Sphere Privacy Policy / 私隱政策

Bilingual | 中英雙語版

Governing Law: Personal Data (Privacy) Ordinance (Cap. 486), Schedule 1 (DPPs 1–6)

PCPD AI Model Personal Data Protection Framework (June 2024)

PCPD Ethical Accountability Framework for AI (August 2021)

Version 1.0 | 版本 1.0

Effective Date: [06/04/2026] | 生效日期:[06/04/2026]

PART I — ENGLISH VERSION

PRIVACY POLICY

[Sphere] ("Company", "we", "us") is committed to protecting your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), the PCPD's AI Model Personal Data Protection Framework (June 2024), and the PCPD Ethical Accountability Framework for AI (August 2021). This Privacy Policy explains how we collect, use, retain, and protect your Personal Data - including Biometric Data - when you use our AI video and content generation service ("Service").

1. Our Role Under the PDPO

The Company acts as a "data user" within the meaning of the PDPO in respect of all personal data processed in connection with the Service. Where we engage third-party AI processing vendors to process personal data on our behalf (including for biometric processing), such vendors act as "data processors" and are contractually required to comply with data protection obligations no less stringent than those imposed by the PDPO.

2. What Personal Data We Collect

In compliance with DPP1 (Collection Principle), we collect only personal data that is necessary and adequate for the purposes described below. We collect personal data in the following categories:

2.1 Account and Registration Data

  • Full name, email address, and contact telephone number
  • Username and encrypted password
  • Company name (for Corporate Users)
  • Billing name and address

2.2 Biometric Data [HIGH SENSITIVITY]

  • Facial photographs: still images or short video clips of your face, uploaded by you for the purpose of AI facial animation synthesis.
  • Voice recordings: audio recordings of your voice, uploaded by you for the purpose of AI voice cloning and synthesis.
  • Derived biometric markers: facial landmark coordinates and voice pattern embeddings generated by our AI processing pipeline during synthesis. These are technical processing artefacts and are not stored beyond the generation session.

We collect Biometric Data for the sole purpose of generating AI video content as instructed by you. We do not collect biometric data for identification, access control, or any purpose beyond AI content generation.

2.3 Usage and Interaction Data

  • AI content generation session logs
  • Prompts, scripts, and instructions submitted to the Service
  • AI-Generated Content produced in your sessions
  • Service usage patterns and feature interactions
  • Device information, browser type, operating system, and IP address
  • Approximate geolocation derived from IP address (country/city level only)

2.4 Financial and Compliance Data (Agent Users Only)

  • Professional licence number and issuing Regulatory Authority
  • Records of AI-Generated Content generated for financial promotional purposes (retained for regulatory compliance)

2.5 Support and Communication Data

  • Customer support correspondence
  • Feedback and survey responses

3. How We Collect Personal Data (DPP1)

  • Directly from you: registration forms, the Biometric Data upload interface, prompts and instructions submitted to the Service, support communications, and payment forms.
  • Automatically: server logs, session data, and technical identifiers when you use the Service.
  • Biometric data specifically: only through the designated upload interface, following completion of the Biometric Data Consent Form.

In accordance with DPP1(3) of the PDPO, we will, at or before the time of collection, inform you of: (a) whether the supply of data is obligatory or voluntary; (b) the purposes for which the data is to be used; (c) the classes of persons to whom the data may be transferred; and (d) your rights to access and correct your data. For Biometric Data, this disclosure is made via the separate Biometric Data Consent Form.

4. Purposes of Use (DPP3)

We use your personal data only for the purposes for which it was collected, or directly related purposes:

  • Biometric Data: solely for AI facial animation synthesis and voice cloning to produce AI-generated video content as instructed by you. Biometric Data is not used for any other purpose.
  • Account data: account registration, authentication, billing, and account management.
  • Usage data: service operation, technical support, fraud prevention, and aggregated service analytics.
  • Agent User compliance data: to maintain records required for our own regulatory compliance and to support Agent Users in meeting their regulatory obligations.
  • Communication: service updates, security notices, administrative messages, and (with your consent) promotional communications about our services.

We will not use your Biometric Data for training our AI models for general use, building general biometric databases, or any purpose beyond the specific generation task you have instructed.

5. Third-Party AI Processors - Biometric Data (DPP4)

⚠ Your Biometric Data may be transmitted to third-party AI processing vendors to perform facial synthesis and voice cloning. This section explains how those transfers are managed.

To provide the Service, we engage the following categories of third-party AI processing vendors:

  • Facial animation synthesis providers: vendors who process your facial photographs to produce AI-animated video output. [Specify vendor names or categories, e.g., "cloud-based AI video synthesis APIs"].
  • Voice cloning providers: vendors who process your voice recordings to produce AI-synthesised voice output. [Specify vendor names or categories].
  • Cloud infrastructure providers: vendors who host the processing infrastructure. [Specify, e.g., "servers located in [country/region]"].

All third-party AI processors are engaged under written data processing agreements that require them to:

  • Process Biometric Data only on our documented instructions and for no other purpose;
  • Implement security measures appropriate to the sensitivity of Biometric Data;
  • Delete or return all Biometric Data upon completion of the processing task;
  • Not sub-process Biometric Data to any further party without our prior written consent;
  • Notify us without undue delay upon becoming aware of any personal data breach.

6. Transfer of Personal Data Outside Hong Kong (DPP3)

Your Biometric Data and other personal data may be transferred to our third-party AI processors located outside Hong Kong. Such transfers occur only where:

  • The recipient jurisdiction provides a level of data protection substantially similar to the PDPO; or
  • The third-party processor has agreed to contractual safeguards equivalent to the DPPs; or
  • You have expressly consented to the transfer (for Biometric Data, this consent is obtained via the Biometric Data Consent Form).

[Current cross-border data flows: describe specific countries - e.g., "Facial synthesis processing: servers in [country]. Voice cloning processing: servers in [country]. General infrastructure: [country/region]." This disclosure is mandatory under PDPO DPP3.]

7. Data Security (DPP4)

We implement the following security measures, with enhanced protections for Biometric Data:

7.1 General Security Measures

  • Encryption of all data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication for internal systems
  • Regular security assessments and penetration testing
  • Vendor due diligence and contractual data processing safeguards
  • Employee training on data protection and information security

7.2 Enhanced Measures Specific to Biometric Data

  • Biometric Data is stored in physically isolated storage environments, segregated from general account data
  • Access to Biometric Data is restricted to the minimum personnel and systems necessary to perform the generation task - no other employees have access to raw Biometric Data
  • Biometric Data uploads are transmitted over encrypted channels directly to the processing pipeline
  • Original Biometric Data is automatically queued for deletion immediately upon generation completion, subject to the retention periods below
  • Derived biometric markers (facial landmarks, voice embeddings) generated during processing are not persisted beyond the active generation session

In the event of a personal data breach involving Biometric Data, we will notify you and the Office of the Privacy Commissioner for Personal Data (PCPD) as promptly as practicable, and in any event within 72 hours of becoming aware of the breach.

8. Retention of Personal Data (DPP2)

We apply the following retention periods, calibrated to data sensitivity:

8.1 Biometric Data Retention

  • Original facial photographs and voice recordings: deleted within 30 calendar days of the completion of the generation task for which they were uploaded, or within 30 calendar days of account closure, whichever is earlier. You may request earlier deletion at any time.
  • Derived biometric markers (technical processing artefacts): not retained beyond the active generation session. Automatically purged upon session completion.
  • AI-Generated Content (videos): retained in your account for as long as you maintain an active account plus 14 days after account closure, unless you delete it earlier. AI-Generated Content is treated as your content asset, not as Biometric Data, for retention purposes.

8.2 Other Data Retention

  • Account data: for the duration of your account plus 7 years after closure (for audit/legal purposes).
  • Agent User compliance records: AI generation records relating to financial promotional content: 7 years, in accordance with regulatory record-keeping requirements.
  • Payment records: 7 years as required under the Inland Revenue Ordinance (Cap. 112).
  • Server and access logs: 90 days.

9. Your Rights Under the PDPO

9.1 Standard Rights (All Users)

Right of Access (DPP6 & Section 18). Submit a Data Access Request ("DAR") in writing to our Data Protection Officer. We will respond within 40 days.

Right of Correction (DPP6 & Section 22). Submit a Data Correction Request ("DCR") to our Data Protection Officer if you believe personal data we hold is inaccurate.

Right to Opt Out of Direct Marketing (Section 35L). You have an absolute right to instruct us to cease using your data for direct marketing.

Right to Erasure. You may request erasure of personal data that is no longer necessary for the purposes for which it was collected.

9.2 Additional Rights Specific to Biometric Data

Right to Withdraw Biometric Consent. You may withdraw your consent to Biometric Data processing at any time, without affecting the lawfulness of prior processing. Submit a withdrawal request to [dpo@sphere.com]. Your original facial photographs and voice recordings will be deleted within 30 calendar days. See Section 3.4 of our Terms of Service for full details on the effect of withdrawal.

Right to Delete Biometric Data Independently. You may request deletion of your original Biometric Data without closing your entire account. This will not affect AI-Generated Content already produced.

Right to Human Review of AI Decisions. Where an AI-generated output materially affects your interests (e.g., if we suspend your account based on automated content review), you may request that a human reviews the relevant AI decision.

To exercise any of these rights, contact:

Data Protection Officer: [dpo@sphere.com]

Post: [Registered Address, Hong Kong]

PCPD complaints:www.pcpd.org.hk | +852 2827 2827

10. AI-Specific Data Practices

In accordance with the PCPD's AI Model Personal Data Protection Framework (June 2024) and Ethical Accountability Framework (August 2021):

  • Purpose limitation: Biometric Data is processed strictly for the generation task you have initiated. It is not used to train our general AI models.
  • Data minimisation: We collect only the Biometric Data necessary to fulfil your specific generation request. We do not collect biometric data "in advance" or build a biometric database of Agent Users.
  • Human oversight: Our AI video generation pipeline does not make autonomous decisions that affect your legal rights or professional standing. Significant account decisions (e.g., access suspension) involve human review.
  • Transparency: We do not use your Biometric Data or usage patterns to build individual profiles for any purpose other than providing the Service.
  • Deep synthesis disclosure: AI-generated videos produced by the Service constitute synthetic media. Agent Users are responsible for disclosing the AI-generated nature of such content to recipients where required by their Regulatory Authority.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data, including Biometric Data, from minors. Contact [dpo@sphere.com] if you believe a minor has submitted data to us.

12. Updates to This Policy

We may update this Privacy Policy from time to time. For material changes affecting Biometric Data processing, we will provide at least 14 days' advance notice and obtain fresh consent where required. The "Last Updated" date at the top of the Policy will be updated accordingly.

13. Contact Us

Data Protection Officer: [dpo@sphere.com]

General privacy enquiries: [privacy@sphere.com]

Compliance (Regulatory): [compliance@sphere.com]

PCPD: +852 2827 2827 | www.pcpd.org.hk

第二部分 — 中文版本

私隱政策

【Sphere】(下稱「本公司」、「我們」)致力依據香港《個人資料(私隱)條例》(第486章,下稱「私隱條例」)、個人資料私隱專員公署《人工智能(AI):個人資料保障模範框架》(2024年6月)及《開發及使用人工智能道德標準指引》(2021年8月)保護您的個人資料。本私隱政策說明您使用本公司AI視頻及內容生成服務(下稱「服務」)時,本公司如何收集、使用、保留及保護您的個人資料——包括生物特徵數據。

一、本公司在私隱條例下的角色

就服務所處理的所有個人資料而言,本公司是私隱條例所指的「資料使用者」。本公司委託第三方AI處理供應商代表我們處理個人資料(包括生物特徵處理)時,該等供應商屬「資料處理者」,並在合同上須遵守不低於私隱條例所施加的資料保護義務。

二、我們收集的個人資料

依據保障資料原則一(收集目的及方式),我們僅收集就以下所述目的而言必要且足夠的個人資料:

2.1 帳戶及登記資料

  • 全名、電子郵件地址及聯絡電話號碼
  • 用戶名稱及加密密碼
  • 公司名稱、專業牌照號碼及監管登記詳情(代理人用戶)
  • 帳單姓名及地址

2.2 生物特徵數據【高度敏感】

  • 面部照片:您上載的靜態照片或短片,用於AI面部動畫合成。
  • 聲音錄音:您上載的聲音錄音,用於AI聲音克隆及合成。
  • 衍生生物特徵標記:本公司AI處理流程在合成過程中生成的面部地標座標及聲音模式嵌入向量,屬技術處理副產品,不會在生成會話結束後保留。

本公司收集生物特徵數據的唯一目的是按照您的指示生成AI視頻內容。本公司不會將生物特徵數據用於身份識別、門禁系統或AI內容生成以外的任何其他目的。

2.3 使用及互動資料

  • AI內容生成會話日誌
  • 提交至服務的提示詞、腳本及指示
  • 您的會話中生成的AI生成內容
  • 服務使用模式及功能互動
  • 設備資訊、瀏覽器類型、操作系統及IP地址
  • 從IP地址推算的大致地理位置(僅限國家/城市層級)

2.4 金融及合規數據(僅限代理人用戶)

  • 專業牌照號碼及發牌監管機構
  • 為金融推廣目的生成的AI生成內容記錄(為監管合規目的保留)

2.5 支援及通訊資料

  • 客戶支援往來通訊
  • 反饋意見及問卷調查回應

三、我們如何收集個人資料(保障資料原則一)

  • 直接從您收集:登記表格、生物特徵數據上載介面、提交至服務的提示詞及指示、支援通訊及付款表格。
  • 自動收集:您使用服務時透過伺服器日誌、會話數據及技術識別符收集。
  • 生物特徵數據專項:僅透過指定上載介面收集,且須在完成生物特徵數據同意書後方可進行。

依據私隱條例保障資料原則1(3),本公司將在收集個人資料時或之前,告知您:(a) 提供資料屬強制性或自願性;(b) 資料的用途;(c) 可獲轉移資料的人士類別;及 (d) 您查閱及更正資料的權利。就生物特徵數據而言,上述披露透過單獨的生物特徵數據同意書進行。

四、使用目的(保障資料原則三)

本公司僅為收集資料的目的或直接相關目的使用您的個人資料:

  • 生物特徵數據:僅用於按您的指示進行AI面部動畫合成及聲音克隆,以製作AI生成視頻內容。生物特徵數據不用於任何其他目的。
  • 帳戶資料:帳戶登記、身分驗證、帳單及帳戶管理。
  • 使用資料:服務運營、技術支援、防止欺詐及匯總服務分析。
  • 代理人用戶合規數據:保存本公司自身監管合規所需的記錄,並協助代理人用戶履行其監管義務。
  • 通訊:服務更新、安全通知、行政信息,以及(在您同意的情況下)本公司服務的推廣通訊。

本公司不會將您的生物特徵數據用於訓練一般用途的AI模型、構建一般生物特徵數據庫,或您所指示的特定生成任務以外的任何目的。

五、第三方AI處理商——生物特徵數據(保障資料原則四)

⚠ 您的生物特徵數據可能被傳輸至第三方AI處理供應商進行面部合成及聲音克隆。本條款說明相關轉移的管理方式。

為提供服務,本公司委託以下類別的第三方AI處理供應商:

  • 面部動畫合成服務商:處理您的面部照片以生成AI動畫視頻輸出的供應商。
  • 聲音克隆服務商:處理您的聲音錄音以生成AI合成聲音輸出的供應商。
  • 雲端基礎設施供應商:提供處理基礎設施托管的供應商。

所有第三方AI處理商均在書面數據處理協議的約束下受聘,該協議要求其:

  • 僅按本公司的書面指示處理生物特徵數據,不得用於任何其他目的;
  • 實施與生物特徵數據敏感性相稱的安全措施;
  • 在完成處理任務後刪除或退回所有生物特徵數據;
  • 未經本公司事先書面同意,不得將生物特徵數據轉交任何進一步的分處理商;
  • 在獲悉任何個人資料外泄後,無不必要延遲地通知本公司。

六、將個人資料轉移至香港以外地區(保障資料原則三)

您的生物特徵數據及其他個人資料可能被轉移至位於香港境外的第三方AI處理商。此類轉移僅在以下情況下進行:

  • 接收方所在司法管轄區提供與私隱條例實質相似的資料保護水平;或
  • 第三方處理商已同意等同於保障資料原則的合同保障措施;或
  • 您已明確同意該轉移(就生物特徵數據而言,該同意透過生物特徵數據同意書取得)。

【目前跨境數據流動情況:請說明具體國家,例如「面部合成處理:位於【國家】的伺服器。聲音克隆處理:位於【國家】的伺服器。一般基礎設施:【國家/地區】」。此項披露在私隱條例保障資料原則三下屬強制性要求。】

七、數據安全(保障資料原則四)

本公司實施以下安全措施,並就生物特徵數據採取加強保護:

7.1 一般安全措施

  • 所有傳輸中數據(TLS 1.2+)及靜態數據(AES-256)加密
  • 內部系統的角色存取控制及多重身分驗證
  • 定期進行安全評估及滲透測試
  • 供應商盡職調查及合同數據處理保障措施
  • 員工資料保護及信息安全培訓

7.2 針對生物特徵數據的加強措施

  • 生物特徵數據儲存於與一般帳戶數據實體隔離的獨立存儲環境中
  • 存取生物特徵數據的權限僅限於執行生成任務所需的最少人員和系統,其他員工均無法存取原始生物特徵數據
  • 生物特徵數據上載透過加密頻道直接傳輸至處理流程
  • 原始生物特徵數據在生成完成後立即自動列入刪除序列,並遵照以下保留期限執行
  • 處理過程中生成的衍生生物特徵標記(面部地標、聲音嵌入向量)在活躍生成會話結束後不予保留

如發生涉及生物特徵數據的個人資料外泄事故,本公司將盡快(並在任何情況下於獲悉外泄後72小時內)通知您及個人資料私隱專員公署。

八、個人資料的保留(保障資料原則二)

本公司按照數據敏感度制定以下保留期限:

8.1 生物特徵數據保留

  • 原始面部照片及聲音錄音:在所上載照片用於完成生成任務後30個日曆日內,或帳戶關閉後30個日曆日內(以較早者為準)刪除。您可隨時申請提前刪除。
  • 衍生生物特徵標記(技術處理副產品):不在活躍生成會話結束後保留,會話完成後自動清除。
  • AI生成內容(視頻):在您的帳戶有效期間及帳戶關閉後14天內保留於您的帳戶中,除非您提前刪除。為保留目的,AI生成內容被視為您的內容資產而非生物特徵數據。

8.2 其他數據保留

  • 帳戶資料:在您的帳戶有效期間及關閉後7年內保留(用於審計/法律目的)。
  • 代理人用戶合規記錄:與金融推廣內容相關的AI生成記錄:7年,符合監管記錄保存要求。
  • 付款記錄:依據《稅務條例》(第112章)要求保留7年
  • 伺服器及存取日誌:90天。

九、您在私隱條例下的權利

9.1 標準權利(所有用戶)

查閱權(保障資料原則六及第18條)。 向本公司個人資料主任以書面形式提交「查閱資料要求」,本公司將在收到有效要求後40天內回覆。

更正權(保障資料原則六及第22條)。 若您認為本公司持有的您的個人資料不準確,可向個人資料主任提交「更正資料要求」。

反對直接促銷權(第35L條)。 您有絕對權利隨時指示本公司停止使用您的個人資料作直接促銷。

刪除權。 您可申請刪除不再需要用於收集目的的個人資料。

9.2 針對生物特徵數據的額外權利

撤回生物特徵數據同意權。 您可隨時向【 dpo@sphere.com 】提交書面要求,撤回對生物特徵數據處理的同意,不影響撤回前任何處理行為的合法性。本公司將在30個日曆日內刪除您的原始面部照片及聲音錄音。詳情請參閱本公司用戶服務協議第3.4條。

單獨刪除生物特徵數據的權利。 您可在不關閉整個帳戶的情況下,單獨申請刪除您的原始生物特徵數據,不影響已製作的AI生成內容。

就AI決定申請人工審核的權利。 如AI生成的輸出對您的利益產生重大影響(例如本公司基於自動化內容審查暫停您的帳戶),您可申請由人工審核相關AI決定。

如欲行使上述任何權利,請聯絡:

個人資料主任:dpo@sphere.com

郵寄:【香港註冊地址】

個人資料私隱專員公署:+852 2827 2827 | www.pcpd.org.hk

十、AI相關數據實踐

根據個人資料私隱專員公署《人工智能(AI):個人資料保障模範框架》(2024年6月)及《人工智能道德標準指引》(2021年8月):

  • 目的限制:生物特徵數據嚴格用於您所發起的生成任務,不用於訓練本公司的一般AI模型。
  • 數據最小化:本公司僅收集完成您的特定生成請求所需的生物特徵數據,不會預先收集或建立代理人用戶的生物特徵數據庫。
  • 人工監督:本公司的AI視頻生成流程不會作出影響您的法律權利或專業地位的自主決定,重大帳戶決定(如暫停存取)均涉及人工審核。
  • 透明度:本公司不會將您的生物特徵數據或使用模式用於構建個人畫像,除提供服務外不作任何其他目的。
  • 深度合成內容披露:本服務生成的AI視頻屬合成媒體。代理人用戶有責任在其監管機構要求的情況下,向接收者披露相關內容為AI生成的性質。

十一、兒童私隱

本服務不面向18歲以下人士。本公司不會在知情情況下收集未成年人的個人資料,包括生物特徵數據。如您認為未成年人已向本公司提交資料,請聯絡【 dpo@sphere.com 】。

十二、本政策的更新

本公司可能不時更新本私隱政策。就影響生物特徵數據處理的實質性變更,本公司將提前至少14天告知,並在需要時取得新的同意。政策頂部的「最後更新」日期將相應更新。

十三、聯絡我們

個人資料主任:dpo@sphere.com

一般私隱查詢:privacy@sphere.com

合規(監管):compliance@sphere.com

個人資料私隱專員公署:+852 2827 2827 | www.pcpd.org.hk