Last updated: June 9, 2026 | Effective date: June 9, 2026
Welcome to Niannian Diary (念念日记) ("the App", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data. We primarily serve users in the Asia-Pacific and North America regions, use the Singapore Personal Data Protection Act 2012 (PDPA) as our baseline compliance framework, and also comply with the data protection laws applicable in your jurisdiction (including, without limitation, California's CCPA/CPRA and Canada's PIPEDA).
| Data Type | Details | Purpose |
|---|---|---|
| Account information | Apple Sign-In identifier, email address, display name, and avatar | Account creation and management, login verification, and account security |
| Login and security records | Login time, login method, and risk-control / anti-abuse records | Account security and prevention of account takeover and abuse |
| Diary and note content | Diary text, Q&A records, free-form notes, tags, mood, and weather | Core diary and note features: storage, search, statistics, export, and AI generation |
| Media uploads | Photos and images you attach to diary entries or notes | Media storage and display |
| Location information | Location is an optional feature. Only when you actively tap to locate, the App obtains your device coordinates once in the foreground and uses the iOS system (Apple CoreLocation / CLGeocoder) to reverse-geocode them on the device into city / district / street text. Only that place text is saved to our servers with your diary entry (you can edit or delete it before saving), and our servers do not store raw GPS coordinates; if reverse geocoding cannot produce a place name, the App may fall back to approximate coordinate text. Location text you enter manually is likewise stored with your diary entry | To add location context to diary entries |
| Profile information | Nickname and avatar you set manually | Personalisation |
| Feedback | Content and contact information you submit through in-app feedback | Support, troubleshooting, and product improvement |
| Data Type | Details | Purpose |
|---|---|---|
| Device and app information | Device model, OS version, app version, and language settings | Compatibility, troubleshooting, and service optimisation |
| Usage and log data | Feature usage records, operation logs, error logs, and crash reports | Service operation, security audit, troubleshooting, and product improvement |
| Network information | IP address, network type, and request time | Security, abuse prevention, service optimisation, and approximate region detection |
We do not use your data for personalised advertising.
Important: We do not proactively use your diary content to train our own AI models.
For third-party AI services, we prioritise providers that commit not to use API request content to train models or that provide appropriate data protection commitments. A provider's handling of request data remains subject to its applicable service terms, privacy policy, and data processing commitments.
When you use AI diary generation, AI question recommendation, AI profile summary, or similar AI features, relevant diary entries, notes, tags, mood labels, location text, and other necessary content may be sent to a third-party AI service provider for processing. We minimise the content sent and avoid sending account identifiers, email addresses, or other unnecessary information.
| Provider | Role | Purpose | Data Processing Region |
|---|---|---|---|
| Qwen (Alibaba Cloud International) | AI provider | Diary generation, question recommendation, AI profile summary, and related AI features | Singapore (Alibaba Cloud International) |
When the AI provider has availability issues (e.g., timeouts, quota exhaustion, or network failures), the App automatically falls back to local basic template generation that does not rely on any third-party AI, in order to maintain service continuity; in that case your content is not sent to any other third-party AI provider. We currently do not send your content to AI providers in Mainland China for processing.
We prioritise Singapore and Asia-Pacific cloud infrastructure to provide the service. Depending on the actual deployment of cloud hosting, object storage, content delivery, email, and AI service providers, some data may be processed or transferred outside Singapore. For cross-border transfers, we use reasonable measures such as encrypted transmission, access controls, and contractual safeguards to ensure a standard of protection comparable to that of the PDPA.
The current version of this App does not provide end-to-end encryption (E2EE).
This means:
End-to-end encryption is on our product roadmap and may be offered in a future version. We will announce it in release notes when available.
While we take reasonable security measures, no method of internet transmission or electronic storage is 100% secure. We recommend that you regularly export and back up your important data.
We do not sell, rent, or trade your personal data to any third party. We may share your data only in the following limited circumstances:
| Scenario | Details |
|---|---|
| AI service processing | Data transfer necessary for AI features (see Section 3) |
| Email services | Sending account-related emails, security notices, or support replies |
| Cloud services and content delivery | Server hosting, databases, image storage, content delivery, logs, and security protection |
| Payment processing | VIP subscriptions are processed through Apple In-App Purchase; we do not directly handle your payment card information |
| Security and compliance | Investigating fraud, abuse, security incidents, unlawful conduct, or Terms violations |
| Legal requirements | When required by law, regulation, court order, public authority, or regulator |
| User consent | With your explicit consent |
| Business transfer | In the event of a merger, acquisition, or asset transfer, your data may be transferred; we will notify you in advance |
This App does not use cookies or web tracking technologies (as it is a native mobile application).
We may use the following technologies for service optimisation:
We do not use any third-party advertising tracking SDKs and do not participate in cross-app tracking.
| Data Type | Retention Period |
|---|---|
| Account and diary data | Retained for the duration of your account |
| Deleted diary entries | Deleted from your account-visible data and primary service database after you delete them; residual copies in backups, caches, or logs are cleared according to system cycles, except where retention is needed for legal, compliance, security, or dispute-resolution purposes |
| Account deletion data | After you request account deletion, your account enters an approximately 30-day recovery period. After the recovery period, personal data that is no longer required will be deleted or anonymised through our system process, except where retention is needed for legal, compliance, security, or dispute-resolution purposes |
| Server logs | Automatically purged after 90 days |
| Crash reports | Anonymous data retained for up to 180 days |
| Verification-code and abuse-prevention records | Retained for a limited period as needed for security, anti-abuse, and audit purposes |
We retain personal data only as long as needed for the purposes described in this Policy, to comply with legal obligations, resolve disputes, maintain security, or enforce agreements. When personal data is no longer required, we will delete, anonymise, or otherwise cease retaining it by reasonable means.
If the Singapore PDPA applies to you, you may exercise the following rights:
You can also edit your profile and diary content directly in the App, use the export feature to obtain your data, or request account deletion from the Profile page.
If you are a resident of the European Union or the European Economic Area, under the General Data Protection Regulation (GDPR) you additionally have the following rights:
Our legal bases for processing your data are: (a) your consent; (b) performance of our service contract with you; and (c) our legitimate business interests.
This App is currently available in the following Asia-Pacific countries and regions: Singapore, Japan, South Korea, Hong Kong SAR, Macao SAR, Taiwan, Malaysia, Thailand, the Philippines, Australia, and New Zealand. If any of the following laws or similar local data protection laws apply to you, you may have rights of access, correction, deletion, withdrawal of consent, and the right to lodge a complaint with your local data protection authority:
We will respond to your rights requests in accordance with the law applicable to you, and on a standard no lower than the Singapore PDPA.
If you are a resident of California (CCPA/CPRA), Virginia, Colorado, or another U.S. state that has enacted a comprehensive privacy law, you have the following rights. The categories, sources, and purposes of the personal information we collect are described in Section 1, and the disclosure scenarios in Section 5 (which together serve as our "notice at collection").
We do not make solely automated decisions based on sensitive personal information that produce legal or similarly significant effects. You may submit a request via the email below; after verifying your identity, we will respond within the period required by applicable law (generally 45 days in California, extendable where necessary).
If Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) or provincial laws such as Quebec's Law 25 apply to you, you have the right to access and correct your personal information and to complain about how we handle it. We collect and use your personal information on the basis of consent; when personal information is transferred to third-party service providers (including providers located outside Canada, such as in Singapore) for processing, we use contractual and other means to ensure a comparable level of protection and remain accountable for that processing. You may complain to the Office of the Privacy Commissioner of Canada (OPC).
After verifying your identity, we will handle your request as soon as practicable and respond within the period required by applicable law; if more time is needed, we will try to explain why and provide an estimated timeline.
This App may integrate or link to the following third-party services:
| Service | Provider | Purpose |
|---|---|---|
| Apple Sign-In | Apple Inc. | User authentication |
| Email service | Resend (primary) / SMTP provider (backup) | Sending account-related emails, security notices, or support replies |
| Location and reverse geocoding | Apple CoreLocation / CLGeocoder (iOS system) | Obtaining device coordinates and reverse-geocoding them into city / district / street text |
| Apple In-App Purchase | Apple Inc. | VIP subscription payments |
| AI features | Qwen (Alibaba Cloud International / Singapore) | AI diary generation, question recommendation, and AI profile summary |
| Object storage and content delivery | Cloudflare (R2 object storage + CDN) | Storage and global accelerated delivery of user-uploaded images |
Each third-party service provider has its own privacy policy, and we recommend you review how they process data. We transmit to third parties only the minimum data necessary to provide the service.
This App is not intended for children under 13 years of age, for minors below a higher minimum age set by applicable local law (some APAC jurisdictions set 14 or 16 as the threshold), or for minors who require parental or guardian consent under applicable local law but have not obtained it.
Your core data is processed primarily through Singapore and Asia-Pacific infrastructure. Cross-border data transfers may occur in the following situations:
We take reasonable steps under the PDPA Transfer Limitation Obligation to ensure that overseas recipients provide a standard of protection comparable to that of the PDPA, unless an applicable legal exception applies.
In the event of a data breach that is likely to result in significant harm to affected individuals, or that meets a notification threshold under applicable law, we will assess, contain, and remediate the incident, and notify affected users and the relevant supervisory authorities of applicable jurisdictions as required by law (including but not limited to Singapore PDPC, Hong Kong PCPD, New Zealand Privacy Commissioner, Australia OAIC, relevant U.S. state attorneys general, and the Office of the Privacy Commissioner of Canada (OPC)).
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to make a complaint, please contact us:
Data Protection Officer
📧 Email: support@niannian.app
After verifying your identity, we will review and respond to your request as soon as practicable. If a request is complex or requires more time, we will let you know our estimated processing time. If you are not satisfied with our response, you may also consult or lodge a complaint with the data protection authority in your jurisdiction (such as Singapore PDPC, Hong Kong PCPD, Taiwan's PDPA competent authority, New Zealand Privacy Commissioner, Australia OAIC, relevant U.S. state authorities, or the Canada OPC).