Privacy Policy
Plain-language summary: Our apps are designed to work on your device without sending your data to us. When we do process data (e.g. for support, or to show advertising in our free tiers) we do it on a strict minimum-necessary basis, we tell you exactly what we collect, and we let you opt out, delete, or export at any time. We comply with GDPR, CCPA/CPRA, LGPD, PIPL, COPPA, the UK Data Protection Act 2018, Australia’s Privacy Act 1988, Canada’s PIPEDA, Singapore’s PDPA, Hong Kong’s PDPO, South Korea’s PIPA, Japan’s APPI, India’s DPDPA 2023, Thailand’s PDPA, Malaysia’s PDPA 2010, the UAE’s PDPL, and other applicable laws.
Table of contents
- 1. Scope of this policy
- 2. Data controller & contact information
- 3. What data we collect, and why
- 4. Data practices of our mobile applications
- 5. In-app purchases (IAP) and subscriptions
- 6. Advertising (IAA) and ad mediation partners
- 7. Ad formats we use (splash, rewarded, interstitial, banner)
- 8. Google Play Store & app store policies
- 9. Children, minors & age-gating
- 10. Country & region-specific provisions
- 11. Your rights under GDPR, CCPA/CPRA, LGPD, PIPL and other laws
- 12. Data retention
- 13. Data security, encryption & breach response
- 14. International data transfers
- 15. Cookies, SDKs and tracking technologies
- 16. Do Not Sell or Share My Personal Information
- 17. Changes to this policy
- 18. How to contact us
1. Scope of this policy
This Privacy Policy applies to all websites, web applications, mobile applications, support channels and services operated by Beijing Jingrui Yuetao Technology Co., Ltd (Jingrui Yuetao, we, us, our), including but not limited to the website jingruiyt.com and the following published mobile applications distributed on the Google Play Store (and any successor or replacement product):
- TrailTrace — Offline Route Parser
- CurioVault — Collection Asset Filing System
- MuseCatch — Writing Inspiration Engine
- LoadLog — Sports Load Calculator
- SlipSnap — Household Bill Local Scanner
- Cadence — Periodic Habit Tracker
This policy does not cover third-party websites, services or applications that we do not control, even if they are linked from our apps or our website. We encourage you to read the privacy notices of every service that collects personal data.
2. Data controller & contact information
The data controller responsible for your personal data is:
Beijing Jingrui Yuetao Technology Co., Ltd
Registered address: Room 407-4190, Shilibao Town Government Office Building, No. 67 Xidaqiao Road, Miyun District (Cluster Registration), Beijing, 100000, CN
Email: support@jingruiyt.com
Key account email: duanzhizhi@jingruiyt.com
For users in the European Economic Area, the United Kingdom or Switzerland, we act as the data controller within the meaning of the General Data Protection Regulation (GDPR). For users in California, we act as the business within the meaning of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA). For users in Brazil, we act as the controller within the meaning of the Lei Geral de Proteção de Dados (LGPD). For users in the People’s Republic of China, we act as the personal information processor within the meaning of the Personal Information Protection Law (PIPL).
Where required by law, we have appointed representatives in the European Union, the United Kingdom, the United States, Brazil and other jurisdictions. Details of those representatives are available on request.
3. What data we collect, and why
We collect the minimum amount of data needed to operate our services. The table below explains, in plain language, what we collect, why we collect it, and the legal basis on which we rely (where applicable).
3.1 Data you provide to us
- Support correspondence — when you email us, submit a contact form, or open a support ticket, we receive your name, email address and the contents of your message. Lawful basis: contract performance, legitimate interest.
- Enterprise enquiries — if you contact our key account team, we collect business contact details (name, role, employer, work email, country) so we can follow up. Lawful basis: pre-contractual measures, legitimate interest.
- Newsletter / product update subscriptions — if you opt in, we collect your email address. Lawful basis: consent.
3.2 Data collected automatically when you use our apps
- App diagnostics — crash logs, performance counters, device make and model, OS version, app version, locale and country setting. We use this only to fix bugs and improve the product. Lawful basis: legitimate interest.
- Ad attribution identifiers — Google Advertising ID on Android, Apple Identifier for Advertisers (IDFA) on iOS, plus an app-set random UUID, used only to deliver, measure and prevent fraud in advertising. Lawful basis: consent (EEA / UK users) or legitimate interest (other regions, subject to local law).
- In-app purchase receipts — validated against Google Play or Apple App Store to confirm entitlements. We do not store full payment card details. Lawful basis: contract performance, legal obligation.
3.3 Data we never collect
We do not collect precise or coarse location, contacts, photos, microphone input, calendar, health, fitness, or any other “sensitive” permission beyond what is strictly disclosed in each app’s Google Play data safety form. We do not collect device fingerprinting information beyond the standard identifiers listed above. We do not use any of your content to train machine-learning models.
4. Data practices of our mobile applications
Each Jingrui Yuetao app is designed to function on a “data stays local” principle. The content you create (routes, collections, notes, training logs, scans, habits) is stored in an encrypted local database on your device. It is not uploaded to our servers and is not visible to us. If you uninstall the app or wipe the device, the data is destroyed with the app, unless you have explicitly exported it.
The diagnostic and advertising data described in Section 3 is the only data that leaves your device when you use one of our apps.
5. In-app purchases (IAP) and subscriptions
All paid features in our mobile applications are processed exclusively by the Google Play Store (for Android) and the Apple App Store (for iOS). When you make a purchase or subscribe to a Jingrui Yuetao plan, payment data is collected and stored by the relevant app store under their own privacy notice. We receive a non-sensitive receipt token, the plan identifier, the country of purchase (derived from the store locale, not precise location), and the expiration date of the subscription.
We use this information solely to unlock paid features, prevent cross-account abuse, and provide customer support. We do not see or store your credit card number, CVV, billing address or bank account. Refund requests are handled by the respective app store under their refund policy.
Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current billing cycle. You can manage and cancel subscriptions in your Google Play or Apple App Store account settings at any time. Free trial eligibility, where offered, is determined by the app store and we never charge you without your explicit confirmation through the store interface.
6. Advertising (IAA) and ad mediation partners
Our free-tier mobile applications display advertising (In-App Advertising, or “IAA”) through a carefully selected set of ad mediation partners. We use ad mediation to maximise fill rate and revenue while keeping user-experience controls (such as ad frequency caps and child-directed treatment) in our own hands. The current list of mediation partners we work with includes:
- Google AdMob — policies.google.com/privacy
- Meta Audience Network — facebook.com/policy.php
- Unity Ads — unity.com/legal
- AppLovin MAX — applovin.com/privacy
- Pangle (ByteDance) — pangleglobal.com/privacy
- Vungle (Liftoff) — liftoff.io/privacy-policy
- InMobi — inmobi.com/privacy-policy
- ironSource / Digital Turbine — digitalturbine.com/privacy-policy
- Mintegral — mintegral.com/en/privacy
Each partner may receive the device’s advertising identifier, coarse (country / region / city) location derived from IP, language, device make and model, and a randomly generated session ID. We do not pass any of your in-app content to any advertising partner. We do not allow partners to use this data for the purpose of building cross-app behavioural profiles of children under 13.
7. Ad formats we use (splash, rewarded, interstitial, banner)
To be transparent about the kinds of advertising you may encounter inside our apps, here is the complete list of ad formats we currently use or may use in the future, and the placement rules we enforce on each one:
- Splash ads — shown on cold start, no longer than 5 seconds, and always skippable after 3 seconds.
- Rewarded video ads — offered only when the user explicitly opts in by tapping a clearly labelled button. The reward is always delivered before any data exchange with the ad network completes.
- Interstitial ads — shown only at natural transition points (e.g. finishing a workout, saving a route). We enforce a minimum 90-second gap between any two interstitials and never show an interstitial within the first 60 seconds of a session.
- Banner ads — only static or fixed-height banners, never animated or flashing. Banners never appear on screens where the user is actively creating content (writing, editing a route, scanning a receipt).
- Native ads — labelled with a visible “Ad” or “Sponsored” tag. We never disguise native ads as editorial content.
We do not currently use, and have no plans to use, full-screen take-over ads, auto-play video with sound, or click-bait interstitials that interrupt unrelated workflows.
8. Google Play Store & app store policies
Each Jingrui Yuetao app published on the Google Play Store completes the Play Console Data Safety form accurately and keeps it up to date as our practices evolve. The current Data Safety answers reflect the categories described in Sections 3, 5, 6 and 7 above.
Our apps are also subject to the Google Play Developer Programme Policies, the Apple App Store Review Guidelines, the Huawei AppGallery Review Criteria, and the policies of any other store we may publish to. Where a store policy imposes a stricter obligation than this Privacy Policy, the store policy prevails for that distribution channel.
Family-friendly applications are clearly tagged on the store listing. Where an app is suitable for children under 13 (as defined by COPPA and the Play Families Policy), all advertising identifiers are zeroed out, no personalised ads are served, no SDKs are permitted that would build a persistent cross-app identifier for the child, and the app’s data practices are documented in a separate “Designed for Families” disclosure.
9. Children, minors & age-gating
Our applications are not primarily directed to children under the age of 13 (or a higher age threshold where mandated by local law, such as under 14 in the EU/UK, under 16 in Brazil, or under 18 in South Korea for certain processing activities). We do not knowingly collect personal data from children below the applicable age threshold.
Where a Jingrui Yuetao app is marked as suitable for children, we configure it to comply with the strictest applicable child-privacy regime, including COPPA, the UK Age-Appropriate Design Code, Brazil’s ANPD guidance on children’s data, and India’s DPDPA rules for minors. Specifically, we disable behavioural advertising, disable all but the most essential analytics, disable social features that allow user-to-user communication, default all settings to the most privacy-protective option, and use language that is age-appropriate.
If you believe we have inadvertently collected personal data from a child below the applicable age threshold, please contact support@jingruiyt.com and we will delete the data within five business days.
10. Country & region-specific provisions
Depending on where you reside, additional rights and disclosures may apply. The non-exhaustive list below summarises the most material region-specific provisions. The full legal text is available on request.
10.1 European Economic Area, United Kingdom and Switzerland
Our legal basis for processing is set out in Section 3. You have the rights listed in Section 11. Our EU representative can be reached via support@jingruiyt.com.
10.2 California, United States
Under the CCPA/CPRA, California residents have the right to know, delete, correct, and limit the use of sensitive personal information. See Section 16 for our “Do Not Sell or Share” mechanism. We do not sell personal information for monetary consideration.
10.3 Brazil
Under the LGPD, Brazilian users have rights of confirmation, access, correction, anonymisation, portability, deletion and information about sharing. Our Brazilian representative can be reached via support@jingruiyt.com.
10.4 People’s Republic of China
Under the PIPL and the Cybersecurity Law, Chinese users have the right to know, decide, access, correct, delete, and withdraw consent. Cross-border transfers follow Section 14. Our Chinese representative can be reached via support@jingruiyt.com.
10.5 South Korea
Under the PIPA, South Korean users may request access, correction, deletion and suspension of processing. We do not currently operate any domestic Korean servers; all data is processed in accordance with Section 14.
10.6 Other jurisdictions
We extend substantively equivalent rights to users in all other jurisdictions where local law grants privacy rights, including but not limited to Australia (Privacy Act 1988), Canada (PIPEDA), Singapore (PDPA), Hong Kong (PDPO), Japan (APPI), India (DPDPA 2023), Thailand (PDPA), Malaysia (PDPA 2010), the United Arab Emirates (PDPL), Saudi Arabia (PDPL), Indonesia (UU PDP), and the Philippines (DPA 2012).
11. Your rights under GDPR, CCPA/CPRA, LGPD, PIPL and other laws
Subject to applicable law, you have the right to:
- Know what personal data we collect, how we use it, and who we share it with.
- Access a copy of the personal data we hold about you, in a portable format where technically feasible.
- Correct any personal data that is inaccurate or incomplete.
- Delete personal data we hold about you, subject to limited legal exceptions.
- Restrict or object to certain processing activities, including profiling and direct marketing.
- Withdraw consent at any time, where processing is based on consent (e.g. analytics or personalised advertising).
- Data portability — receive your data in a structured, commonly used electronic format.
- Lodge a complaint with your local data protection authority. We encourage you to contact us first so we can resolve your concern directly.
To exercise any of these rights, email support@jingruiyt.com from the email address associated with your account or correspondence. We respond to verified requests within 30 days (45 days under CCPA, 15 working days under PIPL). There is no fee for exercising your rights.
12. Data retention
We retain personal data only as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce agreements. Specifically:
- Support correspondence is retained for 24 months from the last interaction, after which it is anonymised or deleted.
- Analytics and diagnostic data is retained for 13 months in identifiable form and 26 months in aggregated form.
- Advertising identifiers are retained for the duration of the session and rotated at least every 13 months, in line with Google and Apple guidance.
- Subscription and billing records are retained for 7 years to comply with tax and accounting obligations.
- In-app content you create (routes, collections, notes, training logs, scans, habits) is stored locally and is deleted automatically when you uninstall the app or use the in-app “delete everything” function.
13. Data security, encryption & breach response
We protect personal data with administrative, technical and physical safeguards aligned with ISO/IEC 27001 and the OWASP Mobile Application Security Verification Standard (MASVS). Specific measures include:
- AES-256 encryption at rest for any data we do store on our servers.
- TLS 1.3 encryption in transit for all client-server communication.
- Per-app SQLite databases on the device are encrypted using Android Keystore / iOS Keychain-backed keys.
- Mandatory multi-factor authentication, hardware security keys, and least-privilege access controls for all employees with access to production data.
- Annual third-party penetration tests of our infrastructure and apps, with executive summaries available under NDA on request.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (where required by GDPR) and affected users without undue delay. Our breach response plan covers detection, containment, forensic investigation, notification and post-incident review.
14. International data transfers
Because we are headquartered in the People’s Republic of China and our app users are distributed globally, personal data may be transferred to, stored and processed in countries other than your country of residence. We rely on the following lawful transfer mechanisms, as appropriate:
- For transfers out of the EEA, UK or Switzerland: the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or the Swiss-equivalent clauses.
- For transfers out of the People’s Republic of China: a security assessment by the Cyberspace Administration of China, where required, plus standard contractual clauses with overseas recipients.
- For transfers out of other jurisdictions: contractual, organisational and technical safeguards consistent with local law.
Regardless of where your data is processed, it is always protected by the technical and organisational measures described in Section 13. A copy of our standard transfer clauses is available on request.
15. Cookies, SDKs and tracking technologies
This website uses a strictly minimal set of cookies and similar technologies:
- Strictly necessary cookies — these are required for the website to function (e.g. remembering your cookie consent choice, preventing cross-site request forgery). They are always active and cannot be switched off.
- Analytics cookies — only set if you click “Accept all” on the cookie banner. We use privacy-respecting aggregate analytics that do not identify you as an individual and do not allow third-party tracking.
We do not use advertising cookies on this website, and we do not embed third-party social-media pixels (such as the Meta Pixel or LinkedIn Insight Tag) anywhere on our properties.
You can change your cookie preferences at any time by clearing your browser’s storage for this site. Note that declining analytics cookies will not affect your ability to use the website, only our ability to improve it.
16. Do Not Sell or Share My Personal Information
We do not sell personal information for monetary consideration, and we do not share personal information with third parties for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. Nevertheless, California residents have the right to direct us not to sell or share their personal information.
To exercise this right, you may submit a request via support@jingruiyt.com with the subject line “Do Not Sell or Share”. You may also enable the Global Privacy Control (GPC) signal in your browser; we honour GPC as a valid opt-out signal.
To opt out of personalised advertising in our mobile applications, open the app’s settings screen and toggle off “Personalised ads”, or reset your device’s advertising ID from your operating system settings. Both Google and Apple provide their own opt-out controls, which we respect.
17. Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change, we will notify you through one or more of the following means: an in-app banner, a notification on this website, or an email to the address associated with your support correspondence (where you have provided one).
The “Last updated” date at the top of this policy reflects when the most recent change took effect. Previous versions of this policy are archived and available on request, so you can always see exactly what was changed and when.
18. How to contact us
If you have any questions, comments or requests about this Privacy Policy, your personal data, or our practices, please reach out to us:
- By email: support@jingruiyt.com (preferred, fastest)
- By email (key account, partnerships, press): duanzhizhi@jingruiyt.com
- By post: Beijing Jingrui Yuetao Technology Co., Ltd, Room 407-4190, Shilibao Town Government Office Building, No. 67 Xidaqiao Road, Miyun District (Cluster Registration), Beijing, 100000, CN
- By web form: https://jingruiyt.com/contact.html
We aim to respond to every privacy-related enquiry within 5 business days, and to substantively resolve it within 30 days (15 working days under PIPL, 45 days under CCPA).