Privacy Policy for "Inks / 见字"

Version: v1.0

Effective Date: May 28, 2026

Developer: Wenpeng Wang (Indie Developer)

Contact Email: hachineko@yeah.net

Contact WeChat: nekooohachi

Scope: This application currently applies to the Mainland China Apple App Store release. If it expands to other countries or regions in the future, this policy will be updated according to the actual release scope, features, and applicable rules.

System Support: iOS 17.0 or later (subject to the actual online version).

1. Information We Process

1.1 Content You Create (Letters/Writing)

• Letter content, titles, letter lists, writing content, etc. are saved ONLY on your local device by default.
• Your first letter, local letter browsing, statistics viewing, and other basic experiences can be completed without signing in. Creating new letters afterward requires signing in with an Apple account to register a cloud account.
• We do not automatically upload your letter content, nor do we report any data related to letter content through analytics/tracking.
• When you actively export, share, import, upload custom resources, or use future cloud delivery features, related files or resources will be processed locally or transmitted over the network according to the action you choose.
• This app uses encryption/anti-interception designs for local content to enhance on-device data security (implementation may be optimized with version iterations).
• This app supports File Sharing to facilitate your management of locally stored data when necessary.

1.2 Cloud Account and Sync Data

When you actively use Apple sign-in, cloud account profile, badges, entitlement restoration, custom avatar, custom stickers, or other cloud features, we may process the following information:

• Identity credentials returned by Apple sign-in, Apple user identifier, and email address if provided by Apple;
• Local profile identifier, cloud user identifier, device identifier, device model, system version, app version, language, and time zone;
• Nickname, birthday, motto, avatar, and other account profile information that you actively set;
• Purchase entitlements, subscription status, device authorization, feature trial quota, badges, and other account-related status;
• Custom avatars, custom stickers, and other custom resources that you actively upload and that are connected to cloud services.

The current version does not automatically upload letter bodies, attachments, or letter resources as cloud backups. Account profile sync is used only for cloud account, entitlements, badges, avatars, custom stickers, and other cloud-connected features.

1.3 Usage Statistics (Analytics/Tracking)

When you enable "Data Analytics/Sharing", we may collect and report event data NOT containing letter content, used to improve experience and optimize paywall performance, such as:

• Feature usage events: Which features/visual effects are used, usage frequency, etc.
• Setting events: Whether "Data Analytics/Sharing" is enabled/disabled.
• Paywall related events: Trigger source, dwell time, page interactions, etc.
• The above events may include necessary technical context fields, such as device model, system version, and app version (see 1.5 for details).

We DO NOT collect or upload any letter body, letter list, or privacy text in analytics.

Regional Distribution (Independent Links):

• Mainland China: Statistical data is sent to the developer's self-hosted analytics service (AnalyticsHub).
• Non-Mainland China runtime environments: Statistical data may be processed by PostHog Cloud according to the device/system region. The first release is only supplied on the Mainland China App Store, but review, testing, or user device region settings may trigger the corresponding regional link.
• The two links operate independently and do not back up or re-transmit data between each other.

Offline & Retry Mechanism: When the device is offline, events may be temporarily stored in a local queue; they will be sent automatically when the connection is restored. If you disable "Data Analytics/Sharing", event reporting will stop.

1.4 In-App Purchases

• Purchases and payments are processed by Apple. We do not collect payment information such as bank card numbers.
• We may submit App Store transaction credentials or transaction status to our self-hosted backend to verify purchases, bind cloud account entitlements, restore entitlements, and process device authorization.
• When you enable "Data Analytics/Sharing", we report purchase-related events (such as paywall views, purchase success/failure, restore purchases, etc.) to analyze conversion rates and optimize user experience. These events do not contain sensitive payment information, only necessary fields like Product ID and Source Page.

1.5 Technical Information & Identifiers (For Analytics, Account, and Security)

When Data Analytics/Sharing is enabled, or when you use cloud account, purchase verification, or privacy request features, we may process the following technical information to provide analytics, account services, and security:

• Device & App Information: Device model, system version, app version, language, time zone, etc.
• Identifiers:
• User ID: A random unique identifier (UUID) generated at first launch, stored in the local database.
• Device ID: Prioritizes using the system-provided Identifier for Vendor (IDFV); if unavailable, degrades to a randomly generated identifier, persisted via Keychain.
• Session ID: Temporary identifier generated at each launch.
• Network Information: When your device sends data to our servers, your Internet Protocol (IP) address is automatically recorded in server logs as part of a standard HTTP request. We collect IP addresses for:
• Prevention of abuse and abnormal access detection (e.g., frequent requests, malicious attacks);
• Rough geographic area analysis (only to the country/region level, no precise positioning);
• Technical troubleshooting and service stability monitoring.

We do not actively use IP addresses to identify your real identity, nor do we use them for precise location tracking. Server logs are cleaned regularly, and IP addresses are typically retained for no more than 90 days.

1.6 Privacy Request Contact Information (Export/Delete Request)

When you initiate an export or deletion request for statistical data in the App Settings page, we process the following additional information:

• Contact Email (contactEmail): Used to notify you of the processing results.
• Request Note (requesterNote, optional): Used to assist manual processing.
• Request Metadata: Such as request time, device identifier, user identifier, region information, app version, etc.

The above information is used only to process your data rights requests (export/delete) and for audit logging, not for advertising.

1.7 Biometric Features (FaceID / TouchID)

When you use security features like "App Lock" or "Hidden Letters", we may invoke the iOS local authentication framework.

• Local Validation Only: The validation process takes place entirely within your device's Secure Enclave.
• No Collection: We cannot access, store, or upload your raw biometric data (face, fingerprint). The app only receives a "Success" or "Failure" result returned by the system.

These identifiers are used to distinguish statistics, cloud account status, and entitlement status across different devices/users. We follow the principle of minimization and do not use these identifiers to read or infer your letter content. In cloud account, purchase entitlement, and device authorization scenarios, they may be associated with account status only to the extent necessary to provide the corresponding feature.

2. Permissions Usage

Photo Library Usage Description:

When you choose to save statistical cards, letter screenshots, exported images, or Live Photos to your album, the app requests add-only photo library permission. When you actively select images for avatars, custom stickers, or letter decoration, the app reads only the images you choose. We only process content that you actively select or save.

FaceID / Biometric Usage Description:

We use FaceID/TouchID to protect your letter privacy, used only for locally unlocking the app or hidden content. When you enable App Lock or access hidden content, the app requests authentication. This permission is used only for local verification to protect your privacy; we do not acquire your biometric data.

Motion Usage Description:

We use device motion sensors to provide dynamic lighting effects for stickers.

Location Usage Description:

We need your location information (only while using the app) to provide location-based letter unlock features (such as "arrive" or "stay" restrictions). Location unlock conditions you set are stored locally with the letter access configuration. Runtime geofence checking is completed on your device, and we do not upload your real-time location or movement tracks to any server.

3. Information Sharing & Third-Party Services

We do not sell your personal information. To provide data analytics capabilities, when you enable Data Analytics/Sharing, we may share necessary event data and technical information with the following service providers:

• PostHog Cloud: For product analysis and tracking statistics in non-Mainland China runtime environments. The first release is only supplied on the Mainland China App Store, but review, testing, or user device region settings may trigger the corresponding regional link.
• AnalyticsHub (Developer's self-hosted backend, deployed on Mainland China servers): For analytics/operational statistics processing in Mainland China.
• Developer's self-hosted privacy request ticketing system: For receiving export/deletion requests, status circulation, and result notification.
• Apple: For Apple account sign-in, App Store in-app purchases, subscription management, refunds, and other system capabilities.
• Developer's self-hosted cloud services: For cloud account sign-in, account profiles, avatars, custom stickers and other cloud-connected custom resources, badges, entitlements, purchase verification, device authorization, and remote configuration.

After you submit an export/deletion request, the developer will perform manual processing on the corresponding processing platform (AnalyticsHub / PostHog) and fill the results back into the ticketing system.

Shared data does not contain letter content or private text. We take reasonable measures to limit the scope of data use.

If the App automatically selects the PostHog Cloud link in a non-Mainland China runtime environment, relevant statistical data may be transferred cross-border to PostHog Cloud for processing. Such processing is typically based on your consent after enabling "Data Analytics/Sharing" and the necessary processing required to improve the service experience. You can withdraw your consent at any time by turning off the switch in Settings.

4. Data Security & Storage

• Letter content is stored ONLY on your local device by default.
• Analytics data storage and transmission: Analytics data from Mainland China runtime environments is stored on the developer's self-hosted server. Non-Mainland China runtime environments may use PostHog Cloud or the developer's self-hosted server according to region. All network transmissions use TLS/SSL (HTTPS) encryption technology.
• Cloud account profiles, avatars, custom stickers and other cloud-connected custom resources, badges, entitlements, purchase verification, device authorization, and related data are stored in the developer's self-hosted cloud services to provide account and entitlement features that you actively enable.
• Privacy request ticket data (e.g., requestId, status, contact email, processing notes) is stored in the developer's self-hosted backend database for progress tracking and audit recording.
• Privacy request ticket data is retained for the period necessary to process requests, keep audit records, and comply with legal requirements. After the retention period, it will be deleted or anonymized unless otherwise required by laws and regulations.
• We take reasonable security measures (such as transmission encryption, access control, etc.), but internet transmission does not guarantee absolute security.
• This app does not use non-exempt encryption (ITSAppUsesNonExemptEncryption is false).

5. Your Rights & Choices

• Disable Data Analytics/Sharing: You can disable this feature in Settings; reporting stops immediately upon disabling.
• Boundaries of Revoking Consent: After turning off "Data Analytics/Sharing", only new statistical event reporting will stop; this does not affect processing activities already completed based on legal grounds prior to the withdrawal. Ticket and audit records related to export/deletion requests will be deleted or anonymized upon expiration of the statutory or necessary period.
• Request Export of Statistical Data: You can submit an export request in the Settings page. The system will create a ticket and return the request status. The final result will be notified via email and/or in-app status notification.
• Request Deletion of Statistical Data: You can submit a deletion request in the Settings page. The system will create a ticket and enter the manual processing flow.
• Export Complete App Data: You can export local data packages (such as local letters, settings snapshots, etc., subject to the actual version) in the Settings page.
• Delete Complete App Data: You can delete local data in the Settings page. This operation is irreversible.
• Delete Local Data (System Level): You can also delete local data by deleting the app; re-installing will generate a new local user identifier.
• Cloud Account Data: You can manage cloud account profile, avatar, and related content in the App profile/account pages. You can also request processing of cloud account profile, custom stickers and other cloud-connected custom resources, entitlement records, and related data through the contact methods listed in this policy. We will handle such requests according to account status, legal requirements, and necessary audit records.
• Cloud Account Deletion: You can delete your cloud account and associated cloud personal data in the App. Deleting a cloud account does not cancel App Store subscriptions. Subscription cancellation, refunds, and payment records must still be handled through your Apple account or Apple Support.

If a future version expands to regions where laws such as GDPR/UK GDPR apply, we will process your data rights requests within the statutory time limit (usually within 30 days, or extended if necessary and notified according to law).

6. Protection of Minors

This app is intended for general users and is not specifically directed at children under 13. We do not knowingly collect personal information from children under 13; if discovered, we will delete it as soon as possible.

7. Updates to Policy

We may update this Privacy Policy from time to time. Major changes will be notified via in-app prompts or accessible locations.

8. Contact Us

Email: hachineko@yeah.net

WeChat: nekooohachi

*This document was updated to v1.0 on May 28, 2026. First release note: This policy reflects the current iOS first-release feature scope, including local letters, cloud accounts, analytics, purchase verification, photo library, location, biometric authentication, and related data processing.*