Privacy Policy — Hitek Nova Ltd.
Last updated: 1 June 2026
Version: 0.5 DRAFT — pending final legal review
This draft is published for transparency about how Hitek Nova Ltd. handles personal data. It will be replaced by the final, legally reviewed version once that review is complete.
At a glance
- Who we are: Hitek Nova Ltd. (registration number 0313995949), registered in Vietnam.
- What we collect: business contact information (name, email, phone, company, billing address, tax ID), payment details (via PayPal), and — when you use TestPod — device data such as identifiers, diagnostic results, and erasure records.
- Why we collect it: to provide the TestPod service, send invoices, respond to support requests, and meet our legal obligations.
- We do not currently send marketing emails. If we offer an optional newsletter or product-update subscription, we will collect your email only with your consent.
- We share data with: PayPal, our service backend at api.testpod.space, our customer chat provider (Facebook), our video host (YouTube), and our hosting provider. We do not sell your data.
- You can: ask what we have, correct it, delete it, withdraw any consent, or file a complaint. Email privacy@hiteknova.com.
- We store data: only as long as needed, then we delete or anonymize it.
- Your data may be processed outside Vietnam (United States, where some of our service providers operate). We use legal safeguards.
1. Who we are and our role
We are Hitek Nova Ltd. ("Hitek", "we", "us", "our"), a company registered in Vietnam under business registration (MST) number 0313995949.
- Registered office: C60 Xom Chieu, Xom Chieu Ward, Ho Chi Minh City, Vietnam
- Trading website: https://hiteknova.com
- Product website: https://testpod.space
- Privacy contact: privacy@hiteknova.com
Role of Hitek
For customer account, billing, website, payment, and support data, Hitek Nova Ltd. acts as the personal data controller because we decide why and how that information is processed.
For device data, diagnostic reports, erasure records, operator activity, or other information processed through TestPod on behalf of a business customer, Hitek may act as a processor / service provider. In that case, the business customer is responsible for ensuring it has the right to collect and submit the data to TestPod, and Hitek processes the data according to the customer's instructions, our agreement, and applicable law.
For Vietnamese personal data protection law purposes, including Law No. 91/2025/QH15 on Personal Data Protection (in effect from 1 January 2026), Decree 356/2025/ND-CP, and other applicable implementing regulations, Hitek complies with the applicable obligations of personal data controllers, processors, and controller-processors where relevant. For EU/UK GDPR purposes, Hitek acts as controller for our own customer account, billing, website, payment, and support data, and may act as processor where we process personal data on behalf of a business customer.
2. People we collect information about
We mainly collect information about:
- Customers and prospective customers of TestPod and other Hitek products
- Customer representatives, employees, and operators using TestPod on behalf of a customer
- Visitors to our websites
- People who contact us for support, sales, or business inquiries
- Administrators of our back-office (Hitek employees only)
3. Information we collect
We collect personal information in three ways: (a) information you give us, (b) information we collect automatically, and (c) information from third parties.
3.1 Information you give us
When you register for TestPod (customer registration form):
- Company name and tax ID
- Contact person's full name
- Email address
- Phone number (with country code)
- Country
- Billing address (up to three address lines)
- Choice of printer model and label size
- Service preferences (diagnostics, auto-erase, auto-print-label flags)
- Payment information (processed by PayPal; if you pay in cryptocurrency, the transaction ID — we do not store full card numbers)
- Your PayPal account email (so we can reconcile incoming payments to your account)
When you contact us through the contact form or booking form: full name, email, phone, company name, country, message content.
When you subscribe to email updates (optional, with your consent): email address.
When a customer creates accounts for its employees or operators to use TestPod: name, email, username, role, access permissions, login logs, and activity logs of those operators.
When an administrator signs in to the back-office (Hitek employees only): username, hashed password, IP address, timestamp.
3.2 Device and service data processed by TestPod
When you (or your operators) use TestPod to test, erase, label, or report on devices, certain technical information is processed. This data may not always be personal data on its own, but it can become personal data when linked to a customer, operator, device owner, invoice, or report.
Device and service data may include device identifiers such as serial number, IMEI/MEID where applicable, model information, capacity, battery information, lock or account status, SIM/carrier information where available, diagnostic results, erasure records, labels, report links, timestamps, station identifiers, and operator activity.
TestPod is not designed to collect or upload personal content stored on tested devices, such as photos, contacts, messages, call history, documents, app content, or browsing history. TestPod processes the technical condition and service data of a device, not the private content stored on it.
TestPod may record technical or aggregate device-state metadata needed for diagnostics or erasure verification, but it is not designed to collect or upload the actual personal content stored on the device.
Where this data is processed on behalf of a business customer, Hitek acts as processor under that customer's instructions (see Section 1).
Report access may require authentication or a unique report link. Customers are responsible for controlling who they share report links with.
3.3 Information we collect automatically
- IP address of the device used to access our website (used to detect abuse).
- Browser and device information sent automatically by your browser.
- Pages visited and actions taken, stored in server logs.
- Cookies and similar technologies (see Section 12).
3.4 Information from third parties
- From PayPal: payment status, payer identifier, transaction reference. We do not receive card numbers.
- From Facebook Customer Chat (if you use the chat widget): your chat messages and Facebook profile name.
3.5 Information we do not collect
- We do not knowingly collect personal information from anyone under 16.
- We do not collect special-category data (health, biometric, racial, religious, political, sexual orientation, etc.).
- We do not currently use Google Analytics, Meta Pixel, TikTok Pixel, Hotjar, or any behavioural-advertising trackers.
4. How we use your information
| Purpose | What it covers | Legal basis |
|---|---|---|
| Account creation and management | Creating your TestPod account, enabling login, sending technical setup instructions, hardware provisioning | Performance of a contract — Vietnam Law 91/2025/QH15 / GDPR Art. 6(1)(b) / LGPD Art. 7, V |
| Billing and payment reconciliation | Generating invoices, processing payments via PayPal, matching incoming PayPal payments to your account, sending receipts | Performance of a contract + legal obligation (Vietnamese accounting / tax law) |
| Customer support | Responding to your questions, troubleshooting, handling warranty claims | Performance of a contract |
| Service delivery, including TestPod device flows | Sending you device tracking codes, diagnostic reports, erasure certificates, and product updates that are part of the service | Performance of a contract (controller for our account/billing data; processor for device data processed on behalf of a business customer) |
| Operator account management (B2B) | Provisioning operator accounts and access on behalf of a business customer, logging operator activity for the customer | Processor under the customer's instructions and applicable agreement |
| Security and fraud prevention | Logging admin sign-ins, monitoring for suspicious activity, anti-bot honeypots | Legitimate interests / legal obligation |
| Legal compliance | Retaining invoices for tax, responding to lawful requests | Legal obligation |
| Improving our product and support | Reviewing customer feedback, support requests, error reports, and service performance information | Legitimate interests |
| Marketing communications | We do not currently send marketing emails. If we offer an optional newsletter or product-update subscription, we will collect your email only with your consent and you can withdraw it at any time. | Consent — GDPR Art. 6(1)(a) / LGPD Art. 7, I / Vietnam Law 91/2025/QH15 |
We will never use information collected for billing/support purposes to send marketing without separately asking for your consent.
5. Data Processing Agreements with business customers
Where Hitek processes personal data on behalf of a business customer (for example, device data, operator activity, and reports generated by that customer's use of TestPod), the customer remains responsible for having a lawful basis to collect and upload that data. We process such data according to our agreement with the customer, the customer's instructions, our data processing terms, and applicable law. We can provide or agree appropriate data processing terms with business customers where required. Contact privacy@hiteknova.com to discuss.
6. Who we share your information with
| Recipient | Purpose | Where they process data |
|---|---|---|
| api.testpod.space (our service backend) | Storing customer accounts, devices, billing, support tickets. Operated by Hitek and our affiliates. | United States (Google Cloud, us-central1) |
| PayPal | Processing payments; we store your PayPal account email to reconcile payments | Singapore, United States, with offices in EU |
| Meta Platforms Ireland Ltd. (Facebook) | Customer Chat widget on our website — loaded only after you accept third-party cookies | EU, with data flows to United States |
| Google Ireland Ltd. (YouTube) | Embedded product videos on our website — loaded only after you accept third-party cookies | EU, with data flows to United States |
| StableHost LLC | Website hosting; default outbound SMTP for transactional emails | United States |
| Professional advisers (accountants, auditors, lawyers) | Legal, tax, and audit support | Vietnam, possibly other jurisdictions |
| Government authorities | Only when legally required (court order, regulatory request, tax filing) | Vietnam |
We do not sell or rent your personal information to anyone for any purpose.
We do not share your personal information with advertising networks or data brokers.
We do not currently use a third-party email or SMS service. Transactional email is sent via our hosting provider's mail server. We do not send SMS.
If we ever undergo a corporate transaction (merger, acquisition, sale of assets), personal information may be transferred. We will notify you in advance.
7. International data transfers
Some of our service providers (notably PayPal, Google Cloud, Meta, and Google/YouTube) are based in the United States and other countries outside Vietnam and the European Union.
When personal data is transferred from Vietnam, the EU, the UK, or Brazil to a country that has not been recognized as providing an "adequate" level of data protection, we use the legally required safeguards:
- From Vietnam: we comply with applicable Vietnamese requirements for cross-border transfer impact assessments and related filings where required under Law No. 91/2025/QH15 and its implementing regulations.
- From the EU/UK/Brazil: where required, we rely on appropriate transfer safeguards made available by our service providers, such as Standard Contractual Clauses or equivalent contractual/data-transfer mechanisms.
You can request a copy of the safeguards we use by emailing privacy@hiteknova.com.
8. How long we keep your information
We aim to retain personal data only for the periods listed below, unless a longer period is required by law, needed to resolve disputes, enforce agreements, provide support, or maintain security. Some deletion or anonymization may occur during normal backup rotation or periodic maintenance rather than immediately.
| Data | Retention period |
|---|---|
| Customer account information (name, email, company, address, tax ID) | For the duration of your account, plus 6 years after account closure to support legal claims and warranty obligations |
| Billing records, accounting documents, and invoices | Up to 10 years from the document date or as otherwise required by the Vietnamese Law on Accounting and tax regulations. Some accounting documents may have shorter or longer mandatory retention periods. |
| Support tickets and chat history | 3 years after the ticket is closed |
| Device data and diagnostic reports processed on behalf of a business customer | Retained according to the customer's instructions and our agreement with that customer. Unless otherwise agreed, we retain such records while the customer account is active and delete or anonymize them after account closure, subject to backup cycles, legal requirements, and any retention needed to resolve disputes or provide support. |
| Marketing consent records (when applicable) | For as long as the consent is active, plus 2 years after withdrawal, as proof of past consent |
| Email subscription | Until you unsubscribe, plus 30 days to process the unsubscribe |
| Administrator login logs | 12 months |
| Server logs and error logs (including IP) | 90 days |
| Cookies | See Section 12 |
| Backups containing the above | Rolling 30-day cycle. Data persisting in a backup is fully deleted when that backup rolls off. |
9. Your rights
Depending on the country you are in, you have some or all of the following rights:
- Right to know / Right of access. Confirm whether we hold your personal information and request a copy.
- Right to correction. Fix information that is wrong or out of date.
- Right to deletion ("right to be forgotten"). Delete your personal information, unless we have a legal reason to keep it (e.g. tax records).
- Right to restrict processing. Stop using your information while we investigate a complaint or correct an error.
- Right to object. Object to specific uses of your information.
- Right to data portability. Get a copy of your information in a machine-readable format.
- Right to withdraw consent. Where processing depends on your consent, withdraw it at any time.
- Right to lodge a complaint. Complain to us at privacy@hiteknova.com or to a supervisory authority — see Section 14.
- Right not to be subject to fully automated decision-making. We do not currently make any such decisions about you.
We will respond to any rights request within 30 days of receiving it. We may extend by 60 days for complex cases and will tell you why. We may need to verify your identity. There is no charge unless the request is clearly excessive.
If you are using TestPod on behalf of a business customer, please direct rights requests to your employer first; we will support them in fulfilling your request.
10. How to exercise your rights
Email privacy@hiteknova.com with: your full name and the email address associated with your account, what right you want to exercise, and (optionally) the country you are in.
We acknowledge within 5 business days and respond fully within 30 days.
11. Security
We use commercially reasonable technical and organizational measures: HTTPS for all traffic, password hashing, access controls, regular software updates, logging and monitoring of administrative access, anti-bot honeypot fields, and captcha on administrator login.
No method of transmission or storage is 100% secure. If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
12. Cookies and similar technologies
A "cookie" is a small text file that a website saves on your device. We use cookies in three ways:
| Type | Purpose | Examples | Consent needed? |
|---|---|---|---|
| Strictly necessary | Keep you signed in, remember language, security | PHP session cookie, language preference, cookie-consent state | No |
| Functional | Functional cookies requested by the user, such as language preference or interface preference | Language preference | No |
| Third-party (chat, video) | Facebook Customer Chat; YouTube embeds | Cookies set by facebook.com and youtube.com | Yes |
We do not use analytics cookies, advertising cookies, or cross-site tracking pixels.
Facebook Customer Chat and YouTube video embeds are blocked from loading until you accept third-party cookies through our cookie banner. You can change your choice at any time using the "Cookie settings" link in the footer.
13. Children's privacy
Our service is intended for businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
14. Changes to this policy
We may update this policy from time to time. For material changes to your rights, we will update the effective date, notify you by email if you have an account, and display a prominent notice on the website for at least 30 days.
The current version is always at https://hiteknova.com/post/policy. Older versions on request.
15. Contact and complaints
General privacy contact
Email: privacy@hiteknova.com
Post: C60 Xom Chieu, Xom Chieu Ward, Ho Chi Minh City, Vietnam — attention: Data Protection contact.
Vietnam — Supervisory authority
You may complain to the competent personal data protection authority designated under Vietnam's Law on Personal Data Protection and its implementing regulations.
European Union / United Kingdom
You can lodge a complaint with your local Data Protection Authority. EU DPA list: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK: Information Commissioner's Office at https://ico.org.uk.
Brazil
LGPD (Law 13.709/2018) applies. Authority: Autoridade Nacional de Proteção de Dados (ANPD), https://www.gov.br/anpd.
California
If California privacy law (the CCPA as amended by the CPRA) applies to us, California residents may have rights including the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell personal information, we do not use behavioural advertising or cross-context tracking, and we do not run analytics or advertising pixels on our website.
Canada
PIPEDA applies. Complain to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
v0.5 DRAFT — pending final legal review. Last updated 1 June 2026.