Privacy Policy

Last updated: June 20, 2026 — Version: 2.1

1. Introduction

Loyal Heart, operated by 遵义吴益忠网络科技有限责任公司 (Zunyi Wuyizhong Network Technology Co., Ltd.), is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you interact with our website, engage our services, or communicate with our team.

We act as a data controller for the personal information we process about our clients, website visitors, and business contacts. This policy describes our practices in plain language because we believe transparency is the foundation of trust — and trust is the foundation of every system we build.

This policy was developed by the Loyal Heart engineering and legal compliance team. The lead developer responsible for data protection practices can be reached at suquan@loyalheart.lat.

2. Types of Data We Collect

We collect only the data necessary to operate our business and deliver our services. The categories of personal data we may process include:

Contact and identification information — your name, email address, phone number, job title, and company affiliation, provided when you fill out our contact form, email us, or engage us for services.
Professional and business information — details about your organization, technology stack, infrastructure requirements, and business objectives that you share during consulting engagements.
Communication records — the content and metadata of emails, form submissions, and other correspondence you send to us.
Technical usage data — IP address, browser type, device information, referring pages, and interaction patterns on our website, collected through standard server logs and analytics.
Cookie data — limited information stored by your browser to support website functionality and basic analytics, as detailed in Section 11.

3. How We Collect Your Data

We collect personal data through the following channels:

Directly from you — when you submit our contact form, send us an email, call our office, or provide information during consulting engagements and project discussions.
Automatically through our website — via standard web server logs, analytics cookies, and technical protocols that record page views, browser metadata, and session information.
From publicly available sources — in limited cases, we may review publicly available business information (such as company registration records or professional profiles) to better understand a prospective client’s technology environment before an initial consultation.

4. Purposes of Data Processing

We process your personal data for the following specific purposes:

Responding to inquiries submitted through our contact form or email.
Delivering our computer systems design, integration, and consulting services.
Managing client relationships, including project communication and service updates.
Improving our website and services based on aggregated usage analytics.
Complying with applicable legal obligations, including Chinese data protection laws and international regulations where they apply to our operations.
Protecting our legitimate business interests, including maintaining the security of our systems and enforcing our terms of service.

5. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA) or the United Kingdom, we process personal data on the following lawful bases under the General Data Protection Regulation (GDPR):

Consent — where you have given clear consent for us to process your personal data for a specific purpose, such as receiving communications from us.
Contractual necessity — where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
Legitimate interests — where processing is necessary for our legitimate business interests, such as improving our services and maintaining the security of our systems, provided those interests are not overridden by your rights and freedoms.
Legal obligation — where we are required to process your data to comply with applicable laws and regulations.

Where we rely on consent as a legal basis, you have the right to withdraw that consent at any time by contacting us at suquan@loyalheart.lat.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following limited circumstances:

Service providers — with trusted third-party vendors who assist us in operating our website, managing our communications, and delivering our services, subject to contractual data protection obligations. These include cloud hosting providers, email service providers, and analytics platforms.
Legal compliance — when required by law, regulation, legal process, or enforceable governmental request, we may disclose information as necessary to comply with such obligations.
Business transfers — in connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction, subject to the commitments in this policy.
With your consent — in any other circumstance, we will obtain your explicit consent before sharing your personal data.

7. International Data Transfers

Loyal Heart is headquartered in Zunyi, Guizhou, China. Your personal data is processed and stored primarily on servers located in Mainland China. For clients and website visitors outside China, this means your data may be transferred to, and processed in, a jurisdiction that may have different data protection laws than your country of residence.

When we transfer personal data across borders, we implement appropriate safeguards in accordance with applicable law, including standard contractual clauses, data processing agreements, and technical measures designed to ensure your data receives a substantially equivalent level of protection regardless of where it is processed.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention practices are:

Client engagement data — retained for the duration of the client relationship plus seven years following project completion, to address any post-project obligations and comply with tax and commercial record-keeping requirements.
Contact form and inquiry data — retained for two years from the date of last correspondence, after which it is securely deleted unless a client relationship is established.
Website analytics data — retained in identifiable form for 26 months, after which it is anonymized or deleted.
Cookie data — retention periods vary by cookie type, as described in Section 11.

When data is no longer required, we securely delete or anonymize it using industry-standard methods.

9. Security Measures

As a computer systems design and integration firm, security is central to our professional identity. We apply the same engineering rigor to protecting your data that we bring to our client engagements:

All data in transit is encrypted using TLS 1.3 with strong cipher suites.
Data at rest is encrypted using AES-256 encryption.
Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls and multi-factor authentication.
We maintain a formal vulnerability management program with regular penetration testing and security audits.
All systems are monitored for unauthorized access attempts and anomalous activity through real-time intrusion detection.
Our development and operations teams receive annual data protection and security training.

While we implement robust security measures, no method of electronic storage or transmission is absolutely secure. We continuously review and improve our security posture as threats evolve.

10. Your Data Protection Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

10.1 GDPR Rights (EEA and UK Residents)

Right of access — you may request a copy of the personal data we hold about you, along with information about how it is processed.
Right to rectification — you may request that we correct any inaccurate or incomplete personal data we hold about you.
Right to erasure — you may request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to restrict processing — you may request that we limit how we process your data in certain situations, such as while we verify the accuracy of contested data.
Right to data portability — you may request that we provide your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it directly to another controller.
Right to object — you may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Rights regarding automated decision-making — we do not engage in automated decision-making or profiling that produces legal effects concerning you.

10.2 CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
Right to delete — you may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to opt-out of sale — Loyal Heart does not sell personal information as defined under the CCPA. We do not and will not sell your personal data.
Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, contact us at suquan@loyalheart.lat or call +1 (458) 282-6369. We will respond to verified requests within the timeframes required by applicable law. We may need to verify your identity before processing your request.

10.3 Rights Under Chinese Law (PIPL)

Under the Personal Information Protection Law of the People’s Republic of China (PIPL), individuals have rights including the right to know, the right to decide, the right to restrict or refuse processing, the right to access and copy, the right to rectification, and the right to deletion of personal information. To exercise these rights, please contact us using the details in Section 14.

11. Cookies and Similar Technologies

Our website uses a minimal set of cookies to support core functionality and basic analytics:

Essential cookies — these are necessary for the website to function properly. They enable basic features such as form submission and navigation. Our website cannot function without them.
Analytics cookies — we use limited analytics to understand how visitors interact with our website, which helps us improve the user experience. These cookies collect aggregated, anonymized data about page visits, referrers, and browser information.

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may affect the functionality of our website.

12. Children’s Privacy

Our website and services are directed exclusively at business professionals and enterprise clients. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us immediately at suquan@loyalheart.lat.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

Post the updated policy on this page with a revised Last updated date.
For significant changes that affect your rights, we will provide additional notice through our website or via email if you have an active client relationship with us.

We encourage you to review this policy periodically. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

14. Contact Information

If you have questions, concerns, or would like to exercise your data protection rights, please contact us:

Loyal Heart — Data Protection Office

Company: 遵义吴益忠网络科技有限责任公司

English Name: Zunyi Wuyizhong Network Technology Co., Ltd.

Address: Room 201-1-4, 2F, Jinqing Garden, 805 Haier Avenue, Honghuagang District, Zunyi, Guizhou 563000, China

Email: suquan@loyalheart.lat

Phone: +1 (458) 282-6369

You also have the right to lodge a complaint with the supervisory authority in your jurisdiction. For EEA residents, this is your local data protection authority. For residents of China, this is the Cyberspace Administration of China (CAC). We would, however, appreciate the opportunity to address your concerns directly before you approach a regulatory body.