Trainco ESL App Privacy Policy

Last Updated: 2026

1. Introduction

Welcome to the Trainco ESL App (hereinafter referred to as "this App" or "we"). We highly value the protection of user privacy and personal information security. This Privacy Policy aims to explain how we collect, use, store, share, and protect your personal information, as well as the rights you have.

Please read and fully understand this Privacy Policy before using this App. Once you start using this App, it means that you have fully understood and agreed to all the contents of this Privacy Policy.

App Name: Trainco ESL
App Type: Enterprise Electronic Shelf Label Management Tool Application
Developer: Trainco
Bundle ID (iOS): com.trainco.esl
Package Name (Android): com.trainco.esl

Important Notice: B2B Enterprise Application

This App is a supporting management tool specifically designed for enterprise customers who have purchased our electronic shelf label hardware products and is not open for public registration.

• Service Target: Enterprise Customers (enterprise legal entities or organizations that have purchased the Company's electronic shelf label hardware)
• User Type: Enterprise Employees (accounts created by enterprise administrators through the backend management system)
• Account Management: Enterprise accounts are opened by the Company, employee accounts are created and managed by enterprise customers
• Data Relationship: The data collected and processed by this App is mainly used for enterprise business operations, and enterprise customers have management responsibility for the data generated by their employees using this App

This Privacy Policy applies to:

1. Enterprise Customers: As data controllers, they have primary responsibility for the collection and use of employee data
2. Enterprise Employee Users: As end users, they have corresponding rights to personal information
3. The Company: As data processor and technical service provider, processes data in accordance with this policy and agreements with enterprise customers

2. Information We Collect

2.1 Information You Actively Provide

2.1.1 Account Information

• Enterprise Account Information: Provided by enterprise customers, including enterprise name, contact information, etc. (provided by enterprise customers through business channels)
• Employee Account Information: Created by enterprise administrators, including username, employee name, department, etc. (created by enterprise customers through the backend management system)
• Login Credentials: Username and password, set by enterprise administrators or modified by employees themselves
• User Credentials: Including Access Token and Refresh Token

Note:

• This App does not support user self-registration
• Employee accounts are created and managed by enterprise customers
• Enterprise customers have primary responsibility for the collection and use of employee information
• Employees should consult their enterprise about the enterprise's data management policies

2.1.2 Business-Related Information

• Store Information: Store ID, store name, store timezone, etc.
• Product Information: Product code, barcode, product name, price, specifications, inventory, etc.
• Device Information: ESL device serial number, device model, device status, etc.
• Template Information: ESL display template related data

2.2 Automatically Collected Information

2.2.1 Device Information

• Device Identifiers: Unique device serial number (uniqueSn)
• Operating System Information: OS type (iOS/Android) and version
• App Version Information: Current app version number

2.2.2 Network Information

• API Request Logs: Request URL, request method, request parameters, response status
• Network Connection Status: To ensure proper app operation

2.2.3 App Usage Information

• Operation Logs: In-app operation records for feature optimization and troubleshooting
• Error Logs: App exceptions and error information for improving app stability

3. Device Permissions Description

This App requires the following device permissions to implement corresponding functions. We promise that all permissions will only be used after your explicit authorization and only for implementing the corresponding business functions.

3.1 Required Permissions

3.1.1 Camera Permission (CAMERA)

• Purpose: Scan product barcodes and ESL barcodes for quick information input

• Usage Scenarios:

  • Scan to add product information
  • Scan to query ESL information
  • Scan to bind devices
  • Employee daily business operations

• Note:

  • The camera is only invoked when using the scanning function
  • It will not be used in the background or record videos
  • The scanned product information belongs to the enterprise customer

3.1.2 Bluetooth Permissions (BLUETOOTH Related)

Includes the following specific permissions:

• BLUETOOTH (Basic Bluetooth permission)
• BLUETOOTH_ADMIN (Bluetooth management permission)
• BLUETOOTH_SCAN (Bluetooth scanning permission, Android 12+)
• BLUETOOTH_CONNECT (Bluetooth connection permission, Android 12+)

Purpose: Connect and manage ESL devices to perform the following operations:

• Scan nearby ESL Bluetooth devices
• Establish Bluetooth connection with ESLs
• Send image switching commands to ESLs
• Update ESL display content
• Read ESL status information

Note:

• Bluetooth communication is only used for device management and will not access other Bluetooth devices
• Automatically establishes connection after obtaining Bluetooth pairing information from NFC tags
• Connections are temporary and will be disconnected after operations are completed

3.1.3 NFC Permission (NFC)

• Purpose: Read NFC tag information on ESLs

• Usage Scenarios:

  • Quickly identify ESLs via NFC
  • Read Bluetooth pairing information of ESLs
  • Perform ESL image switching operations

• Note:

  • Only used when you actively initiate NFC operations
  • Only reads ESL-related NFC data
  • Will not read or store other NFC tag information (such as bank cards, access cards, etc.)

3.1.4 Location Permission (ACCESS_FINE_LOCATION)

• Purpose: Required by Android system for Bluetooth device scanning functionality

• Usage Scenarios: Scan nearby Bluetooth ESL devices

• Note:

  • We do not collect or upload your actual geographic location information
  • This permission is only used to meet Android system requirements for Bluetooth scanning
  • In Android 10 and below, Bluetooth scanning functionality requires location permission
  • Location information will not be stored or used for other purposes

3.1.5 Network Permission (INTERNET)

• Purpose: Communicate with servers to implement the following functions:

  • User login and authentication
  • Retrieve and upload product information
  • Synchronize ESL data
  • Download template images
  • Upload operation logs

• Note: All network communications use HTTPS encrypted transmission

3.2 Optional Permissions

3.2.1 Storage Permissions (READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE)

• Purpose:

  • Cache ESL image templates
  • Temporarily store downloaded data files

• Note:

  • Will not access your personal photos, documents, or other private files
  • Only accesses app-specific directories

3.2.2 Microphone Permission (RECORD_AUDIO)

• Purpose: Audio prompt functionality when camera scanning
• Note: Optional feature that does not affect core business usage

3.2.3 Vibration Permission (VIBRATE)

• Purpose: Vibration feedback when scanning succeeds
• Note: Auxiliary function to enhance user experience

3.2.4 Overlay Permission (SYSTEM_ALERT_WINDOW)

• Purpose: Display operation prompts and status notifications
• Note: Used to improve user experience, optional feature

3.3 Permission Usage Principles

1. Minimization Principle: We only request permissions necessary to implement business functions
2. Transparency Principle: We explain the purpose of permissions when you first use related functions
3. Authorization Principle: We will only use permissions after obtaining your explicit consent
4. Revocable: You can revoke granted permissions at any time in system settings
5. Isolated Usage: Different permissions are only used in corresponding functions and will not be cross-used

4. Use of Information

4.1 Purpose of Use

We collect and use your personal information only for the following purposes:

4.1.1 Provide Core Services

• Authentication: Implement employee user login and authentication
• Device Management: Manage enterprise-purchased ESL devices
• Product Management: Manage enterprise product information and prices
• Content Updates: Update ESL display content
• Data Synchronization: Synchronize store and template data
• Business Support: Support enterprise retail business operations

Enterprise Customer Responsibilities:

• Enterprise customers are responsible for explaining the purpose of data use to employees
• Enterprise customers are responsible for ensuring that employees understand and consent to data collection
• Enterprise customers are responsible for managing employee accounts and permissions

4.1.2 Improve User Experience

• Optimize app performance and stability
• Provide personalized feature settings
• Record user preference settings (such as language, theme, etc.)

4.1.3 Security Protection

• Perform identity verification and account security protection
• Detect and prevent security threats, fraud, and other illegal activities
• Analyze and process app exceptions and errors

4.1.4 Technical Support

• Respond to user customer service requests
• Troubleshoot and resolve technical issues
• Notify users of important updates

4.2 Data Encryption

4.2.1 Transmission Encryption

• All network communications use HTTPS protocol
• Sensitive data (such as username, password) uses RSA asymmetric encryption
• Request data uses AES symmetric encryption (when encryption feature is enabled)

4.2.2 Storage Encryption

• User credentials use MMKV secure storage framework
• Sensitive information is encrypted locally
• Token information is persisted using encrypted methods

5. Information Storage

5.1 Storage Location

• Local Storage: Uses MMKV framework to securely store user credentials, app configurations, and other information locally on the device
• Server Storage: Business data is stored on our servers located within China
• Enterprise Data: Enterprise customers' business data (product information, device information, etc.) belongs to the enterprise customer

5.2 Storage Period

• Enterprise Account Information: Retained during the enterprise customer's use of this App service
• Employee Account Information: Retained during the employee's employment and need to use this App, enterprise customers decide whether to delete after resignation
• Business Data: Retained according to enterprise customers' business needs, service agreements, and legal requirements
• Log Information: Usually retained for 30-90 days, only used for troubleshooting and security analysis
• Cache Data: Automatically cleared regularly or manually cleared by users
• After Service Termination: We will delete or anonymize related data according to the period agreed in the service agreement after the enterprise customer terminates the service

5.3 Storage Security

• Industry-standard security technologies and management measures are adopted to protect your information
• Stored personal information is de-identified or anonymized
• Strict data access control mechanisms are established
• Regular security audits and vulnerability scans are conducted

6. Information Sharing, Transfer, and Public Disclosure

6.1 Sharing

6.1.1 Sharing Within the Enterprise

• Enterprise Administrators: Can access and manage all employee accounts and business data of the enterprise
• Enterprise Employees: Can only access data within their scope of responsibility
• Note: Data sharing within the enterprise is managed and controlled by the enterprise customer itself

6.1.2 Sharing With Third Parties

We will not share your personal information with third parties, unless:

1. Enterprise Customer Authorization: With explicit authorization from the enterprise customer

2. Legal Requirements: According to laws and regulations, legal procedures, litigation, or mandatory requirements of government authorities

3. Business Partners: Share necessary information with the following types of partners only to achieve the purposes stated in this Privacy Policy:

   • Cloud service providers (such as Expo, etc.): For app distribution and updates
   • Technical service providers: For app performance monitoring and error tracking

Note:

• When sharing information with any third party, we require them to strictly comply with confidentiality obligations and take necessary security measures
• The ownership of enterprise business data belongs to the enterprise customer
• We will not sell or use enterprise customers' business data for other commercial purposes

6.2 Transfer

We will not transfer your personal information to any company, organization, or individual, unless:

1. We have obtained your explicit consent
2. In the event of merger, acquisition, or bankruptcy liquidation, we will require the new company holding your personal information to continue to be bound by this Privacy Policy

6.3 Public Disclosure

We will not publicly disclose your personal information, unless:

1. We have obtained your explicit consent
2. Based on laws and regulations, legal procedures, litigation, or requirements of government authorities

7. Third-Party Services

This App uses the following third-party services and SDKs:

7.1 Expo Service

• Purpose: App building, distribution, and OTA updates
• Information Collected: Device information, app version information
• Privacy Policy: https://expo.dev/privacy

7.2 Other Technical Frameworks

This App uses the following open-source technical frameworks (which do not collect personal information):

• React Native: App development framework
• React Query: Data management
• Axios: Network requests
• MMKV: Local storage

Note: These frameworks and libraries run locally and will not send your personal information externally.

8. Your Rights

According to relevant laws and regulations, you have the following rights regarding your personal information:

8.1 Employee User Rights

8.1.1 Right of Access

You have the right to access your personal information, except as provided by laws and regulations. You can view your account information through the in-app settings.

8.1.2 Right of Correction

When you find that personal information is incorrect, you have the right to request corrections or supplements. You can modify some information in the app or contact the enterprise administrator for correction.

8.1.3 Right of Deletion

In the following circumstances, you can request deletion of personal information:

• The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose
• We stop providing services, or the retention period has expired
• You withdraw consent (where applicable)
• You believe the processing violates laws and regulations or agreements

Note: Since this App account is created and managed by the enterprise customer, some rights may need to be exercised through your enterprise administrator.

8.1.4 Right to Withdraw Consent

You can withdraw your previously granted authorization consent (such as system permissions) at any time. After withdrawing consent, the corresponding function will be unavailable.

Exercise Methods:

• Manage permissions through the in-app "Settings" function
• Revoke corresponding permissions in system settings
• Contact the enterprise administrator for assistance

8.1.5 Account Management

• Account Deactivation: Employee account deactivation and deletion are performed by the enterprise administrator through the backend management system
• Resignation Processing: When employees resign, the enterprise customer should promptly deactivate the relevant account
• Data Export: If you need to export personal-related data, please contact the enterprise administrator

8.2 Enterprise Customer Rights

8.2.1 Data Access and Export

Enterprise customers have the right to access and export the enterprise's business data through the admin portal.

8.2.2 Employee Account Management

Enterprise customers have the right to create, modify, deactivate, and delete employee accounts.

8.2.3 Data Deletion

When enterprise customers terminate service, they have the right to request deletion of enterprise data. We will process it according to the service agreement.

8.2.4 Data Portability

Enterprise customers have the right to export business data during the service period or when terminating service.

8.3 Special Instructions on Rights Exercise

Due to the B2B nature of this App, the exercise of certain rights involves the relationship between enterprise customers and employee users:

• Employee Users should first contact the enterprise's administrator to handle account and data-related matters
• Enterprise Customers have primary responsibility for managing employee data
• The Company will cooperate with enterprise customers and employee users in exercising legitimate rights
• In case of disputes, it is recommended that the enterprise and employees resolve them through negotiation first

9. Protection of Minors

9.1 Usage Restrictions

This App is a B2B tool application for enterprise customers and is not designed for minors. We do not actively collect personal information of minors.

9.2 Enterprise Customer Responsibilities

Enterprise customers should ensure that:

• No employee accounts are created for minors under 16 years old
• If employing minors aged 16-18, the consent of their guardians should be obtained
• The use of this App and data processing should be fully explained to minor employees and their guardians

9.3 Guardian Supervision

If a minor's guardian discovers that a minor is using this App, please contact the enterprise customer and us in a timely manner.

9.4 Information Deletion

If we discover that we have collected personal information of minors without obtaining verifiable guardian consent, we will delete the relevant information as soon as possible.

10. Changes to Privacy Policy

10.1 Update Notification

We may revise this Privacy Policy from time to time. When the Privacy Policy changes:

• We will publish update notifications in the app
• Significant changes will be notified to you in prominent ways such as pop-ups

10.2 Definition of Significant Changes

The following situations are considered significant changes:

• Significant changes in our service model
• Significant changes in the purpose and processing method of personal information
• Changes in the objects of personal information sharing, transfer, or public disclosure
• Significant changes in your rights regarding personal information processing and the methods of exercising them

10.3 Continued Use

If you continue to use our services, it means that you agree to accept the revised Privacy Policy.

11. Data Security Measures

11.1 Technical Measures

• Encrypted Transmission: HTTPS/TLS encryption protocol is adopted
• Encrypted Storage: Sensitive data uses AES/RSA encryption
• Access Control: Strict authentication and authorization mechanisms are implemented
• Security Audit: Regular security assessments and vulnerability scans are conducted

11.2 Management Measures

• Establish data security management systems
• Provide data security training to employees
• Implement data classification and grading management
• Establish emergency response mechanisms

11.3 Security Incident Response

In the event of a personal information security incident, we will:

1. Immediately activate the emergency plan
2. Promptly inform you of the basic situation of the incident, impact, disposal measures, etc.
3. Report to regulatory authorities as required by laws and regulations

12. Scope of Application

This Privacy Policy applies to:

• Trainco ESL iOS App
• Trainco ESL Android App

This Privacy Policy does not apply to:

• Services provided by other third parties
• Third-party websites or services accessed through links from this App

13. Contact Us

13.1 Employee Users

If you are an employee user and encounter the following situations:

• Account Issues: Please first contact your enterprise's administrator
• App Usage Issues: You can contact the enterprise administrator or our technical support
• Privacy Rights Exercise: For matters involving enterprise data, please contact the enterprise administrator; for personal rights matters, you can contact us

13.2 Enterprise Customers

If you are an enterprise customer, you can contact us in the following ways:

App Name: Trainco ESL
Customer Service Phone: +86-15617676048 Customer Service Email: triancoesl@gmail.com Working Hours: Working days 08:30-17:30

13.3 Response Time

We will respond to your request within 15 business days. Urgent matters will be prioritized.

13.4 Data Protection Officer

For major matters related to data protection, you can contact our Data Protection Officer:

• Email: triancoesl@gmail.com

14. Applicable Law and Dispute Resolution

The interpretation, validity, and execution of this Privacy Policy shall be governed by the laws of the People's Republic of China. If any dispute arises regarding the content or execution of this Privacy Policy, the parties shall resolve it through friendly negotiation; if negotiation fails, either party may file a lawsuit with the people's court with jurisdiction where the company is located.

Appendix: Detailed Permission Description Table

Privacy Policy Version: v1.0
Effective Date: 2026-01-15