Children's & Minors' Privacy Rules
This document explains how the Acosmi / Xiezhua group handles personal information belonging to minors and children, and the rights that parents and guardians hold on their behalf.
Applicable region: International (users outside mainland China). Users in mainland China should switch to the Simplified Chinese (China region) version of this document.
Effective: June 3, 2026 | Last updated: June 3, 2026
These Rules supplement our Privacy Policy and carry equal weight. Where these Rules conflict with the Privacy Policy, these Rules prevail with respect to minors and children.
The Acosmi / Xiezhua group is operated by two affiliated companies that jointly provide services under the "Acosmi" brand:
- Xiezhua (Beijing) Intelligent Technology Co., Ltd. — platform operations, AI products, and developer services.
- Hongshen (Beijing) Legal Consulting Co., Ltd. — legal-services products (Bench / 众律宝, Trusted Timestamp / 可信时间章).
"We", "us", and "our" refer to both companies acting jointly. "You" refers to the account holder or, where the account holder is a minor, their parent or legal guardian.
1. Definitions
1.1 Key terms
| Term | Definition |
|---|---|
| Child | A natural person younger than 13 years of age under US COPPA; a natural person below the applicable digital-consent age under GDPR Article 8 (which defaults to 16 but may be lowered to a minimum of 13 by a member state). Where multiple frameworks apply, we apply the more protective threshold. |
| Minor | A natural person younger than 18 years of age, including children. |
| Guardian / Parent | A parent or other person with legal parental responsibility or guardianship over a minor. |
| Verifiable Parental Consent (VPC) | Under US COPPA: any reasonably calculated method to ensure that the person providing consent is actually the child's parent or legal guardian, before we collect, use, or disclose personal information from a child younger than 13. |
| Digital-consent age | The age below which a natural person cannot give legally valid consent to data processing by an information society service on their own behalf, requiring a guardian's consent instead (GDPR Article 8). |
| Services | Acosmi AI agent platform, Crab Code AI coding assistant, Bench (众律宝) legal workspace, Trusted Timestamp (可信时间章) electronic authentication service, and associated websites and mobile apps. |
1.2 Applicable legal frameworks
These Rules are designed to comply with:
- US Children's Online Privacy Protection Act (COPPA) and FTC COPPA Rule — covering children younger than 13 where US law applies.
- EU/UK General Data Protection Regulation (GDPR) Article 8 — covering digital-consent age (default 16, reduced to 13–15 in certain member states); children's data treated as sensitive data requiring appropriate safeguards under Article 9 recitals; UK GDPR and Age Appropriate Design Code (Children's Code) where applicable.
- UK Age Appropriate Design Code (Children's Code) — 15 standards for online services likely accessed by children under 18.
- Other applicable national laws — to the extent that they impose stricter requirements for the jurisdiction in which a user resides, we apply the stricter standard.
2. Our stance and age eligibility
2.1 The Services are designed for adults
Our Services are designed for and directed at adults aged 18 and older. Content generated by our AI models may involve legal analysis, professional code review, business workflows, and other subject matter requiring adult judgment and context. We do not knowingly market or direct the Services to children.
2.2 Use by minors
Minors may use the Services only with the informed consent and active supervision of their parent or legal guardian. Before permitting a minor to create an account or use the Services, guardians should read these Rules in full alongside our Privacy Policy and Terms of Service to assess whether the Services are appropriate for the minor's age and maturity.
2.3 Minors aged 13 through 15 (GDPR member-state variations)
In EU/EEA member states that have set the digital-consent age above 13 (for example, Germany and France set it at 16, Ireland at 16), users below the applicable national threshold must obtain verifiable guardian consent before creating an account, regardless of whether they are 13 or older. We default to age 16 as our platform-wide digital-consent threshold for EU/EEA users unless we have implemented a country-specific lower threshold in compliance with a specific member state's enacted legislation.
3. Guardian consent: how we seek and verify it
3.1 Children younger than 13 (COPPA)
We will not knowingly collect personal information from any child younger than 13 without first obtaining verifiable parental consent. Our approach:
Where we discover or have reason to believe that a user is younger than 13 and has registered without verifiable parental consent — whether through self-reporting, a guardian's report to customer support, or other credible information — we will promptly notify a guardian and require parental consent to continue service, or delete the account and associated information as set out in Section 6. Guardians may contact us at fuwu@acosmi.com or 4000269678 at any time to exercise rights on the child's behalf. We will assess and implement product-level age-verification and guardian-consent mechanisms as technical and operational conditions permit.
3.2 Users aged 13 through the applicable digital-consent age (GDPR)
For users who are at least 13 but below the applicable digital-consent age in their jurisdiction, we will seek consent in a manner that is meaningful given the minor's age, including by providing a clear, plain-language explanation of the data processing and by offering the option for guardian co-approval where technically feasible.
3.3 What constitutes valid consent
Guardian consent must be:
- Informed: The guardian has read a clear description of what data we collect, why, and with whom it may be shared.
- Freely given: Consent is not bundled with consent to unrelated data uses; guardians can consent to core service delivery without consenting to optional analytics or marketing.
- Specific: Separate consent is required for each materially different purpose.
- Verifiable: We can demonstrate that consent was given by a person with parental authority.
3.4 Withdrawing consent
Guardians may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Upon withdrawal, we will promptly cease processing the child's personal information for the purpose(s) covered by the withdrawn consent. To withdraw consent, send an email to fuwu@acosmi.com with the subject "Withdraw child consent — [account email/phone]".
4. What children's information we handle, and special protections
4.1 Data minimisation
We collect the minimum information necessary to provide the Service. For users identified as children, additional restrictions apply: we do not collect information beyond what is set out in Section 4.2, we do not condition a child's participation in an activity on disclosing more information than is reasonably necessary, and we do not use children's data for behavioural advertising.
4.2 Categories of information we may process
| Category | Purpose | Required? |
|---|---|---|
| Account credentials (email address or phone number, hashed password) | Account creation and authentication | Yes |
| Date of birth or age range | Age-gating, digital-consent-age compliance, parental notice | Yes |
| Device identifiers (device ID, OS version, browser type) | Security, fraud prevention, session management | Yes |
| Service-usage logs (request timestamps, feature identifiers, session IDs) | Security auditing, troubleshooting | Yes |
| Payment records (transactions completed by the guardian) | Order fulfilment, refund processing | Only where a transaction occurs |
| AI conversation content | Delivering AI agent responses | Only content the user actively inputs |
| IP address (anonymised after 30 days) | Geographic compliance, rate-limiting | Yes |
We do not knowingly collect from children: precise geolocation, biometric identifiers (facial geometry, voiceprint), health data, government-issued ID numbers, school information, contact lists, or social-graph data.
4.3 No behavioural advertising to children
We do not serve behavioural or targeted advertising to users we have identified as children. We do not sell, rent, or otherwise disclose children's personal information to third parties for commercial purposes.
4.4 Third-party disclosure restrictions
We will not disclose a child's personal information to third parties except:
- to service providers who act as our processors under a data-processing agreement that prohibits further use of the data for their own purposes;
- where required by applicable law or court order;
- to protect the safety of the child or others in an emergency; or
- with the prior verifiable consent of the child's guardian.
4.5 Technical and organisational safeguards
- Encryption at rest: AES-256 or equivalent.
- Encryption in transit: TLS 1.2 minimum on all connections.
- Access controls: Strict role-based access; staff may only access children's data where there is a documented business need.
- Audit logging: All access to children's records is logged and reviewed.
- Data-subject flagging: Child accounts are flagged at the database level so that special handling rules are applied automatically.
- Retention limits: We retain a child's personal information no longer than is necessary for the purposes for which it was collected. On account deletion, personal data is removed from production systems within 15 business days and from backups within 30 calendar days (backup rotation cycle).
5. Guardian rights and how to exercise them
5.1 Rights available to guardians
Guardians have the following rights with respect to their child's personal information:
| Right | Description |
|---|---|
| Access / Review | Obtain a description of the personal information we hold about the child, the purposes for which it is used, and the categories of third parties with whom it has been shared. |
| Portability / Copy | Receive a copy of the child's personal information in a structured, commonly used, machine-readable format. |
| Correction / Rectification | Request correction of inaccurate or incomplete personal information. |
| Deletion / Erasure | Request deletion of the child's personal information, including by requesting account deletion (see Section 9). |
| Withdrawal of consent | Withdraw consent for processing activities that rely on guardian consent (see Section 3.4). |
| Objection | Object to processing based on our legitimate interests, to the extent applicable law permits. |
| Restriction | Request that we restrict processing while a dispute about accuracy or lawfulness is resolved. |
| Complaint | Lodge a complaint with us or a supervisory authority. |
5.2 How to exercise rights
Email (recommended): Send a request to fuwu@acosmi.com with the subject line "[Minor Privacy Rights Request] — [type of request]". Please include:
- Your full name and relationship to the minor;
- The minor's account email address or phone number;
- A description of the right you wish to exercise and any relevant context;
- A copy of a valid government-issued ID for yourself (as guardian), to allow us to verify your identity and relationship to the child. We will handle the ID copy in accordance with our Privacy Policy and delete it once verification is complete.
Phone: Call 4000269678 (international callers: please check country-specific dialling prefixes for calls to China). State "Minor Privacy Rights Request" to the agent. Hours: Monday through Friday, 09:00–18:00 CST (excluding public holidays).
Response timeframe: We will acknowledge your request within three business days and provide a substantive response within 30 calendar days. If we need additional time due to the complexity of the request, we will notify you before the initial deadline and will not exceed an additional 30-day extension.
5.3 Identity verification
To protect children from unauthorised requests, we verify that the requestor is the child's parent or legal guardian before acting on any rights request. We may ask for documentation such as a birth certificate, adoption order, court order granting guardianship, or equivalent. We will not use the identity-verification documents for any purpose other than verifying your relationship to the child.
6. If we discover a child registered without guardian consent
6.1 Discovery triggers
We may become aware that a child has registered without guardian consent through:
- the minor self-reporting their age during or after registration;
- a guardian contacting us to report unauthorised registration;
- a court order or law-enforcement notice.
6.2 Our response
Upon forming a reasonable belief that a user younger than 13 has registered without verifiable parental consent, or that a user below the applicable digital-consent age has registered without valid guardian consent, we will:
- Immediately suspend data-processing activities beyond basic account maintenance;
- Send a guardian notice to the email address or phone number associated with the account, explaining the situation and offering a seven-day window to provide consent;
- If consent is provided within the window, resume normal service;
- If no consent is received, delete the account and all associated personal information (subject to legally required retention obligations) within five business days of the window closing;
- Proactively contact the guardian regarding any outstanding paid balance or subscription entitlement to arrange a refund (see Section 7).
7. Payments and refunds involving minors
7.1 Payment responsibility
Paid features (subscriptions, credit top-ups, Trusted Timestamp purchases, and other transactions described in our Payment Policy) require payment to be completed by an adult with legal capacity to contract. We do not permit minors to independently bind payment methods or complete subscription agreements without guardian oversight.
7.2 Guardian refund rights
If a guardian discovers that a minor completed an unauthorised payment through the Services, the guardian may request a refund on the basis that the minor lacked the legal capacity to enter into a binding contract. To request a refund, the guardian should provide:
- The minor's account information;
- Payment records or transaction screenshots;
- A brief explanation of why the payment was made without guardian authorisation;
- The guardian's identity documentation.
We will review the request and communicate our decision within 10 business days. Approved refunds will be returned to the original payment method. Refund requests should be sent to fuwu@acosmi.com or via phone 4000269678.
Nothing in this section limits rights that may be available to the guardian under applicable consumer-protection or contract law.
7.3 Prevention
Guardians are encouraged to: keep payment credentials secure; enable device-level spending limits; and check account billing history regularly. If you notice unexplained charges, contact us immediately.
8. AI content safety and minors
8.1 Nature of AI-generated content
Our Services use large language models (LLMs) to generate text, code, and analytical output. Guardians should be aware that:
- Content filters are imperfect. Despite our best efforts, AI-generated content may occasionally be inappropriate for younger audiences. Parental supervision is the most effective safeguard.
- AI output is not professional advice. Legal, medical, financial, and technical content generated by the AI is for informational and assistance purposes only; it does not constitute professional advice. Minors should be guided to treat AI output critically and consult qualified professionals where needed.
- AI models can produce inaccurate information. LLMs are capable of "hallucination" — generating plausible but incorrect information. Guardians should help minors understand this limitation.
8.2 Screen-time and usage management
We encourage guardians to set reasonable limits on the amount of time minors spend using AI tools. Practical steps include:
- Using device-level screen-time management features (available on iOS, Android, and major desktop operating systems);
- Reviewing the account's conversation history periodically via the account dashboard;
- Establishing household rules about the types of queries minors may submit to AI assistants.
We will assess whether product-level usage-time controls specifically for minors are warranted and will implement them where legally required or where they represent good practice given our user base.
8.3 Reporting inappropriate content
If a minor or their guardian encounters content that is inappropriate, harmful, or that appears to target or exploit children, please report it immediately:
- In-product feedback button: available within the Acosmi web and mobile interfaces.
- Email: fuwu@acosmi.com with subject "Content Safety Report".
We will triage all safety-related reports within 24 hours of receipt.
9. Account deletion
9.1 Guardian-initiated deletion
Guardians have the right to request deletion of a minor's account and all associated personal information. Account deletion is an irreversible operation. Before requesting deletion, please ensure that:
- any unused paid balance has been refunded (see Payment Policy);
- any data that the minor or guardian wishes to retain has been exported; and
- all active subscriptions have been cancelled to prevent future charges.
9.2 Deletion channel
Account deletion is currently handled through customer support following identity verification; a self-service deletion path is being rolled out. Both guardians and minors aged 16 or older may use the assisted channel below — there is no need to wait for the self-service feature to become available.
9.3 Guardian-assisted deletion (recommended channel)
Where a guardian cannot access the minor's account directly, or wishes to exercise the deletion right formally on the minor's behalf:
- Email: fuwu@acosmi.com with subject "[Minor Account Deletion Request]", attaching proof of guardian identity and the minor's account details.
- Phone: 4000269678, Monday through Friday, 09:00–18:00 CST.
We will verify the guardian's identity and complete the deletion within 10 business days of receiving complete documentation.
9.4 What is retained after deletion
Following account deletion, we delete or anonymise personal data from production systems within 15 business days. Certain records are retained for the legally required period only:
- Transaction records and invoices: as required by applicable tax and accounting law (typically up to 7 years in China; varies in other jurisdictions).
- Records required by anti-money-laundering or identity-verification regulations.
- Data subject to a legal hold, court order, or regulatory inquiry.
Full details are available at Account Deletion Guide.
10. Changes to these Rules
10.1 How we notify you of changes
We may update these Rules to reflect changes in applicable law, our products, or our data practices. When we make a material change — including expanding the categories of information we collect about children, changing our data-sharing practices, or altering guardian-consent mechanisms — we will:
- update the "Last updated" date at the top of this page;
- send direct notice to guardians of child accounts via the email address or phone number on record; and
- where the change requires fresh consent, suspend the relevant processing until the guardian has provided it.
Minor editorial corrections (e.g., fixing typos, clarifying existing practices without substantive change) may be made without prior notice.
10.2 Previous versions
Archived versions of these Rules are available on request by emailing fuwu@acosmi.com.
11. Contact and complaints
11.1 Children's privacy contact
We have designated a responsible person for children's personal information protection within the Xiezhua group. To reach this person, submit your request through our standard contact channels (below) and note "Attn: Children's Privacy" in your message.
11.2 Contact details
| Channel | Details |
|---|---|
| Support email | fuwu@acosmi.com |
| Support hotline | 4000269678 (also written 400-026-9678) |
| Hours | Monday–Friday, 09:00–18:00 CST (excluding public holidays) |
Requests relating to children younger than 13 will be prioritised. We aim to acknowledge all such requests within two business days.
11.3 Supervisory authority complaints
If you believe we have processed a child's personal information in violation of applicable law, you have the right to lodge a complaint with the relevant supervisory authority:
EU/EEA users: The data-protection authority (DPA) of the EU member state in which you reside. A full list of EU DPAs is available at the European Data Protection Board website.
UK users: The Information Commissioner's Office (ICO), ico.org.uk.
US users: The Federal Trade Commission (FTC) at ftc.gov/complaint, or your state attorney general.
Other jurisdictions: Your local data-protection or consumer-protection authority.
We encourage you to contact us first at fuwu@acosmi.com so that we have the opportunity to address your concern directly before you escalate to a supervisory authority.