Fofa.so Privacy Policy

The version of this Privacy Policy is released/updated on: 2025-05-30

Fofa.so (hereinafter referred to as "Fofa.so" or "the Product" or "the Website") is a legally owned and operated product of Foundtech HK Limited (or "We"). Fofa.so (website: https://fofa.so) takes your (or "User") privacy and personal information when using the products and services on and will take adequate and appropriate measures to protect the User's personal information. In order to be transparent about our handling of privacy and personal information, this Privacy Policy explains in detail the extent to which we collect personal information data and how we handle it.

This policy will help you understand the following:

1. How we collect and use your personal information;
2. How we use cookies and similar technologies;
3. How we store your personal information;
4. How we protect your personal information;
5. How we share, transfer, and publicly disclose your personal information;
6. Your rights;
7. Scope of application of the privacy policy;
8. How we handle the personal information of minors;
9. How this policy may be changed and amended;
10. How to contact us.

1. How we collect and use your personal information

We will follow the principles of lawfulness, legitimacy and necessity in collecting and using your personal information for the purposes described in this policy. If we use your personal information for purposes other than those stated in this policy, we will take reasonable means to inform you and obtain your consent.

When you use this product, we need to collect and use your personal information in the following two situations. In order to assist you in using our products and to perform basic business functions (which are part of the total business functions), you need to authorize us to collect and use your personal information. In order to enrich our products and enhance your experience, in addition to providing relatively basic business functions, we will also provide expanded business functions of our products or services, and such business functions require the collection and use of your corresponding personal information. If you refuse to provide such information, you will not be able to use the extended business functions or achieve the results of the experience we want you to enjoy, but will not affect your use of the basic business functions of the product.

If you refuse to allow us to collect any of your personal information, we will not be able to provide you with any of the features or services of this product, including basic business functions.

1.1 Main data collection scenarios

Scenarios in which you need/can choose to authorize us to collect and use personal information when you use our products/services include:

1.1.1 Search services

You will not be shown the full data after searching with the product without registering and logging in to your account. After you have registered and logged in, you can view the corresponding full amount of search results under the premise of meeting the rules of the product. To support the functionality of the search service and the stable operation of our products, we collect your device information, IP address, search history, location information and other records of your interactions with our products, whether you are logged in or not.

1.1.2 User registration

In order for you to fully experience and utilize the Fofa.so product and related functions, you need to complete the product user account registration. To register, you will need to provide your email address, verification code, and login password. We will remind you to read this policy on the page and collect the above information from you only if you check the box to agree.

Please be aware that you can choose not to provide us with the above relevant personal information, but this will result in us not being able to provide you with the corresponding business functions and services, and will also directly affect your experience.

1.2 Exceptions to our collection and use of your personal information with your authorized consent

Please understand that in the following cases, in accordance with laws and regulations and relevant national standards, we do not need to obtain your prior authorized consent for the collection and use of your personal information:

1. Directly related to national security and national defense security;
2. Directly related to public safety, public health, and significant public interest;
3. Directly related to criminal investigation, prosecution, trial and sentence enforcement;
4. For the purpose of safeguarding your or other people's life, property and other important legal rights and interests but it is difficult to get my authorized consent;
5. Personal information that you disclose to the public at your own discretion;
6. Necessary for the conclusion and performance of the contract at the request of the subject of the personal information;
7. Where your personal information is collected from legitimate publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;
8. Necessary for maintaining the safe and stable operation of the product and related services, such as detecting and disposing of malfunctions of the product and related services;
9. Necessary to carry out legitimate journalism;
10. For academic research institutions, when necessary to carry out statistical or academic research in the public interest, and when providing the results of academic research or descriptions to the public, de-identifying the personal information contained in the results;
11. In connection with the fulfillment of our obligations under laws and regulations;
12. Other cases stipulated by laws and regulations.

2. How we use cookies and similar technologies

Cookies and similar technologies are commonly used in the Internet. When you use the Product, we may use the relevant technology to send one or more cookies or anonymous identifiers to your device in order to collect and store information about your access to, and use of, the Product. We promise not to use cookies for any purpose other than those described in this Privacy Policy.

Most browsers provide users with the function of clearing the cache data of the browser, you can manage or clear all the cookies stored in this website according to your own preference, if you clear these cookies, the corresponding information you have previously recorded will also be deleted, which will have an impact on the security and convenience of the services you use.

3. How we store your personal information

3.1 Storage geography

Your personal information collected and generated in the course of our domestic operations will be stored in Hong Kong.

3.2 Storage period

We will retain your personal information only for the period necessary for the purposes described in this policy and for the time period required by law and regulation. After the necessary period, we will delete or anonymize your personal information.

In the event that we cease to operate the Product, we will promptly cease to collect Users' Personal Information, notify you of the cessation of operation by individual delivery or announcement, and delete or anonymize Users' Personal Information stored by us after the cessation of operation.

4. How we protect your personal information

We take the security and protection of our users' personal information very seriously and take all reasonably practicable measures to protect your personal information. We have adopted industry standard security technology measures and security management measures to protect your personal information from unauthorized access, public disclosure, use, modification, damage or loss of data.

4.1 Security measures

1. The Internet is not an absolutely secure environment, please try to use complex passwords, properly keep the login password of the website, and do not freely disclose it to others.
2. We endeavor to protect the security of users' personal information by adopting a variety of physical, electronic, and managerial security measures that comply with industry standards. We actively establish a data classification and grading system, data security management standards, and data security development standards to manage and regulate the storage and use of personal information, and to ensure that no personal information unrelated to the services we provide is collected.
3. We maintain full security control of data through confidentiality agreements with those who have access to the information, monitoring and auditing mechanisms. Users are protected against unauthorized access, public disclosure, use, modification, damage or loss of their personal information.
4. We take all reasonably practicable steps to protect users' personal information. For example, the exchange of data (e.g. credit card information) between a user's browser and Fofa.so is protected by SSL encryption; we also provide https secure Browse on our website; we use encryption to ensure the confidentiality of data; we use trusted protection mechanisms to prevent malicious attacks on data; we deploy access control mechanisms to ensure that only authorized personnel have access to personal information; and we conduct security and privacy training sessions to enhance employee awareness of the importance of protecting personal information.
5. Our Website may contain links to the web sites of third parties. We have no control over the privacy policies of such third party websites, such third parties are not bound by privacy policies and we are not responsible for the privacy policies of such third party websites. When users access these websites via such links, please read the privacy policies of those websites before submitting any personal information.

4.2 Security event notification

1. While we will endeavor to ensure the security of any information sent to us by the User, the User understands that due to technological limitations and the existence of a variety of malicious tactics in the Internet industry, we are unable to guarantee that the information is 100% secure. Users need to be aware that the systems and communication networks used by users to access Fofa.so may be subject to problems due to factors beyond our control. In order to prevent security incidents from occurring, we have put in place appropriate warning mechanisms and contingency plans. In the unfortunate event of a personal information security incident, we will, in accordance with the requirements of laws and regulations, promptly inform the user of: the basic situation and impact of the security incident, the measures we have taken or will take to deal with it, the suggestions that the user can take independent precautions to prevent and reduce the risk and the remedial measures for the user, and immediately activate the contingency plan, and strive to minimize the damage. We will promptly inform the user of the incident-related situation by telephone, push notification and other means, and it is difficult to inform the user individually. We will promptly inform users of the situation by phone, push notification, etc. When it is difficult to inform users one by one, we will take a reasonable and effective way to publish announcements.
2. At the same time, we will also take the initiative to report on the handling of personal information security incidents in accordance with the requirements of the regulatory authorities and work closely with the government authorities.

5. How we share, transfer, and publicly disclose your personal information

5.1 Sharing

We do not share users' personal information with any company, organization or individual, except in the following cases:

1. We may share your personal information with other parties with your express consent.
2. We may share your personal information with the outside world in accordance with laws and regulations, the need for litigation dispute resolution, or at the request of administrative or judicial authorities in accordance with the law.
3. To the extent permitted by laws and regulations, it is necessary to share your personal information in order to safeguard the interests, property or safety of the Company's affiliates or partners, you or other users, or the public from harm.

To the companies, organizations and individuals with whom we share personal information, we guarantee:

1. Before sharing your personal information, we will examine whether it has the organizational management and technical capabilities for data safety and security required by domestic laws, regulations and standards related to the protection of personal information, and will take the necessary data transmission security measures to protect the security of your personal information:
2. Enter into strict data processing agreements with them, requiring them to process personal information in accordance with our security standards, the requirements of this policy and relevant confidentiality and security measures.

5.2 Transfers

In cases involving mergers, acquisitions, bankruptcy and liquidation, asset transfers, or similar transactions that involve the transfer of personal information, we will require the new company or organization holding your personal information to continue to be bound by the requirements, commitments, and security measures of this policy, e.g., not to go beyond the purposes for which the personal information is used as described above, or we will require the company or organization to ask for your authorized consent again.

5.3 Public disclosure

If disclosure of personal information is required by any applicable law or in response to a legal proceeding, we will check with the specific law enforcement agency for the basis for disclosure and inform you of the circumstances in a timely manner. We will provide information to law enforcement authorities on the basis of the principle of minimum necessary to ensure that disclosure is safe and legally justified.

5.4 Exceptions to obtaining prior authorized consent for sharing, transferring, or publicly disclosing personal information

Please understand that in the following cases, in accordance with relevant laws and regulations and national standards, we do not need to obtain your prior authorized consent to share, transfer or publicly disclose your personal information:

1. Related to the fulfillment of our obligations under laws and regulations and the provisions of the competent industry authorities, or required for the settlement of lawsuits or disputes, or in accordance with the requirements of the administrative or judicial authorities in accordance with the law;
2. Directly related to national security and national defense security;
3. Directly related to public safety, public health, and significant public interest;
4. Directly related to criminal investigation, prosecution, trial and sentence enforcement;
5. For the purpose of safeguarding your or other people's life, property and other important legal rights and interests but it is difficult to get my consent;
6. Personal information that you disclose to the public at your own discretion;
7. Where personal information is collected from lawful publicly disclosed information, such as lawful news reports, open government information and other channels.

6. Your rights

We guarantee that you, as the subject of personal information, may exercise the relevant rights described herein by (1) contacting us at the contact details set out in this Policy or (2) through product-specific functionality, etc. Please note that we may require verification of your identity and request before taking further action on your request. Generally, we will not charge you any fees unless such your request is beyond the scope of a routine request. If you have any questions about accessing and managing your personal information, you may contact us in accordance with Article 10 of this Policy.

6.1 Accessing and viewing personal information

You can view the personal information you have provided through the User Center interface of this product.

6.2 Modification of personal information

You can change your avatar and password through your personal center page.

6.3 Deletion of Personal Information

In the specific circumstances described below, if you need your personal information to be removed, you may contact us to fulfill your request:

1. Your personal information is no longer necessary to fulfill the functions of the product in accordance with the period of storage of personal information set forth in this policy;
2. There are cases of unlawful handling of personal information;
3. Personal information is subject to deletion, etc., as required by relevant laws and regulations.

6.4 Varying or withdrawing consent to authorization

You may change or withdraw your consent to our authorization to collect and process your personal information by contacting us at the contact information indicated in Article 10 of this Policy.

If you have any questions about changing or withdrawing your authorization, you may also contact us at the above contact information.

When you withdraw your consent or authorization, we will not be able to continue to provide you with the services for which you have withdrawn your consent or authorization and will no longer process the corresponding personal information.

6.5 Cancellation of accounts

You may apply for the cancellation of your registered user account by contacting us in the manner described in Article 10 of this Policy. We will verify and confirm the appropriateness of the situation and handle it accordingly. After account cancellation, we will anonymize or delete your personal information.

Please understand that for security purposes, if you need to contact us with a request, you will need to provide a written request or otherwise prove your identity. We will ask you to verify your identity before processing your request.

7. Scope of Application of the Privacy Policy

This Privacy Policy applies only to this product. Other products or services of Fofa.so will use the privacy policy of the relevant product or service. In particular, it should be noted that this Privacy Policy does not apply to the following:

1. Embedding the Model in a third party product (or service), information collected by the third party product (or service).
2. Information collected by third-party services, advertisements, or other companies, organizations, or individuals accessed in the Model.

We would like to remind you again that when you use third party products or services, please read carefully the relevant user agreements and privacy policies displayed to you by the third party, and keep your personal information in a safe place and provide it with care.

8. How we handle the personal information of minors

1. If you are not of legal age, you should obtain prior consent from your parent or legal guardian before using this product, or you should be accompanied by a guardian to read this Privacy Policy or the privacy policy of the corresponding product or service to decide whether or not to use this product. If you are required to submit personal information to obtain a product or service, please obtain your guardian's consent and complete the process under the guidance of your guardian.
2. If you are the guardian of a child, you should read this policy or the privacy policy of a particular product carefully and decide whether to agree to the privacy policy when you are helping a child to complete the registration and use of a product or service. When you have questions about the personal information of a child in your custody, you may contact us using the contact information in Section 10 of this Privacy Policy.

9. How this policy may be changed and amended

We may update this Policy from time to time. If this Policy is revised, we will promptly post the latest version prominently on the product interface and notify you of the updated updates by appropriate means. Please review the Privacy Policy periodically. Your continued use of Fofa.so after the effective date of the changed Privacy Policy constitutes your acceptance of such changes.

10. How to contact us

If you have any questions about our privacy policy, you are welcome to contact us. Our contact information is listed below and is subject to change as published on the website: