OFFICIAL STATEMENT: Meitu, Inc. has over 450 million unique monthly active users and we take each and every one of those users’ personal data very seriously. Meitu’s sole purpose for collecting the data is to optimize app performance, its effects and features and to better understand our consumer engagement with in-app advertisements. Meitu DOES NOT sell user data in any form. As Meitu is headquartered in China, many of the services provided by app stores for tracking are blocked. To get around this, Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent. Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall and IDS, IPS protection to block external attacks We have provided additional details below in hopes to help better explain how Meitu uses permissions and manages user data. PRIVACY REQUESTS &OFFSITE SERVERS • Apple App Store: Meitu only asks for permissions within the Apple developer guidelines and terms • Google Play: The permissions requested by Meitu are similar to those users will find with most popular photo editing apps • Offsite Server: As Meitu is headquartered in China, many of the services provided by app stores for tracking are blocked. To get around this Meitu uses a combination of third-party and in-house data tracking systems, they’ve developed to make sure the tracked data is consistent. For example: • MAC address/IMEI number: In some cases, Meitu cannot get both info at the same time and in some cases different devices even have the same IMEI number, so we combine these two details into one unique ID to track user devices • LAN IP address is used to prevent business fraud • SIM card country code is used for a rough location detection • GPS and network location are used for detecting countries and regions for Geo-based operation and advertisement placement • Phone carrier infois used as a standard tracking channel for analytics, just like the other third-party analytics tools (e.g., Flurry) • RUN_AT_START: because the Google service (including GCM) is not available in mainland China, Meitu uses a third-party push notification service called Getui(www.getui.com) • Jail Breaking: This is a requirement from both WeChat SDK(our sharing module)and for advertising to check if a handset is jailbroken. Meitu implements this verification process due to the fact that jailbroken devices can manipulate and modify the app source code, thus resulting in commercial settlement errors. Meitu also requires such process to provide protection against malicious modification of the source code and illegal API usage. • Offsite Servers: user data is sent ONLY to Meitu. The two reported domain names belong to the top domain name “meitustat.com,” which is owned by Meitu. This can be confirmed via “whois" • rabbit.tg.meitu.com -> 124.243.219.160 • rabbit.meitustat.com -> 124.243.219.159 THIRD PARTY SERVICES The number of data analytics and advertisement tracking modules contained in Meitu apps are limited. In particular, there are only three: umeng (www.umeng.com), AppsFlyer (www.appsflyer.com) and the analytics and ad placement platform independently developed by the Meitu team. And as mentioned above, Meitu DOES NOT sell user data in any form. PROTECTING USERS’ DATA. Meitu takes a number of steps to make sure data leaving the device and data stored on our services is safe and secure. • • • • • We use security technology and management mechanism such as HTTPS protocol to encrypt and secure users’ data during transmission Additionally, multilayer encryption is mandatory on all user data storage to prevent user data leakage The servers, that house user data are equipped with advanced firewall and IDS, IPS protection to block external attacks Meitu has a full-time in-house security team, that monitors emergent security issues to guarantee users’ security and privacy Additionally, Meitu’s internal systems include strict access authorization to restrict employee access to user data ABOUT MEITU Meitu’s apps have over 1.1B unique device installs and over 450MM monthly active users. These apps leverage proprietary, AI-enhanced facial recognition technology and represent some of the most advanced photo and video editing technology in the world. • • • Meitu launched MeituPic in 2013 and it quickly became the #1 photo editing app in China. It was re-branded as MEITU in 2016 and today has over 500MM users. Meitu’s video app MeiPai is the top video editing and social sharing app in China, called the “Instagram for video” by Facebook’s chief product officer Chris Cox. Meitu designs apps for the western market like the top selfie retouch app BeautyPlus and its virtual makeup try on app, MakeupPlus.