「天气有数 / Heedsky」隐私政策
引言
「天气有数」(英文名:Heedsky,下称"本应用")是一款由个人开发者 王海林(下称"我们")独立开发与运营的智能天气规划应用。本应用帮助你识别最佳天气窗口、订阅天气变化通知。
我们尊重并依法保护你的个人信息。本《隐私政策》解释我们收集哪些信息、如何使用与保护,以及你享有的权利。我们建议你完整阅读本政策;继续使用本应用即表示你已理解并同意本政策的内容。
如对本政策有任何疑问,请通过本政策第 11 条提供的方式联系我们。
1. 适用范围
本政策适用于「天气有数 / Heedsky」iOS / Android 客户端及其后端服务。
本政策不适用于:
- 本应用内通过链接跳转到的第三方服务(如苹果 App Store 内购页面)
- 你设备操作系统提供的服务(如 iOS 系统级位置权限设置)
2. 我们收集的信息
2.1 你主动提供的信息
| 类型 | 字段 | 用途 |
|---|---|---|
| 账号身份 | 邮箱地址 或 手机号码(二选一) | 注册、登录、找回密码、接收账号通知 |
| 账号凭证 | 登录密码 | 仅以 bcrypt(rounds=12)单向哈希存储,我们无法还原明文 |
| 用户名 | 显示名称 | 个人化展示 |
| 收藏地点 | 地点名称、经度、纬度、备注 | 提供"我的收藏"功能 |
| GPX 轨迹文件 | 你主动通过系统分享菜单导入的轨迹点序列 | 在地图上展示路线、按日期切片提供天气分析 |
| 订阅设置 | 监控地点的经纬度、规则参数、生效日期范围、设备时区偏移 | 周期性检测天气并按规则触发通知 |
2.2 自动收集的信息
为了提供服务、保障安全,我们在你使用本应用时自动收集以下信息:
| 类型 | 具体内容 | 收集时机 |
|---|---|---|
| 设备推送令牌 | APNs(iOS)device token | 你授权推送权限后由系统下发 |
| 安装标识 | X-Client-Id(首次启动随机生成的 UUID v4) | 持久存储于本机,每次 API 请求随 HTTP header 上报 |
| 设备元数据 | 设备名称(iOS 系统返回)、设备平台 | 推送注册与设备管理 |
| 网络信息 | 你访问后端 API 时的 IP 地址 | 由服务器接收 HTTP 请求时记录 |
| 使用日志 | 请求路径、响应状态码、请求耗时 | 后端运维与性能诊断 |
| 历史浏览 | 最近搜索(地点、日期)、最近浏览(目录条目) | 提供历史快速回溯 |
| 通知历史 | 已发送的订阅通知标题、正文、命中详情 | 在 App 内"通知中心"展示 |
2.3 位置信息
本应用仅在以下情形访问位置信息:
- 前台一次性获取:仅当你在 App 前台主动点击"使用当前位置"等按钮时,调用 iOS
WhenInUse权限拍取一次经纬度。 - 不进行后台位置追踪。
- 不持续上报你的实时位置。
获取的经纬度可能用于:本机计算附近的天气、保存为收藏地点(仅当你主动选择保存)。
如果你拒绝位置权限,本应用仍可手动输入或搜索地点正常使用,仅"使用当前位置"按钮不可用。
2.4 我们不收集的信息
我们承诺不收集以下类别的信息:
- 通讯录、相机、麦克风、相册、健康数据、运动数据
- 任何金融账户、支付信息、生物识别信息
- 跨应用、跨网站的浏览或广告标识(本应用未集成任何广告 SDK 或 App Tracking Transparency 跟踪)
- 设备 IDFA / IDFV / Android Advertising ID
3. 我们如何使用信息
我们在以下范围内使用上述信息:
- 核心功能:基于你的位置和订阅规则进行天气分析与窗口识别、推送命中通知。
- 账号体系:注册验证、登录、找回密码、账号注销。
- 安全风控:登录失败次数限流、验证码下发频次限制、识别异常请求。
- 服务运维:通过请求日志诊断故障、优化性能、统计接口可用性。
- 法律合规:在监管机关依法要求时配合调查。
我们不会将上述信息用于商业广告投放、用户画像售卖或与第三方营销活动共享。
4. 信息存储与保留
4.1 存储位置
本应用后端服务器位于中华人民共和国境内。所有用户数据库(账号、订阅、收藏、通知历史等)均存储于境内服务器。
少量数据会因功能必需短暂出境,详见第 5 节"第三方共享与跨境传输"。
4.2 保留期限
| 数据类型 | 保留期限 |
|---|---|
| 账号身份与凭证(users 表) | 你账号存续期间,注销后立即级联删除 |
| 设备令牌(devices 表) | 你账号存续或登出前;登出时主动删除 |
| 刷新令牌(auth_sessions) | 默认 90 天;登出立即吊销 |
| 订阅、收藏、GPX | 你账号存续期间或你主动删除前;账号注销时级联删除 |
| 通知历史 | 120 天,超期自动清理 |
| 验证码发送记录(code_send_log) | 约 24 小时(频次限流窗口) |
| 登录尝试记录(login_attempts) | 约 5 分钟(滑动限流窗口) |
| 服务器请求采样(监控) | 约 7 天,仅用于运维诊断 |
| 安全审计采样(external_call_samples) | 约 90 天,详见第 6 节 |
4.3 删除机制
你可在 App 内 "设置 → 用户管理 → 删除账号" 入口提交删除请求。我们要求输入当前密码作为确认;提交后立即执行:
- 硬删除
users表对应记录 - 级联删除你的会话、设备、订阅、通知历史、收藏、GPX 数据、最近搜索/浏览
- 清理与你邮箱/手机号绑定的限流与发码记录
- 尽力清除监控库中可关联到你的审计采样
注销操作不可撤销。完成后我们不再保留可关联到你身份的任何业务数据。
5. 第三方共享与跨境传输
为了提供必要功能,本应用会在严格限定范围内与下列第三方进行数据交互。
5.1 第三方服务清单
| 接收方 | 共享数据 | 国家/地区 | 用途 |
|---|---|---|---|
| Open-Meteo | 经度、纬度、查询日期范围 | 德国(欧盟) | 获取天气预报数据 |
| 阿里云邮件推送(DirectMail) | 你的邮箱地址、验证码 | 中国大陆 | 下发邮箱验证码 |
| 阿里云短信服务(SMS) | 你的手机号、验证码 | 中国大陆 | 下发短信验证码 |
| 阿里云号码认证服务(PNVS) | 你的手机号 | 中国大陆 | 手机号归属与可达性校验 |
| Apple 推送服务(APNs) | 设备令牌、推送 payload(标题/正文) | 美国及全球节点 | 由苹果向你的设备投递推送 |
5.2 跨境传输声明(PIPL §38–39)
本应用为完成核心天气分析功能,需要将地点经纬度与查询日期发送至 Open-Meteo(位于德国,欧盟)。该传输不包含你的身份字段(不携带账号 ID、邮箱、手机号、IP 地址)。
Apple 推送服务(APNs)由苹果公司在全球节点运营,设备令牌与推送内容会在传递过程中经过苹果境外节点。
你授权同意:启用本应用即表示你授权我们为实现上述功能进行必要的跨境传输。如你不同意,请停止使用相关功能。
5.3 设备本地直连的服务
在反向地理编码(经纬度 → 地名)等场景中,Flutter geocoding 插件会在你的设备本地直接调用 Apple CoreLocation 或 Google Geocoding 服务。该过程不经过我们的后端,相关数据流由苹果或谷歌依据其各自隐私政策处理:
- Apple 隐私政策:apple.com/legal/privacy
- Google 隐私政策:policies.google.com/privacy
5.4 我们不做的事
- 不向广告商、数据经纪商或第三方营销公司出售你的个人信息
- 不集成第三方分析(如 Firebase Analytics、Crashlytics、Sentry、神策、友盟)SDK
- 不集成广告 SDK
- 不进行跨应用 / 跨网站的用户跟踪
6. 日志与安全
6.1 安全相关日志
为防范账号盗用、滥用攻击与诊断故障,我们在后端记录以下日志:
| 日志 | 内容 | 保留 |
|---|---|---|
| 通用 API 访问采样 | 请求方法、路径、状态码、耗时、客户端 IP | ~7 天 |
| 外部调用审计采样 | 我们对外(如阿里云、Open-Meteo)调用时的请求参数 | ~90 天 |
重要披露:外部调用审计采样会以明文记录我们发送给阿里云的邮箱、手机号,以及发起请求时的客户端 IP 地址。这一明文保留是出于安全审计目的(验证滥用账号溯源、排查发码故障),仅在内部监控后台可见,不对外暴露任何 API。
如果你不希望此类日志保留,可通过删除账号操作触发清理(详见第 4.3 节)。
6.2 安全措施
- 密码以 bcrypt(rounds=12)单向哈希存储,我们无法还原明文
- 验证码以 SHA256 哈希存储,TTL 5–15 分钟
- 刷新令牌以哈希形式存储,绑定设备
- 客户端 JWT 刷新令牌存储于 iOS Keychain(硬件加密)
- HTTPS 全链路传输
- 后端服务器仅监听本地端口,对外通过 nginx 反向代理
虽然我们采取了上述合理措施,但请理解互联网传输不存在绝对安全。请妥善保管你的登录密码,不要与他人共享。
7. 你的权利
依据《个人信息保护法》(PIPL)、欧盟《通用数据保护条例》(GDPR)及加州《消费者隐私法》(CCPA)等法律法规,你享有以下权利:
| 权利 | 实现方式 |
|---|---|
| 查询 | App 内"设置 → 用户管理"查看你的账号信息;其他数据可发邮件请求导出 |
| 更正 | App 内修改用户名、订阅设置;邮箱/手机号可通过"绑定/解绑"流程更换 |
| 删除(被遗忘权) | App 内"设置 → 用户管理 → 删除账号",立即生效不可撤销 |
| 撤回同意 | 关闭推送权限可停止推送;删除账号即撤回全部同意 |
| 复制(数据可携带) | 发邮件至下述联系方式申请,我们将在 30 日内提供 JSON 格式的可携带副本 |
| 拒绝自动化决策 | 本应用不进行画像分析或对你产生重大影响的自动化决策 |
| 投诉举报 | 可向 cyberspace.gov.cn(中国) / 当地数据保护机构(欧盟) / oag.ca.gov(加州)投诉 |
行使上述权利完全免费,并且不会影响你已享有的服务质量。
8. 未成年人保护
本应用仅面向 17 周岁及以上成年人,App Store 年龄分级为 17+。
- 我们不会有意收集 17 周岁以下未成年人的个人信息。
- 如你未满 17 周岁,请勿注册或使用本应用。
- 如发现误注册的未成年账号,我们将主动删除其账号与全部相关数据;监护人也可通过下述联系方式申请代为删除。
我们遵守美国《儿童在线隐私保护法》(COPPA)以及中国《个人信息保护法》第 31 条对未成年人个人信息的特别规定。
9. Cookie 与类似技术
本应用本身不使用浏览器 Cookie。但在以下场景会使用类似的本地标识:
| 标识 | 类型 | 存储位置 | 用途 |
|---|---|---|---|
| X-Client-Id | UUID v4 | 设备 SharedPreferences | 区分不同安装的客户端,用于运维与限流 |
| 访问令牌(JWT) | Bearer Token | iOS Keychain | 维持登录态 |
| 刷新令牌 | Bearer Token | iOS Keychain | 自动续期登录态 |
卸载本应用即清除上述全部本地标识。
10. 政策变更
我们可能基于法律变化或服务调整修订本政策。
- 一般性修订(如修正错别字):直接更新本页面,并刷新文末"最近更新"日期
- 重大修订(涉及收集范围扩大、用途变更、第三方接收方新增等):在 App 启动时弹窗提示,并提前 14 天生效;如新条款需要你额外同意,将通过弹窗征得你的明确同意
历史版本可通过下述邮箱索取。
11. 联系我们
如对本政策、你的个人信息处理或行使任何权利有疑问,请通过以下方式联系我们:
- 运营主体:王海林(个人开发者)
- 联系邮箱:heedsky26@gmail.com
- 响应时限:我们将在收到请求后 15 个工作日内回复;涉及复杂请求最长不超过 30 日
12. 法律适用与争议解决
本政策的制定、解释及适用,受中华人民共和国相关法律管辖。如就本政策内容或本应用使用产生争议,应首先通过友好协商解决;协商不成的,提交开发者经常居住地有管辖权的人民法院诉讼解决。
如你位于欧盟、英国、加州等司法辖区,相关本地强制性消费者保护法律亦适用。
Heedsky Privacy Policy
Introduction
Heedsky (Chinese name: 天气有数, hereinafter "the App") is a smart weather-planning application independently developed and operated by WANG HAILIN (hereinafter "we", "us"), an individual developer. The App helps you identify optimal weather windows and subscribe to weather-change notifications.
We respect your personal information and protect it in accordance with applicable law. This Privacy Policy explains what information we collect, how we use and protect it, and the rights you have. We encourage you to read this policy in full. By continuing to use the App, you confirm that you have read, understood, and agree to this policy.
If you have any questions, contact us via Section 11 below.
1. Scope
This policy applies to the iOS / Android client of Heedsky and our backend services.
This policy does not apply to:
- Third-party services accessed via links from within the App (e.g., Apple's App Store in-app pages)
- Operating-system level services on your device (e.g., iOS system Location Services settings)
2. Information We Collect
2.1 Information You Actively Provide
| Category | Fields | Purpose |
|---|---|---|
| Account identifier | Email or phone number (one of two) | Registration, login, password recovery, account notices |
| Account credential | Login password | Stored only as a one-way bcrypt (rounds=12) hash; we cannot recover the plaintext |
| Username | Display name | Personalization |
| Saved places | Place name, latitude, longitude, notes | "My Favorites" feature |
| GPX track files | Track-point sequences you actively import via the system Share menu | Display routes on the map; provide per-day weather analysis on track segments |
| Subscription settings | Monitored coordinates, rule parameters, effective date range, device timezone offset | Periodically check weather and trigger rule-matched notifications |
2.2 Information Collected Automatically
To provide the service and maintain security, we automatically collect the following while you use the App:
| Category | Specifics | Trigger |
|---|---|---|
| Push token | APNs (iOS) device token | Issued by the OS after you grant push permission |
| Install identifier | X-Client-Id (UUID v4 generated on first launch) | Persisted on device; included as an HTTP header on every API request |
| Device metadata | Device name (returned by iOS), platform | Push registration and device management |
| Network info | IP address used to reach our backend | Captured by the server when receiving HTTP requests |
| Usage logs | Request path, response status, duration | Backend operations and performance diagnostics |
| Browse history | Recent searches (place + date), recent catalog browses | "Recently Viewed" features |
| Notification history | Title, body, match details of subscription notifications already sent | Display in the in-app notification center |
2.3 Location Information
The App accesses location only as follows:
- Foreground, one-shot only: triggered solely when you actively tap "Use current location" or similar; uses iOS
WhenInUseto fetch a single coordinate. - No background location tracking.
- No continuous reporting of your real-time position.
The retrieved coordinate may be used to: compute local weather on-device or save as a favorite (only if you explicitly choose to save).
If you decline location permission, the App still functions via manual input or place search; only the "Use current location" button becomes unavailable.
2.4 Information We Do Not Collect
We commit that we do not collect:
- Contacts, camera, microphone, photo library, health data, motion data
- Any financial accounts, payment information, or biometric data
- Cross-app or cross-website browsing or advertising identifiers (the App integrates no advertising SDKs and no App Tracking Transparency tracking)
- Device IDFA / IDFV / Android Advertising ID
3. How We Use Information
We use the information above for:
- Core functionality — weather analysis and window detection based on your locations and subscription rules; pushing match notifications.
- Account system — registration verification, login, password recovery, account deletion.
- Security & abuse prevention — login-failure rate limiting, verification-code throttling, anomalous-request detection.
- Service operations — diagnosing failures, tuning performance, and tracking endpoint availability via request logs.
- Legal compliance — cooperating with regulators when lawfully required.
We do not use this information for advertising targeting, profiling for sale, or sharing with third-party marketing campaigns.
4. Storage and Retention
4.1 Storage Location
Our backend servers are located in mainland China. All user databases (accounts, subscriptions, favorites, notification history, etc.) are stored on servers within China.
A small amount of data leaves China only as strictly required for functionality. See Section 5 for details.
4.2 Retention Periods
| Data | Retention |
|---|---|
Account identity and credentials (users table) | While your account exists; cascaded delete on account deletion |
Push tokens (devices) | While your account or session is active; revoked on logout |
Refresh tokens (auth_sessions) | 90 days by default; revoked on logout |
| Subscriptions, favorites, GPX | While your account exists or until you delete them; cascaded delete on account deletion |
| Notification history | 120 days, then automatically purged |
| Verification-code send log | ~24 hours (rate-limit window) |
| Login attempts | ~5 minutes (sliding rate-limit window) |
| Server request samples (monitoring) | ~7 days, used for operations diagnostics only |
| External-call audit samples | ~90 days; see Section 6 |
4.3 Deletion Mechanism
You may submit a deletion request from Settings → Account → Delete Account within the App. Confirmation requires your current password. Upon submission we immediately:
- Hard-delete your row in the
userstable - Cascade-delete your sessions, devices, subscriptions, notification history, favorites, GPX data, and recent search/browse records
- Purge rate-limit and code-send records bound to your email/phone
- Best-effort scrub of monitoring-store audit samples linked to you
Account deletion is irreversible. After completion, we retain no business data linkable to your identity.
5. Third-Party Sharing and Cross-Border Transfer
To provide essential functionality, the App interacts with the following third parties under strictly limited scopes.
5.1 Third-Party Inventory
| Recipient | Data Shared | Country / Region | Purpose |
|---|---|---|---|
| Open-Meteo | Latitude, longitude, query date range | Germany (EU) | Retrieve weather forecast data |
| Aliyun DirectMail | Your email address, verification code | Mainland China | Deliver email verification codes |
| Aliyun SMS | Your phone number, verification code | Mainland China | Deliver SMS verification codes |
| Aliyun Phone Number Verification (PNVS) | Your phone number | Mainland China | Phone-number ownership and reachability checks |
| Apple Push Notification service (APNs) | Device token, push payload (title/body) | United States and global edges | Apple delivers push notifications to your device |
5.2 Cross-Border Transfer Notice (PIPL §38–39 / GDPR Chapter V)
To complete core weather analysis, we send coordinates and query dates to Open-Meteo (located in Germany, EU). This transfer does not include your identity (no account ID, email, phone, or IP).
Apple Push Notification service (APNs) is operated by Apple Inc. on global infrastructure; device tokens and push payloads transit Apple's overseas nodes during delivery.
Your authorization: by using the App you authorize the cross-border transfers necessary for the functionality above. If you do not consent, please discontinue using the relevant features.
For users in the EU/UK, the lawful basis for these transfers is performance of a contract (Article 49(1)(b) GDPR). For users in California, see Section 7 for your CCPA rights.
5.3 Services Called Directly From Your Device
For reverse geocoding (coordinate → place name) the Flutter geocoding plugin invokes Apple CoreLocation or Google Geocoding directly on your device. These calls do not pass through our backend, and the data is handled per the respective providers' privacy policies:
- Apple Privacy Policy: apple.com/legal/privacy
- Google Privacy Policy: policies.google.com/privacy
5.4 What We Do Not Do
- We do not sell your personal information to advertisers, data brokers, or third-party marketers.
- We do not integrate third-party analytics SDKs (e.g., Firebase Analytics, Crashlytics, Sentry, Sensors Analytics, Umeng).
- We do not integrate advertising SDKs.
- We do not track users across apps or websites.
6. Logging and Security
6.1 Security-Related Logs
To prevent account abuse and diagnose failures, our backend retains the following logs:
| Log | Contents | Retention |
|---|---|---|
| General API request samples | Method, path, status code, duration, client IP | ~7 days |
| External-call audit samples | Request parameters when we call external services (e.g., Aliyun, Open-Meteo) | ~90 days |
Important disclosure: External-call audit samples retain in plaintext the email or phone number we send to Aliyun, plus the client IP of the originating request. This plaintext retention exists for security-audit purposes (tracing abuse, diagnosing code-delivery failures); it is visible only to internal monitoring tooling and is not exposed via any public API.
If you do not wish such logs retained, deleting your account triggers their cleanup (see Section 4.3).
6.2 Security Measures
- Passwords stored as one-way bcrypt hashes (rounds=12); we cannot recover the plaintext
- Verification codes stored as SHA-256 hashes with 5–15 minute TTL
- Refresh tokens stored as hashes, bound to the issuing device
- Client-side JWT refresh tokens kept in iOS Keychain (hardware-backed encryption)
- HTTPS used end-to-end
- Backend server listens only on localhost; external traffic enters through nginx reverse proxy
While we apply reasonable safeguards, please understand that no internet transmission is absolutely secure. Please keep your password confidential.
7. Your Rights
Under the Personal Information Protection Law of the People's Republic of China (PIPL), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) (where applicable), you have:
| Right | How to Exercise |
|---|---|
| Access | View your account information at "Settings → Account"; request export of other data via the contact email |
| Rectification | Edit username and subscription settings in-app; change email/phone via the bind/unbind flow |
| Erasure (Right to be Forgotten) | "Settings → Account → Delete Account" — immediate and irreversible |
| Withdraw consent | Disable push permission to stop notifications; deleting your account withdraws all consent |
| Portability | Email us to request your data in JSON format; we deliver within 30 days |
| Object to automated decision-making | The App performs no profiling or automated decisions that produce legal effects on you |
| Lodge a complaint | China: cyberspace.gov.cn / EU: your local DPA / California: oag.ca.gov |
Exercising these rights is free of charge and will not degrade your service quality.
For California residents (CCPA "Do Not Sell or Share"): We do not sell your personal information and do not share it with third parties for cross-context behavioral advertising. No opt-out is required because the conduct does not occur.
8. Children's Privacy
The App is intended only for adults aged 17 and above and is rated 17+ on the App Store.
- We do not knowingly collect personal information from individuals under 17.
- If you are under 17, please do not register or use the App.
- If we discover an under-age account was created in error, we will proactively delete the account and all related data; a guardian may also request deletion via the contact below.
We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and the special provisions of PIPL Article 31 on minors' personal information.
9. Cookies and Similar Technologies
The App itself does not use browser cookies, but the following local identifiers serve a similar role:
| Identifier | Type | Storage | Purpose |
|---|---|---|---|
| X-Client-Id | UUID v4 | Device SharedPreferences | Distinguish installations for ops and rate limiting |
| Access token (JWT) | Bearer token | iOS Keychain | Maintain login session |
| Refresh token | Bearer token | iOS Keychain | Automatic session renewal |
Uninstalling the App clears all local identifiers above.
10. Policy Changes
We may update this policy due to legal or service changes.
- Minor edits (e.g., typo fixes): updated in place; the "Last Updated" date at the top is refreshed.
- Material changes (expanded collection scope, new purposes, new recipients, etc.): an in-app banner will display on launch with at least 14 days' notice; if the new terms require your additional consent, we will solicit it explicitly.
Historical versions are available upon email request.
11. Contact Us
For questions about this policy, your personal information, or to exercise any right above, contact:
- Operator: WANG HAILIN (individual developer)
- Email: heedsky26@gmail.com
- Response time: we respond within 15 working days of receipt; complex requests may take up to 30 days.
12. Governing Law and Disputes
This policy is governed by and construed in accordance with the laws of the People's Republic of China. Disputes arising from this policy or use of the App should first be resolved through good-faith negotiation; failing that, brought to the people's court with jurisdiction over the developer's habitual residence.
If you reside in the EU, the UK, California, or another jurisdiction with mandatory local consumer-protection laws, those local laws also apply to the extent required.