identification of LAN devices for user connection |
Retained for 3 months after a connection is established. |
|
UGREENlink services |
UGREENlink ID, user nickname, LAN IPv4 address, IPv6 address, UGREENlink routing port, MAC address, device status (whether the device has been initialized or whether it is currently online), Wake-on-LAN (WOL) switch status, device hostname, and device boot time |
To establish and maintain a secure remote connection for the device, and optimize the user's remote access and management experience |
Retained for 30 days after the user unbinds the device. |
|
NAS configuration backup and restoration |
Users and user groups, file services, portal settings, end devices, domains, LDAP, time and language, notification, network, security, indexing services, and system updates |
To provide convenient configuration restoration services for the user when the user sets up a new device or performs data recovery. |
Retained until the user unbinds the device |
|
Operation and security (in the event of user-initiated log uploads) |
Crash logs, system version, device model, software version number, Identifier for Vendor (IDFV), Android ID, Open Anonymous Device Identifier (OAID), and client logs |
To ensure the secure and stable operation of the software and services, diagnose technical issues, and perform statistical analysis. |
Retained for 3 months after the logs are uploaded. |
In accordance with the Act on the Consumer Protection in Electronic Commerce, Article 15(1)(3) of the Personal Information Protection Act (performance of its duties under its jurisdiction as prescribed by statutes), and other applicable laws and regulations, we will retain your personal information for the duration specified by such laws. In such cases, we will use your personal information solely for the purpose of storing such data, with the retention periods as follows:
Pursuant to the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce:
● We will store the records related to trademarks and advertisements for 6 months.
● We will store the records concerning the cancellation of contracts or unsubscription from services for 5 years.
● We will store the records concerning payment and supply of goods and services for 5 years.
● We will store the records concerning customer services or dispute resolution for 3 years.
Pursuant to the Framework Act on National Taxes:
● We will store the accounting records for 5 years, including corporate ledgers, vouchers, invoices (including electronic tax invoices), receipts, contracts, records of sales and purchases, and other accounting documentation related to tax filings and business transactions.
For details on how we collect and use your personal information, as well as how we store and protect your personal information, please see Sections 2 (How We Collect and Use Your Personal Information) and 4 (How We Store and Protect Your Personal Data) of this Policy.
16.2 Procedures and methods of destruction
16.2.1. Destruction procedures
We will select and destroy personal information that has reached the end of its retention period.
16.2.2. Destruction methods
We will use technical methods to destroy personal information stored in electronic file formats, including physical deletion from databases and deletion through code. We will destroy personal information stored in paper documents through shredding or incineration.
16.3. Provision/Disclosure of personal information to third parties
We only provide your personal information to third parties with your consent or as required by relevant laws and regulations.
|
Recipients |
Data |
Purpose |
Retention/Usage Period |
|
Shenzhen Tencent Computer System Co., Ltd. |
Android: device model, device brand, Android OS version, Android API level, manufacturer OS build, CPU architecture type, root status, disk space usage, SD card storage usage, memory usage, network type, and names and PIDs of currently running processes iOS: device model, OS version, OS build number, Wi-Fi status, CPU attributes, available memory, total/available disk space, device runtime status (such as process memory usage and virtual memory), IDFV, jailbreak status, and region code |
To collect application error information |
Privacy policy: https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56 |
|
Google LLC |
User's geographical location information, including real-time location data |
To obtain mapping information |
Privacy policy: https://policies.google.cn/privacy/archive/20221004?hl=zh-cn&hl=zh_CN |
|
Microsoft Corporation |
User-selected files and documents to be uploaded to the Microsoft OneDrive |
To transfer data between the UGREEN NAS device and Microsoft OneDrive based on user commands |
Privacy policy: https://learn.microsoft.com/zh-cn/sharepoint/onedrive-privacy-security-overview |
16.4. Transfer of personal information to overseas third parties
|
Recipient's Country/Region |
Purpose |
Data |
Timing and Method of Transfer |
Retention/Usage Period |
Legal bases |
|
Hong Kong, China |
To enable the system to assign the user the nearest server based on the user's country/region and UGREENlink ID so that the user can access the NAS device in an efficient manner from all over the world when the user travels globally |
UGREENlink ID |
Triggered when the user registers and sets up the UGREENlink ID |
Retained until the user disables the UGREENLink function. |
Article 15(1)(4) (inevitably necessary to execute and perform a contract with a data subject) of the Personal Information Protection Act |
|
Hong Kong, China |
To ensure the uniqueness of the UGREEN cloud account through hash comparison by the server |
|
Transferred once at the time of registration and subsequently synchronized through scheduled tasks |
Retained until the user account is deleted. |
Article 15(1)(4) (inevitably necessary to execute and perform a contract with a data subject) of the Personal Information Protection Act |
16.5. Cookies and similar technologies
|
Name and Type |
Legal bases |
Purpose |
Data |
Method of Collection |
Retention Period |
|
Cookie |
Article 15(1)(1) (consent is obtained from a data subject) of the Personal Information Protection Act |
To install a firewall |
The user's access and usage information |
Automatically collected upon user access |
180 days after data generation |
The user may click/tap Cookie Settings in the browser to allow, reject, or manage cookies.
16.6 Rights of the user
You may exercise rights related to your personal information, such as the right to request access to, modify, or delete your personal information, suspend its processing, or object to and request an explanation of automated decision-making involving your personal information. You may also withdraw your consent to the collection, use, or provision of your personal information. To exercise these rights, you may contact our data protection officer or reach out to us via the contact information provided in Section 10 (Contact us).
16.7. Data protection officer and representative in the Republic of Korea
16.7.1. Data protection officer
Name and contact information: Olivia Wei, ugreennascss@gmail.com
16.7.2. Representative in the Republic of Korea
Entity name in in the Republic of Korea: Ugreen Korea Co., Ltd.; legal representative: NIE XINGXING
Business address: 6F 601-189 , 47, Sejongdaero23gil, Jongno-gu, Seoul, Republic of Korea
Contact number and business hours: +82 2 2158 8397 (Mon-Fri 10:00-17:00 KST)
E-mail: service.nas.kr@ugreen.com
16.8. Privacy policy updates and notifications
If we make significant modifications to this Policy, we will notify you by updating the date of this Policy, posting it within the service, or through other means as required by applicable laws. Any modifications to this Policy will take effect upon posting of the revised version (or at such later time as may be specified therein). You are advised to review this Policy each time you use our services to stay informed of our privacy practices.
Initial Effective Date of this Appendix: 30/10/2025
Last Updated Date of this Appendix: 30/10/2025