中文 English

Light Book Privacy Policy

Effective: May 27, 2026 · Last updated: June 11, 2026

This App has completed the Mobile Application Filing required by the Ministry of Industry and Information Technology of the People's Republic of China. Filing number: 浙ICP备2025189356号-4A.

1. Overview

Light Book (the "App" or "Service") is developed and operated by Ningbo Tangxiaoyuan Technology Co., Ltd. ("we", "us", "our"). We take your privacy seriously. This Privacy Policy explains what personal information we collect, how we use, store, share and protect it, and what rights you have.

Please read this Policy carefully before using the App. You must explicitly accept this Policy via the in-app consent flow on first launch in order to use the App's core features. If you do not agree, please decline and stop using the App; you may close and uninstall the App without leaving any account data behind.

The App involves the following cross-border transfers. Accepting this Policy is deemed your overall consent (you can later withdraw analytics consent at "Settings → Data & Privacy"; image generation and in-app purchase transfers are necessary for those features to operate, and using them is deemed consent):

The lawful basis for the above is PIPL Article 13(1) "necessary for entering into or performing a contract to which the individual is a party" together with your explicit consent expressed by accepting this Policy. Crash logs are collected per §9 on the basis that ensuring service stability is necessary for the provision of the App; this is independent from the analytics switch above.

2. Information We Collect

To provide the App's features, we collect the following personal information, in the minimum scope necessary:

2.1 Account and identity

2.2 Profile

2.3 User content

2.4 Subscription and transactions

We do not collect your Apple ID password, credit card number or other payment details. All payment occurs inside Apple's App Store.

2.5 Usage and logs

3. How We Use Your Information

We use your personal information only for the following purposes:

  1. to provide the App's core features (account, conversation, notes, files, subscription);
  2. to forward your conversations and attachments to third-party AI models so responses can be generated;
  3. where you have opted in, to extract and use AI memory to personalise conversations;
  4. to calculate and deduct your quotas, and to settle subscription fees;
  5. to send service-related notifications (subscription status, security alerts, policy updates);
  6. to perform security protection, risk control and compliance audit;
  7. to perform product-usage analytics, conversion-funnel analysis and stability diagnosis to continuously improve the App;
  8. to comply with applicable laws and regulations.

Special notice on AI model training

This is one of users' most-asked questions; we are explicit:

Prohibited uses

Without your separate, explicit consent, we will not:

4. Third-Party Sharing

To deliver the App's features, we share the minimum necessary data with the third-party providers below. We have entered into data-processing agreements with each, requiring them to process your data solely for the purposes set out in this Policy.

Category Provider Data shared Purpose Cross-border?
Large language models Hangzhou DeepSeek AI Co., Ltd. Your conversation content, system prompts, attachment excerpts Generate AI responses; conversation data may be used by this provider for model training or improvement per their standard API terms No (mainland China)
Alibaba Cloud Tongyi Qianwen (Qwen) Same as above Generate AI responses; conversation data may be used by this provider for model training or improvement per their standard API terms No (mainland China)
Image generation Cloudflare (Gemini Image / Nano Banana) Prompts and reference-image bytes Generate or edit images Yes (overseas)
OpenRouter image models Prompts Generate images Yes (USA)
Web search Metaso (秘塔搜索) Your search query Return search results No (mainland China)
Tavily Your search query Return search results Yes (USA)
Object storage Alibaba Cloud OSS Your files, images, avatar Persistent storage No (mainland China)
Third-party backup destinations
(only triggered after you actively bind a destination and enable auto-backup or manually trigger a run)
GitHub, Inc. Your note bodies, attachments (images / files), notebook structure; OAuth access token (stored on our server encrypted with AES-GCM) Back up your notes to a private repository under your own GitHub account, per your instruction Yes (USA)
Baidu Netdisk Open Platform (Beijing Baidu Netcom Science and Technology Co., Ltd.) Your note bodies, attachments (images / files); OAuth access token and refresh token (both stored on our server encrypted with AES-GCM); Baidu username (display only) Back up your notes to the authorized directory /apps/轻书笔记/ under your own Baidu Netdisk account, per your instruction No (mainland China)
Mobile payment Apple Inc. / App Store App Account Token, transaction identifiers Process subscription purchase, renewal, refund Yes (USA)
Email delivery SMTP email provider Your email address, verification-code content Send verification and password-recovery emails Depends on provider
Product analytics (first-party) Ningbo Tangxiaoyuan Technology Co., Ltd. (logtrace service on Cloudflare edge; recipient: Cloudflare, Inc.) Event name, event timestamp, device-level random UUID, session ID, user ID after login, app version, device model, OS version Product-usage analytics, conversion funnels and stability diagnosis; does not include conversation content or note bodies Yes (Cloudflare edge; recipient: Cloudflare, Inc.; requires your separate consent; can be revoked on first-launch consent screen or later in Settings)
Crash and exception reporting Tencent Bugly (Shenzhen Tencent Computer Systems Co., Ltd.) Crash stack, device model, OS version, app version, user ID after login, runtime snapshot Crash monitoring, ANR / lag monitoring and stability diagnosis (does not collect conversation or note content) No (mainland China)

Special notice on cross-border data transfer (PIPL Article 39)

Some features of this App involve transferring your personal information to recipients outside mainland China. Pursuant to Article 39 of the Personal Information Protection Law of the PRC, we separately disclose the following:

  1. Overseas recipients:
  2. Processing purposes: image generation (Cloudflare-hosted models such as Gemini Image / Nano Banana); ingesting product-analytics events on overseas edge nodes (Cloudflare); processing in-app subscription purchases (Apple); backing up your notes to a private repository under your own GitHub account, per your instruction (GitHub).
  3. Processing methods: transmitted via HTTPS / TLS; processed by each overseas recipient according to its own privacy policy and terms of service.
  4. Categories of personal information:
    • When using image generation: your prompts and uploaded reference-image bytes;
    • When using Apple in-app purchase: App Account Token (UUID), transaction identifiers;
    • When reporting analytics events: event name, device-level random UUID, session ID, user ID after login, app version, device model, OS version (does not include conversation or note content);
    • When using GitHub backup: your note bodies, attachments (images / files), notebook structure, and the OAuth access token generated during authorization (stored on our server encrypted with AES-GCM).
  5. Exercising your rights: you may submit access, copy, deletion or withdrawal-of-cross-border-consent requests via the contact details in §11; for rights against the overseas recipient directly, please use the contact channels each recipient publishes.
  6. Consent mechanism: accepting this Policy is deemed your overall consent to the cross-border transfers above. Analytics is optional and can be revoked anytime at Settings → Data & Privacy → Help improve Light Book; GitHub backup is an optional feature — the cross-border transfer is only triggered after you actively complete the OAuth flow at Settings → Sync & Backup, and you may unbind on the same page to withdraw consent at any time; image generation and Apple in-app purchase transfers are necessary for those features to operate, with PIPL Article 13(1) as their lawful basis. Using the corresponding feature is deemed consent to the necessary transfer.
  7. Consequences of withdrawal: when you revoke analytics consent, the client immediately clears its pending event buffer and stops further uploads; when you unbind GitHub backup, the server immediately deletes the stored OAuth credentials for that destination, stops further backup runs, and attempts to revoke the granted authorization via the GitHub revoke-grant API (backup content already uploaded to the repository under your own GitHub account will not be auto-deleted; you can manage it on the GitHub side); other features (including image generation and in-app purchase) are unaffected.

We protect data in transit through TLS; our processing relationship with each overseas recipient is established under their respective public terms of service / data-processing agreements.

5. Storage Location and Retention

  1. Primary data location: account information, user content and files are stored in the Alibaba Cloud mainland China region.
  2. Retention:
    • While your account is active: data is retained for as long as needed to provide the service.
    • Upon account closure: all of your database rows are immediately deleted via cascading delete (DELETE FROM users ... CASCADE), and all of your OSS objects are immediately deleted via prefix batch delete (app/{userID}/).
    • Necessary logs (for security audit and legal retention obligations) are retained for at least 6 months as required by law.

6. Your Rights

Under the Personal Information Protection Law (PIPL), the Cybersecurity Law and related regulations you have the following rights:

7. Cookies and Local Storage

The App does not embed any third-party tracking cookies. The client-side stores only:

8. Children's Privacy

The App is not directed at children under 14. If you are under 14, please do not submit any personal information. If a guardian discovers that a child has used the App without consent, please contact us immediately and we will delete the relevant data.

Users between 14 and 18 should use the App under the supervision of a guardian and exercise caution when relying on AI-generated content.

9. Security Measures

10. Policy Updates

We may update this Policy as our business or applicable laws change. We maintain a version number (YYYY-MM-DD; see "Last updated" at the top of this page) and increment it for material changes (new data types, new third-party recipients, changes to cross-border transfer scope, changes to the withdrawal mechanism, etc.).

For material changes:

If you do not agree with the updated Policy, please decline and stop using the Service, or close your account at "Me → Delete Account" to remove all your data.

11. Contact Us

If you believe our processing of your personal information violates applicable laws, or your concerns are not resolved through us, you may also lodge a complaint with the competent cybersecurity, telecommunications or market-regulation authority in China.