Mandarin

Privacy Policy

Policy on data processing and security

1. General Provisions and Operator Identification

This Policy defines the fundamental principles governing the handling of information by the MandarinBot.Online Service. The data operator is Uravin d.o.o. (PIB 03480836), 85360, Ulcinj, Kosovska ul. bb, Montenegro.

The Service generates independent analytical products by synthesising information from open Chinese sources. We operate on the presumption that information published by its original sources is lawfully placed and that the User acts in good faith when initiating a request.

2. Terminology and Data Scope

Within the operation of the Service, the following categories of information are distinguished:

  • User identification attributes: the minimum required dataset (email, Telegram ID, account transaction history) enabling access to the personal account and delivery of purchased products.
  • OSINT analysis subjects: information about the commercial activities of organisations (including but not limited to: legal status, patents, litigation, B2B platform metrics) recorded in official and public registers of the PRC.
  • Query input parameters: company names or USCC codes entered by the User to initiate an automated search. These queries are treated as confidential and are not disclosed to third parties.

3. Legal Basis and Nature of Analytics

Data processing is carried out on the basis of the User's agreement to the Public Offer terms and for the purpose of fulfilling obligations to deliver the analytical product.

All information about beneficial owners, executives, and the business structure of foreign companies (e.g. ownership shares and management bodies) is treated by the Service exclusively as elements of the public business reputation of entities engaged in cross-border economic activity. This information is not classified as private personal data and is used to promote market transparency.

4. Cross-Border Scope and Technical Specifics

Due to the nature of the analysed region, the execution of search algorithms requires access to information systems located in various jurisdictions, including the People's Republic of China. The User confirms their consent to cross-border interaction with databases necessary for generating the Report.

The Service takes reasonable organisational measures to protect data in transit but accepts no liability for the security policies of PRC government and commercial systems that are the primary sources of information.

5. Automated Profiling and Interpretation

The User acknowledges and agrees that the final analytical product (Report) is the result of automated aggregation and mathematical weighting of variables.

  • Reliability indices and risk scores (e.g. a rating of 47/100) represent a probabilistic model, not a statement of legal fact.
  • The Report is the Service's private expert opinion of an informational nature and cannot serve as the sole basis for financial or legal decisions.

6. Limitation of Liability and Data Currency

Information assets are provided on an "as is" basis at the time the register state is captured.

  • The Service does not guarantee the accuracy of information declared by the subjects of analysis in government bodies or on trading platforms (including data on paid-up capital or headcount).
  • The Service reserves the right to irreversibly anonymise or delete archived reports after the period defined by internal security regulations.

7. Data Subject Rights and Contact

The User may withdraw consent to the processing of their personal data at any time by sending a written notice. For questions relating to data processing or the accuracy of register records, please contact us at: [email protected].

8. Shopify App — Data Collected and Processed

This section applies to merchants who use the Service through the Shopify App Store integration on mandarin.business.

What we collect from a Shopify store:

  • Shop domain (e.g. yourstore.myshopify.com) — used to identify the merchant account and route API calls.
  • Shopify access token — issued by Shopify after OAuth installation, stored encrypted in our database, used solely to create billing subscriptions and usage records via the Shopify Admin API.
  • Billing subscription ID and usage record IDs — required to charge per-report fees through Shopify Payments.

What we do NOT collect: We do not access, store, or process any data about the merchant's customers (names, emails, addresses, order history, or any other personal data belonging to the end-customers of the Shopify store).

GDPR compliance: We implement all three mandatory Shopify GDPR webhooks. Upon receiving a customers/data_request or customers/redact webhook, no action is required on our end as we hold no customer PII. Upon receiving a shop/redact webhook, all data associated with the shop is permanently deleted from our database.

App uninstall: When the app is removed from a Shopify store, session data (shop domain, access token, subscription IDs) is deleted automatically within minutes via the app/uninstalled webhook. Merchants may also request manual deletion at any time by emailing [email protected].

9. Data Retention

We retain data for the minimum period necessary to provide the Service and meet legal obligations:

  • Shopify session data (shop domain, access token, subscription IDs) — retained while the app is installed; deleted automatically upon uninstall or on written request.
  • Report records and generated PDF files — retained for 2 years from the date of creation, then permanently deleted or anonymised.
  • Billing and usage records — retained for 5 years in accordance with standard financial record-keeping requirements.
  • User account data (for direct website users) — retained for the duration of the account, plus 3 years after the last login or until a deletion request is received.
  • Application logs — retained for 90 days, then automatically purged.

To request early deletion of your data, contact us at [email protected]. We will action verified requests within 30 days.

10. Final Provisions

Use of the Service (registration, balance top-up, or submitting data for verification) constitutes a conclusive action confirming the User's full and unconditional acceptance of this Policy. The Operator reserves the right to modify this Policy without prior notice to data subjects.