Version:v20250314

Xiaomi Cloud Privacy Policy

Our Privacy Policy was updated on March 6, 2025.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

Overview

  1. Introduction

  2. Definition of personal information

  3. What information we collect and how we use it

3.1 Collection of personal information

3.2 Personal information collected from third parties

3.3 Non-personally identifiable information

  1. How we share your personal information with third parties

  2. The legal basis for processing your personal information

  3. Retention period

  4. Managing your privacy preferences

  5. Your data protection rights

  6. Exercising your data protection rights and contacting us

  7. How your personal information is transferred globally

  8. Your obligation to provide personal information

  9. Automated processing of your personal information (including profiling)

  10. How this Privacy Policy is updated

1. Introduction

This product and related services are provided by Xiaomi Technology Netherlands B.V., Xiaomi Technologies Singapore Pte. Ltd., and/or our affiliated companies (hereinafter referred to as "Xiaomi", "we", "our", or "us") to allow you to store, sync, manage, and share your data.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, transfer, protect, and process any information that you give us or that you allow third parties to provide to us when you use Xiaomi Cloud and related services. You may consult the privacy policies of the relevant products or services for terms and conditions regarding collection and use of personal information when you use other products or services and other data protection matters. Additional information on our security mechanisms and policies on minors can be found on https://privacy.mi.com/all/languages/.

Ultimately, what we want is the best for all our users. Should you have any questions about our data handling practices regarding personal information as summarized in this Privacy Policy, please contact us via https://privacy.mi.com/support to address your specific concerns. We will be happy to hear from you.

2. Definition of personal information

For the purpose of this Privacy Policy, "personal information" means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information about that individual available to Xiaomi, unless otherwise specified by applicable law in your jurisdiction. "Personal information" includes identifying information such as name, contact information, ID number, location information, and online identifiers (such as Xiaomi Account ID). We will use your personal information strictly following this Privacy Policy.

3. What information we collect and how we use it

3.1 Collection of personal information

The purpose of collecting personal information is to provide you with products and/or services. To this end, we will process personal information for the following purposes:

  • Data sync: Xiaomi Cloud is a data storage service platform that provides users with cloud storage space and related services. With Xiaomi Cloud, you can sync your messages, call history, contacts, notes, Browser settings, Wi-Fi settings, recordings, Home screen layout, apps, calendar events, Blocklist items, and App vault across all connected devices. You must grant the related permissions to use each synchronization service. Likewise, you can turn each service off at any time. To provide these services, we need to collect the following information. Rest assured that we take all appropriate measures to protect the security of your data in the cloud, including encryption when needed.

    • SMS data stored on your device (including SMS content, your phone number, the phone numbers of people you contact, SMS sending time, sending status, pinned conversations, and numbers of private SMS);

    • Call history data stored on your device (including time and duration of calls, phone numbers of people you contact, and your phone number);

    • Contacts stored on your device (including contact name, phone number, address, email, nicknames, remarks, and profile photos);

    • Contact card data (including name, phone number, address, email, nickname, remarks, profile photo, and card status) (this information is only collected when you turn on this feature);

    • Notes data stored on your device (including note content, photos in notes, and times of edits);

    • Browser data stored on your device (such as browsing history, bookmarks, cloud tags, library, video playback history and favorites, frequently-visited websites, and popular modules);

    • Data on your local Wi-Fi settings (including Wi-Fi name and password);

    • Recordings stored on your device (including recording content, as well as time of creation, duration, and types of recordings and marked points and other recording file information);

    • Home screen layout and related data (including Home screen database and default Home screen settings file);

    • App data (including icons of installed apps and APK files);

    • Calendar data stored on your device (including event name, time, description, location, and name of the person who invited you);

    • Blocklist and exceptions for incoming calls and SMS (including numbers on your Blocklist or exceptions, types and states of these numbers, Blocklist version number, spam keywords and statuses, DND mode VIP list, and call history);

    • App vault data (including favorites and settings);

    • Bluetooth information (including Bluetooth name and password);

    • Items stored in password manager (including third party apps' accounts and passwords);

    • Data on your frequent phrases (including frequent phrases in your editor); and

    • Books stored on your device.

Note: If you turn on SMS or call history synchronization services, we will obtain your mobile phone number through the activation of your SIM card. To provide this service, we will collect the IMSI, ICCID, and Line1 Number of your SIM card. When you turn on synchronization services, we will also collect your device IMEI (or device OAID when using Android Q) in order to verify your identity.

When you turn on synchronization services for Recorder, App vault, and Blocklist, you must agree to their individual privacy policies. Please ensure that you have carefully read and fully understood these policies, just as you have read this Privacy Policy.

Please rest assured that we will prohibit any of our employees or any third party from directly accessing the content of your personal information without your consent. For the security of your personal information, we will make sure all Xiaomi employees are informed of our rules on privacy and security, and strictly implement internal privacy protection measures.       We will take all applicable measures to ensure the security of your data stored in the cloud. We use off-site storage, maintaining a distance of at least 60 km between storage centers. We also ensure multiple backups, including primary-secondary mutual backups and offline backups. We also periodically check data consistency. Additionally, your personal data (such as Wi-Fi password) will be stored in the Xiaomi Cloud server only after being encrypted. We also take role-based data access control measures to prevent any unauthorized access.

  • Cloud management: You can manage your data stored in the cloud by signing in to i.mi.com or using the desktop client. Each time any of the above data changes (for example, you receive a new SMS), we will encrypt the data and send it to the server, where it will be further encrypted. Similarly, when data on the server changes (for example, you edit your call history through i.mi.com or the desktop client), your mobile terminal devices will receive a push message as well as the changed data from the server. This synchronization will be encrypted. To check the details of your cloud storage usage, organize your data, or select a different cloud storage plan, you can sign in to i.mi.com, use the desktop client, or go to Settings > Xiaomi Account > Xiaomi Cloud on your mobile device. To provide these services, we will collect the total storage space size, size of permanent space, size of used and remaining space, types of stored data, and statistical information on newly added data.

  • Find device: Find device helps you to locate, lock, or erase the data from your mobile device remotely in the event that it is lost or stolen. You may do so by using any device that has access to the internet or by signing in to i.mi.com on your computer. To provide this service, we will collect your current phone number so that we can send SMS instructions to your mobile phone if it is misplaced, lost, or stolen. To ensure that you can use this feature, we will automatically access the internet to activate your SIM card when you change or get a new one. When you use the location feature through i.mi.com or the desktop client to locate your mobile device, the device will send its current location information to Xiaomi servers through the internet or SMS. To provide this service, we will collect information on the primary and nearby base station, nearby Wi-Fi information, GPS information (longitude and latitude used for precise positioning), and device identifier (IMEI/OAID/MAC address used to distinguish between located devices). Whether or not GPS positioning and Wi-Fi are turned on on your device, these features will be automatically activated upon receipt of the SMS instructions sent by Find device. You can turn this feature off in Settings at any time. When turning this feature off, you'll need to enter your Xiaomi Account password to confirm the action.

  • Survey participation. When you participate in surveys that we organize, the specific types of personal information you're asked to enter in each survey (e.g. age range, gender, country or region of residence, occupation, income range, etc.) will always be available for you to view when you open the survey. You can exit the survey at any time before submitting the survey if you no longer wish to participate. When providing personal information during a survey, you can select "Prefer not to say" or an equivalent answer.

  • Participation in promotional activities. If you sign up to participate in promotional or marketing activities through any platform provided by Xiaomi, we will process the personal information requested for each activity (e.g. name, email address, phone number, city of residence).

3.2 Personal information collected from third parties

The use of Xiaomi products and services may require the prior provision of personal information via Xiaomi Account. To more easily sign in to your Xiaomi Account and fill in account information, you can authorize a third-party account (e.g. Google Account, Facebook, Apple Account) to pair with your Xiaomi Account. With your consent, we'll sync your nickname, photos, email address, and other information from the third-party account to your Xiaomi Account.

Please note that we will ensure the security of your information through means such as encryption, but handling of your personal information by third parties is subject to the privacy policy of the relevant third party. For this reason, we encourage you to read the third party's Privacy Policy just like you read ours. You can cancel authorization for third parties at any time in "Accounts and permissions" on https://account.xiaomi.com/.

3.3 Non-personally identifiable information

We will also collect other types of information which are not directly or indirectly linked to an individual and which may not be defined as personal information according to applicable laws. This information is defined as non-personally identifiable information. We may collect, use, transfer, disclose, and otherwise process non-personally identifiable information. This information may include statistical data generated when you use a specific service, such as daily usage, page views, page view times, session events (when this information can't be used to identify you), and interaction and error records generated during your use of our services. The purpose of such collection is to improve the services we provide to you, for example, by correcting errors. The type and amount of information collected depends on how you use our services. We aggregate this information. In its aggregated form, data is not personal information and cannot be used to identify you. However, if we combine non-personally identifiable information with personal information, such combined information will be treated as personal information for as long as it remains combined.

4. How we share your personal information with third parties

To ensure that we provide you with the products and services described in this Privacy Policy, we may share necessary personal information with Xiaomi affiliates, service providers, business partners, and other third parties, including:

  • Public administrations, in case of specific requirements in accordance with applicable regulations.

  • Courts and tribunals, in case of specific requirements in accordance with applicable regulations.

  • Law enforcement agencies, in case of specific requirements in accordance with applicable regulations.

5. The legal basis for processing your personal information

We need a lawful basis upon which to process your personal information in accordance with the law. Where applicable according to the law in your jurisdiction, the legal bases for processing your personal information under this Privacy Policy are:

  • To comply with contractual obligations. When you create a profile or account or access Xiaomi products and services, the purposes of processing your personal information are primarily determined by that service and we will process your personal information so that we can provide that service to you. Please note that providing some of your personal information is mandatory (e.g. when marked as such or with an asterisk). If you do not provide such personal information, we may not be able to provide you with our products or services.

  • As a result of your consent. You can choose to provide us with personal information to allow us to provide you with this product and its related services. For example, you may provide us with a phone number or upload a profile photo.

  • On the basis of Xiaomi’s legal obligations. As a data controller, Xiaomi is subject to legal obligations. In some cases (e.g. storing your personal information as a result of a dispute or at the request of a data protection supervisory authority), the processing of your personal information will be necessary for us to be able to fulfill these obligations.

  • Within the scope of a legitimate interest. On occasion, and considering the minimum privacy impact to you, the processing of your personal information may be necessary for the following legitimate interests:

  • Information system security, network security, and cybersecurity within Xiaomi.

  • To enhance system security, prevent phishing website fraud, and protect account security.

  • Corporate operations, due diligence, and internal audits (in particular, related to information security and/or privacy).

  • Product development and enhancement (including analysis and optimization of Xiaomi Account settings or features).

6. Retention period

As a general rule, we retain personal information for the period necessary for the purposes described in this Privacy Policy, or as required by applicable law. We will cease to retain and delete or anonymize personal information once the purpose of collection is fulfilled, or after we confirm your request for erasure, or after we terminate the operation of the corresponding services, except when required or permitted by applicable law. In this case, your personal information will be isolated and will not be further processed except for the attendance of legal responsibilities and other purposes permitted by applicable law. In such circumstances, your personal information will be made available exclusively to the parties permitted by applicable law. Once the corresponding retention periods have elapsed, such personal information will be deleted or anonymized.

7. Managing your privacy preferences

We recognize that privacy concerns vary from person to person. Therefore, we provide some examples of ways for you to restrict the collection, use, disclosure, or processing of your personal information and to control your privacy settings:

  • You can access and update the details relating to account security, personal information, permissions, and device management in Settings > Xiaomi Account > Xiaomi Cloud, or sign in to https://i.mi.com;

  • If you have previously agreed to us using your personal information for the aforementioned purposes, you may change your mind at any time by contacting us on https://account.xiaomi.com;

  • If you wish to cancel your Xiaomi Account, you may do so by following the steps in Settings > Xiaomi Account > Help > Delete account, or by visiting https://account.xiaomi.com.

Please note that the cancellation of your Xiaomi Account or deletion of your personal information will prevent you from using the full range of Xiaomi products and services. To protect your or others' legitimate rights and interests, we will judge whether or not to support your request for cancellation based on your use of various Xiaomi products and services.

8. Your data protection rights

You have certain rights in relation to personal information that we hold about you (hereinafter referred to as the "request"). Please note that depending on where you are based, these rights will be subject to specific exclusions and exceptions under applicable local law:

  • Right to access/obtain a report detailing the personal information we hold about you. A copy of your personal information processed by us will be provided to you upon your request free of charge. For any extra requests for relevant information, we may charge a reasonable fee based on actual administrative costs according to applicable law. You can also sign in to your Xiaomi Account to view the personal information about you that we hold.

  • Right to correct your personal information. If any information we are holding on you is incorrect or incomplete, you are entitled to have your personal information corrected or completed based on the purpose of use. You can also sign in to your Xiaomi Account to correct your personal information.

  • Right to erase your personal information. Based on the requirements of applicable law, you have the right to request the deletion or removal of your personal information where there is no compelling reason for us to keep using it. We shall consider the grounds regarding your erasure request and take reasonable steps, including technical measures, to proceed with the erasure of your personal information. Please note that we may not be able to immediately remove the information from the backup system due to applicable law (for instance, when necessary to preserve your personal information for potential claims which may arise out of or in relation to the processing of such personal information) and/or security technology limitations. If this is the case, we will securely store your personal information and isolate it from any further processing until the information can be deleted or be made anonymous.

  • Right to object to the processing of your personal information. You have the right to object, on grounds relating to your situation, to processing of your personal data which is based on Xiaomi’s legitimate interest (e.g. direct marketing). If you object to such processing, we will no longer process your data for these purposes unless we can demonstrate compelling legitimate grounds for such processing or for the establishment, exercise, or defense of legal claims.

  • Right to restrict the processing of your personal information. You have the right to restrict the processing of your personal information by us, for instance, when the processing is unlawful according to your understanding, but you oppose the erasure of your personal information. In such cases, your personal information will only be processed with your consent or for the exercise or defense of legal claims. Please note that Xiaomi Account settings include the options to freeze and unfreeze your account.

  • Right to data portability. Under some circumstances provided by law, you have the right to receive the personal information concerning you in a structured, commonly used, and machine-readable format and/or transmit that personal information to another data controller.

  • Right to withdraw consent. In those cases where your consent is required for the processing of your personal information, you may withdraw your consent at any time. However, please note that if you withdraw your consent, you may not be able to continue to use the product and its related services, and/or access certain information, features, or services. The withdrawal of your consent or authorization will not affect the validity of our collection and processing carried out on the basis of the consent up until the point of withdrawal.

You may also access, update, and delete the details relating to the personal information in your Xiaomi Account at https://account.xiaomi.com or by signing into your account on your device. For additional information, please write to us or contact us via https://privacy.mi.com/support.

9. Exercising your data protection rights and contacting us

If you have any comments or questions about this Privacy Policy or any questions relating to Xiaomi's collection, use, or disclosure of your personal information, or you want to exercise your data protection rights according to the above section, feel free to contact us by visiting https://privacy.mi.com/support or at the below addresses (your request should be made in writing). When we receive questions about personal information or requests to download or access items, we have a professional team that addresses such concerns, including Data Protection Officers (DPOs), who can be contacted via https://privacy.mi.com/support, or at the below postal addresses. If your question itself involves a significant issue, we may ask you for more information. If you consult us, we will provide information on the relevant complaint channels that may be applicable based on your actual situation.

  • For users located in the European Economic Area (EEA), UK, and Switzerland: Xiaomi Technology Netherlands B.V., Prinses Beatrixlaan 582, The Hague 2595BM Netherlands

  • For users located in India: Xiaomi Technology India Private Limited, Building Orchid, Block E, Embassy Tech Village, Outer Ring Road, Devarabisanahalli, Bengaluru, Karnataka - 560103, India Any discrepancies and grievances with respect to processing of sensitive personal data or information shall be informed to the designated Grievance Officer as mentioned below:

    Name: Vishwanath C

    Telephone: 080 6885 6286, Mon-Sat 9 AM to 6 PM

    Email: grievance.officer@xiaomi.com

  • For users in other countries and regions: Xiaomi Technologies Singapore Pte. Ltd., 1 Fusionopolis Link #04-02/03 Nexus @One-North, Singapore 138542

Make sure that you provide sufficient information to enable Xiaomi to verify your identity and ensure that you are the data subject or legally authorized to act on the data subject's behalf. Once we obtain sufficient information to confirm that your request can be processed, we shall proceed to respond to your request within any timeframe set out under applicable data protection laws.

We have the right to refuse to process requests that are not meaningful, manifestly unfounded or excessive, requests that damage others' right to privacy, extremely unrealistic requests, and requests that require disproportionate technical work, as well as requests not required under local law, regarding information that has been made public, and regarding information given under confidential conditions. If we believe that certain aspects of the request to delete or access the information may result in our inability to legally use the information for the aforementioned anti-fraud and security purposes, it may also be rejected. We will inform you of any such decision not to process your request and the grounds of this decision if required by applicable law, in the event of which we will inform you within any timeframe set out under applicable law.

If you are not satisfied with the response you received from us in relation to your personal information, you can hand over the complaint to the relevant data protection regulatory authorities in your jurisdiction. If you're located in the European Economic Area (EEA), the UK, or Switzerland, you can find a list of primary competent authorities here: EEA / UK / Switzerland

10. How your personal information is transferred globally

Xiaomi processes and backs up personal information through a global operating and control infrastructure. Currently, Xiaomi has data centers in India, the Netherlands, Russia, and Singapore. For the purposes described in this Privacy Policy, your information may be transferred to these data centers in accordance with applicable law.

We may also transfer your personal information to third-party service providers and business partners and your data may therefore also be transmitted to other countries or regions. The jurisdictions in which these global facilities, third-party service providers, and business partners are located may or may not protect personal information to the same standards as in your jurisdiction. There are different risks under different data protection laws, and we may transfer and store your personal information to other locations. However, this does not change our commitment to comply with this Privacy Policy and to protect your personal information.

In particular:

  • Except for data transfers allowed under Russian law, personal information collected and generated during our operations in Russia will be processed and stored in data centers operated in Russia.

  • Personal information collected and generated during our operations in India will be stored in data centers operated in India.

If we need to transfer personal information outside of your jurisdiction, whether to our affiliates, third-party service providers, or business partners, we will comply with related applicable laws. We ensure that all such transfers meet the requirements of applicable local data protection laws by implementing uniform safeguards. You can find out about the safeguards that we have in place by contacting us on https://privacy.mi.com/support.

  • If you use our services in the EEA, UK, or Switzerland, Xiaomi Technology Netherlands B.V. will act as the data controller and Xiaomi Technologies Singapore Pte. Ltd. will be responsible for processing some of your personal information. If Xiaomi shares personal information originating from you in the EEA, UK, or Switzerland to a Xiaomi Group entity, third-party service provider, or business partner outside the EEA, UK, or Switzerland (please see Section 4 above for further information), where local law may not protect personal information to the same standards as in your country or region, Xiaomi will use EU Standard Contractual Clauses or any other safeguards provided for in the GDPR or in applicable UK or Swiss law to protect your information in accordance with the highest European standards.

11. Your obligation to provide personal information

As stated above, if you do not provide some required personal information, you may not be able to use this product or its related services, or we may not be able to respond to your queries. Refer to section 3 (What information we collect and how we use it) for more information.

12. Automated processing of your personal information (including profiling)

In principle, we do not use the personal information you provide for fully automated decision-making processes, including profiling. In the event that we should use such processes, we will specifically inform you in advance of this and your rights in this respect, including consent information.

13. How this Privacy Policy is updated

We review this Privacy Policy periodically based on changes in business, technology, applicable law, and best practices, and we may update this Privacy Policy. If we make significant material changes to this Privacy Policy, we will notify you via a pop-up dialog, email (sent to the email address specified in your account), or another legal and practicable method, so that you can understand what information we collect and how we use it. Such changes to the Privacy Policy will apply from the effective date specified in the notice. We encourage you to check this page regularly for the latest information on our privacy practices. Where required by applicable laws, we will ask for your explicit consent when we collect additional personal information from you or when we use or disclose your personal information for new purposes.