AquaFantasy Privacy Policy
Effective Date: January 21, 2026
Last Updated Date: January 21, 2026
Welcome to AquaFantasy (the "App"), developed by MOUNTING TRADING LIMITED (hereinafter referred to as "we", "us", or "our"). We recognize the importance of your personal information and are committed to protecting the security of your privacy and personal data. This Privacy Policy aims to clarify the rules governing our collection, use, storage, sharing, transfer, and protection of your personal data, as well as the rights you hold and the methods to exercise such rights.
Please carefully read and fully understand the entire content of this Privacy Policy (especially the bolded clauses) before using the App. By checking "Agree" and using the App, you acknowledge that you have fully understood and agreed to our processing of your personal data in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the App.
This App is only available to users aged 18 and above. If you are under 18, please do not use the App. We do not actively collect personal data of minors. If we discover that a minor is using the App, we will immediately cease providing services and delete the relevant data.
I. Definitions and Data Controller
1.1 Data Controller
The data controller of personal data in this App is: MOUNTING TRADING LIMITED, with its registered address at Room 502C, 5th Floor, Ho King Commercial Centre, 2 - 16 FA YUEN STREET, YAU TSIM MONG DISTRICT, KOWLOON.
If you have any questions, complaints, or suggestions regarding the processing of your personal data, you may contact us through the following channel:
• Contact Email: beulahmarsha13@gmail.com
1.2 Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to supervise the compliance of personal data processing, respond to data subjects' requests for rights, and engage with regulatory authorities. You may communicate with the DPO via email at beulahmarsha13@gmail.com.
1.3 Core Definitions
• Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to device information, images, audio, location information, etc.
• Data Processing: Any operation performed on personal data, including collection, recording, storage, use, transmission, sharing, deletion, etc.
• Sale: The transfer of personal data to a third party in exchange for consideration, excluding the necessary sharing of data to provide services.
II. Legal Basis
We process your personal data in strict compliance with applicable global and regional data protection laws and regulations, adhering to the principles of legality, fairness, and necessity to ensure the full-process compliance of data processing activities. The specific applicable laws, regulations, and their core applicable scenarios include but are not limited to:
• EU General Data Protection Regulation (GDPR): Applies to users in all EU Member States and situations involving the cross-border transfer of data to the EU. It corely regulates the clear notification of data collection, protection of users' rights, data breach notifications, and the legality of cross-border data transfers, providing a foundational framework for personal data protection in this App.
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) (USA): Applies to residents of California. It clarifies users' core rights regarding personal data, such as access, deletion, and opt-out of sale, requires us to clearly disclose the purposes of data collection and the scope of sharing, and prohibits discriminatory treatment against users who opt out of data sale.
• Virginia Consumer Data Protection Act (VCDPA) (USA): Applies to residents of Virginia. It regulates the processes of collection, use, sharing, and deletion of personal data, emphasizes users' right to correct inaccurate data and the right to data portability, and requires us to establish convenient channels for exercising rights.
• Lei Geral de Proteção de Dados (LGPD) (Brazil): Applies to users within Brazil and activities involving the processing of Brazilian users' personal data. It specifies that data processing must be based on user consent or legal grounds, protects users' rights to query, correct, anonymize, and delete personal data, and regulates the security measures for cross-border data transfers.
• Federal Data Protection Law (FADP) (UAE): Applies to users within the UAE. It requires data processing to serve legitimate purposes, protects users' right to query personal data and the right to delete illegally processed personal data, and clarifies the data controller's security protection obligations and data breach response responsibilities.
• Other applicable regional data protection laws and regulations: Including but not limited to the UK Data Protection Act 2018, Australia Privacy Act 1988, and Canada Personal Information Protection and Electronic Documents Act (PIPEDA). We automatically adapt to the corresponding compliance requirements based on the user's region to ensure effective protection of data rights for users in different regions.
Combined with the service scenarios of this App, the legal bases for our processing of personal data are clearly defined in accordance with the aforementioned laws and regulations, specifically including: First, your explicit consent, which applies to the authorization of permissions such as camera, photo gallery, and microphone, as well as non-essential sharing of personal data; you may withdraw this consent at any time. Second, the necessity of providing services, which applies to data processing activities necessary to ensure the normal operation of the App and the provision of core services such as work display, interaction and communication, and feedback. Third, the protection of legitimate rights and interests, which applies to situations such as preventing fraud, addressing security vulnerabilities, safeguarding the ecological security of the App, and protecting the legitimate rights and interests of you or other users. Fourth, compliance with legal obligations, which applies to scenarios such as responding to judicial subpoenas, regulatory inspections, and fulfilling tax and compliance declaration requirements. We only process your personal data within the scope of the aforementioned legal bases and will not carry out data processing activities without a legal basis.
III. Collection and Use of Personal Data
3.1 Types and Purposes of Collected Personal Data
We only collect personal data that is necessary for providing services and do not collect irrelevant information. The details are as follows:
(1) Permission-Related Data (Collected Based on Your Consent)
• Camera Permission: Used for capturing and uploading images when you post content, set/change your profile picture, and submit image-based feedback in the "Feedback" interface. It is only activated when you actively trigger the shooting operation and will not automatically take photos or store your images in the background.
• Photo Gallery (Image) Permission: Used for selecting and uploading local images when you post content, set/change your profile picture, write diaries, and select local images as feedback evidence in the "Feedback" interface. It only accesses the image files you actively select and will not batch read or scan all content in your photo gallery.
• Microphone (Recording) Permission: Only used for recording audio content to submit feedback in the "Feedback" interface. It will not automatically activate the recording function or store audio information unrelated to feedback, and the recorded files are only used for handling your complaints and suggestions.
• External Storage Permission: Only used for storing the post images, profile pictures, diary images, feedback content (images, audio) you upload, and temporary files necessary for the operation of the App. It will not access, read, or tamper with other data in your device's storage.
• App Information Access Permission: Used to obtain information such as your device ID, operating system version, and App version to ensure App compatibility, fix bugs, and optimize the user experience.
(2) Automatically Collected Data
• Device Information: Including unique device identifiers (such as UUID), device ID, operating system version, network type, screen resolution, etc., used for App adaptation, troubleshooting, and security protection.
• Advertising Ids: For Android devices, we may collect the Google Advertising ID (AAID). Advertising ids are only used to optimize in-App content recommendations and provide personalized services, not for targeted advertising. We will not store advertising ids in association with your personal identity information. You can reset the advertising identifier or disable ad tracking through your device's system settings (Android: Settings - Privacy - Ads; iOS: Settings - Privacy - Tracking). We will stop collecting the identifier once it is disabled.
• Usage Log Information: Including your browsing history (work browsing, module access), interaction behaviors (liking, favoriting, commenting, following), feedback content and submission time, etc., used to optimize content recommendations, improve service functions, and respond to your feedback.
• Location Information (Optional): Only collected when you actively enable location permissions and choose to add a location tag when posting works or writing diaries, used to display the shooting location of the work. You can disable this permission at any time.
(3) Data Actively Submitted by You
• Work and Diary Content: Including underwater photography works you upload, creative insights you write, diaries, tags, moods, etc., used for display, sharing, and forming your personal creative archive in the App.
• Feedback Content: Including text, images, and audio information you submit through the feedback module, used to handle your complaints and suggestions and optimize App services.
• Personal Profile Information: Including your profile picture, username, personal bio, style tags, etc., used to display your personal identity and creative style, facilitating recognition and interaction with other users.
3.2 Methods of Data Collection
• Collection Based on Your Active Operations: Including data you actively provide when uploading works, writing diaries, submitting feedback, and setting up your personal profile.
• Collection Based on Permission Authorization: Collecting necessary data through device interfaces after you agree to grant relevant permissions (such as camera and photo gallery content).
• Automatic Collection by the App: Automatically recording your usage behaviors and device information through App operation logs, device sensors, etc.
3.3 Restrictions on Data Use
We only use your personal data within the scope of the purposes agreed in this Privacy Policy and will not use the data for other purposes without your additional consent. If it is necessary to change the purpose of data use, we will notify you in advance through App pop-ups, announcements, etc., and will only change the purpose after obtaining your consent.
IV. Storage and Protection of Personal Data
4.1 Storage Period
We will store your personal data for the shortest period necessary to achieve the purposes of data use:
• Feedback content, interaction records, personal profile, and other such data will be stored continuously during your use of the App. If you stop using the App and request data deletion, we will complete the deletion or anonymization process within 30 days after verification.
• Technical data such as device information and log information will be stored for 12 months after your last use of the App, after which it will be automatically anonymized.
• Data necessary for complying with legal obligations, resolving disputes, and ensuring security may be stored for an extended period until the expiration of the legal period or the resolution of the dispute.
4.2 Storage Location
Your personal data will be stored on servers that comply with data protection laws and regulations, with storage locations including but not limited to Singapore, the United States, and the EU. We ensure that data storage and cross-border transfers comply with applicable legal requirements, such as through GDPR adequacy decisions and the signing of Standard Contractual Clauses (SCCs) to ensure data security.
4.3 Protection Measures
We adopt dual technical and management protection measures to ensure the security of your personal data:
• Technical Level: Using AES-256 encryption technology to encrypt data transmission and storage, deploying protective tools such as firewalls and intrusion detection systems, and conducting regular security vulnerability scans and penetration tests.
• Management Level: Establishing a data access permission control mechanism to only authorize necessary personnel to access personal data; providing data protection training to employees to clarify data processing responsibilities; formulating data breach emergency plans. In the event of a data breach, we will notify affected users and relevant regulatory authorities (if applicable) within 72 hours.
Please note that no data transmission method is completely secure. We cannot guarantee the absolute security of data transmission, and you shall bear the corresponding risks.
V. Sharing, Transfer, and Sale of Personal Data
5.1 Data Sharing
We will not share your personal data with third parties unless under the following circumstances:
• Obtaining Your Explicit Consent: Sharing necessary data with third parties designated by you after obtaining your authorization (such as sharing works to other platforms).
• Sharing with Service Providers: Sharing data with carefully selected third-party service providers (such as cloud storage service providers and AI technology service providers) as necessary to provide services. Such third parties may only process data under our guidance, shall not use it for other purposes, and shall assume corresponding confidentiality and security responsibilities.
• Compliance with Legal Obligations: Legally sharing data to respond to judicial subpoenas, court judgments, regulatory requirements, or to protect the legitimate rights and interests of us and others (such as preventing fraud and safeguarding security).
5.2 Data Transfer
In the event of corporate merger, acquisition, asset transfer, or similar circumstances, your personal data may be transferred to a third party as part of the assets. We will notify you in advance through App pop-ups, announcements, etc., to ensure that the transferee complies with this Privacy Policy and relevant laws and regulations, and to protect your data rights from being affected.
5.3 Data Sale
We will not sell your personal data. You have the right to opt out of any form of sale of your personal data and may withdraw this consent at any time.
5.4 Methods to Opt Out of Data Sharing/Sale
You may opt out of data sharing or sale (if applicable) through the following methods:
• Opt Out of Third-Party Sharing: Send an email to beulahmarsha13@gmail.com to request the withdrawal of "third-party data sharing". After our approval, we will prohibit sharing data with subsequent third-party service providers (we will require third parties to stop using and delete already shared data).
• Withdraw Consent to Sale: If there is a data sale scenario in the future (there is currently no such behavior in this App), you may send an email to beulahmarsha13@gmail.com to request the withdrawal of consent.
• We will process your opt-out request within 15 days of receipt and notify you of the result via email or App message.
VI. Additional Rights of Users in Specific Regions
Pursuant to applicable laws and regulations, users in specific regions are entitled to the following additional data rights, and we will legally protect your exercise of these rights:
6.1 California Users (CCPA/CPRA)
• Right to Know: You have the right to know whether your personal data has been shared and to request information about the specific circumstances of our collection, use, and sharing of your personal data.
• Right to Access: You have the right to request a copy of your personal data stored by us.
• Right to Delete: You have the right to request the deletion of your personal data (except as required by laws and regulations).
• Right to Opt Out: You have the right to opt out of data sale, and this opt-out will not affect your use of the basic functions of the App.
• Right to Non-Discrimination: We will not discriminate against you (such as restricting services or increasing prices) for exercising your data rights.
6.2 Virginia Users (VCDPA)
• Right to Correct: You have the right to request the correction of your inaccurate personal data.
• Right to Data Portability: You have the right to request your personal data in a structured, commonly used format for transfer to another data controller.
• Right to Withdraw Consent: You have the right to withdraw your consent to data processing at any time, and the withdrawal of consent will not affect the legality of data processing based on consent prior to withdrawal.
• You have the right to opt out of data sharing or sale. If you wish to withdraw your authorization for us to use your personal information for other related purposes, you may submit a request by sending an email to our official email address beulahmarsha13@gmail.com. Please clearly indicate in the email that your request is to "opt out of data sharing or sale". We will review and process your request within 15 working days of receipt and feedback the result to you.
6.3 EU Users (GDPR)
• Right to Restrict Processing: You have the right to request us to restrict the processing of your personal data (such as when there is a dispute over the accuracy of the data).
• Right to Object: You have the right to object to our processing of your personal data for direct marketing, statistical analysis, or other such purposes based on your specific circumstances.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the EU data protection regulatory authorities about our data processing activities.
6.4 Brazilian Users (LGPD)
• Right to Anonymization: You have the right to request the anonymization or de-identification of your personal data.
• Extended Right to Know: You have the right to understand the entire data processing process, information about third-party recipients, and the circumstances of cross-border data transfers.
6.5 UAE Users (FADP)
• Right to Inquiry: You have the right to inquire whether your personal data is being processed by us and the details of such processing.
• Extended Right to Delete: You have the right to request the deletion of any illegally processed personal data.
6.6 Methods to Exercise Rights
You may exercise the aforementioned rights by sending an email to beulahmarsha13@gmail.com. Please indicate "Data Rights Exercise Request" in the email subject and provide your identity verification information (such as username and frequently used device information) for us to verify. We will process and respond to you within 30 days of receipt (which may be extended to 60 days in complex cases) free of charge, unless your request is obviously repetitive or exceeds a reasonable scope.
VII. Complaints and Reports to Regulatory Authorities
If you have any objections to our data processing activities, you may first contact us through the aforementioned email address, and we will actively resolve the issue for you. If you are dissatisfied with the handling result, you have the right to lodge a complaint with the data protection regulatory authority in your region. Examples of specific regulatory authorities are as follows:
• EU: National data protection authorities (such as Germany's BfDI, France's CNIL) or the European Data Protection Board (EDPB).
• California, USA: California Attorney General's Office (OAG).
• Brazil: National Data Protection Authority (ANPD).
• UAE: National Data Protection Authority (NDPA).
We will actively cooperate with the investigation and handling work of regulatory authorities.
VIII. Third-Party Services
This App may contain links to third-party services or integrate third-party tools (such as the AI assistant Moonshot AI and cloud storage services). The privacy policies of third-party services are formulated independently by such third parties and are unrelated to us. We are not liable for the data processing activities of third parties. We recommend that you carefully read the privacy policy of any third-party service before using it.
IX. Updates and Notifications of the Policy
We may revise this Privacy Policy in accordance with updates to laws and regulations, upgrades to App functions, and other such circumstances. The revised policy will be notified to you through App pop-ups, announcements, etc. Your continued use of the App after the revision indicates your agreement to the revised policy. You can view the latest version in the App's "Profile - About Us - Privacy Policy".
X. Disclaimer
If your personal data is leaked, lost, or damaged due to unavoidable factors beyond our control, such as force majeure, hacking attacks, device failures, or network issues, we will take remedial measures within our capabilities but will not be liable for corresponding compensation.
XI. Contact Us
If you have any questions, complaints, or suggestions regarding this Privacy Policy, you may contact us through the following channels:
Company Name: MOUNTING TRADING LIMITED
Contact Email: beulahmarsha13@gmail.com
Company Address: Room 502C, 5th Floor, Ho King Commercial Centre, 2 - 16 FA YUEN STREET, YAU TSIM MONG DISTRICT, KOWLOON