Privacy Policy

Effective Date: January 16, 2026

Introduction

Welcome to "Anxin Learn" (hereinafter referred to as "We" or "This App")! We understand the importance of personal information to you and thank you for your trust in us.

This "Privacy Policy" aims to help you understand what personal information we collect, why we collect it, what we do with it, and how we protect it. We will collect and use your personal information in accordance with the privacy policy, but we will not collect all your personal information in a forced bundling manner just because you authorized and agreed to this privacy policy. We will strictly follow legal and regulatory requirements and seek your separate consent in specific circumstances.

Unless otherwise provided by laws and administrative regulations, regarding how we process your personal information, you have the right to know and decide, and the right to limit or refuse our or other parties' processing of your personal information. Please read and understand this Privacy Policy carefully before using this App so that you can make appropriate choices.

This Privacy Policy will help you understand the following:

1. Information We Collect and Process
2. System Permission Usage Explanation
3. Third-Party Services and Data Sharing Statement
4. Special Protection for Children's Privacy
5. Data Storage and Security
6. Account Deletion
7. Policy Updates
8. User Rights
9. Contact Us
10. Legal Jurisdiction and Dispute Resolution

1. Information We Collect and Process

To achieve cross-device synchronization, membership services, and content playback functions, we will process the following information:

1.1 Account and Identity Information (Cloud Sync)

• Collection Content: When you register an account, we need to collect your Email Address or Third-Party Authorization ID (such as Apple ID's anonymous identifier). We use Appwrite as a backend service provider to securely store your account information.

• Processing Purpose: Used to create your unique user ID to achieve automatic synchronization of parental configurations (such as app lock passwords) and learning progress across your different devices. We process such data based on the necessity of performing the contract.

• Special Note: We will not ask for your real name, ID number, or phone number.

1.2 Subscription and Transaction Records (Cloud Verification)

• Collection Content: When you purchase membership services, we will process your Device Identifier, Transaction Receipt, and Subscription Status. We use RevenueCat to verify subscription receipts.

• Processing Purpose: Used to verify the validity of your membership, process refund requests, and restore your purchases after reinstalling the app.

• Data Security: All payment links are handled directly by payment service providers (App Store, Google Play, Alipay, WeChat Pay, Stripe, etc.). We do not collect or store your bank card numbers, payment passwords, or sensitive payment information.

• Indirect Acquisition Note: We may indirectly receive your subscription status information from third-party service providers (such as RevenueCat). Before obtaining it, we have confirmed that the third party has obtained your authorization and that its data source is legal.

1.3 Clipboard Data (Local Read Only)

• Processing Explanation: To facilitate your quick import of video links, the app will read the system clipboard for a short time only when you actively click "Add Video" or enter specific pages under "Parent Mode".
• Compliance Commitment: We only match locally on the device whether the clipboard content contains valid video links (such as Bilibili/YouTube URL). Once matching is completed, the data is immediately released, and we will not upload or share your clipboard content.

1.4 Local Media Data (Local Processing Only)

• Processing Content: When you use functions like "Add Cover to Video" or "Add Local Video", we process the image or video files you actively select from your device's photo library or storage.
• Privacy Commitment: We only read and process these files locally on the device to achieve cover setting and local video management functions. We will not upload, store, or share any of your local image or video data to our servers or any third parties.

1.5 Use of Cookies and Similar Technologies

To ensure the normal operation of the app (such as maintaining your login status), we will use Cookies or similar technologies like OAuth Tokens.

• Usage: We only use these technologies to verify your identity and ensure your account security. We will not use these technologies for advertising tracking or share your behavioral data with third parties.

1.6 Exceptions to Consent

According to relevant laws and regulations, in the following circumstances, we do not need your authorization and consent to process your personal information:

1. Directly related to national security or national defense security;
2. Directly related to public security, public health, or major public interests;
3. Directly related to criminal investigation, prosecution, trial, and execution of judgments;
4. Necessary to protect your or other individuals' life, property, and other major legitimate rights and interests but difficult to obtain your own consent;
5. The personal information collected is disclosed by you to the public yourself;
6. Collecting personal information from legally publicly disclosed information, such as legal news reports, government information disclosure, and other channels;
7. Necessary for signing and performing contracts at your request;
8. Other circumstances provided by laws and regulations.

2. System Permission Usage Explanation

We will only request system permissions in specific scenarios within the app, and subject to your active authorization:

• Photo Library Permissions (Photo Library / Media Images):
  • Usage: Used for adding/changing covers for local videos, "Scanning QR Codes" to import course packages, or saving learning reports to your album.
  • Privacy Commitment: We only read the image files you actively select locally. All image processing is completely done locally, and we will not upload or share any of your local image data to cloud servers.
• Local Video Permissions (Local Video):
  • Usage: Used to "Add/Collect Local Videos" so you can manage and play video files on your device within the app.
  • Privacy Commitment: We only read the video files you actively authorize and import. The corresponding video data is stored only on your current device, and we will not upload or send any of your local video content outside the device.
• Camera Permission:
  • Usage: Only used for "Scanning QR Codes" to import course packages.
• Internet Permission:
  • Usage: Used to synchronize account data, verify membership status, and load video streams.
• Local Network:
  • Usage: If you use the screen casting function (such as AirPlay / DLNA), the app may request this permission to discover TV devices within the LAN.

3. Third-Party Services and Data Sharing Statement

To provide professional and stable services, we collaborate with trusted third-party technical partners. We commit to sharing data only under the "Minimum Necessary" principle and do not directly disclose specific provider names to protect architecture security:

3.1 Infrastructure and Backend Services

We adopt industry-standard secure backend architecture to store and synchronize your data. We are mainly based on Appwrite —— a widely trusted open-source backend technology system that supports flexible deployment.

• Right to Deployment Flexibility: To ensure service stability, compliance, and data security, we need to maintain flexibility in infrastructure selection. We may choose to use the Cloud Service (SaaS) officially provided by Appwrite according to actual business scenarios, or perform Private Self-Hosted Deployment on servers of mainstream cloud service providers (such as Tencent Cloud, AWS) that have passed ISO/SOC security certifications. Please understand and agree that we have the right to switch between or mix the above two compliant modes without separate special notice, but we promise that this switch will never lower the security protection level of your data.

• Providers and Data Security: Regardless of the specific deployment mode (SaaS or Self-Hosted), the physical storage of your data underlies data centers that meet international top security standards (such as ISO 27001, SOC 2).

• Data Storage Region: We will reasonably select the data storage region based on your registration location and relevant legal and regulatory requirements.

  • Users in China: We prioritize storing your core privacy data in facilities within Mainland China.
  • Global Synchronization: To achieve cross-border account roaming (if applicable), necessary encrypted data copies may be stored in global major internet hub nodes.

• Information Collected: To ensure service security and defend against cyber attacks, the underlying infrastructure may automatically record necessary IP addresses and device connection logs.

• Privacy Policy Reference:

  • Appwrite Privacy Policy (Applicable to SaaS mode)
  • If private deployment is adopted, your data will be directly controlled by the operating entity of this App and the underlying infrastructure cloud service provider (such as AWS/Tencent Cloud), and strictly follow the protection commitments of this Privacy Policy.

3.2 Payment Processing and Subscription Management (IAP & Subscriptions)

To ensure the security of your transactions and accurately provide membership benefits, we have built a multi-layered payment verification system:

1. Payment Channels and Fund Security (Apple / Google / Stripe)

   • Service Providers: Payment channels depend on your device platform: iOS users via Apple App Store, Android users via Google Play Store, and Stripe for web or specific payment scenarios.
   • Payment Security: These platforms act as the "Merchant of Record" and directly process your payment requests. We and any third-party partners cannot access, collect, or store your bank card number, CVV code, or payment password. All sensitive payment information is processed in a closed, encrypted environment on the aforementioned platforms.

2. Subscription Verification and Revenue Compliance (RevenueCat) We integrate the industry-standard RevenueCat service to handle global subscription status synchronization and financial/tax compliance logic.

   • Provider Role: Data Processor.
   • Data Minimization Principle:
     • Anonymous Unique Identifier: We only send a randomly generated unique identifier (such as UUID) that is completely unrelated to your personal identity to mark subscription status. By default, we never send your real name, phone number, or email to them.
     • Transaction Credentials: Including encrypted Store Receipts, purchase time, product ID, and device identifiers (such as IDFV).
   • Global Tax and Compliance: RevenueCat assists us in revenue analysis and estimating according to the tax regulations of different countries/regions (such as VAT, Sales Tax), ensuring our business practices comply with local legal requirements.

3. Business Logic Interaction (Backend Interaction)

   • Three-Way Verification Mechanism: When you initiate a subscription, RevenueCat serves as a hub, communicating securely (Server-to-Server) with Apple or Google servers on our behalf to verify the authenticity of transaction credentials.
   • Cross-Border Data Transfer Note: To complete real-time verification, necessary anonymous credential data will be sent to RevenueCat's global verification servers.
   • Privacy Policy: RevenueCat Privacy Policy

3.3 Content Playback and Authorization

This App includes functions to play external content, which involves direct interaction with relevant content platforms:

• Netdisk Service (Baidu Netdisk): When you use the netdisk playback function, you need to authorize us to obtain your file list and playback links.
  • Authorization Credentials: Your Authorization Credential (OAuth Token) and basic account information will be encrypted and stored locally on your device.
  • Cloud Backup Note: To provide a multi-device sync experience, we may back up the aforementioned encrypted credentials to the cloud server. We promise to transmit and store only in an encrypted state, and only for your account synchronization, not for other purposes.
  • Verification Code and Login: When you perform netdisk login or authorization, relevant pages are directly provided by Baidu. You may need to receive SMS verification codes to complete identity verification. This process is completely handled by Baidu, and we cannot obtain your phone number or verification code content.
  • Legitimate Access Right Commitment: You confirm and promise that the netdisk account you bind belongs to you personally or has been legally authorized. You bear full legal liability for the file content in that account and its dissemination behavior.
  • Privacy Policy: Baidu Privacy Policy

Technical Protection Measures We Take:

• Do not provide any pre-set netdisk resources or content recommendations
• Do not cache or redistribute netdisk files
• Only provide player technical support, playback behavior is completely controlled by Baidu Netdisk API
• Upon receiving valid notice from rights holders, will cooperate to delete authorization credentials of violating accounts
• All netdisk file access must pass Baidu's permission verification; we cannot bypass its security mechanism

• Online Video Link Management:

  Supported Platforms: Including but not limited to Bilibili, YouTube, other video platforms, or Direct Video Links.

  Important Note: When you play content from third-party platforms like Bilibili, YouTube, you will be directly subject to the terms of service of these platforms. These platforms might:

  • Collect your viewing behavior data for recommendation algorithms
  • Deliver targeted ads (if applicable)
  • Record your account login status (if you are logged in)
  • Collect your IP Address, Device Information, Cookies, or Playback Interaction Data

  We cannot control the data processing behaviors of the above platforms. We suggest you consult before use:

  • Bilibili Privacy Policy
  • YouTube Privacy Policy
  • Data Interaction: When you play such videos, the app will load content via embedded browser (WebView) or direct connection. Content providers may collect your IP Address, Device Information, Cookies, or Playback Interaction Data according to their privacy policies.
  • Privacy Policy: We suggest you review the official privacy policy of specific video sources before using them.
  • Content Neutrality Statement (Tool Attribute): This App acts solely as a link management and playback auxiliary tool and does not provide any pre-set video content itself. We make no form of presumption or marking on the source of links you import:
    • User Responsibility: All playback links are searched, copied, and pasted for import by You (User) yourself from the internet. You are fully responsible for the legality of the link content you import.
    • No Review Obligation: We cannot and will not conduct copyright or compliance reviews on video content imported by you. If the links you import infringe on third-party rights, it is unrelated to this App.

3.5 User-Delegated Access

This App will not privately establish data exchange with third parties (such as Baidu Netdisk, Bilibili) through the backend. All third-party data access is based on your direct authorization:

• Authorization Mechanism: Only when you actively initiate a connection (such as logging into netdisk, importing links) and provide credentials (such as OAuth Token), will we access third-party services on your behalf.
• Your Control: You are the controller of authorization. We only act as your "Technical Agent" within the scope you allow (e.g., reading file lists for playback). Once you cancel authorization on the third-party platform, we will immediately lose the corresponding access ability.

4. Special Protection for Children's Privacy

4.1 Role Distinction and Guardian Responsibility This App strictly complies with the Children's Online Privacy Protection Act (COPPA) and relevant laws and regulations. We clearly distinguish two roles in this App and define legal liabilities accordingly:

• Administrator (Parent/Guardian): Sensitive operations such as account registration, subscription purchase, and content configuration are protected by Parental Gate, restricted to guardian operation only. We presume the executor of such operations to be an adult with full civil capacity.
• User (Child or Guardian): You or the supervised child can only browse content in the secure environment configured by the parent. When you hand the device to a child for use, it is deemed that you, as a guardian, have fully agreed and authorized us to collect and process necessary data generated during that period (limited to non-sensitive information such as viewing progress, viewing history, usage duration).

4.2 Protection Measures

1. Parental Gate: All operations involving account registration, membership purchase, external link import, and netdisk authorization render parental verification mechanisms (such as Chinese character to number challenge) to prevent accidental operations by children.
2. Information Isolation: We will not request any personal information in the interface facing children. The account system is mainly used for parent management configuration.

5. Data Storage and Security

• Dual Protection: We combine Local Sandboxing and Cloud Encrypted Transmission (HTTPS/TLS) technologies to ensure data security during storage and transmission. All sensitive data is encrypted in the database (Encryption at Rest).
• Storage Location: Your account and cloud data will be stored in secure servers of industry-leading cloud service providers. According to our hybrid deployment strategy, data may be located in Mainland China (optimized for Chinese users) or Overseas Nodes (for global service). We promise to always decide the physical storage location of data according to applicable laws (including PIPL).
• Data Retention: We only retain your personal information during the period of providing services to you.
  • Account Data: Retained until you actively cancel your account.
  • Log Data: May be retained for a short time for security audit and troubleshooting, and will then be regularly deleted.

6. Account Deletion

You have the right to delete your account and destroy the associated personal data at any time. To comply with Apple and Google app store requirements, we provide the following two ways to delete your account:

1. In-App Immediate Deletion: You can go to "Parents Center" -> "About" -> "Delete Account", then follow the on-screen instructions to enter your email address for verification to immediately apply for account cancellation and deletion.
2. Email Support Request: If you cannot operate within the app or have other special needs, you can send an email to support@aiwen.app from your registered email address to request account deletion. We will complete the process within 7 working days after receiving your email and verifying your identity.

Consequences: Once the account is deleted, all your data under that account (including but not limited to learning progress, configurations, membership benefits, points, etc.) in the cloud will be permanently deleted and cannot be recovered.

7. Policy Updates

To provide you with better service, we may revise this policy from time to time:

• Synchronization: We will publish the latest version of this policy on the official website. Since App version updates may lag, you should refer to the web version of the privacy policy accessed through the internal links of the App.
• Significant Changes: If major changes are involved, such as changes in the purpose of processing or the collection of additional sensitive information, we will notify you through prominent methods such as pop-ups, red dot reminders, or announcements when the App starts.
• General Changes: For text corrections or format optimizations that do not affect your substantive rights, we will directly update the website version. Your continued use of this application will be deemed as your agreement to be bound by the revised policy.

8. User Rights

According to the "Personal Information Protection Law of the People's Republic of China" (PIPL), EU "General Data Protection Regulation" (GDPR), California "Consumer Privacy Act" (CCPA), and other applicable laws, you have the following rights:

1. Right to Access: You have the right to request a copy of the personal data we hold about you.
2. Right to Rectification: If your information is inaccurate or incomplete, you have the right to request us to correct it.
3. Right to Erasure: i.e., "Right to be Forgotten". You can request to completely delete all your account data at any time via the cancellation function within the app.
4. Right to Restrict Processing: In specific circumstances, you have the right to request us to restrict the processing of your data.
5. Right to Withdraw Consent: For data processed based on your consent, you can withdraw consent at any time (does not affect the legality of processing before withdrawal).

If you wish to exercise the above rights, please contact us at any time via the contact information at the end of the text.

9. Contact Us

If you have any questions about this Privacy Policy or data security, please contact us via the following means:

• Email: support@aiwen.app

10. Legal Jurisdiction and Dispute Resolution

• Governing Law: The execution, interpretation, and dispute resolution of this Privacy Policy shall be governed by the laws of the People's Republic of China (excluding laws of Hong Kong, Macau, and Taiwan regions) and exclude the application of conflict of laws.
• Dispute Resolution: If any dispute arises regarding the content or execution of this policy, both parties shall try to resolve it through friendly negotiation; if negotiation fails, either party may file a lawsuit with a competent People's Court in Shanghai, China.