Privacy Policy

LAST UPDATED: JUNE 15, 2025

This Policy applies exclusively to the "Busio" product developed and operated by MetaLight HK Limited ( "the Company", “we”, or “our”). The "Busio" service is registered and operated from Hong Kong (China).

This Policy will help you understand:

  1. Collection and Use of Personal Information 
  2. Our Use of Cookies and Similar Technologies 
  3. Legal Sharing, Transfer, and Disclosure of Your Personal Information 
  4. How We Securely Protect and Store Your Information 
  5. Your Rights to Access and Control Your Personal Data 
  6. Protection of Minors' Information 
  7. Notices and Policy Updates 
  8. Governing Law and Dispute Resolution 
  9. How to Contact Us

Thank you for using and trusting "Busio." We remain committed to providing you with secure and reliable services.

The Company fully understands the importance of your personal information and will make every effort to protect its security. We are dedicated to maintaining your trust and adhere to the following principles in safeguarding your personal information:

  • Accountability
  • Purpose Specification
  • Consent
  • Data Minimization
  • Security Safeguards
  • Individual Participation
  • Openness

At the same time, the Company promises to adopt industry-standard security measures to protect your personal information.

Please read and understand this Privacy Policy carefully before using our products.

This Privacy Policy applies to all products and services on the "Busio" platform (including all Company products or services and those of affiliated companies without independent privacy policies). However, certain specific products and/or services may also be subject to their own dedicated privacy policies.

Unless otherwise expressly stated in this Privacy Policy, this Privacy Policy does not apply to third-party products or services accessed through our products and/or services, such as products or websites displayed in search results, websites that may include third-party services, or other websites linked within our services.

Please note: If you provide your personal or other information to third parties when using their products and/or services, your information will be governed by their privacy policies or similar terms. We assume no legal liability for any third party’s improper use or disclosure of information you provide.

1. Rules on Personal Information Collection and Use

1.1 Basic Business Functions for Providing Products and/or Services to You

Our core business function is information services. To achieve this core function, when you use our products and/or services, we need to directly collect personal information from you after obtaining your authorization. Below we will detail the personal information required to achieve our core business functions. Please note that if you refuse to provide the necessary personal information for these core functions, you will not be able to use the service.

When browsing information, you can use the browsing function without registering a Busio account. The browsable content includes vehicle arrival information, route information, station information, and third-party commercial promotional information we publish. However, to better ensure network security during your use of our services, maintain normal product operation, and improve our information services, after you agree to the Privacy Policy, during your browsing we may collect the following device information when you use Busio products:

Unique device identifiers (IMEI, ICCID), device platform, device manufacturer, device brand, device model, device storage, whether notification bar is blocked, whether lock screen pop-up messages are enabled, device screen density, device dimensions, system version, WLAN status information, list of installed apps on device, language used, device time zone, hard disk, Android ID, GNSS status, clipboard;

When you enable device location services, we will collect your location information (including IP address, GPS location information), Bluetooth information, base station sensor information, base station positioning, GNSS status, sensor data, process information, WiFi information (WiFi status, WiFi parameters, nearby WiFi list, connected WiFi), WiFi BSSID, WiFi SSID, to ensure network security and provide you with optimal information display solutions.

Since Busio's push notification service requires your app to run in an independent process, we need to obtain your running application processes to ensure timely message delivery.

Additionally, during your use of the browsing function, to ensure network security during service use, maintain normal product operation and improve our information services, we need to record your operational activities when using our products. Therefore, we will collect your log information when using our products, including: Search keywords you entered and links you clicked, Content you browsed, Language used, Date and time of access, Webpage records you requested, Operating system, Software version number, Login IP information.

1.2 Extended Business Functions for Products and/or Services

We also offer the following additional extended business functions, which may require the collection of the information specified below. If you choose not to provide such information, your access to the basic business functions described in Section 1.1 of this policy will remain unaffected. However, certain specific features and services may not be available to you.

  • To provide you with accurate real-time bus information and personalized transit services, “Busio” requests access to your device's location when you first launch the application. This enables us to display nearby bus arrival times and show routes from your search history, helping you plan your journey more efficiently. You can manage or revoke this permission anytime through your device settings, though doing so may limit certain location-based features.
  • When you use the feedback function to submit images, select station information, or provide real-time bus feedback, we may need to monitor multimedia files and collect your contact information. This requires your authorization to access the camera, photo album (image library), and location permissions, in order to obtain the feedback images you need to upload along with their shooting locations, and to contact you promptly for problem resolution. If you choose not to enable location permissions, you may manually enter specific location information instead. Similarly, providing contact details is optional, and you may choose to manually delete any submitted contact information at any time.
  • When you access the homepage to view nearby routes, station information, or real-time vehicle arrivals; when using features like favorites, route planning, or transfer suggestions; when utilizing station/line services on station detail pages; when accessing line detail pages to switch stations, change directions, or view maps; when adding frequent locations (such as home or workplace) on route planning pages, using "My Location" or map selection functions; when entering station map pages or map selection interfaces; or when using location-based services on map information pages - upon enabling device location services and using these Busio features, we will collect relevant location data including: IP addresses, GPS coordinates, Bluetooth signals, cellular sensor data, base station positioning, GNSS status, sensor readings, process information, and WiFi details (connection status, parameters, nearby networks, connected networks' BSSID and SSID).
  • When participating in promotional campaigns or contacting us: You may engage in Busio-organized operational activities (including lotteries, quizzes, surveys, Q&A sessions, or cash withdrawals), or contact us for appeals, error reporting, or complaints. As required, you may voluntarily provide personal details such as your name, contact number, Alipay account information, withdrawal amount, and mailing address (specific requirements will be indicated on respective activity pages). For certain activities involving financial transactions like cash withdrawals, prize redemptions, or tax reporting purposes, we may additionally require verified identity documentation.
  • When you use the sharing feature, we may access your multimedia files to assist in resolving the issues you report.
  • When you restart the Busio app, we will collect certain device information to provide you with more timely data services. This includes: running process information, sensor data monitoring, IP address collection, Android ID retrieval, network interface MAC address acquisition, storage information, and a list of installed applications.
  • When you use the widget for quick access to app features, the widget process may automatically launch upon device startup and associate with our application to deliver enhanced functionality and user experience. We strictly commit to neither collecting nor utilizing any personal information unrelated to the widget service, including but not limited to user location data or browsing history. Widget-related processes are only activated during actual widget usage, solely for the purpose of providing widget-specific services. Should you wish to disable these processes, you may: (1) choose not to use the widget functionality entirely, or (2) if already activated, manually disable the relevant options in the application settings to terminate these background operations.
  • For any purposes not explicitly stated in this policy, we will seek your separate explicit consent before using your information for such undisclosed purposes.

1.3 Additional Provisions

We will request your authorization via pop-up notifications when a device permission is first required for a specific service, enabling us to collect and use corresponding personal information solely for that purpose. For permissions deemed important or sensitive, we will separately prompt for your explicit consent before activation when you access the related service.

After granting permissions, you may enable or disable them anytime through your device's system settings. Please note that disabling permissions may impair associated features. Alternatively, you can manage permissions via Busio's in-app settings (see Chapter 5: "Your Rights to Access and Control Information" ).

We strictly commit to never activating device permissions in unapproved contexts or using permission-derived personal data beyond the purposes you explicitly authorized.

1.4 Indirect Collection of Your Personal Information from Third Parties

To enhance your experience, Busio integrates third-party services—accessible via functional icons or information pages. When you use these services, we may receive certain personal data shared by these providers under their respective privacy policies.

1.5 Exceptions to Consent Requirement

We may process personal information without prior consent in the following circumstances:

  • Necessary for the personal information controller to fulfill legal obligations;
  • Directly related to national security or national defense;
  • Directly related to public safety, public health, or significant public interests;
  • Directly related to criminal investigation, prosecution, trial, or execution of judgments;
  • Necessary to protect life, property or other major legitimate rights/interests of individuals when obtaining consent is impractical;
  • The personal information has been voluntarily disclosed to the public by the individual;
  • Necessary for concluding or performing contracts at the individual's request;
  • Collected from legally disclosed information (e.g., lawful news reports, government disclosures);
  • Necessary for maintaining secure/stable operation of products/services (e.g., troubleshooting);
  • Necessary for academic research with de-identified results;
  • Other circumstances stipulated by laws and regulations.

2. Use of Cookies and Similar Technologies

When you use Busio services, we may store small data files called Cookies on your device. These typically contain identifiers, site names, and alphanumeric codes.

To enhance your experience with the favorites feature, we use cookies to store your saved route information. We strictly limit cookie usage to the purposes explicitly stated in this policy and do not employ them for any other objectives. You retain full control to manage or delete cookies according to your preferences through your device or browser settings.

3. Lawful Sharing, Transfer, and Disclosure of Your Personal Information

3.1 Cross-Border Data Transfers

We may need to transfer your personal information to jurisdictions where we and/or our service providers operate, such as China (including Hong Kong). These jurisdictions may differ from your country/region of origin in terms of data protection laws, and may not provide the same level of protection as your home country/region. By using our services, you consent to such transfers.

To safeguard your information during cross-border transfers, we have established agreements with our service providers to ensure a standard of protection consistent with the terms of this Privacy Policy.

3.2 Data Sharing

We do not share your personal information with any third-party companies, organizations, or individuals outside of our company and its affiliates, except in the following circumstances:

  • With your prior consent or authorization;
  • When required by applicable laws, regulations, legal procedures, or mandatory administrative or judicial orders;
  • To the extent permitted by laws and regulations, where disclosure is necessary to protect the interests, property, or safety of our company, its affiliates or partners, you or other Busio users, or the public;
  • When sharing is essential to provide services you request;
  • To handle disputes or conflicts involving you at your request;
  • As stipulated in agreements with you (including electronically signed contracts and platform rules) or other legal documents;
  • For academic research purposes (where applicable, and only for public interest objectives);
  • For lawful social public interest purposes.

We commit to obtaining your explicit consent before indirectly collecting your personal information. However, you acknowledge and understand that if changes occur in the type or method of collecting your personal information without timely updates to this policy, we will seek your re-authorization through pop-up notifications, SMS, or email.

Additionally, this policy does not serve as the privacy protection terms for third-party services. We strongly advise you to read and understand the specific content of the relevant service agreements and privacy policies of third-party services before using them. This will help you comprehend the rules governing the collection and use of your personal information by third-party services, the protections they offer, and the rights you hold as a data subject.

3.3 Data Transfers

As our business evolves, we may engage in mergers, acquisitions, asset transfers, or similar transactions, which could involve the transfer of your personal information. In such cases, we will require the receiving party to continue adhering to this Privacy Policy. If they cannot comply, we will ensure they seek your explicit consent before any data transfer.

Additionally, we will only share your information with third parties after obtaining your explicit authorization.

3.4 Public Disclosure

We will only publicly disclose your personal information under the following circumstances, while implementing industry-standard security protection measures:

  • Disclosure of your designated personal information in the manner you explicitly consent to upon your request;
  • We may disclose your personal information when required by laws, regulations, or mandatory administrative or judicial orders. In such cases, we will strictly limit the disclosure to: (1) the specific types of personal information requested, and (2) the legally prescribed disclosure methods. Upon receiving such disclosure requests, we will require the requesting party to present corresponding legal documentation (e.g., subpoenas or investigation notices). We are committed to maintaining maximum transparency regarding the information we are required to provide, to the extent permitted by law. All requests undergo rigorous review to ensure they have proper legal basis and are strictly limited to data that law enforcement agencies are legally authorized to obtain for specific investigative purposes. Where permitted by laws and regulations, all disclosed documents are protected by encryption keys.

3.5 Third-Party Services

Busio may integrate with third-party media or other services (including websites or other service formats). For example, to achieve the purposes stated in this Privacy Policy, please refer to Section "1.2 Extended Business Functions for Providing Products and/or Services" for details.

Currently, the third-party service providers we integrate with mainly include the following types:

  • Location & Device Data: Used to obtain device location permissions (with your consent), collect device information, and log data.
  • Third-Party Authorization: Supports services such as third-party account login and sharing content to external platforms.
  • Performance Optimization: Enhances product capabilities, including improving hardware connectivity, reducing server costs, and implementing hotfixes.

Please note that the third parties you transact with, the third-party website operators you visit, and the third-party services integrated through our platform (such as those within the "Busio" app) may have their own privacy policies. When you access third-party websites or use third-party applications, these entities may independently collect and process your personal information—such activities are beyond our control and are not governed by this Privacy Policy.

While we make reasonable commercial efforts to require these parties to implement protective measures for your data, we cannot guarantee their compliance. For details about their privacy practices, please contact them directly. If you identify any risks associated with third-party websites or applications, we strongly advise discontinuing use to safeguard your rights. We recommend carefully reviewing the privacy statements of such third-party providers to understand how they handle your personal information before engaging with their services.

4.How We Safeguard and Store Your Information

We will only retain your personal information for the duration necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Once the retention period expires, we will delete or anonymize your personal information;

Exceptions to this retention policy include:

  • Where specific retention periods are mandated by laws or regulations;
  • Where we have obtained your explicit authorization and consent;
  • Where cross-border data transfers are required to provide you with products or services.

In these exceptional circumstances, we will ensure your personal information receives adequate protection in strict compliance with this Privacy Policy and relevant national laws and regulations.

4.1 Data Storage

Your information will be maintained, processed, and stored by us, our authorized affiliates, and service providers in China. While data protection laws in these jurisdictions may differ from those in your country of residence or location, please note that: We, our affiliates, and third-party service providers handling your data are committed to protecting your information in accordance with this Privacy Policy and industry-standard security measures.

By using our services, you expressly consent to such storage locations and cross-border data transfers.

4.2 Data Security Technical Measures

We implement industry-standard security measures, including robust policies and technical safeguards, to protect your information from unauthorized access, modification, damage, or loss. Our network services utilize multiple encryption technologies—such as SSL—to secure your data during transmission and storage, with additional isolation techniques to prevent breaches.When processing your information (e.g., displaying or analyzing data), we apply advanced anonymization methods to enhance security. Strict access controls and multi-factor authentication further ensure your data is protected against misuse.

4.3 Additional Security Measures for Information Protection

We implement comprehensive security measures to protect your information, including:

Data Governance Policies: Establishing data classification systems, security management protocols, and secure development standards to regulate information storage and usage.

Access Controls & Monitoring: Restricting access to authorized employees and partners with strict permission management and real-time monitoring, backed by confidentiality agreements and audit mechanisms. Violations may result in legal consequences or termination of partnerships.

Security Awareness: Conducting regular privacy and security training to reinforce the importance of data protection among staff.

Data Minimization: Collecting only necessary information and taking all reasonable steps to avoid gathering irrelevant data.

Important Note: While we employ robust safeguards, no internet transmission is 100% secure. Exercise caution when using email, messaging, or social platforms—we recommend using strong passwords and enabling additional security features. We strive to protect your data but cannot guarantee absolute security in online environments.

5. How to Access and Control Your Personal Information

In accordance with applicable laws, regulations, and standard practices across different jurisdictions, we ensure you can exercise the following rights regarding your personal information:

5.1 Right to Access

You have the right to access your personal information, except where restricted by applicable laws and regulations. To exercise this right, please contact us via email at kf@metalight.ai. We will verify and process your request within 15 business days.

5.2 Right to Rectification

You have the right to request corrections or updates to any inaccurate or incomplete personal information we process about you, subject to successful verification of your identity and confirmation that such modifications would not compromise the objectivity and accuracy of the data. To exercise this right, please contact us by email at kf@metalight.ai, and we will review and process your request within 15 business days.

5.3 Right to Deletion

You may request deletion of your personal information under the following circumstances:

  • If our processing violates applicable laws or regulations;
  • If we collected or used your information without obtaining proper consent;
  • If our processing breaches agreements with you;
  • If you cease using our products or services; or
  • If we discontinue providing products or services to you.

To request deletion of your personal information, please contact us by email at kf@metalight.ai. Should we approve your deletion request, we will additionally notify any third parties who obtained your information from us to promptly delete their copies, unless otherwise required by law or where such parties have obtained your separate authorization. We commit to verifying and processing your deletion request within 15 business days.

Please note that after deleting your information from our active systems, residual copies may remain in our backup systems temporarily until the next scheduled backup update, at which point they will be permanently erased.

5.4 Right to Withdraw Consent

You may withdraw your previously granted consent for the collection and processing of your personal information by contacting us via email at kf@metalight.ai. We will verify and process your withdrawal request within 15 business days.

However, in accordance with applicable laws and regulations, we may be unable to comply with your request under the following circumstances:

  • When related to national security or defense security;
  • When involving public safety, public health, or significant public interests;
  • When pertaining to criminal investigations, prosecutions, trials, or execution of court judgments;
  • Where substantial evidence indicates malicious intent or abuse of rights on your part;
  • Where fulfilling the request would severely harm your legitimate interests or those of other individuals/organizations; or
  • When trade secrets are involved.

5.5 Right to Account Deletion

You have the right to request account deactivation by emailing us at kf@metalight.ai, provided such request complies with our Terms of Service and applicable laws and regulations. We will verify and process your account deletion request within 15 business days. Upon successful deactivation of your Busio account, we will immediately terminate all services and, subject to your instructions and unless otherwise required by law, either permanently delete your personal information or render it anonymous.

6. Protection of Minors' Information

We recommend that any minor engaging in online activities obtain prior consent from their parent or legal guardian (collectively referred to as "Guardian"). We strongly advise Guardians to review this Privacy Policy and take appropriate measures to protect minors' information in accordance with applicable laws and regulations.

Parents or Guardians should actively guide minors in their online activities and ensure they obtain proper consent and supervision before submitting any personal information.

If we identify that personal information from minors under 14 years of age has been collected without verifiable parental/guardian consent, we will take immediate action to delete such data. Should Guardians have reason to believe we have collected minors' information without proper authorization, please contact us immediately at kf@metalight.ai, and we will promptly investigate and delete the relevant data.

7. Notifications and Revisions

7.1 Notifications

To provide you with better services and in line with our company's business development, this Privacy Policy may be updated periodically. When changes occur, we will notify you of updates by releasing the revised version on the Busio mobile platform and through website announcements or other appropriate means before the changes take effect. We encourage you to regularly access Busio to stay informed about the latest version of our Privacy Policy.

In the event of material changes to this Privacy Policy, we will provide enhanced notification through prominent methods including, but not limited to, email, postal mail, telephone communications, and push notifications. For the purposes of this policy, "material changes" shall specifically include, without limitation:

  • Significant modifications to our service model;
  • Changes to the primary recipients of any publicly disclosed personal information.

7.2 Amendments

Busio reserves the right to modify these terms at its sole discretion without prior notice, including the Terms of Service(Terms of Service).

For material changes, we will notify users of such modifications through our services before implementation, with the changes taking effect upon publication. Your continued use of our services after the last updated date constitutes acceptance of and agreement to be bound by the amended terms.Please note that if terms require modification to comply with legal requirements, such amendments may take effect immediately without advance notice.

8. Dispute Resolution

Should any dispute arise between you and our company regarding the interpretation or implementation of this Privacy Policy, both parties shall first attempt to resolve the matter through amicable negotiations. If the dispute cannot be settled through negotiation, both parties hereby agree to submit the dispute to the competent court in the jurisdiction of our company's registered address for litigation.

9. Contact Information 

Should you have any questions, comments, or suggestions regarding these Terms or our services, please contact us through the following channels:

  • Customer Service Email: kf@metalight.ai
  • Business Office Address: UNIT 1003. 10/F TOWER 2 SILVERCORD 30 CANTON RD TST HONG KONG

Important Notice: For matters involving your personal information, we have established a dedicated email channel. Please direct such inquiries to: kf@metalight.ai. Upon receiving your feedback, we will provide a response within 15 business days.