Privacy Policy

Steady Hold is operated by Shaanxi Hengna Network Technology Co., Ltd., a company registered in the Peoples Republic of China. This Privacy Policy explains our practices regarding the collection, use, disclosure, and safeguarding of your information when you visit our website at steadyhold.mom or use any of our services.

We take your privacy seriously. By using Steady Hold, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of our services.

This policy is designed to comply with applicable data protection laws including the European Unions General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection Law of the Peoples Republic of China (PIPL), where applicable.

We may collect the following categories of information when you interact with Steady Hold. The specific data points depend on how you use our services and which features you access.

We use the information we collect for the following purposes. Each use is tied to a lawful basis as described in Section 004.

• Service Delivery — To create and maintain your account, process transactions, deliver purchased products or services, and provide customer support.
• Improvement & Development — To analyze usage patterns, diagnose technical issues, improve existing features, and develop new products and services.
• Communication — To send service-related notifications, respond to inquiries, and deliver administrative messages. We may also send promotional communications where you have given consent.
• Security & Fraud Prevention — To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other potentially illegal activities.
• Legal Compliance — To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Personalization — To tailor content and recommendations based on your preferences and usage history.

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

We process your personal information based on one or more of the following legal grounds, depending on your jurisdiction and the nature of the processing activity.

Where we rely on consent as a legal basis, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

We do not sell your personal information. We may share your data only in the following limited circumstances:

• Service Providers — With trusted third-party vendors who perform services on our behalf, including payment processing, cloud hosting, email delivery, analytics, and customer support. These providers are bound by contractual obligations to protect your data and use it solely for the purposes we specify.
• Legal Obligations — When required by law, regulation, subpoena, court order, or other valid legal process. We will notify you of such disclosure where permitted by law.
• Business Transfers — In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. You will be notified before your data becomes subject to a different privacy policy.
• With Your Consent — In any other circumstance, we will obtain your explicit consent before sharing your personal information with third parties.

Steady Hold uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. Cookies are small text files stored on your device by your web browser.

Types of cookies we use:

• Essential Cookies — Required for the website to function properly. These enable core functionality such as security, network management, and account authentication. They cannot be disabled.
• Analytics Cookies — Help us understand how visitors interact with the site by collecting and reporting information anonymously. We use first-party analytics to respect your privacy.
• Functional Cookies — Allow the website to remember choices you make, such as language preferences and display settings, to provide an enhanced, more personalized experience.
• Marketing Cookies — Used to deliver advertisements relevant to your interests. We only deploy these with your explicit consent.

You can manage your cookie preferences through our cookie consent banner or through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention periods are determined by the following criteria:

• Account Data — Retained for the duration of your account plus 90 days following account closure, after which it is securely deleted or anonymized.
• Transaction Records — Retained for the period required by applicable tax, accounting, and financial regulations, typically 7 years.
• Communications — Customer support correspondence is retained for 2 years after the matter is resolved.
• Analytics Data — Anonymized analytics data may be retained indefinitely for historical analysis.
• Consent Records — Records of your consent preferences are retained indefinitely to maintain an auditable trail of compliance.

When personal information is no longer required, we securely delete or irreversibly anonymize it.

We implement and maintain appropriate technical and organizational measures designed to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

• Encryption of data in transit using TLS 1.3 and at rest using AES-256.
• Regular vulnerability assessments, penetration testing, and security audits conducted by independent third parties.
• Strict access controls limiting data access to authorized personnel on a need-to-know basis, enforced through role-based access management and multi-factor authentication.
• Continuous network monitoring and intrusion detection systems.
• Regular employee training on data protection and security best practices.
• Comprehensive incident response and business continuity plans.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying you and relevant authorities in the event of a data breach, as required by applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal information. We will respond to all valid requests within the timeframes required by applicable law, typically within 30 days.

Under GDPR (EEA & UK residents):

• Right of Access — Obtain confirmation as to whether we process your personal data and, if so, request a copy of that data along with details about how it is used.
• Right to Rectification — Request correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure — Request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
• Right to Restriction — Request that we limit the processing of your personal data in specific situations.
• Right to Data Portability — Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object — Object to processing based on legitimate interests or for direct marketing purposes at any time.
• Rights Related to Automated Decisions — Not be subject to decisions based solely on automated processing that produce legal effects concerning you.

Under CCPA (California residents):

• Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the sources, the purposes, and the categories of third parties with whom we share it.
• Right to Delete — Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale — Direct us to not sell your personal information. Steady Hold does not sell personal information, and we confirm this here explicitly.
• Right to Non-Discrimination — You will not receive discriminatory treatment for exercising any of your CCPA rights.

Under PIPL (PRC residents):

• Right to Know and Decide — Know about and make decisions regarding the processing of your personal information, and restrict or refuse processing by others except where otherwise provided by law.
• Right to Access and Copy — Access and obtain a copy of your personal information from us.
• Right to Rectification and Supplement — Request correction or completion of inaccurate or incomplete personal information.
• Right to Deletion — Request deletion of your personal information under circumstances specified by the PIPL.
• Right to Data Portability — Request transfer of your personal information to another designated processor, where conditions prescribed by the Cyberspace Administration of China are met.
• Right to Withdraw Consent — Withdraw previously given consent at any time.
• Right to Deceased Person Data — Next of kin may exercise rights to access, copy, correct, or delete a deceased persons personal information, except where the deceased arranged otherwise.

To exercise any of these rights, please contact us using the details in Section 014. We may need to verify your identity before processing your request. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Steady Hold is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 014.

If we learn that we have collected personal information from a child under 16 without verified parental consent, we will take prompt steps to delete that information from our systems. In accordance with the Childrens Online Privacy Protection Act (COPPA) and similar international regulations, we require parental consent for any data collection from users under the applicable age threshold in their jurisdiction.

Your information may be transferred to and processed on servers located in China and other jurisdictions where we or our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

When we transfer personal data across borders, we implement appropriate safeguards in accordance with applicable law, including:

• European Commission-approved Standard Contractual Clauses (SCCs) for transfers from the EEA, UK, and Switzerland.
• Data transfer impact assessments conducted prior to any cross-border data flow.
• Contractual obligations requiring service providers to maintain equivalent levels of data protection.
• Compliance with China Cybersecurity Law and PIPL requirements for cross-border data transfers, including security assessments and standard contracts filed with the Cyberspace Administration of China where required.

By using our services, you understand that your information may be transferred to and processed in countries outside your own.

Our website may contain links to third-party websites, plugins, and applications that are not operated by us. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy practices or content. When you leave our website, we encourage you to review the privacy policy of every site you visit. The inclusion of a link does not imply endorsement by Steady Hold of the linked site or its operators.

This Privacy Policy applies solely to information collected by Steady Hold through our website and services.

We may update this Privacy Policy from time to time to reflect changes in our practices, operational needs, or legal and regulatory requirements. When we make material changes, we will notify you by:

• Posting a prominent notice on our website at least 14 days before the changes take effect.
• Sending an email notification to the address associated with your account, if you have one.
• Updating the effective date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of Steady Hold after any changes to this policy constitutes your acceptance of the revised terms.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us. We are here to help.