KITE ROW Privacy Notice
Kite ROW Privacy Notice
Effective Date: 19th September, 2025
Version: 1.0
Welcome to Kite!
This product is an internal office terminal service tool software provided by Nanjing Xiyin E-Commerce Co., Ltd. (hereinafter referred to as "we") for employees of SHEIN group (“SHEIN”) entities.
As SHEIN's internal office software, Kite is only provided to natural persons legally authorized by SHEIN Group (including but not limited to SHEIN employees and SHEIN partners), who are referred to as "you" in this notice.
To explain how Kite collects, uses, and stores your personal data and your rights, we will explain these matters in this Kite Privacy Notice (hereinafter referred to as the "Notice"). Please read and understand this Privacy Notice carefully. (We may highlight clauses related to your rights and interests in bold or underlined text to indicate your attention.) By using or continuing to use Kite's services, you consent to our collection, use, storage, and sharing of your personal information in accordance with these guidelines.
This Privacy Notice includes the following:
-
Data Controller
-
How we collect and use your personal information
-
Use of Cookies and Similar Technologies
-
How Kite shares, transfers, and publicly discloses your personal information
-
Storage of Personal Information
-
Security Protection of Personal Information
-
Your Rights
-
Privacy Notice Changes and Notifications
-
How to Contact Us
1. Data Controller
The "Data Controller" is the entity which determines the purpose and means of the processing of Personal Data. The SHEIN entity which employs you shall be the "Data Controller" for personal data processed by Kite. by Nanjing Xiyin E-Commerce Co., Ltd, by providing the Kite service will act as a "Data Processor", processing your personal data on behalf of your employer.
2. How Kite collects and uses your personal information
2.1 Kite collects the following information during your use of the Software:
Windows: Operating system information and serial number, hardware serial number and settings, IP address, network status, identity authentication, Internet behavior data (excluding government, medical, banking, financial and other sites), network access, process/inter-process communication information, specific behavior information collected through remote intervention, input and output interaction (USB, Bluetooth, WiFi, etc.) data.
Mac: Operating system information and serial number, hardware serial number and settings, IP address, network card MAC address, network status, identity authentication, Internet behavior data (excluding government, medical, banking, financial and other sites), network access, process/inter-process communication information, specific behavior information collected through remote intervention, input and output interaction (USB, Bluetooth, Airdrop, WiFi, etc.) data.
IOS App: Operating system information, device ID, CPU type, IP address
Android App: Operating system information, device ID, CPU type, IP address
2.2 Scenario and Purpose of Personal Information Collection
2.2.1 Login and Authentication
When you log in to the Kite software, we will collect your name, company email address, profile picture information, Unified Login Platform (ULP) account and network address to verify your identity and permissions.
2.2.2 VPN Service
Kite needs to obtain your device and network information to provide VPN data transmission services, authenticate user devices, and diagnose network problems. The VPN service connects your device to your company's internal office network so you can access internal network resources. This service does not access, hijack, or tamper with your content.
2.2.3 Software Store Service
In order to provide you with software management functions such as software installation, upgrade, and uninstallation, Kite needs to obtain your installed software list information to understand the status of the user's installed software.
2.2.4 Terminal Security Monitoring
To ensure your terminal security, Kite provides you with terminal security detection functions, including:
- Configure Kite to scan your device for sensitive local files and label them based on SHEIN data classification rules to protect sensitive corporate files. Kite will not use content information of your local files.
- To prevent malware and maintain network security, Kite collects information about your installed applications or running processes, as well as file-related data (including user/system file operation data).
2.2.5 Operational support function
To ensure stable product operation, Kite may collect your software crash information and report it when the software crashes, or obtain remote command execution permissions to help troubleshoot software usage issues.
2.3 Kite Permission List:
| IOS | ||
|---|---|---|
| Permission Name | Permission Function Description | Usage scenario or purpose |
| Face ID | Biometric verification is used to enable network permissions to confirm that the device owner is operating the device. | Verification of VPN network opening operation |
| VPN configuration permissions | You can set up routes to control certain network traffic | This tool can be used to control network routing |
| Android | ||
|---|---|---|
| Permission Name | Permission Function Description | Usage scenario or purpose |
| VPN configuration permissions | You can set up routes to control certain network traffic | You can set up routes to control certain network traffic |
Authorizing us the above permissions does not mean that we can collect personal information related to the authorized functions.
3. Use of Cookies and Similar Technologies
Kite may use cookies and other similar technologies ("Cookies") to enhance your experience using this software. When you use our services, Kite may use related technologies to send one or more Cookies or anonymous identifiers to your device to collect, identify, and store information about your access and use of this product. We use Cookies primarily to ensure the security and operation of our products and services. Cookies help us identify your login status and redirect you to a Kite-approved login authentication system for authentication.
4. Sharing, Transfer and Disclosure of Personal Data
4.1 Sharing
Like most international businesses, personal information may be transferred between countries and between our subsidiaries and affiliates to facilitate business operations within the same organization. We will only share necessary personal information for the purposes stated in this notice. Where such transfers of personal data occur, SHEIN has implemented appropriate safeguards, including Standard Contractual Clauses ("Model Clauses") to ensure that your personal data receives the appropriate level of protection when processed across national borders.
4.2 Transfer
We will not transfer your personal information to any company, organization or individual, except in the following circumstances:
-
Transfer with explicit consent. We will transfer your personal information to other parties with your explicit consent;
-
In the event of a merger, acquisition, bankruptcy liquidation, or business transfer between affiliated companies, if personal information is transferred, we will inform you of the name and contact information of the new company or organization holding your personal information. We will require the new company or organization holding your personal information to continue to be bound by this Notice. Otherwise, we will require the company or organization to re-request your authorization and consent.
-
When we must transfer your personal information in accordance with applicable laws and regulations, mandatory administrative requirements or judicial requirements. Where such disclosure occurs, we will notify you unless prohibited by law from doing so.
4.3 Public Disclosure
We will not disclose your personal information publicly, except in the following circumstances:
-
With your explicit consent or based on your active choice, we may disclose your personal information publicly;
-
Disclosure based on laws and regulations: We may disclose your personal information publicly when required by laws and regulations, legal procedures, litigation or government authorities. Where such disclosure occurs, we will notify you unless prohibited by law from doing so.
4.4 Third-Party SDK
To ensure the smooth operation of Kite services and fulfill required functionality, Kite may integrate with third-party software development kits (SDKs) for related purposes. We conduct rigorous security testing on these SDKs and agree with them on strict data protection measures for the processing of personal information. Please note that the data processing methods of third-party SDKs may change due to version upgrades, policy adjustments, and other factors. Please refer to the official website for details.
Third-party SDK directory list
| Third-party SDKs/services | Third-party company name | Purpose of Use | Types of Personal Information Collected | Privacy Policy Link |
|---|---|---|---|---|
| github.com/go-resty/resty/v2 | Independent Developer —Satish Varma | Advanced HTTP/REST Client | no | https://github.com/go-resty/resty(MIT) |
| github.com/google/gopacket | Google (Open-Source Security Team) | Packet capture and protocol analysis | no | https://github.com/google/gopacket(Apache-2.0) |
| github.com/jinzhu/copier | Independent Developer — Jinzhu | Deep/shallow copy of structure fields | no | https://github.com/jinzhu/copier(MIT) |
| github.com/natefinch/lumberjack | Independent Developer — Nate Finch | Log file rotation by size/date | no | https://github.com/natefinch/lumberjack(MIT) |
| github.com/patrickmn/go-cache | Independent Developer — Patrick Mn | In-process KV cache | no | https://github.com/patrickmn/go-cache(MIT) |
| github.com/shirou/gopsutil/v3 | Independent Developer — shirou | CPU / Memory / Process / Disk / Network Statistics | no | https://github.com/shirou/gopsutil(BSD-3) |
| github.com/spf13/cobra | Independent Developer —spf13 (Steve Francia) | CLI framework | no | https://github.com/spf13/cobra(Apache-2.0) |
| github.com/spf13/viper | Independent Developer —spf13 (Steve Francia) | Configuration management, hot loading | no | https://github.com/spf13/viper(MIT) |
| github.com/stretchr/testify | stretchr team | Test assertions, mocks | no | https://github.com/stretchr/testify(MIT) |
| go.uber.org/zap | Uber Technologies Inc. | High-performance structured logging | no | https://github.com/uber-go/zap(MIT) |
| go4.org/netipx | Independent Developer —Brad Fitzpatrick | Extensions to net/netip | no | https://github.com/go4org/netipx(BSD-3) |
| golang.org/x/crypto | Google Go Team | Various encryption, TLS, and SSH support | no | https://cs.opensource.google/go/x/crypto(BSD-Style) |
| golang.org/x/net | Google Go Team | Low-level network library | no | https://cs.opensource.google/go/x/net(BSD-Style) |
| golang.org/x/sys | Google Go Team | System call encapsulation | no | https://cs.opensource.google/go/x/sys(BSD-Style) |
| golang.zx2c4.com/wintun | WireGuard Project (Jason A. Donenfeld) | Windows Tun virtual network card driver package | no | https://git.zx2c4.com/wintun/(GPL-2.0) |
| golang.zx2c4.com/wireguard/windows | WireGuard Project (Jason A. Donenfeld) | WireGuard for Windows API | no | https://git.zx2c4.com/wireguard-go/tree/windows(GPL/MIT combination) |
| gvisor.dev/gvisor | User-space sandbox kernel (container isolation) | no | https://gvisor.dev(Apache-2.0) |
| iOS third-party SDK/service | Third-party company name | Purpose of Use | Types of Personal Information Collected | Privacy Policy Link |
|---|---|---|---|---|
| Wireguard | Independent Developer —Jason A. Donenfeld | VPN Communication | no | https://www.wireguard.com |
| Jwt-kit | QuTheory | jwt verification | no | https://github.com/vapor/jwt-kit |
| MBProgressHUD | Independent Developer — Jonathan George | Show HUD tooltips | no | https://github.com/jdg/MBProgressHUD |
| SDWebImageSwiftUI | Indie Developer — DreamPiggy | Image caching | no | https://github.com/SDWebImage/SDWebImageSwiftUI |
| SwiftPing | Independent Developer — Sami Yrjänheikki | Calculating network response time | no | https://github.com/samiyr/SwiftyPing |
| DotLottie | Airbnb | Show Animation | no | https://lottiefiles.com |
| Android third-party SDK/services | Third-party company name | Purpose of Use | Types of Personal Information Collected | Privacy Policy Link |
|---|---|---|---|---|
| Wireguard | Independent Developer —Jason A. Donenfeld | VPN Communication | no | https://www.wireguard.com |
| OkHttp | Square | Network Communication | no | https://square.github.io/okhttp/ |
| retrofit | Square | Network Communication | no | https://square.github.io/retrofit/ |
| moshi | Square | JSON format parsing | no | https://github.com/square/moshi |
| java-jwt | Okta | jwt verification | no | https://github.com/auth0/java-jwt |
| coil3 | Instacart | Image caching | no | https://coil-kt.github.io/coil/getting_started/ |
| DotLottie | Airbnb | Show Animation | no | https://lottiefiles.com |
5. Storage of Personal Data
5.1 Storage Location
All information generated and collected by your use of Kite will be stored within the region in which you use it. However, given that SHEIN is an international company with affiliated companies and third-party partners located around the world, your information may be transferred to other countries/regions for processing or accessed from other countries/regions for the purposes described in this Privacy Notice. Before your personal information is transferred to (or accessed from) other countries/regions, we will take appropriate measures to protect the security of your personal information in accordance with applicable laws and regulations, including the use of Standard Contractual Clauses ("Model Clauses") and appropriate supplementary measures to ensure and appropriate level of protection for your personal data.
5.2 Storage Period
We will retain your personal information for the period necessary to achieve the purposes stated in this notice, (generally the duration of your employment with SHEIN plus a reasonable period thereafter for the resolution of outstanding matters and to ensure business continuity) unless the retention period needs to be extended or is permitted by law.
6. Security of Personal Data
6.1 Security Measures
We take the security of your personal information very seriously. We strive to protect your personal information from unauthorized access, use, disclosure, modification, damage or loss by taking appropriate technical, organizational and hardware measures. For example,
Organizational measures:
We have formulated and implemented the SHEIN Information Security Management System; established the organizational structure of the Global Cybersecurity Risk Management Center; and regularly held security and privacy compliance training to enhance internal awareness of personal information protection.
Technical measures:
We use encryption technology to ensure the confidentiality of data in transit and at rest. We also implement access control mechanisms to ensure that only authorized personnel have access to the information they need. We strive to protect your personal information, but please be aware that no security measures are impenetrable.
6.2 Security Incident Handling
To address potential risks such as personal information security incidents, we have established relevant personal information security incident management systems and emergency response plans. If a personal information security incident occurs, we will implement the plan to prevent the impact of the security incident from escalating and promptly notify you through push notifications, announcements, etc. in accordance with laws and regulations. At the same time, we will also report the handling of the personal information security incident to regulatory authorities as required.
7. Your Rights
You have certain rights in respect of your personal data. Depending on the laws applicable in your employment location, these may include:
7.1 Access to Personal Information: Go to [the upper left corner of the "Kite" homepage] to view and copy your email address, serial number, IP address and other personal information.
7.2 Correction, deletion of your personal information and withdrawal of consent: You may submit a request to correct, delete, or withdraw your consent to privacy@sheingroup.com. You may disable Face ID and VPN configuration authorization, change the scope of consent, or withdraw your consent within the native operating system of your iOS and Android device. Upon withdrawal of authorization, Shein will no longer be able to collect information related to these permissions.
7.3 Other Rights If other rights exist in you location under applicable Privacy or Data Protection legislation and you wish to exercise them, please contact privacy@sheingroup.com
8. Changes to and Notifications of This Privacy Notice
To provide you with better services, Kite's features will change from time to time. We will revise this Privacy Notice from time to time and indicate the date of revision at the beginning of this document. Such revisions will constitute part of this Privacy Notice.
To help you understand changes in Kite's data processing practices, after the Privacy Notice is updated, we will release the updated version on this software platform and remind you of the relevant content updates through client announcements or other appropriate means before it takes effect, so that you can keep up to date with the latest Privacy Notice.
9. How to Contact Us
If you have any questions, comments or suggestions about this Privacy Notice, please contact us at privacy@sheingroup.com.