Last Modified: November 19, 2018

Your privacy is important to us.

Meitu (China) Limited ("Meitu", "we", "us" or "our") is dedicated to protecting the privacy of our users ("users" or "you"). This Privacy Policy (the "Policy") is meant to explain our practices regarding how we collect, store, use, manage and protect your user information (including your personal information) as a controller during your use of POMELO application including all its features (the "Services").

Please note that the scope of this Policy is limited solely to your user information (including your personal information) collected or received by Meitu when you are using the Services. In this Policy, "personal information" refers to any information or combination of information that can be used to identify, contact or locate an individual to whom the collected information pertains. Such personal information may include your name, gender, phone number, email address, date of birth, images, geo-location, personal identity number, identifiable biological information, and financial information (such as credit card or bank account number, WeChat Pay or Alipay account information).


Please note that it is mandatory for you to provide certain categories of data (as specified at the time of collection). In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our Services. Also, please note that, unless we define a term in this Policy, all capitalized terms used in this Policy have the same meanings as in our Terms of Service. So, please make sure that you have read and understand our Terms of Service.

If you have any questions regarding this Policy or any privacy-related matters, please contact our Data Protection Officer via email at compliance@meitu.com, by phone at 6568127888 ,or via registered mail at 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).

The Information We Collect

In order to provide and improve the Services, Meitu will collect and process your personal information and user information in accordance with this Policy. If you do not provide this information, we may be unable to provide you with our products or Services. You should ensure that all personal information and user information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with all or some of the Services.

The Information You Provide to Us

Mobile Device Information

When you use our Services on your mobile device, we will collect information about your device, including its International Mobile Equipment Identity ("IMEI"), Unique Device Identifier (“UDID”), Identifier for Advertising ("IDFA") and Identifier for Vendor ("IDFV"), Integrated Circuit Card Identifier ("ICCID"), Media Access Control ("MAC") address, the type of device you use, operating system version, and resolution, which will be used by us for statistical and/or analytical reasons, including without limitation to improve our technical functionality, server load-balancing, analysis of technical data relating to your mobile device so as to optimize the Services and graphics adaptation.

As stated below in the “Location Information” section, we may collect your location-based information from your mobile device if you choose to share it with us. If you subsequently wish to stop sharing Location Information, you may do so at any time by editing the relevant setting on your mobile device.

Mobile Analytics

We use mobile analytics software to allow us to better understand and improve the functionality of our Services. Such software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Network Information

When you use the Services, we will collect information about the network you use, including the name of the operator and the type of network, so as to understand the distribution of operators and networks used by our users. In addition, we will collect information such as the name of the WiFi network to which you connect, the location of the WiFi network, and the duration of your WiFi connection to understand the environment under which you prefer to use our Services. We may use such information to provide customized services, for example to provide you with location-based advertising through push-notification.

Location Information

We will collect your Location Information, including the country code, latitude and longitude, network location, IP address and the system country and system time zone recorded on your device. This information will help us understand user distribution and usage scenarios and allow us to provide users with the correct version of our apps, the reappearance of the geo-location or the publishing of the real-time geo-location where you take any photos or shoot any videos, send relevant advertisements to you, and improve the Services. Except as otherwise provided in this Policy, we will not share this Location Information with any third parties. If you no longer wish to allow us to collect or use such information, you may turn off your Internet access or GPS, or disable our access to information about your network, GPS and device. Please note that we may still continue to receive some Location Information, such as your Network Information, IP address and system time zone, as a result of you using the Services.

Log Information

When you use some of the Services, including generating and browsing certain content, we will automatically collect certain relevant log information stored in POMELO ("Log Information"). Log Information may include (i) details on when and how often you use the Services, (ii) device statistics, including critical operation paths, errors, crashes, language and time zone. This Log Information is used to improve the Services and is NOT USED to identify our users individually.


Metadata refers to technical data associated with user content. Put simply, metadata is data that describes data. For example, metadata can describe the analysis results of facial features, gender, age, race of the characters in photos and other elements contained in photos, which are generated and tagged by the computer algorithm and artificial intelligence. When you use the Services, we will use photo metadata to provide you with certain features including precise "Facial Recognition", "Key-Points Recognition", "Region Segmentation", "Content Tags" and other custom features based on a combination of these basic features. We may use your photo metadata to provide you with more suitable filters and better photo effect when our apps process your photos; we may also make use of the metadata to serve up a more contextually relevant products or services to you.


When you are using the Services, Meitu or a third party designated by Meitu will use cookies, tags and scripts to collect information for the purposes of analyzing trends, managing the Services, tracking users activity on the POMELO and collecting demographics on the user base. Information collected may include information about your Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring and exit pages, your operating system, dates and timestamps, and clickstream data.


We and our third-party service providers may include advertisements within our Services, and may collect and use information about you such as your device identifier, geographic location and IP address for the purpose of delivering and tracking these advertisements. We will use this information to help us better count and track advertisements based on language, geographic location and other details. If you wish to opt out of interest-based advertising, you may opt out as your device permits. For more information, please contact us at compliance@meitu.com. Please note you will continue to receive generic ads after you opt out of interest-based advertising.

Information Collected by Third Party Services

Our Services provided to you may contain our service provider’s Application Programming Interfaces (APIs) or Software Development Kits (SDKs), which may have tracking tools of such service providers. These third parties may use cookies, APIs and SDKs on our Services and collect and analyze user information. In addition, some third party SDKs may allow advertisers to collect information in order to provide content that is more relevant to you. Third parties may access your information such as your device identifiers, region (defined as the location where a given language is used), location information and IP address under their respective privacy policies. If you want to know more about such third parties, you may send an email to compliance@meitu.com.

User Data Supplementation

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products, services, and advertising that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include: Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.

If you provide us any personal information of any third party, you shall obtain the consent of such third party for the collection, use and disclosure thereof by Meitu in accordance with these purposes. You further represent and warrant that in relation to any such third party personal information that you provide, you have obtained such consent for such collection, use and disclosure by Meitu.

Other Information

We may also collect other information which is not related to your identity. For example, we may collect information on the type and version number of your operating system to better understand system upgrades, we may collect information on your system language for the purpose of language adaptation, and we may collect your App list to understand user preferences. If we choose to collect such information, we will do so for the purpose of improving our Services provided to you.

How We Use Information

In addition to the uses listed above, we collect and use your user information and personal information for the following purposes:

  • (i) Services. To provide, process, maintain, improve and develop our Services provided to you, including customer support, and other services provided through our products.
  • (ii) Statistical analysis.To develop and analyze statistics on the use of our products and Services for the purpose of improving our products and our Services.
  • (iii) To create a Account. The personal information that we collect when you use or Services to create an Account will be used by us to create your Account and profile.
  • (iv) To provide location-based services. When you use our Services, we or third party service providers may take advantage of your location information to provide you with advertising, the correct version of our Services and help you gain good user experience.
  • (v) To improve user experience. Certain optional features such as user experience programs allow Meitu to analyze data regarding the use of our products and our Services and improve user experience.
  • (vi) To provide push services. Device information may be used by us to provide push services to assess the performance of adverts and the success of software updates, or provide notifications on new product releases.
  • (vii) To verify your identity. Verifying your identity using a text message when you log in to your account helps prevent unauthorized logins to your account. We are required by law to verify your identity once you enable the live video broadcasting feature.and/or
  • (viii) To collect feedback from you. Your feedback is of great value in helping Meitu improve our Services. To keep track of your feedback, Meitu may use the personal information provided by you to contact you and retain the records.
  • (ix) Other purposes. We will collect, store, maintain and use information about you for purposes under the “The Information We Collect”, and for purposes of running our operations, pursuing our legitimate interests (e.g., direct marketing, research (including marketing research), network and information security, and fraud prevention), and satisfying our legal obligations.

Information Sharing and Disclosure

We will not sell any personal information to third parties. We may share your information with third parties who provide services on our behalf to help with our business activities. These services may include:

  • (i) Providing you with advertising;
  • (ii) Payment processing;
  • (iii) Providing customer services;
  • (iv) Sending marketing communications;
  • (v) Fulfilling subscription services;
  • (vi) Conducting research and analysis; and
  • (vii) Providing cloud computing infrastructure.

We will not share with or disclose to third parties (other than our service providers) your personal information in whole or in part except for the purposes of:

  • (i) protecting the security of others or their property;
  • (ii) preventing or dealing with fraud;
  • (iii) safeguarding the legitimate rights and interests of Meitu;
  • (iv) taking action in line with our purposes as described in the "The Information We Collect" or the “How We Use Information” sections;
  • (v) complying with laws and regulations or requests by government departments, judicial authorities, law enforcement, or private parties, which are typically designed to uphold Internet security and the rights, property and safety of us, our users and third parties; and/or
  • (vi) evaluating or completing a transaction where we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or other event where your information may be sold or transferred.


The Services may contain links to other websites and services. In addition, other websites and services may reference or link to our Services. These other domains and websites are not controlled by us, and Meitu does not endorse or make any representations about third party websites or services. We encourage our users to read the privacy policies of each and every website and service with which they interact. Visiting these other websites or services is at your own risk.


We will take reasonable measures to prevent the loss, improper use of, unauthorized access to or disclosure of information. For example, some of our Services will use encryption techniques (such as SSL) to protect your personal information. However, you understand and accept that (in the Internet industry) even though we take reasonable security measures, we cannot always guarantee that your information is 100% secure. You understand and accept that we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. Further, you understand and accept that the system and communication network used by you to access our Services may fail due to factors beyond our control.


We will take all reasonable and appropriate technical measures to ensure that you can access, update and correct your personal information or other personal information provided to us by you when using our Services. Before you access, update, correct or remove such personal information, we may verify your identity in order to protect the security of your account.


Subject to applicable laws and regulations and the fulfillment of our business or legal purposes, we will retain your information (including your personal information) for such period as is required for us to continue to provide you with our Services. If you wish to withdraw your authorization to our collection, use and disclosure of your personal information, exercise your rights under GDPR or other applicable laws, or wish us to correct, update or delete your personal information, you may send an email to compliance@meitu.com or mail your request to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). We will process your request in line with applicable laws within a reasonable period of time after receiving your email or mail, and will cease collecting, using and disclosing your personal information thereafter, subject to certain exceptions prescribed by law. Please note that if you withdraw your consent or delete your personal information, your use of some of our Services may be affected.


We will not knowingly collect or request personal information from children under 13 (or any other age stipulated by law applicable to your region). If you are under 13, please do not send your personal information to us, including your name, address, phone number or email address. If you believe we may have any information about children under 13, you may send an email to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). If we learn that we have collected personal information from children under 13 (or any other age stipulated by law applicable to your region), we will promptly take steps to delete such information and terminate the associated account.


You understand and agree that all information collected via or by Meitu may be transferred, processed, and stored anywhere in the world, including but not limited to, mainland China, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.


This Policy is established, comes into force, and will be enforced and interpreted under the laws of Hong Kong Special Administrative Region of the People's Republic of China, without regard to its conflict of law provisions. Any disputes arising hereunder will also be resolved in accordance with the Terms of Service. We do not represent or warrant that this Policy complies with the privacy law of any jurisdiction. Therefore, you should not interpret this Policy in accordance with such law.


You agree that we may update this Policy according to relevant laws and regulations or based on Meitu’s business decisions, and you agree to be bound by any such revisions hereto. We will post any significant changes to this Policy on POMELO or notify you by other means as required by law.


If you are a resident of California, every year we will provide you free of charge with an opportunity to obtain a list of third parties to which we have disclosed or with whom we have shared your personal information for their direct marketing purposes during the previous year. If you are a resident of California and wish to obtain this list, you may send an email with the subject "The right to privacy of a California resident" to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).


If you are in the European Economic Area (“EEA”), we will not collect any of your information set forth above. However, we will process certain information related to your SIM card which enables us to verify whether you are in the EEA. We use this information to verify whether you are in the EEA and to prevent the processing operations outlined above. Where we are unable to collect such information we will ask you whether you are in the EEA. The legal basis for the processing of this SIM card data or your answer to the question about your whereabouts is the performance of a contract with you (Art. 6 para. 1 lit. b) of the Regulation (EU 2016/679 of the European Parliament and of the Council (“GDPR”)). Without the provision of such data we may not be able to provide you with any Services.

As we are located in the People’s Republic of China we are required to transfer this information to the People’s Republic of China. Please be aware that the European Commission has not issued an adequacy decision in relation to the People’s Republic of China.

We will retain this information for as long as needed to provide you with our Services.


The Controller for the purposes of Art. 4 no. 7 GDPR with respect to the processing outlined in this Policy is Meitu (China) Limited, 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong. You may contact us via registered mail at the above address (attention: Legal Department, Meitu) or via e-mail at compliance@meitu.com.


Our representative in the European Union is Rivacy GmbH, you may contact our representative via e-mail at info@rivacy.eu or via registered mail at Rivacy GmbH, Hammerbrookstraße 90,20097 Hamburg.

Your rights as a Data Subject

As a data subject in the European Economic Area you have the following rights with regard to the processing of your personal data:

1. Right of access

As a data subject you have the right to obtain confirmation from us as to whether we are processing your personal data (Art. 15 para. 1 GDPR). If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 para. 1 GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

2. Right to rectification

As a data subject, you have the right to rectification set out in Art. 16 GDPR, i.e. to have your inaccurate data processed by us rectification and incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 para. 1 GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 para. 1lit. a) GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 para. 2 GDPR).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 para. 3 GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims (Art. 17 para. 3 lit. a) and e) GDPR).

4. Right to restriction of processing

As a data subject, you have a right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 para. 1 GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 para. 1 lit. a) GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 para. 3 GDPR).

5. Right to data portability

As a data subject, you have a right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means (Art. 20 para. 1 GDPR).

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 para. 2 GDPR).

6. Right to object

As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.

7. Right to withdraw consent

As a data subject, where consent is our legal basis for processing your personal data, you have the right to withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 57 para. 1 lit. f GDPR.

Exercise of your rights under GDPR

As a data subject, you may exercise any of the rights listed above in accordance with the instructions and limitations set forth in “Data Retention and Correction, Update and Deletion” above.

Additional Information on Your Rights as a Data Subject

For further information on your rights as a data subject please refer to Art. 12 to 21 GDPR, which can be accessed here: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

If you need any assistance, please don’t hesitate to drop me a message.

Enter your message…

Contact us