MOSI Multimodal Products and Services Privacy Policy

Published: June 18, 2026

Effective: June 18, 2026

Personal Information Processor: Shanghai Mosi Intelligence Technology Co., Ltd.

Contact: mosi@mosi.cn

Welcome to MOSI multimodal model products and services!

MOSI multimodal model products and services (also referred to as “MOSI Products” or the “Products”) are websites, clients, mobile applications, mini programs, API platforms, and other forms of multimodal AI generation and processing services legally owned and operated by Shanghai Mosi Intelligence Technology Co., Ltd. (“we” or the “Company”). If a MOSI Product provided by us or an affiliate has a separate privacy policy, that policy applies; if no separate privacy policy has been established, this Policy also applies to that MOSI Product.

Please note that when an end user accesses a downstream system or application developed by a developer using our open-platform services, the rules governing the personal information collected from that end user are outside the scope of this Policy. The developer, as the personal information processor, must disclose the applicable personal information protection rules. If you follow a link from a MOSI Product to a third-party website, product, or service, that third party must disclose its own rules, which will govern and protect you.

To enable you to register for and use the Products and services, we may collect and use information relating to you (“Personal Information”). We understand its importance and will make every effort to protect your Personal Information and privacy.

We protect your Personal Information and privacy in accordance with applicable laws and regulations and with reference to industry best practices. We have prepared this Policy and specifically remind you to read and understand it carefully before using MOSI Products and related services so that you can make an informed choice.

This Privacy Policy will help you understand:

I. How We Collect and Use Your Personal Information

We collect and use Personal Information lawfully, fairly, necessarily, and in good faith for explicit and reasonable purposes. Except for information necessary to provide basic functions or fulfill legal obligations, you may decline to provide information. This may prevent you from using the relevant function but will not affect functions that do not rely on it. The Personal Information Collection List below provides a quick overview of the scenarios, purposes, and data types involved.

Personal Information Collection List

1.1 Account Services

1.1.1 Account Registration and Login

To help you register, log in, and use the Products and services, we collect necessary account information according to the product version, region, service site, and login methods displayed.

1.1.2 Verification

When you use an identity-verification function, we may collect real identity information, such as a mobile number, as required by law to protect your or other users’ account security. You may refuse, but the relevant service may then be unavailable without affecting other functions.

1.2 Content Generation Services

We use generative AI models to provide text, image, audio, and video generation. We collect the source materials and instructions you choose or enter to complete generation tasks, display history, troubleshoot issues, protect service security, review content, and improve the experience.

In particular, when using content-generation functions:

(1) Please do not enter Personal Information that identifies you or another person when it is not necessary for us to provide the service.

(2) If your input contains another person’s Personal Information, obtain lawful authorization before providing it to avoid misuse or disclosure.

(3) When processing audio materials, we may analyze voice feature points to provide the service, but we do not use them to identify a specific natural person.

(4) You must not use deep learning, virtual reality, generative AI, or similar technologies to create, upload, copy, transmit, or disseminate prohibited information, including false news, or misrepresent synthetic content as natural content. Non-authentic information must be conspicuously labeled; otherwise, we may add labels or restrict or suspend the content and account.

1.3 System Permissions

We may request system permissions when needed for a specific function. You may allow or refuse them. Refusal may make that function unavailable but will not affect other functions. Permission names vary by device, system version, and product form.

1.4 Payment Services

When you purchase credits, quotas, subscriptions, resource packages, paid models, or other paid services, we may collect bank-card type and number, third-party payment-account information, and order/payment information. Bank-card information is sensitive Personal Information necessary for payment. Refusal prevents payment but does not affect other functions.

To issue an invoice, we may collect one or more of the following as necessary: email address, invoice title, taxpayer number, company address and phone, bank and account details, special-invoice evidence, and authorization evidence. If information is refused or incorrect, we cannot issue the invoice until correct and necessary information is provided.

1.5 Feedback

For inquiries, feedback, complaints, or business cooperation, we may collect and retain your name, contact details, email, phone, WeChat, account information, feedback, and supporting materials to contact you, verify and resolve issues, provide support, improve products, and advance cooperation. Refusal may prevent us from responding promptly.

1.6 Service Security

To protect account, service, content, and transaction security and operational quality, we may collect device and browser information, OS version, device identifiers, IP address, network status, language, access time, click and feature-use records, task status, error and crash logs, performance data, risk-control records, and violation records for identity verification, risk detection, anti-fraud, content security, troubleshooting, statistics, and audit.

1.7 Model Improvement

After secure encryption, de-identification, or anonymization that prevents re-identification, we may analyze inputs, outputs, feedback, usage behavior, task status, and performance data for model training and improvement, product experience, security evaluation, benchmarking, troubleshooting, internal audit, and research.

If you do not want us to continue using all or part of authorized content, use the contact methods in this Policy to withdraw authorization.

1.8 Generated-Content Safety Review

To meet requirements for generative AI, deep synthesis, and AI-generated content labels, we may conduct automated or manual review of inputs, outputs, generation tasks, and publication/export behavior, and add visible labels, invisible labels, metadata, or other rights-management information.

Where unlawful, infringing, abusive, review-evasion, or other risks are found, we may refuse generation, provide warnings, remove or delete content, report to authorities, or assist investigations.

1.9 Exceptions to Consent

Under applicable laws and regulations, consent is not required in the following circumstances:

Please note that information that cannot identify you alone or together with other information is not Personal Information under the law. If information can identify you alone or together with other information, or data not linked to a specific person is combined with your other Personal Information, we will process and protect it as Personal Information under this Policy.

1.10 Open Platform/API Services

When you register for, authenticate, or use our open platform, APIs, developer console, or enterprise administration backend, we may collect and use the following information according to the service scenario:

(1) Developer/enterprise authentication information: developer account details, real name, mobile number, email address, identification number, and other necessary identity information. For enterprise use, this may include the enterprise name, unified social credit code, authentication materials, and the names and contact details of the legal representative, contact person, or administrator. Identification numbers may be sensitive Personal Information. Refusal may prevent use of authentication or API functions but does not affect unrelated services.

Note: Personal or enterprise real-name verification is not currently required for open-platform/API services. If introduced later, we will provide separate notice and obtain consent where required.

(2) Open-platform/API usage information: API keys, call records and times, models used, request status, token/quota consumption, error logs, bills, orders, and transaction information for calls, permissions, quotas, billing, operations, security, troubleshooting, disputes, and legal compliance.

(3) Service and marketing notices: mobile numbers, email addresses, or other contact details may be used for feature updates, product notices, security alerts, bills, service changes, marketing, or events. Marketing messages will include a lawful unsubscribe or opt-out method.

This collection and processing applies only when you register for, authenticate, or use open-platform/API services. It does not apply if you do not use those services.

II. How We Use Cookies and Similar Technologies

Cookies, pixel tags, device identifiers, browser local storage, and similar common technologies may be used to maintain login status, recognize you as a registered user, retain information you provide, protect services, accounts, and transactions, prevent theft and fraud, remember preferences, measure visits, troubleshoot issues, and improve speed and experience.

You may manage, reject, or clear cookies in browser or device settings. Clearing them may require you to log in again and may affect functions that depend on cookies.

III. How We Share, Transfer, and Publicly Disclose Your Personal Information

3.1 Sharing

3.1.1 Principles

a. Lawfulness: data processing must have a lawful purpose and legal basis. A partner must stop using Personal Information if that basis no longer applies, unless it obtains another lawful basis.

b. Legitimacy and minimum necessity: data must be used for a legitimate purpose and only to the extent necessary.

c. Security and prudence: we assess partners’ purposes and security capabilities, bind them by agreement, and monitor SDKs and APIs used to obtain information.

3.1.2 Entrusted Processing

For entrusted processing, we enter into legally required processing agreements with service providers and supervise their use of Personal Information.

3.1.3 Joint Processing

For joint processing, we enter into agreements defining each party’s rights and obligations to ensure compliance and security.

3.1.4 Cooperation Scenarios

Where affiliates or third parties provide functions such as SMS verification, payment, analytics, content safety, or cloud services, we share information only as necessary and use de-identification where possible.

The main categories of partners are:

A. SMS providers: mobile numbers are shared with the applicable mobile carrier to send registration, login, and identity-verification codes.

B. Content-safety provider: submitted and generated text, images, audio, and video are shared with Beijing Shumei Technology Co., Ltd. for automated review to identify unlawful or risky content.

C. Analytics provider: de-identified device information, IP addresses, access logs, and usage data may be shared with Alibaba Cloud Computing Co., Ltd. to measure usage and service quality.

D. Payment providers: payment-account and order information is shared for settlement. We do not directly store complete payment credentials; each platform processes them under its own privacy policy.

E. Cloud provider: relevant data is stored on Alibaba Cloud infrastructure and processed under our data-processing agreement.

These are routine sharing scenarios. MOSI Products do not currently integrate third-party SDKs; any future integration will be disclosed.

3.1.5 Data Used to Provide Functions or Services

Promotion and analytics partners may use de-identified or anonymized device, network, channel, and conversion data to improve effective outreach.

Partners may combine that information with other lawfully obtained data to optimize promotion. We require lawful, fair, and necessary use that protects your rights.

3.1.6 Information Provided for Security and Analytics

Usage security: partners may use necessary device, account, and log information to protect users’ accounts and property and our lawful rights.

Product analytics: partners may use crash, device-identifier, installation, and general usage information to analyze product use and performance.

3.2 Transfer

If Personal Information is transferred due to merger, division, asset transfer, dissolution, or bankruptcy, we identify the recipient and require continued compliance with this Policy. A change in purpose or means requires renewed consent.

3.3 Public Disclosure

We do not proactively disclose information you have not made public unless required by law or with consent. Account information may be disclosed in penalty notices concerning violations or fraud, using industry-standard safeguards.

3.4 Account Cancellation

You may cancel through “Personal Center – Account Cancellation” or by contacting us under Section IX. We verify identity, security status, settlement, and device information and respond within fifteen working days or the statutory period. Cancellation is irreversible; information is deleted or anonymized and cannot be recovered except as otherwise required by law.

3.5 Exceptions to Sharing, Transfer, and Public Disclosure

Under applicable laws and regulations, consent is not required for sharing, transfer, or public disclosure in the following circumstances:

IV. How We Store Personal Information

4.1 Storage location: Personal Information collected and generated during operations in the People’s Republic of China is stored in China. Any future overseas transfer will follow statutory procedures and obtain separate consent where required.

4.2 Retention period: We retain information only for the shortest period necessary for the stated purposes and applicable legal periods. Periods may vary for generation records, uploaded materials, outputs, logs, transactions, and complaints according to functional, compliance, security, financial, and dispute needs.

4.3 When an account is canceled, information is deleted, a purpose is fulfilled or no longer necessary, or a period expires, we delete, destroy, or anonymize information except where retention is required for compliance, disputes, security, finance, or audit.

4.4 If a Product or service ceases operation, we provide notice by announcement, in-product message, email, SMS, or another reasonable method and delete, destroy, or anonymize information within the legally required period.

V. How We Protect Personal Information

We use reasonable technical and organizational safeguards to prevent improper use and unauthorized access, disclosure, alteration, damage, loss, or leakage.

The internet is not completely secure. Protect your Personal Information by not disclosing verification codes and not using the service in an unsafe environment.

After a security incident, we provide legally required notice of its cause, potential harm, affected information, response measures, and risk-mitigation advice by email, SMS, phone, notification, or announcement, and report to regulators. Where effective measures prevent harm, notice may be omitted if permitted by law.

VI. How You Manage Your Personal Information

You have statutory rights to know, decide, access, copy, correct, supplement, delete, withdraw consent, cancel an account, complain, report, and request transfer where legal conditions are met.

6.1 Access, copy, correction, and supplementation: use the Personal Center or contact us.

6.2 Deletion: delete available history, uploaded materials, and generated results, or request deletion where processing is unlawful, consent is withdrawn, an account is canceled, or a purpose is fulfilled or no longer necessary.

6.3 Withdrawal and permissions: disable camera, microphone, photos, notifications, and other permissions in system settings, or withdraw consent through product settings or by contacting us. Withdrawal does not affect processing completed before withdrawal.

6.4 Account cancellation: use “Personal Center – Account Cancellation” or contact us under Section IX. We verify identity, security status, settlement, and device information and respond within 15 working days or the statutory period. Cancellation is irreversible; account data, history, benefits, credits, quotas, orders, and generated content may not be recoverable, except where retention is legally required.

6.5 Response period: after necessary identity verification, we generally process or respond within 15 working days.

6.6 Rights of close relatives of a deceased user: after identity and relationship verification, close relatives may exercise access, copying, correction, and deletion rights unless contrary to the deceased user’s arrangements or the lawful interests of others or the public. The purpose must be lawful and legitimate.

VII. Protection of Minors’ Personal Information

We take minors’ privacy seriously. If you are under 18, read and agree to this Policy with a parent or guardian and obtain consent before using the Products. A guardian of a child under 14 should read and agree on the child’s behalf.

We process minors’ information only where permitted by law, expressly consented to by a guardian, or necessary to protect minors. If information was collected without required consent, we will delete or otherwise handle it promptly according to law.

Anyone uploading, generating, or processing a minor’s likeness, voice, image, video, Personal Information, or other rights must obtain lawful authorization from the guardian and relevant right holders and must not harm the minor’s physical or mental health or lawful rights.

VIII. Amendments and Notices

We may revise this Policy in response to changes in laws, regulations, regulatory requirements, product functions, or business models. We will not reduce your rights without explicit consent.

Updates are communicated by announcement, pop-up, email, SMS, or another reasonable method. Material changes will obtain renewed consent where required. Stop using the service if you disagree; continued use means you understand and accept the updated Policy.

IX. Contact Us

For questions, comments, or suggestions concerning this Policy, personal-information protection, account cancellation, permissions, complaints, infringement, or AI generation services, contact us through:

We will verify and process requests promptly and generally complete processing or provide a clear response within 15 working days.