Privacy Policy
Effective Date: May 19, 2025
Version: 1.0
Legal Basis and Principles
We process personal information in accordance with applicable laws, adhering to the following principles:
- Legality: Data is processed only with consent, contract fulfillment, or legitimate interests
- Minimization: Collect only the minimum data necessary for service purposes
- Transparency: Clearly inform users about data processing methods and rights
- Security: Implement industry-standard measures to protect data security
Data Processing Details
1. Types of Information Collected
| Category | Examples | Legal Basis |
|---|---|---|
| Identity | Email, GitHub account, avatar | Contract/User consent |
| Transaction | Order ID, payment status, amount | Contract fulfillment |
| Technical | IP address, device fingerprint, browser type | Legitimate interest (security) |
| Behavioral | Page dwell time, feature usage frequency | User consent (non-essential cookies) |
2. Data Usage Explanation
- Core Services: Account management, order processing (required)
- Service Optimization: Heatmap analysis for UI/UX improvements (consent-based)
- Security Protection: Abnormal login detection, DDoS defense (legitimate interest)
- Marketing: Product update emails (requires separate consent)
International Data Transfers
- Cross-border Scenarios: When processed by international service providers
- Safeguards: Standard contractual clauses, data encryption/anonymization
- Right to Know: Contact webmaster for specific transfer path map
Data Sharing Mechanism
1. Third-party Providers
| Service Type | Provider Example | Data Processing Agreement | Privacy Policy Link |
|---|---|---|---|
| Payment | Stripe | DPAs signed | stripe.com/privacy |
| Analytics | Google Analytics | Data anonymization | policies.google.com |
2. Legally Required Disclosures
- Compliance with court orders or legitimate government requests
- Will assess legality and minimize disclosure scope
User Rights Summary
You have the following rights (as permitted by applicable law):
- Right to Know: Obtain full explanation of data processing
- Right to Rectify: Update account info online or request corrections
- Right to Erasure: Trigger conditions include unnecessary data, consent withdrawal
- Right to Object: Refuse data processing based on legitimate interests
Data Retention Policy
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account | Active period + 5 years dormant | Auto-anonymize |
| Transaction | Legal financial period (typically 7 years) | Secure erase |
| Behavioral | Maximum 24 months | Periodic purge |
Security Protection System
1. Technical Measures
- AES-256 encrypted storage
- Full-site HTTPS enforcement (HSTS preload)
2. Organizational Measures
- Employee least-privilege access
- Annual privacy compliance training
3. Breach Response
- Report to regulators within 72 hours
- Notify affected users after risk assessment
Cookies & Tracking Technologies
| Type | Example | Purpose | Management |
|---|---|---|---|
| Essential | session_id | Maintain login | Cannot be disabled |
| Preference | lang_pref | Remember language | Adjust in account settings |
| Analytics | _ga | Traffic stats | Consent on first visit |
| Advertising | fb_pixel | Conversion tracking | Disable via cookie banner |
Minor Protection
- Age Limit: No registration for users under 13 (COPPA compliance)
- Parental Control: Submit birth certificate to webmaster to request deletion of minor accounts
Policy Update Mechanism
Notification Methods:
- Website banner (major changes)
- Registered email (account-related adjustments)
Dispute Resolution & Regulatory Authority
- Contact webmaster to initiate mediation