Privacy Policy

PixOcean Privacy Policy

1. Introduction and Scope

- Welcome to PixOcean. We follow data minimization and privacy-by-design principles: no ads, no integration of third-party SDKs, and we do not sell or share your data for advertising or marketing.

- By default, the app does not upload diagnostic or usage data; necessary diagnostic and crash data will only be uploaded after your explicit consent. To ensure service security and operations, server-side systems may automatically generate network access or security logs. These logs may include IP addresses and are retained for a short period.

- Service availability: This app is currently available in regions outside the EU/EEA/UK.

- This policy explains how we collect, use, store, and protect data when you use this app.

2. Controller and Contact

- Data controller/operator: Zhige Gu (brand: PixOcean)

- Contact email: alaovo@hotmail.com

3. Data We Collect and Sources

A. Data collected and uploaded after your consent (optional)

- In-app anonymous ID: Randomly generated locally on first launch and, with your consent, associated with diagnostic data to distinguish different installation instances. This ID is not linked to personally identifiable information.

- Diagnostic and crash data: Crash logs and error stacks, basic performance and stability metrics (such as failure counts, latency ranges), app version, operating system version, device model, system language, and time zone settings.

- (If applicable) Session and account metadata: For example, last login time (used only for session management and security audit; not linked to IP or advertising identifiers).

B. Technical logs automatically generated for security and operation (no consent required)

- Network access/security logs: Servers, reverse proxies, CDNs, or WAFs may automatically record technical metadata when your device accesses the service, including IP address, timestamps, request path or status code, User-Agent, error codes, and similar data. These logs are used solely for service security, troubleshooting, and operational monitoring.

- Our commitments: We do not associate IPs or technical logs with the in-app anonymous ID; we do not use them for profiling, advertising, or cross-site tracking; we set strict minimum retention periods and automatically rotate to delete.

C. Categories we do not collect or store

- Name, email address, phone number, contacts, photos/videos, microphone/camera content, precise location, advertising identifiers (IDFA/AAID), payment information, health or biometric data, message content, etc.

4. Purposes and How We Use Data

- Diagnostic and crash data (after your consent): Used to troubleshoot and fix issues, improve stability and performance, and conduct trend analysis in a non-identifiable, aggregated manner.

- (If applicable) Session and account metadata: Used to provide account/session features, security, and abuse prevention (e.g., displaying “recent login”); not used for advertising or profiling.

- Network access/security logs (may include IP): Used to ensure service security, prevent abuse and attacks, perform basic operational monitoring, and troubleshoot issues.

- We do not conduct targeted advertising, profiling, or remarketing; we do not use data for purposes incompatible with the above.

5. Collection Conditions and Your Choices

- Default: No diagnostic or usage data is uploaded.

- Explicit consent: Uploading usage, diagnostic, and crash data begins only after you explicitly choose “Agree” via the first-launch prompt or in Settings.

- Voluntary and does not affect use: Refusing or withdrawing consent to upload diagnostics will not affect normal use of core features. Network access logs necessary for security and operation may still be generated server-side for a short period.

- Withdraw anytime and delete: You can turn off diagnostic uploads in Settings at any time and request deletion of previously uploaded usage and diagnostic/crash data.

- Compliance audit: We record the timestamps of consent/withdrawal, app version, and anonymous ID (without personally identifiable information) solely for compliance auditing.

6. Legal Bases (by jurisdiction)

- Mainland China (Personal Information Protection Law): Diagnostic uploads are based on personal consent; security logs are used to ensure network and information security, following necessity and minimization; if cross-border transfers occur, we will conduct assessments, provide notice, and obtain necessary consent in accordance with the law.

- United States (CCPA/CPRA, etc.): We do not sell or share personal information (“sell/share” primarily refers to cross-context behavioral advertising). You have rights to access and deletion; security and error debugging are “business purposes,” and we retain data for the shortest necessary period.

- Brazil (LGPD): Diagnostic data is based on consent; security logs are based on legitimate interests.

- Canada (PIPEDA), Australia (APPs), Singapore (PDPA), etc.: Diagnostic data is based on consent; security logs are based on reasonable purposes/legitimate interests.

7. Third-Party Sharing, Legal Disclosure, and Processors

- We do not sell or share your data with any third parties for advertising or marketing.

- Legal disclosure: Where required by law or to fulfill legal obligations, protect our and users’ lawful rights, or respond to legally valid requests from government/law enforcement authorities, we may disclose necessary information in accordance with applicable law.

- Processors: To provide infrastructure and security protections, we use Tencent Cloud (which may include CDN/WAF/cloud load balancing, etc.) in China. These processors act only on our instructions and are bound by contracts, including confidentiality and data protection terms.

8. International Data Transfers (if applicable)

- Data center location: Our servers are located within China.

- For users outside Mainland China, relevant data may be transferred to, processed, and stored in China. We will apply appropriate safeguards and necessary technical and organizational measures (such as encryption, access control, shortest retention, and data minimization).

9. Data Retention and Deletion

- Usage, diagnostic, and crash data: Retained for no more than 90 days; upon expiry, deleted or irreversibly de-identified, retaining only aggregated statistics.

- Network access/security logs (including IP): Retained for no more than 7 days and automatically deleted via log rotation; not associated with the in-app anonymous ID.

- User-initiated deletion: In the app, go to Settings — Privacy Policy and Analytics Data — Manage and Configure Analytics Data to request “Delete uploaded crash logs, performance metrics, and basic usage data” stored in the cloud. For server access logs, because they are not linked to the anonymous ID and are retained short-term for security purposes, deletion typically occurs automatically upon expiry.

10. Your Rights

- Right of access: Obtain an overview of data associated with your in-app anonymous ID (to the extent technically feasible).

- Right to rectification: Correct inaccurate data associated with the anonymous ID (if applicable).

- Right to deletion: Request deletion of diagnostic data associated with the anonymous ID.

- Right to withdraw consent: Turn off diagnostic uploads in Settings at any time.

- Data portability (if applicable): Export data associated with the anonymous ID in a machine-readable format.

- We do not know your real-world identity; to process such requests, we typically need you to provide your in-app anonymous ID to locate data. If you cannot provide the anonymous ID, we may be unable to identify and delete data related to you.

11. How to Exercise Your Rights

- In-app, preferred: Go to Settings — Privacy Policy and Analytics Data — Manage and Configure Analytics Data to disable uploads and delete diagnostic data. Go to Settings — Privacy Policy and Analytics Data — Manage and Configure Analytics Data — View or Export Uploaded Data to view and download a machine-readable copy (JSON/CSV).

- Fallback contact: If your device is lost, you cannot log in, or you need further assistance, email alaovo@hotmail.com (please provide your in-app anonymous ID or relevant time window). We will respond within a reasonable timeframe (typically within 30 days).

12. Security Measures

- Transport and storage: HTTPS/TLS in transit, access controls, least privilege, and necessary encrypted storage (where applicable).

- Minimization and separation: Diagnostic data and network access logs are stored separately; IPs are not associated with the in-app anonymous ID; access to raw data is strictly limited and audited.

- Vulnerability management and incident response: Regular hardening and monitoring; if an incident occurs that may affect the security of your data, we will assess and notify as required by applicable law.

13. Minors

- This app is not directed to children under 13, and we do not knowingly collect their data (for Mainland China, understood as under 14; we likewise do not knowingly collect such data).

- If you (or your guardian) believe we have unknowingly collected minors’ data, please first use the in-app features under Settings — Privacy Policy and Analytics Data — Manage and Configure Analytics Data to delete “uploaded crash logs, performance metrics, and basic usage data.” If the device is lost or you cannot log in, guardians may email the address above, and we will process within a reasonable timeframe. Server access logs (if any) are automatically deleted within a maximum of 7 days via rotation.

14. Automated Decision-Making and Profiling

- We do not conduct any automated decision-making or personalized profiling that produces legal or similarly significant effects on you.

- We do not conduct targeted advertising or remarketing.

15. Updates to This Policy

- When purposes of processing, types of data, retention periods, processors, or international transfers change materially, we will provide prominent in-app notice and, where necessary, re-seek your consent (for diagnostic data).

- The latest version of this policy will always be available in the app.

- Effective date: October 1, 2025

16. Definitions

- In-app anonymous ID: An identifier randomly generated locally on first launch to distinguish installation instances; not linked to personally identifiable information.

- Diagnostic and crash data: Technical information used to locate issues and improve performance, such as crash stacks, error codes and frequency, app and system versions, device model, system language, and time zone.

- Network access/security logs: Technical logs automatically generated by servers or related infrastructure to ensure service security and operation; may include IP address, timestamps, request path or status code, User-Agent, error codes, etc.

Appendix: Overview of Consent and Withdrawal Implementation

- On first launch, we ask—using equal-weight options—whether you agree to anonymously upload diagnostic and crash data. If you choose “Agree,” uploads begin from that moment; if you choose “Decline,” the app remains usable and no uploads occur.

- You can turn off diagnostic uploads at any time in Settings and request deletion of uploaded diagnostic data; IP handling related to security logs relies primarily on automatic deletion.