我们不收集 IDFA、不进行广告归因、不进行跨应用追踪;iOS 端未集成 App Tracking Transparency 提示框,因为我们不存在需 ATT 授权的场景。
2.4 位置信息
信息
收集目的
触发场景
保存期限
精确位置(经纬度,单次)
反向地理编码定位到最近的城市
仅在您主动点击"使用我的位置"时获取,定位完成后即弃用,不存储原始经纬度
不存储
城市代码(city slug)
演出筛选、推送地区匹配
定位成功或您手动选择城市后
账号存续期间,可在设置中切换
位置权限完全可选;不授权时您仍可手动选择城市使用全部功能。您可在系统设置随时撤销定位权限。
2.5 使用与行为数据
信息
收集目的
触发场景
保存期限
搜索关键词(去标识化,不与您的账号关联)
改进搜索、修正分类、发现内容缺口等产品优化
使用搜索功能时由服务端记录
以去标识化形式留存用于产品优化(详见下方说明)
页面浏览路径(演出/作品/作曲家/演奏家详情)
产品改进、内容优化
浏览相应页面时
后端 90 天
收藏、关注(演出/作曲家/演奏家/作品/城市)
提供个性化列表与到时提醒
您主动收藏/关注时
账号存续期间,可随时取消
聆听完成记录(曲目自然播放至结束时记录作曲家、作品 MBID、时长)
统计聆听时长,为未来勋章/成就系统提供基础
仅当曲目自然播放完毕;跳过、暂停超时不记录
账号存续期间,可在"设置 — 听记数据"中清除
近期播放专辑 ID
本地回放队列恢复、避免重复推荐
播放专辑时
仅存于设备本地(UserDefaults / DataStore),不上传后端
客户端埋点(屏幕浏览、按钮点击、推送打开等基础事件)
产品迭代分析、转化漏斗
对应交互发生时;批量上报到后端 POST /api/v1/track/events
后端 90 天后自动清除(按代码 cleanup_old_partitions 执行)
关于搜索关键词的特别说明:为优化搜索质量、修正内容分类、发现内容缺口,我们在服务端记录提交至本服务的搜索词。该记录不与您的账号或个人身份关联——我们不在该搜索语料中保存指向您账号的标识;其中涉及的 IP 地址仅以每日轮换的加盐哈希形式记录,无法用作跨日的稳定身份标识。因此该搜索词语料属于去标识化数据,仅用于产品优化与运营分析,不构成对您个人的画像或自动化决策。
Summary: This Privacy Policy is published by Shanghai Yufang Information Technology Co., Ltd. (Unified Social Credit Code 91310110MA1G84ER80; "Xiang", "we", "us") and applies to the Xiang Classical Music iOS app, Android app (Google Play global edition), Android app (mainland-China edition), and the website bwv988.com (collectively, the "Service"). For users in the European Economic Area / UK, see §10A (UK & EU GDPR). For California residents, see §10B (CCPA/CPRA).
1. Controller & Scope
1.1 Controller (Data Controller / 个人信息处理者)
Legal name: Shanghai Yufang Information Technology Co., Ltd. (上海禹放信息科技有限公司)
We have not designated a formal EU/UK Article 27 representative. Users in the EEA/UK may exercise rights directly via privacy@bwv988.com in English or Chinese; we respond within 30 days.
1.2 Scope
This Policy applies when you use the Xiang iOS app, either Android edition, or the bwv988.com / xiang.bwv988.com websites. It does not govern third-party services (Apple, Tencent/WeChat, Spotify, Google, Sentry, etc.), which process your data under their own policies.
1.3 Legal basis
We process your personal information under: (a) PRC Personal Information Protection Law ("PIPL") for users in mainland China; (b) UK GDPR / EU GDPR for users in the UK and EEA (see §10A); (c) California Consumer Privacy Act / CPRA for California residents (see §10B). The lawful bases under GDPR are: performance of contract (Art. 6(1)(b)) for account, payments, and core functions; legitimate interests (Art. 6(1)(f)) for security, fraud prevention, and product analytics on aggregated data; consent (Art. 6(1)(a)) for non-essential push notifications, optional crash reporting, and cross-border transfers; legal obligation (Art. 6(1)(c)) where applicable.
2. Information We Collect
We collect only what is necessary to operate the Service. You can refuse any category below; refusal may disable the related feature but not the rest of the Service. The exhaustive matrix is in Data Collection Inventory.
2.1 Account & identity
Apple ID subject identifier and (optional) email when you use Sign in with Apple
WeChat OpenID, UnionID, nickname, avatar when you use WeChat login (Android China edition only)
Your chosen nickname and avatar
Internal account UUID
2.2 Device & log
Device model, OS version, app version, locale (sent in API request headers)
IP address (captured at edge; retained 90 days)
iOS IDFV / Android Instance ID (for push-token binding and anti-duplicate-registration)
Wi-Fi SSID, Wi-Fi BSSID, and MAC address — collected by the JPush SDK for push-channel maintenance, device identification, and security (Android China edition only; collected only after you accept this Policy, since JPush does not initialize before then)
Crash stack traces and runtime context via Sentry (no user input content)
We do not collect IDFA; we do not perform cross-app tracking; iOS App Tracking Transparency is not used because no tracking is performed
2.3 Location
Precise coordinates (lat/lng) only when you tap "Use my location"; reverse-geocoded immediately; raw coordinates are not stored
City slug (retained while account exists; switchable)
2.4 Usage & behavior
Search keywords — captured server-side, de-identified and not linked to your account, retained for search/product optimization (any IP address is stored only as a daily-rotated salted hash and cannot serve as a stable identifier; we do not use this corpus to profile you or make automated decisions)
Page views, follows, favorites
Listening completion records (composer, work MBID, duration; only when the track plays to natural end)
Client analytics events (screen view, button tap, push open) batch-uploaded to our backend; auto-purged after 90 days
2.5 Subscription & payment
App Store receipt + original_transaction_id (iOS)
Google Play purchase token (Android global)
Alipay / WeChat Pay order ID + status (Android China; one-time prepayment only; we never receive card numbers, CVV, or passwords)
Subscription type and validity
2.6 Push notifications
APNs device token (iOS) → Apple Inc.
FCM token (Android global) → Google LLC
JPush registration ID (Android China; not initialized until you accept this Policy)
2.7 System permissions
Calendar (write-only) — only when you add a concert to "Xiang Music Calendar"
Photo Library (write-only, iOS) — only when you save a shared poster
We do not request bluetooth, microphone, or contacts
3. Third-Party SDKs
Full SDK matrix with vendor, version, data collected, and vendor privacy URL: Third-Party SDK List. Vendors include Apple, Tencent (WeChat), Spotify, Google (Firebase, Play Billing), Sentry, Jiguang (JPush), Alipay, Alibaba Cloud.
4. How We Use Information
Operate your account; deliver subscription benefits
Show concert information; let you filter, favorite, calendar-add
Play tracks via Apple Music or Spotify
Send notifications about events you follow
Process subscription purchases and renewals
Customer support and disputes
Diagnose stability and improve product (aggregated, de-identified)
Detect abusive behavior; comply with legal obligations
No automated decision-making with legal or similarly significant effect is applied to you. Our Discover surface is not user-level personalized.
5. Sharing, Processing & Disclosure
We do not sell your personal information. We do not "share" personal information for cross-context behavioral advertising as defined by CCPA/CPRA. We share only as follows:
With your consent: identity returned by Apple (Sign in with Apple), Tencent (WeChat login)
Legal obligations: when required by law, court orders, or regulators
Business transfers: in case of merger/acquisition; we will notify you and require continued protection
Affiliates: as of the last-updated date, we have no affiliate companies receiving your personal information
6. International Data Transfers
Our primary servers are in mainland China (Alibaba Cloud, East-1 Hangzhou / East-2 Shanghai). The following data necessarily crosses borders; full matrix in Cross-Border Transfer Inventory:
APNs device token + payload → Apple Inc. (United States)
FCM token + payload → Google LLC (United States; Android global edition only)
Apple Music catalog queries + MusicKit user tokens → Apple Music (United States)
Spotify OAuth tokens + playback commands → Spotify AB (Sweden/EU; only when you use Spotify)
Crash diagnostics → Sentry / Functional Software, Inc. (United States/EU; can be disabled in Settings → Privacy → Crash Diagnostics)
For users in mainland China: by accepting this Policy you provide PIPL Art. 39 separate consent for the above transfers (see Chinese §6).
For users in the UK / EEA: transfers from EEA/UK to recipients outside (a) the EEA or (b) a country with adequacy decision rely on the following safeguards under GDPR Chapter V: contractual safeguards with the recipient (where available); your explicit consent under Art. 49(1)(a); transfers necessary for performance of the contract you have with us (Art. 49(1)(b)); or transfers necessary for important reasons of public interest (Art. 49(1)(d)). Note that data stored on our primary servers resides in mainland China; you can request more information about the corresponding safeguards via privacy@bwv988.com.
7. Retention
Account, subscriptions, favorites — for the life of the account; deleted or anonymized within 15 business days after account deletion
Listening completion records — life of account; user-clearable
Analytics events, device logs — 90 days
De-identified search-term corpus — retained for product optimization in de-identified form, not linked to your account (IP stored only as a daily-rotated salted hash)
Payment vouchers — 24 months after subscription end (financial record duty)
Notification delivery logs — 12 months
Anti-abuse / security logs — 6 months
8. Security
TLS 1.2+ in transit
iOS Keychain / Android EncryptedSharedPreferences (AES-256-GCM) for auth tokens
Least-privilege access, separation of duties, operational audit
Regular backups and vulnerability scanning
Incident response: notify regulators and affected users per PIPL Art. 57 / GDPR Art. 33–34 (72-hour breach notification to supervisory authority where applicable)
9. Your Rights (Common)
Right to know how we process your data (this Policy)
Right to access and copy your data
Right to portability (structured, commonly used, machine-readable)
Right to correct or complete your data
Right to delete your data and withdraw consent
Right to restrict or object to processing
Right to an explanation of processing rules
Right to lodge a complaint with a supervisory authority
To exercise any right: email privacy@bwv988.com with subject "Privacy Rights Request". We respond within 30 days (PIPL: 15 business days; GDPR: 30 days, extendable by 60 in complex cases with notice).
10A. UK & EU GDPR — Additional Rights
If you are in the UK or EEA, you also have the following rights under UK GDPR / EU GDPR:
Right of access (Art. 15) — confirmation that we process your data and a copy
Right to rectification (Art. 16)
Right to erasure / "to be forgotten" (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21), including to processing based on legitimate interests
Rights related to automated decision-making (Art. 22) — we do not perform such decisions
Right to withdraw consent at any time (Art. 7(3)) without affecting prior lawful processing
Right to lodge a complaint with your local supervisory authority — e.g. the Information Commissioner's Office (UK), or the Data Protection Authority in your EU member state
You will not be discriminated against for exercising any of these rights. Where we rely on legitimate interests, you may request a copy of our balancing test via the privacy contact email.
10B. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by CPRA:
Right to know what categories of personal information we collect, the sources, the business purposes, and the categories of recipients
Right to access the specific pieces of personal information we hold
Right to delete, subject to statutory exceptions
Right to correct inaccurate personal information
Right to opt-out of sale or sharing — we do not sell or share personal information as those terms are defined in CCPA/CPRA. We therefore do not display a "Do Not Sell or Share My Personal Information" link; this paragraph serves as the notice.
Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right
Right to non-discrimination for exercising these rights
Categories of personal information collected in the prior 12 months (per CCPA categories): Identifiers (Apple ID, OpenID, IP, IDFV/Instance ID, account ID); Customer Records (nickname, email); Commercial Information (subscription transactions); Internet/Electronic Activity (page views, search history within Service); Geolocation Data (city only); Audio/Visual (none); Inferences (none used to build user profiles).
To submit a verifiable consumer request, email privacy@bwv988.com. We will verify your identity by matching the email to your account record or by sending a verification challenge to the email on file.
11. Account Deletion
In-app: Settings → Account → Delete Account
By email: privacy@bwv988.com (please email from your registered address for identity verification)
After deletion: data deleted or anonymized within 15 business days (except where retention is required by law); paid subscriptions terminate without refund from us (request refunds through Apple/Google as applicable); your publicly shared content may remain visible in other users' collections.
12. Children
The Service targets users aged 14 and older. We do not knowingly collect personal information from children under 14 (PRC) or under 13 (US COPPA). If you are a parent or guardian and believe we have collected such information, please contact privacy@bwv988.com; we will delete it promptly. Full details in Children's Privacy Notice.
13. Cookies & Local Storage
The website uses a minimal set of strictly necessary cookies (e.g. language preference). The mobile apps use iOS UserDefaults/Keychain or Android DataStore/EncryptedSharedPreferences as the local-storage equivalent. Uninstalling the app removes all local storage.
14. Policy Updates
We may update this Policy. For material changes we will give at least 30 days' advance notice via in-app banner; if you have provided an email, we will also email you. The "Last updated" date at the top of this page is authoritative. Continued use after the effective date constitutes acceptance; if you disagree, please stop using the Service and delete your account.
15. Contact
Entity: Shanghai Yufang Information Technology Co., Ltd. (上海禹放信息科技有限公司)