LYSORA User Data Processing Agreement (United States)
LYSORA Device Data Processing Agreement
Updated on: October 1, 2025
1.1.1 The LYSORA Device Data Processing Agreement (hereinafter referred to as “this Agreement”) is entered into between LYSORA TECHNOLOGY INC. (hereinafter referred to as “LYSORA” or “we”) and you (hereinafter referred to as “user”). This Agreement governs the data processing practices associated with your use of LYSORA devices and related services (hereinafter referred to collectively as the “Products or Services” or individually as the “Product or Service”) provided by LYSORA. The user, for the purpose of using the Products or Services, authorizes and entrusts LYSORA to process any data collected by the Products or Services or generated during their use, which belongs to the user. By accepting this Agreement, the user is deemed to have completed such authorization and entrustment to LYSORA.
1.1.2 Upon the effectiveness of this Agreement, it becomes an integral part of the LYSORA Device End User License Agreement signed by the user when the user logs in and uses the corresponding Products or Services. During the use of the Products or Services, any matters not related to the data processing entrusted under this Agreement shall be governed by the relevant provisions of the LYSORA Device End User License Agreement signed by the user.
1.1.3 If the Products or Services provided by LYSORA contain links or information about third-party products or services, those third-party products or services may be governed by their own data processing agreements or policies. This Agreement does not apply to the collection and processing of data by third parties. While LYSORA is not responsible for any data collected or processed by third parties, it will make reasonable efforts to ensure the security of user data during the transition between the LYSORA Products or Services and third-party products or services.
1.2 Effectiveness of the Agreement
1.2.1 Before using the Products or Services, the user shall carefully read and fully understand all contents of this Agreement. The user may only proceed to use the Products or Services after indicating consent by checking the agreement box on the login interface.
1.2.2 Regardless of whether the user has signed this Agreement as described above, the Agreement shall become effective upon the user’s commencement of using the LYSORA Products or Services. This shall be deemed as the user’s full understanding and acceptance of all terms of this Agreement.
1.2.3 LYSORA may periodically revise and update this Agreement based on function updates of Products or Services, changes in user’s needs, and other significant changes in user’s or LYSORA’s business or operations. The updated Agreement shall be submitted to the user again through the Products or Services login interface for confirmation, and shall become legally binding on the user and LYSORA once the user indicates consent as set forth above.
“User” refers to any individual or legal entity that has obtained ownership of, and/or is authorized to use, the Products or Services.
“Affiliate” refers to an entity that directly, indirectly, or jointly controls another entity, or an entity that is directly, indirectly, or jointly controlled by another entity. “Control” is defined as the power to direct the financial or operating policies of an entity, whether through the ownership of voting rights or otherwise.
The “Products or Services” referenced in this Agreement refer to the “LYSORA series” hardware products and the corresponding embedded software services provided by LYSORA.
“User data” refers to the data that the user actively enters during the use of Products or Services, or data obtained or collected during the use of Products or Services, as well as other relevant data derived from the aforementioned data. The user data referred to in this Agreement includes:
· Basic device data belonging to LYSORA, such as device models, device serial numbers (SNs), and software authorization status of devices.
· Device operational data belonging to the user, such as CPU utilization, traffic, network operation logs, device configuration, and operation data.
· Data related to individuals accessing networks through the Products or Services.
The aforementioned data types may contain or involve personal information.
This Agreement applies only to the user data that the user agrees to transmit to the LYSORA servers and authorizes LYSORA to process, and does not apply to other user data retained on the user’s devices or the user’s servers. For details, see the “Data Collection and Processing Appendix.”
III. Entrusted Data Processing
3.1 Types of Product or Service Data Entrusted for Processing
This data description applies to Products or Services provided by LYSORA to the user. In order to provide you with the Products or Services, you expressly authorize LYSORA to process the user data specified in the “Data Collection and Processing Appendix,” which belongs to you and/or your affiliated entities.
3.2 Purpose and Necessity of Entrusted Data Processing
To provide the user with high-quality Products or Services solutions tailored to the user’s requirements, such as network maintenance, LYSORA shall develop the Products or Services based on the user’s requirements to realize their functions, and shall endeavor to maintain the security and stability of the Products or Services during their use. For this necessary purpose, the user shall grant LYSORA authorization to process the relevant data. LYSORA processes relevant data based on user’s entrustment and in accordance with the data description of relevant Products or Services in this Agreement, its Appendix, and other relevant agreements. In particular, the user’s configuration of Products or Services shall be deemed a written instruction to LYSORA.
3.3 Effective Authorization for Data Processing
3.3.1 The user shall ensure that they have sufficient authority to entrust LYSORA with data processing agreed in this Agreement, and ensure that all sources and content of user data entrusted to LYSORA for processing are legal, accurate, and valid.
3.3.2 The user acknowledges that the user data processed by LYSORA may be personal information, or include personal information. Based on the foregoing, you represent and warrant that:
· You are the data subject of the personal information in question and have full authority to authorize LYSORA to process such information, or you have obtained from the data subject all necessary consents, permissions, and authorizations to grant such authorization;
· Your authorization to LYSORA to process the aforementioned data complies with applicable laws and regulations, particularly those relating to personal information and data protection.
3.3.3 LYSORA shall provide the Products or Services required by the user after the authorized administrator or the user personally indicates consent by checking the agreement box, and shall strictly comply with applicable laws and regulations, as well as the provisions of this Agreement, in fulfilling its obligations to protect the user data.
3.3.4 If you breach the foregoing representations and warranties, you shall indemnify and hold LYSORA harmless from any and all claims, liabilities, obligations, costs, expenses, penalties, fines, forfeitures, and adverse outcomes arising from any governmental or third-party actions due to your failure to comply with applicable laws and regulations.
3.4 Processing of Personal Data
3.4.1 The Parties agree that, for this DPA, if you are not the data subject of personal data, (i) You will be the Controller and LYSORA will be the Processor and/or (ii) You will be the Processor and LYSORA will be a further Processor.
3.4.2 To the extent Your use of the Products or Services requires it, You are responsible for providing notice to, and obtaining consents from, individuals regarding the collection, processing, transfer and storage of their data through Your use of the Products or Services.
3.4.3 You will: a. use the Products or Services in compliance with Data Protection Laws; b. ensure all instructions given by it to LYSORA in respect of the Processing of Personal Data are at all times in accordance with Data Protection Laws; c. ensure all Personal Data provided to LYSORA has been collected in accordance with Data Protection Laws and that You have all authorizations and/or consents necessary to provide such Personal Data to LYSORA; d. keep the amount of Personal Data provided to LYSORA to the minimum necessary for the provision of the Products or Services;and e. when acting as a Processor, be responsible for passing on to the Controller all the information, assistance and notices needed to comply with its obligations as a Controller under Data Protection Laws, given that You are the Party having a direct relationship with the Controller; and be responsible for passing on to Lysora all Controller’s requests and instructions related to the Processing of Personal Data under this DPA.
IV. Use and Security Protection of User Data
LYSORA shall process user data only within the scope authorized by the user. If user data needs to be processed beyond the scope of the purposes or scope authorized by the user, LYSORA shall sign a new agreement with the user by updating this Agreement or using other means.
4.2.1 The user agrees that LYSORA may sub-process all data by granting LYSORA’s affiliates the authority to process such data within the scope of the authorization granted under this Agreement. The user also agrees that LYSORA may sub-process the relevant data by granting the specified third party the authority to process such data within the scope set forth in the Appendix to this Agreement.
4.2.2 If LYSORA needs to transfer user data to a third party other than those described above for providing Products or Services or other necessary purposes, LYSORA shall request authorization and consent immediately by updating this Agreement or using the corresponding data description, and shall transfer the data to a third party only within the scope of the user’s authorization and agreement. In addition, LYSORA shall sign an appropriate agreement with the third party to ensure that the third party’s obligations to protect the user data are no less stringent than those set forth in this Agreement.
4.3.1 All of your user data shall be stored and processed in Ohio, the United States (Amazon Cloud). If user data needs to be transmitted or processed outside the United States for business needs, LYSORA shall inform you and fulfill any necessary legal obligations in accordance with applicable laws. LYSORA shall require Amazon Cloud, through contractual arrangements or other means, to implement data security measures that comply with industry standards and shall periodically supervise data security management of Amazon Cloud to ensure the security of user data.
5.1 User’s Responsibility for Handling Data by Themselves
For some user data generated during the use of LYSORA Products or Services but not authorized to LYSORA for processing, it shall be stored on the user’s local device or server and managed and fully liable by the user. If the user uses LYSORA products on a temporary basis by borrowing, leasing, or testing, the user shall return the equipment to LYSORA or LYSORA’s authorized distributor partner after the end of the use period. The user shall be responsible for deleting the user data carried on the equipment before returning the equipment. Otherwise, LYSORA shall not be liable for any damage compensation arising from the leakage or destruction of the data due to the user’s failure to delete it in time.
5.2 Exceptions to User Authorization Requirements
To perform obligations stipulated in laws and regulations or policies, or to meet relevant management requirements of regulatory authorities, or to perform other agreements with the user or for other necessary purposes, LYSORA may need to collect, disclose, or use relevant user data beyond the scope authorized by the user through this Agreement. For such exceptions, the user agrees to exempt LYSORA from liability for breach of contract or damage compensation:
5.2.1 Directly related to national security, national defense security, public security, public health, and major public interests.
5.2.2 Directly related to a criminal investigation, prosecution, trial, and judgment execution;
5.2.3 For the purpose of protecting the life, property, and other major legitimate rights and interests of the user or other individuals, but under the situation that it is difficult to obtain user consent.
5.2.4 To maintain the security and stability of LYSORA Products or Services, including detecting or addressing Product or Service vulnerabilities or failures;
5.2.5 The user has independently made the relevant data publicly available.
5.2.6 Related to data information collected from legally disclosed information channels, such as news reports and government information disclosure.
5.3 Limited Liability for User Data Security Protection
5.3.1 LYSORA undertakes to use reasonable measures to protect the security of user data with the utmost effort, but the user understands and approves that no security measures are completely reliable, and LYSORA shall cooperate with the user to jointly ensure data security. If a security incident, such as user data leakage, loss, or damage, occurs due to hackers’ attacks, virus intrusion, or other uncontrollable factors, the user understands that LYSORA shall not be liable for any direct or indirect loss or liability.
5.3.2 LYSORA shall not be liable for any direct or indirect loss or liability caused by relevant security incidents such as user data leakage, loss, or damage due to the user’s own reasons, such as telling others the password of the Product or Service account, handing the Product or Service to a third party for management through online authorization or changing the configuration, or violating relevant agreements in this Agreement or LYSORA Device End User License Agreement.
VI. Applicable Laws and Dispute Settlement
The formation, effectiveness, performance, interpretation, and dispute settlement of this Agreement shall be governed by the laws (excluding conflict of laws) of the United States; if there are no relevant laws, reference may be made to applicable business practices.
Any disputes between the user and LYSORA shall be settled through amicable negotiation first. If such attempt fails, the user agrees to submit disputes or controversies to the jurisdiction of the federal or state courts located in Kent County, Delaware 19901, USA, where LYSORA is domiciled.
If the user has any questions or concerns regarding data processing during the use of LYSORA products or services, please contact our customer service team by email at support@lysoratech.com.
Data Collection and Processing Appendix
|
No. |
Data Type |
Data Processing Purpose |
Data Storage Location |
Data Storage Validity |
Data Collection Method |
|
1 |
Device software and hardware versions and license information, such as the device SN, announced service modules, product model, MAC address, hardware version number, and software version number. |
Mark product information for quick device addition during cloud-based management. |
Flash memory and LYSORA cloud |
Permanent |
Upload through a secure communication protocol |
|
No. |
Data Type |
Data Processing Purpose |
Data Storage Location |
Data Storage Validity |
|
1 |
Service ID, timestamp, device operating mode, IP address, virtual self-organizing network (SON) ID, group ID on the virtual SON, parent group ID on the virtual SON, primary device SN on the virtual SON, virtual SON status, etc. |
The data is used for SON management within devices. |
Data is stored on the device’s flash memory. It will be uploaded to the cloud if devices are added and connected to the cloud. |
The data stored locally can be deleted only after devices are restored to factory settings. The data stored on the cloud can be deleted after devices are removed from the management page on the cloud. |
3. Network Access Data of Individuals
|
No. |
Data Type |
Data Processing Purpose |
Data Storage Location |
Data Storage Validity |
|
1 |
1. MAC address of a connected client 2. IP address of a connected client 3. Received signal strength indicator (RSSI) of a client 4. Receive rate of a client 5. Channel associated with a client 6. Device name 7. Online duration of a client 8. Client name 9. Uplink traffic statistics of wireless clients 10. Downlink traffic statistics of wireless clients 11. Uplink traffic statistics of wired clients 12. Downlink traffic statistics of wired clients 13. Access time of a client 14. Traffic (receive and transmit) statistics of a client 15. Group ID of a client upon wireless access 16. Group name of a client upon wireless access |
Items 1–12 are visible to the user, while items 13–16 are invisible to the user and are used for fault locating. |
The data is stored in local memory, and after the devices are connected to the cloud, it is stored in the cloud. |
Device memory data and cloud-stored data persist as long as a client remains connected. Once a device is disconnected, the data will be lost. Data will also be deleted if the device is restarted or removed from the cloud. The user can access the data through the web, app, or cloud, but cannot download it. |
4. Sub-processors
Lysora partners with service providers that act as sub-processors and contract to provide the same level of data protection and information security that you can expect from Lysora. A current list of sub-processors for the service is below:
|
Sub-processor |
Type |
Location of Data Center |
Subprocessor page |
|
Amazon Cloud |
Core Hosting |
US |