Light Book Privacy Policy
Effective: May 27, 2026 · Last updated: June 11, 2026
This App has completed the Mobile Application Filing required by the Ministry of Industry and Information Technology of the People's Republic of China. Filing number: 浙ICP备2025189356号-4A.
1. Overview
Light Book (the "App" or "Service") is developed and operated by Ningbo Tangxiaoyuan Technology Co., Ltd. ("we", "us", "our"). We take your privacy seriously. This Privacy Policy explains what personal information we collect, how we use, store, share and protect it, and what rights you have.
Please read this Policy carefully before using the App. You must explicitly accept this Policy via the in-app consent flow on first launch in order to use the App's core features. If you do not agree, please decline and stop using the App; you may close and uninstall the App without leaving any account data behind.
The App involves the following cross-border transfers. Accepting this Policy is deemed your overall consent (you can later withdraw analytics consent at "Settings → Data & Privacy"; image generation and in-app purchase transfers are necessary for those features to operate, and using them is deemed consent):
- Analytics events: the App uses the logtrace analytics service whose ingestion endpoint (
logtrace.deeptrans.pro) resolves to Cloudflare's global edge network; your event data may be ingested via overseas edge nodes. You can disable this anytime at Settings → Data & Privacy → Help improve Light Book; the client immediately clears its pending event buffer and stops further uploads.
- Image generation: depends on overseas recipients (Cloudflare-hosted image-generation models).
- In-app purchase: handled by Apple.
The lawful basis for the above is PIPL Article 13(1) "necessary for entering into or performing a contract to which the individual is a party" together with your explicit consent expressed by accepting this Policy. Crash logs are collected per §9 on the basis that ensuring service stability is necessary for the provision of the App; this is independent from the analytics switch above.
2. Information We Collect
To provide the App's features, we collect the following personal information, in the minimum scope necessary:
2.1 Account and identity
- Email address: for registration, login, password recovery and important notifications.
- Email verification code: to verify email ownership.
- Password: stored only as a bcrypt one-way hash; we cannot recover the plaintext.
- Account metadata: registration time, last-active time, device model.
2.2 Profile
- Avatar: the avatar image you upload, stored under your account directory in Alibaba Cloud OSS.
- Display name and preferences: nickname, language, theme and other in-app settings you set.
2.3 User content
- Conversation messages: all messages you exchange with the AI assistant (text, attachment references, etc.).
- Notes: all notebooks and note bodies you create.
- Uploaded files: all files you upload to "My Files", stored on Alibaba Cloud OSS.
- Generated content: images, videos, code, documents generated by the AI in your conversations.
- AI memory: with your authorisation, preferences and facts automatically extracted from your conversations (e.g. "likes lattes"), used to make subsequent conversations more coherent.
2.4 Subscription and transactions
- The transaction receipt (JWS) and subscription state (active / grace / expired) issued by Apple StoreKit.
- App Account Token: a UUID passed through by iOS during purchase, used to attribute the subscription accurately to your account.
- Renewal window and expiry time, used to display remaining Pro entitlement.
We do not collect your Apple ID password, credit card number or other payment details. All payment occurs inside Apple's App Store.
2.5 Usage and logs
- Usage metrics: conversation tokens, image generations, file-storage usage, tool-call counts — used for quota accounting and billing.
- Error logs: backend errors and client crash reports, used for debugging and stability improvement.
- Product analytics events: in-app actions such as app launch, sending a chat, opening the paywall, tapping subscribe, hitting a quota or stream interruption; together with the app version, device model, OS version, and a device-level random UUID (generated on first launch, not IDFA / IDFV) used to link events from the same device. After you log in, these events are associated with your account; while logged out, only the device-level UUID is recorded. Used for product improvement, conversion-funnel analysis and anomaly diagnosis.
- You can disable this collection at any time via Settings → Data & Privacy → Help improve Light Book. Crash logs remain enabled afterwards for the reason set out in §9.
- Access IP and timestamps, used for security audit, anti-abuse and anomalous-login detection.
3. How We Use Your Information
We use your personal information only for the following purposes:
- to provide the App's core features (account, conversation, notes, files, subscription);
- to forward your conversations and attachments to third-party AI models so responses can be generated;
- where you have opted in, to extract and use AI memory to personalise conversations;
- to calculate and deduct your quotas, and to settle subscription fees;
- to send service-related notifications (subscription status, security alerts, policy updates);
- to perform security protection, risk control and compliance audit;
- to perform product-usage analytics, conversion-funnel analysis and stability diagnosis to continuously improve the App;
- to comply with applicable laws and regulations.
Special notice on AI model training
This is one of users' most-asked questions; we are explicit:
- We do not train AI models ourselves. We do not use your conversation content, note bodies or uploaded files to train any AI model operated by us.
- Third-party AI providers may use your data for training. When your conversations are forwarded to DeepSeek, Alibaba Qwen, OpenRouter-aggregated overseas models, Cloudflare AI Gateway or other third-party providers to generate responses, whether that data is used by the provider to improve or train their models is governed by each provider's own terms of service. We use these providers' standard APIs and have not signed special commercial agreements with them excluding training use. Please refer to each provider's published terms for specifics.
- If you do not want your conversation content used for training, we recommend: (i) not sending sensitive personal or commercial-secret information; (ii) following each provider's privacy-policy changes; (iii) contacting us so we can evaluate offering "no-train" paid model options; (iv) for stricter on-premise solutions, contact us to discuss enterprise options.
Prohibited uses
Without your separate, explicit consent, we will not:
- use your personal information for automated decision-making (personalised recommendations, profiling for marketing);
- use your personal information for advertising or share it with ad networks;
- sell your conversation content, notes or files to any third party.
4. Third-Party Sharing
To deliver the App's features, we share the minimum necessary data with the third-party providers below. We have entered into data-processing agreements with each, requiring them to process your data solely for the purposes set out in this Policy.
| Category |
Provider |
Data shared |
Purpose |
Cross-border? |
| Large language models |
Hangzhou DeepSeek AI Co., Ltd. |
Your conversation content, system prompts, attachment excerpts |
Generate AI responses; conversation data may be used by this provider for model training or improvement per their standard API terms |
No (mainland China) |
| Alibaba Cloud Tongyi Qianwen (Qwen) |
Same as above |
Generate AI responses; conversation data may be used by this provider for model training or improvement per their standard API terms |
No (mainland China) |
| Image generation |
Cloudflare (Gemini Image / Nano Banana) |
Prompts and reference-image bytes |
Generate or edit images |
Yes (overseas) |
| OpenRouter image models |
Prompts |
Generate images |
Yes (USA) |
| Web search |
Metaso (秘塔搜索) |
Your search query |
Return search results |
No (mainland China) |
| Tavily |
Your search query |
Return search results |
Yes (USA) |
| Object storage |
Alibaba Cloud OSS |
Your files, images, avatar |
Persistent storage |
No (mainland China) |
Third-party backup destinations (only triggered after you actively bind a destination and enable auto-backup or manually trigger a run) |
GitHub, Inc. |
Your note bodies, attachments (images / files), notebook structure; OAuth access token (stored on our server encrypted with AES-GCM) |
Back up your notes to a private repository under your own GitHub account, per your instruction |
Yes (USA) |
| Baidu Netdisk Open Platform (Beijing Baidu Netcom Science and Technology Co., Ltd.) |
Your note bodies, attachments (images / files); OAuth access token and refresh token (both stored on our server encrypted with AES-GCM); Baidu username (display only) |
Back up your notes to the authorized directory /apps/轻书笔记/ under your own Baidu Netdisk account, per your instruction |
No (mainland China) |
| Mobile payment |
Apple Inc. / App Store |
App Account Token, transaction identifiers |
Process subscription purchase, renewal, refund |
Yes (USA) |
| Email delivery |
SMTP email provider |
Your email address, verification-code content |
Send verification and password-recovery emails |
Depends on provider |
| Product analytics (first-party) |
Ningbo Tangxiaoyuan Technology Co., Ltd. (logtrace service on Cloudflare edge; recipient: Cloudflare, Inc.) |
Event name, event timestamp, device-level random UUID, session ID, user ID after login, app version, device model, OS version |
Product-usage analytics, conversion funnels and stability diagnosis; does not include conversation content or note bodies |
Yes (Cloudflare edge; recipient: Cloudflare, Inc.; requires your separate consent; can be revoked on first-launch consent screen or later in Settings) |
| Crash and exception reporting |
Tencent Bugly (Shenzhen Tencent Computer Systems Co., Ltd.) |
Crash stack, device model, OS version, app version, user ID after login, runtime snapshot |
Crash monitoring, ANR / lag monitoring and stability diagnosis (does not collect conversation or note content) |
No (mainland China) |
Special notice on cross-border data transfer (PIPL Article 39)
Some features of this App involve transferring your personal information to recipients outside mainland China. Pursuant to Article 39 of the Personal Information Protection Law of the PRC, we separately disclose the following:
- Overseas recipients:
- Processing purposes: image generation (Cloudflare-hosted models such as Gemini Image / Nano Banana); ingesting product-analytics events on overseas edge nodes (Cloudflare); processing in-app subscription purchases (Apple); backing up your notes to a private repository under your own GitHub account, per your instruction (GitHub).
- Processing methods: transmitted via HTTPS / TLS; processed by each overseas recipient according to its own privacy policy and terms of service.
- Categories of personal information:
- When using image generation: your prompts and uploaded reference-image bytes;
- When using Apple in-app purchase: App Account Token (UUID), transaction identifiers;
- When reporting analytics events: event name, device-level random UUID, session ID, user ID after login, app version, device model, OS version (does not include conversation or note content);
- When using GitHub backup: your note bodies, attachments (images / files), notebook structure, and the OAuth access token generated during authorization (stored on our server encrypted with AES-GCM).
- Exercising your rights: you may submit access, copy, deletion or withdrawal-of-cross-border-consent requests via the contact details in §11; for rights against the overseas recipient directly, please use the contact channels each recipient publishes.
- Consent mechanism: accepting this Policy is deemed your overall consent to the cross-border transfers above. Analytics is optional and can be revoked anytime at Settings → Data & Privacy → Help improve Light Book; GitHub backup is an optional feature — the cross-border transfer is only triggered after you actively complete the OAuth flow at Settings → Sync & Backup, and you may unbind on the same page to withdraw consent at any time; image generation and Apple in-app purchase transfers are necessary for those features to operate, with PIPL Article 13(1) as their lawful basis. Using the corresponding feature is deemed consent to the necessary transfer.
- Consequences of withdrawal: when you revoke analytics consent, the client immediately clears its pending event buffer and stops further uploads; when you unbind GitHub backup, the server immediately deletes the stored OAuth credentials for that destination, stops further backup runs, and attempts to revoke the granted authorization via the GitHub revoke-grant API (backup content already uploaded to the repository under your own GitHub account will not be auto-deleted; you can manage it on the GitHub side); other features (including image generation and in-app purchase) are unaffected.
We protect data in transit through TLS; our processing relationship with each overseas recipient is established under their respective public terms of service / data-processing agreements.
5. Storage Location and Retention
- Primary data location: account information, user content and files are stored in the Alibaba Cloud mainland China region.
- Retention:
- While your account is active: data is retained for as long as needed to provide the service.
- Upon account closure: all of your database rows are immediately deleted via cascading delete (
DELETE FROM users ... CASCADE), and all of your OSS objects are immediately deleted via prefix batch delete (app/{userID}/).
- Necessary logs (for security audit and legal retention obligations) are retained for at least 6 months as required by law.
6. Your Rights
Under the Personal Information Protection Law (PIPL), the Cybersecurity Law and related regulations you have the following rights:
- Access: view your account information, conversation history and file list in the "Me" section of the App.
- Right to obtain a copy (PIPL Article 45): you may contact us at the details in §11 to request a machine-readable copy (JSON) of your personal information (account data, conversation history, note bodies, file list). We will provide it within 15 business days.
- Correction: modify your avatar, nickname and settings in the App.
- Deletion:
- Delete a single conversation, message or file inline within the App.
- Close your account via "Me → Delete Account", which removes all your data.
- Withdraw consent:
- Disable behavioural analytics (including the related cross-border transfer): toggle off via Settings → Data & Privacy → Help improve Light Book; the client immediately clears its pending event buffer and stops further uploads. Crash logs continue to be collected as set out in §9, on the basis that ensuring service stability is necessary for the provision of the App;
- Disable optional features such as "AI memory" from in-app settings at any time.
- Training-data opt-out: if you do not want a specific conversation to potentially be used by a third-party AI provider for training (see "Special notice on AI model training" in §3), you may avoid sending sensitive personal or commercial-secret content, or contact us to request that we evaluate adding "no-train" paid model options.
- Algorithmic explanation (PIPL Article 48): you may contact us at the details in §11 to request an explanation of how this App processes your personal information; we will provide a plain-language explanation.
- Complaints: contact us using the details below. We will respond within 15 business days. If you are not satisfied with the outcome, you may also complain to the cyberspace, telecommunications or market-regulation authorities.
7. Cookies and Local Storage
The App does not embed any third-party tracking cookies. The client-side stores only:
- JWT tokens (so you stay logged in);
- user preferences (language, theme, behavioural-analytics opt-out flag, etc.);
- chat drafts and caches (kept on-device only, never uploaded);
- Device-level random UUID: generated on first launch and stored in UserDefaults; used only to link analytics events from the same device; not IDFA / IDFV; reset on uninstall + reinstall.
- Analytics event local buffer: pending events stored on-device while offline or on upload failure; batched on recovery; capped at 5 MB per device with FIFO eviction.
8. Children's Privacy
The App is not directed at children under 14. If you are under 14, please do not submit any personal information. If a guardian discovers that a child has used the App without consent, please contact us immediately and we will delete the relevant data.
Users between 14 and 18 should use the App under the supervision of a guardian and exercise caution when relying on AI-generated content.
9. Security Measures
- All client ↔ server traffic is encrypted with HTTPS / TLS.
- Passwords are stored as bcrypt hashes with per-user salt and cannot be reversed.
- OSS objects use private read/write access control and are only exposed to authorised users through short-lived signed URLs.
- Internal sensitive operations follow the principle of least privilege and are logged for audit.
- We perform regular security scanning and dependency updates.
10. Policy Updates
We may update this Policy as our business or applicable laws change. We maintain a version number (YYYY-MM-DD; see "Last updated" at the top of this page) and increment it for material changes (new data types, new third-party recipients, changes to cross-border transfer scope, changes to the withdrawal mechanism, etc.).
For material changes:
- On your next app launch you will see a mandatory consent prompt describing the main changes; you must re-read and accept before continuing to use core features;
- For changes affecting the scope of behavioural analytics (new recipients, new data fields, change of cross-border node, etc.), your previously-given consent is invalidated and the consent screen will appear again on next launch;
- For minor wording adjustments or expanded clarifications, only the date is updated and no fresh consent is required.
If you do not agree with the updated Policy, please decline and stop using the Service, or close your account at "Me → Delete Account" to remove all your data.
11. Contact Us
- Contact email: support@nbtxy.top
- For privacy-related matters (exercising your rights to access, copy, delete, withdraw consent, etc.), please include "Privacy" in the subject line; we will prioritise such messages and respond within 15 business days.
- Operator: Ningbo Tangxiaoyuan Technology Co., Ltd.
If you believe our processing of your personal information violates applicable laws, or your concerns are not resolved through us, you may also lodge a complaint with the competent cybersecurity, telecommunications or market-regulation authority in China.