Privacy Policy

Version: 1.0
Effective Date: 2026-02-10
Last Updated: 2026-02-10

1. Scope and Definitions

1.1 Scope

This Privacy Policy explains how Jiaxu Li ("we", "us", "our") processes personal data when you: (1) visit and use our websites, pages, and online services that link to this Policy (collectively, "Website"); (2) install or use our applications, including iOS/macOS apps distributed via Apple platforms (collectively, "App"); and (3) communicate with us (e.g., email, support tickets, feedback forms). This Policy applies only to processing activities that we control or determine. Apple and other platform providers may independently process data under their own policies (see Section 13).

1.2 Definitions

  1. "Personal Data" means information that identifies or can reasonably be linked to an identifiable individual.
  2. "Processing" means any operation performed on data (e.g., collection, use, storage, disclosure, deletion).
  3. "Controller" means the entity that determines purposes and means of processing.
  4. "Processor" means an entity that processes personal data on behalf of a controller.
  5. "Sensitive Personal Data" means special categories of data subject to enhanced protections under applicable law.
  6. "Device Data" means technical information generated by your device or operating system.
  7. "Local-First / On-Device Processing" means processing performed on your device without transmitting underlying content to our servers as a default architecture.

1.3 Contact

Data Controller: Jiaxu Li
Email: lijiaxudeapple@icloud.com
DPO/Representative: Not appointed (not required at current scale).
Note: No physical address is collected or published here.

2. Processing Principles

  1. Privacy-by-Design and Default. Privacy-protective defaults to reduce collection and exposure.
  2. Data Minimization. Process only what is reasonably necessary.
  3. Purpose Limitation. Use data only for explicit, legitimate purposes described here or at collection.
  4. Least Privilege and Access Control. Restricted access for authorized personnel/providers.
  5. Local-First Architecture. Prefer on-device processing; minimize transmitted data when network use is required.
  6. Encryption and Key Separation. Industry-standard encryption; logical key separation where supported; no guarantee of absolute security.
  7. No Sale of Personal Data. No selling, renting, or trading of personal data.
  8. Lawful, Necessary, Minimum Disclosure. Disclosures, if any, follow lawful authority and minimum scope.
  9. User Choice and Consent. Optional/diagnostic data only with consent where required.

3. Data Categories and Collection Methods

3.1 Default Position: Limited Collection

Core functions often work without accounts and without uploading user content.

3.2 Data You Provide

Contact data; support/feedback content; user inputs for features. Local-first design keeps content on device when feasible; if server interaction is needed, in-product notice is provided.

3.3 Technical and Diagnostic Data

Limited device/app info, crash/diagnostic data, and security logs as needed for performance and security; optional diagnostics are opt-in where required.

3.4 Account Data (If Applicable)

Only if accounts exist; otherwise not applicable.

3.5 Payment and Subscriptions

App Store purchases handled by Apple; we receive only minimal metadata for entitlements and fraud prevention.

3.6 Cookies and Similar Technologies

See Section 5.

3.7 Data We Do Not Intend to Collect

No intentional collection of government IDs, precise real-time geolocation, or sensitive categories unless explicitly required with notice/consent.

4. Purposes of Processing and Legal Bases

Purposes: service delivery, security/fraud prevention, reliability/debugging, support, legal compliance, optional communications. Legal bases (jurisdiction-dependent): contract necessity; legitimate interests (security/minimal logging, subject to objection); consent (optional analytics/diagnostics, non-essential cookies, marketing where applicable); legal obligation; vital interests (rare).

No automated decision-making with legal or similar significant effects by default.

5. Cookies, SDKs, Analytics, and Tracking

Default: no cross-site tracking. Essential cookies may be used for core operation. Optional analytics/SDKs, if used, are disclosed with opt-in/opt-out controls. If none are used, non-essential analytics/SDKs are off by default. Global Privacy Control signals honored where legally required (see Annex B).

6. Data Sharing and Third-Party Disclosures

No sale/rent/trade of personal data. Sharing only with processors under contract, for legal compliance, legitimate business transfers, or aggregated/de-identified form. Third-party links/integrations follow their own policies.

7. Government and Law-Enforcement Requests

Respond only to legally valid, properly scoped requests; verify authority, review scope, challenge overbroad demands, disclose minimum required data, maintain records where permitted. Local-first and encryption mean we may not possess readable user content in ordinary operations.

8. Data Retention and Deletion

Retain only as necessary. Defaults: Support tickets 24 months after closure; security logs 90 days; optional crash/diagnostics 180 days then deleted/aggregated; website logs 30 days; account data (if any) until deletion plus up to 180 days for legal/security. Deletion requests per Section 11; legal/security exceptions may delay final deletion. Local data can be removed via uninstall or in-app deletion; OS backups may retain residual data.

9. Security Measures and Risk Notice

Measures include encryption in transit and, where appropriate, at rest; key/environment separation where supported; access controls and audit logging; secure development and vulnerability management; incident response. No absolute security; users should secure devices and credentials.

10. Minors

Not intended for children below the applicable age without required consent. Additional notices/controls apply for family/education contexts if relevant.

11. Your Rights and How to Exercise Them

Rights may include access, correction, deletion, restriction, objection, portability, consent withdrawal, and non-discrimination (jurisdiction-dependent). Submit requests to lijiaxudeapple@icloud.com with sufficient detail for verification. Responses follow legal timelines and exceptions. In-app controls available where provided.

12. Cross-Border Transfers

When data is processed outside your region, we apply required safeguards (e.g., SCCs, technical measures, transfer assessments) per applicable law. See Annex C and D for specifics.

13. Apple Platform and App Store Boundary Terms

Apple may independently process data under Apple policies. This Policy covers only processing we control. App Store transactions handled by Apple; we keep minimal metadata for entitlements/fraud prevention. Permissions requested only when feature-dependent; manageable in OS settings.

14. Updates to This Policy

We may update for legal, technical, or operational reasons. Material changes will include reasonable notice and an updated Last Updated date.

15. Governing Law and Dispute Resolution

Chosen Default: Laws of England and Wales govern this Policy. Disputes are subject to the exclusive jurisdiction of the courts of London, England, except where mandatory local consumer law provides otherwise.

EEA/UK Consumer Protection: EEA/UK consumers may bring proceedings in local courts and rely on mandatory consumer protections.

Note on Mandatory Local Laws: Mandatory laws in your country/region may apply regardless of this choice of law.

Annex A: International (General) Addendum

Controller: Jiaxu Li; Email: lijiaxudeapple@icloud.com; No physical address published. Service providers: hosting, security, optional analytics/diagnostics, support tooling (primarily US-based unless otherwise stated). Retention follows Section 8; no sale of data.

Annex B: United States Addendum (CCPA/CPRA Notice)

Categories: identifiers (email if provided), internet/network activity (IP, logs), device information, diagnostics (opt-in). No sale or cross-context behavioral “sharing” by default. Sensitive personal information not used in ways requiring “limit” rights. Rights: know, access, delete, correct, opt out of sale/share (not applicable by default), limit sensitive use (not applicable), non-discrimination. Global Privacy Control honored on the Website where applicable. Contact: lijiaxudeapple@icloud.com. Retention per Section 8.

Annex C: European Economic Area/UK Addendum (GDPR/UK GDPR Notice)

Controller: Jiaxu Li (individual). Representative: not appointed (not legally required for current scale). DPO: not appointed. Legal bases: Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests (security/minimal logging; objection right applies); Art. 6(1)(a) consent for optional analytics/diagnostics and non-essential cookies; Art. 6(1)(c) legal obligation. Special category data not expected; if needed, explicit notice and Art. 9 condition will apply. International transfers use SCCs and supplementary measures when needed. Retention per Section 8. Supervisory authority right to complain preserved.

Annex D: Mainland China Addendum (PIPL/DSL/CSL Notice)

Personal Information Handler: Jiaxu Li. Contact: lijiaxudeapple@icloud.com. Phone: not provided. Data is primarily processed/hosted in the United States. If cross-border transfer from Mainland China occurs, required procedures (e.g., standard contract filing or assessment) will be completed and separate consent obtained where required, with notice of recipient, purpose, and data types. Sensitive personal information is not processed by default; if a feature requires it, prominent notice and separate consent will be obtained. Rights: access, copy, correction, deletion, withdrawal of consent, account cancellation (if applicable), and explanation of processing rules, subject to legal exceptions. Retention per Section 8.

2026 Jiaxu Li