Privacy Policy

This Privacy Policy describes how Zeptun Intelligence Limited ("we," "us," or "our") collects, uses, and protects information when you use danmu.io (the "Service"). Zeptun Intelligence Limited is a company incorporated in Hong Kong.

We are committed to protecting your privacy. danmu.io is built with a privacy-first philosophy — your data is encrypted before it leaves your device, and we have designed the Service to minimize the personal information we need to operate.

1. Information We Collect

1.1 Information You Provide

• Account Information: If you create an account, we collect your email address and display name. Passwords are hashed using industry-standard algorithms and are never stored in plain text.
• Device Information: We store a device identifier, device name, and device type (e.g., macOS, iOS, Android) for each device you register. This is necessary to route transfers between your devices.
• Payment Information: If you subscribe to PRO, payment processing is handled by Stripe. We do not store your credit card number or full payment details. We retain only a Stripe customer ID and subscription status.

1.2 Information Collected Automatically

• Usage Data: We collect minimal, anonymized usage data such as the number of transfers and last active timestamps to provide the Service (e.g., device status indicators, transfer history).
• Log Data: Our servers automatically record standard log information including IP address, browser type, and access times for security and service reliability purposes.

1.3 Transfer Content

Your transfer content (text, files, links, clipboard data) is end-to-end encrypted using AES-256-GCMbefore leaving your device. For the Free tier, small content (under 500KB) is transmitted through our encrypted relay. We cannot read, access, or decrypt your transfer content.

For PRO users, large files are stored temporarily in our encrypted cloud storage (Supabase Storage) with server-side encryption. Files are automatically deleted after the retention period (7 days for PRO). Encryption keys are managed on your device.

2. How We Use Your Information

• Provide the Service: Route transfers between your devices, maintain device pairing relationships, and deliver real-time notifications.
• Account Management: Authenticate your identity, manage your subscription, and communicate service-related updates.
• Security: Detect and prevent unauthorized access, abuse, and security threats.
• Service Improvement: Understand aggregate usage patterns to improve reliability and performance.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

3. Data Storage and Security

Your data is hosted on infrastructure provided by Supabase (backed by AWS) with data residency in the Asia-Pacific (Sydney) region. We implement the following security measures:

• End-to-End Encryption: Transfer content is encrypted with AES-256-GCM. Encryption keys are generated and stored on your devices.
• Row-Level Security (RLS): Database access policies ensure each user can only access their own data.
• Secure Authentication: Supabase Auth provides JWT-based authentication with secure token management.
• Encrypted Storage: Cloud-stored files use AES-256 encryption at rest.
• HTTPS/TLS: All data in transit is encrypted using TLS 1.2+.

4. Data Retention

• Account Data: Retained for as long as your account is active. You can request deletion at any time.
• Transfer History: Free users: 24 hours. PRO users: 7 days after transfer completion.
• Cloud Files (PRO): Automatically deleted 7 days after upload.
• Device Pairings: Retained until you remove the device or delete your account.
• Log Data: Retained for 30 days for security monitoring, then automatically purged.

5. Third-Party Services

• Supabase: Database, authentication, real-time messaging, and file storage (hosted on AWS, Sydney region).
• Stripe: Payment processing for PRO subscriptions. Stripe Privacy Policy.
• Vercel: Web hosting and serverless functions.
• Expo / EAS: Mobile application build and deployment service.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and all associated data. You can also delete your account directly from the app settings.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing.

To exercise any of these rights, please contact us at privacy@danmu.io.

7. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

8. International Data Transfers

As Zeptun Intelligence Limited is incorporated in Hong Kong and our infrastructure is hosted in Australia (AWS Sydney), your data may be transferred to and processed in these jurisdictions. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data during international transfers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: