FanRuan products can be installed by customers at locations they choose, through local installation, server deployment, integration into other systems and cloud providers chosen by customers (with deployment managed by customers) or use of cloud services through authentication. FanRua's product deployment options are listed below. To confirm how the product you purchased is deployed, please contact your organization's system administrator/IT department.
|Product deployment mode||Description|
|Use of the designer locally||
Deploy FineReport to Web Application Server, types of deployment:
|Private cloud deployment||The License Server returns the authorized functions, authorized access domain name, authorized access port, authorized access expiration date and other information to the Report Server for verification. If verified, the Report Server will enter normal access routines, or otherwise it will be considered unauthorized.|
|Public cloud deployment||Compared with private cloud verification, if a customer is unwilling to provide physical information or set up a server locally in some cases, FanRuan will support public cloud registration.|
Which data is sent to FanRuan through a customer's use of any customer management deployment?
2.1.1 Procedure: generate registration information locally and e-mail such information to the business department of FanRuan for the generation of licenses on the basis of any signed contracts, and then send the licenses back to customers. The flow also applies to the procurement of additional functions.
2.1.2 Registration information: generally including MAC address, machine code, server project name, product version information
2.1.3 Four ways of registration supported by FineReport:
2.2.1 Procedure : Get an activation code through FineReport official website, enter the activation code in the designer to activate it and each machine can be activated once. Network connection is not required for activation. The activation information will be saved in a related local file.
2.3.1 Platform user login: This occurs after products are deployed. The administrator will configure username, password and other information and, once logged in, may choose not to verify the login until the session of a traced user times out or the user chooses to log out
2.3.2 Authorization: Authorization determines the operation permissions granted through authorization management (with such permissions to be determined by the administrator). Data for user authorization (i.e., usernames, passwords, department, etc.) is only saved locally. In these cases, authorization or authentication data will not be sent to FanRuan
please refer to the table below
|Collection and use of product usage data (Non-identifiable data)||Time of data being sent to FanRuan|
[If data return is enabled, then:]
2.4.1 FanRuan uses collected data for analysis, so that we can have a better understanding of the technological environment of software installation and user behavior in products and then optimize, support and improve our products and services. Any collected data received is analyzed on a macro, statistical basis. Collected data is identifiable at the customer level (i.e., company name), but non-identifiable at the individual (user) level. As we do not collect/process personal data, privacy laws (e.g., GDPR) do not apply to such collection/processing. However, users can opt out of current data collection. Users may opt out if they wish by changing the settings in FineReport settings. Additionally, the Admin user represents the organization as a whole, who may opt out of the organization by changing FineReport settings.
2.4.2 To enable data return and analysis, our products may collect data on usernames (which might include personal data) as other providers do in China, which data will be encrypted during processing.
For data in server and designer: data tracker is stored locally with customers. Such data will be sent to overseas websites by default (including the non-simplified Chinese version). Return of data (non-identifiable data) is disabled for the time being and there is a "Product Improvement Program" checkbox which is unchecked by default. Even if the checkbox is checked, data return is still disabled currently. If users agree, we might consider enabling data return in the future.
For data in mobile terminal: data return can be disabled in "About" on the App. It is enabled by default. Mobile terminals of both a personal designer and a server will release the pre-notification function for data return in the new version.
2.4.3 Please refer to FanRuan User License Agreement in PDF format to obtain more details on which information will be collected and why (website, clauses).
Customer management deployment collects business data in a log file (the "log file"), which is composed of non-personal statistics, system statistics and usage data generated by FanRuan products and can be used for auditing, monitoring and troubleshooting. Logs include application usage data and logs for collection: stored locally, these log files might include user IDs (possibly including personal data, please refer to section 2.4). System logs: fanruan.log, stored locally, which records system operation and environmental information. If the highest-level logging is enabled, log files might contain pieces of data processed by our products, possibly including personal/sensitive content. These logs can be used for auditing, monitoring and troubleshooting in the development and debugging.
Generally, no. Log files are saved locally in the customer environment. However, customers may send log files and other data to FanRuan, so as to help address faults/technical problems. Any content sent to FanRuan Support is processed only to solve technical problems, securely stored and subject to our access and data retention policies. It is recommended that log files and any other data content sent to FanRuan be processed to address faults/support problems in accordance with general IT best practices concerning security and access permissions.
Customer management deployment may be configured through Platform Management to adjust the data captured in log files. For more details on log files listed by product type, please refer to the link at the end of this Policy.
The development of new versions is still underway, with possible adjustments to functions or release time. For new functions already released, see Release History. The stable version will be uploaded by default on the overseas official website, and existing customers have to upgrade to experience released new functions. A preview of new functions might be released on the official website and risk disclosure will be made on the corresponding page of the preview
The only personal data received by FineReport Standard is authentication information (e.g., FineReport Standard accounts). FineReport Standard also processes and uses the usage/statistical data in connection with cloud products, so as to (1) help solve problems and (2) make analysis on a generally anonymous basis to ensure service quality and product improvement.
Aliyun, Santa Clara, California, USA.
We will not change the location of the cloud server for the time being
If you attach personal data and files to the application (it is not mandatory to provide FanRuan with true personal data and we recommend you anonymize the data before sending it to FanRuan) or if a FanRuan employee has to solve a problem by accessing your account (which is unlikely), then the employee can access to your real data and files.
FanRuan employees have no access to the user content on FineReport Standard, unless (1) users share it with FanRuan staff (e.g., in the context of consulting services), or (2) FanRuan is prompted by customers to access a single piece of content for troubleshooting, in which case only a limited number of specific FanRuan staff can access a single piece of content for troubleshooting, and only under strict control.
4.5.1 Where are FineReport cloud services hosted ?
FineReport Standard is hosted by Aliyun.
4.5.2 Retention of content data
Users may delete the application at any time, with relevant content controlled by users. Once deleted by users, all information hosted by FineReport in the application will be deleted immediately and back-up data will be deleted after a period of time, which conforms to our internal data retention rules. Sleeping applications (i.e., applications that have been inactive for more than 12 months in an account) may be deleted by FineReport.
For FineReport Standard subscription, all users can control who can access applications shared by individual while group owners can control who can access applications created and shared as a part of their workgroups.
With respect to FineReport Standard, other users will not see the application before the application creator releases the application to users. Users control who is invited to view the application within their authorizations.
The information below describes when FanRuan serves as a data processor and/or data controller (as defined by GDPR or similar legislations).
FineReport is a data controller for personal data. FanRuan collects and processes to manage, maintain and improve our products, for example, authentication data such as usernames and passwords, and usage data such as login frequency, daily usage and traffic/usage in each country. It helps FanRuan better allocate resources and serve FanRuan customers and/or improve FanRuan services. When receiving user subscription, FanRuan, like all other businesses, maintains a database of customer and partner contacts for billing, marketing and other general business purposes. FanRuan processes this data in accordance with privacy laws and maintains appropriate security protection for such data. Storage/input of the personal data content that can be used to identify a particular individual is not the primary function of FineReport, which complies with the principle of data minimization and anonymization under the GDPR. FanRuan does not recommend that users insert their personal data into our applications
FanRuan is usually not a data processor for customer management deployment. This is because any content customers choose to store or create locally remains in customers' systems. FanRuan cannot access such content; therefore, customers, not FanRuan, are the data controller and data processor of such content under data protection laws. There might be exceptions if a customer chooses to share the content in customer management deployment coincidentally containing personal data when FanRuan offers support or consultation services to the customer. The sharing shall be at the customer's own discretion and personal data content shall be anonymized or minimized by the customer as per the best practices for data anonymization/minimization in privacy laws. Hence, customers usually need not to sign a data processing agreement with FanRuan. For further questions about data processing agreements, please contact firstname.lastname@example.org
FanRuan implements privacy design agreement and considers privacy as a local component of its R&D/product development process. For example, hierarchical authorization management: different departments share a system and each department has its own administrator who authorize the employees in that department, that is, level-to-level distribution by hierarchical administrators. Hierarchical administrators can only authorize within the scope of their respective duties. Unless the application creator or a person with administrator account affirmatively grants the access to the application to another user, only the application creator can access the application by default.
FanRuan has realized that compliance with privacy/data protection laws, especially the GDPR, is the primary consideration of customers and partners. For this purpose, some useful features in FanRuan's products can help you comply with the requirements of the GDPR. Further information is available at FanRuan User License Agreement
For further information, please contact FanRuan representatives you often contact or email@example.com
For privacy information concerning FanRuan's website and general business, please visit https://www.finereport.com/en/privacy
|License verification||Files containing machine information – MAC addresses and machine codes – should be returned. Whether the server is registered should be confirmed first.|
|Extranet requests/server connections||Server: extranet and FanRuan server requests can be managed through a unified switch in Platform settings, and in Korean version it is off by default. FanRuan server is deployed in China.
Designer: extranet requests can hardly be controlled when the designer is started and the designer reads system caches when it is started; if there is no cache, then FanRuan server requests will be on.
|Data transmission||Please refer to session 2.4|
|Use of third-party services||JDK: openjdk1.8 is used in FineReport.
Font: no fonts embedded; system fonts called.
Maps: open APIs of Mapbox, Baidu, etc (borders of China in those maps have been adjusted to those recognized by China).
|Technical support and assistance||JDK: an installation package using openjdk1.7 will be sent if customers need.
Logs: it is generally required to send %FR_HOME%\logs\fanruan.log (system logs) to assist troubleshooting.
The information contained herein is accurate as of (date). FanRuan reserves the right to change its product privacy practices from time to time and encourages you to view this Policy for any updates. This Policy is for reference only and does not constitute a part of customer contract terms