D.Run (China)

The privacy policy says personal information may be transferred, stored, and processed outside the user's country/region, and the platform stores business data in the data center selected by the customer. No EU region or EU-only processing option was found in the provider's primary-source materials. The security whitepaper also says backups are stored in multiple geographic regions.

Personal information is stored only for the period necessary to fulfill the purposes in the privacy policy, then deleted or anonymized according to law. If deletion is technically difficult or data remains in backups, processing is stopped except for storage and necessary security measures, and backup copies are deleted when backups are updated.

The privacy policy says the provider collects API call records, GPU/resource metrics, and model interaction data including uploaded text, images, voice inputs, datasets, and model outputs for service response, operations/statistics, security analysis, performance optimization, billing, and service operation. It also states that for customer business data, unless otherwise required by law or agreed, d.run acts only as a technical service provider processing such data within the customer's instructions and stores business data in the customer-selected data center.