Privacy Policy

Effective date: 2026-01-19 | Last updated: 2026-03-10

WeLiao (韦聊) ("we", "us", or "our") is developed and operated by Nanjing Lingdong Century Media Co., Ltd. (南京领动世纪传媒有限公司). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

1. Information We Collect

1.1 Account Information

• Matrix user ID (username) and authentication credentials
• Phone number (for registration and account recovery)
• Profile information you provide (display name, avatar image)

1.2 Communications Data

• Text messages you send and receive
• Media content (photos, videos, voice messages) you share
• Message metadata (timestamps, read receipts, delivery status)
• Group chat information (group names, member lists)

1.3 Device Information

• Device type and model
• Operating system and version
• App version
• Device language settings
• Network connection type (WiFi/cellular)
• Push notification token — APNs token on iOS; on Android, the applicable manufacturer channel token (FCM, MiPush, HMS, OPush, or VPush) based on your device brand — used solely to deliver notifications to your device

1.4 Media and Files

• Photos and videos you choose to share (accessed only when you select them)
• Voice recordings you create for voice messages
• QR codes you scan (processed locally on device)

2. Device Permissions

Our App requests the following permissions, which you can manage in your device settings:

2.1 Background/Silent State Data Processing

As an instant messaging app, limited data processing activities occur in the background or silent state to ensure you receive messages and call notifications promptly. The following describes each activity in detail:

3. Third-Party Services and SDKs

Our App uses the following third-party services and software development kits (SDKs). We require third-party SDK providers to protect your personal information in accordance with applicable laws.

3.0 Personal Sensitive Information Collection Statement

In accordance with applicable laws and regulations, the following table details, item by item, whether this App and its integrated third-party SDKs collect each type of personal sensitive information, including the associated SDK/function, purpose, and processing method:

3.0.1 Common "Not Collected" Declaration — Applicable to SDKs that do not collect any of the 14 sensitive information types

The following SDKs do not collect any of the 14 types of personal sensitive information (IMEI, IMSI, Device MAC Address, SUPI, SUCI, Installed App List, Location, Contacts, Call Logs, Calendar, SMS, Phone Number, Photos/Images, Audio/Video) during operation. This declaration applies to:

• 3.2 Google ML Kit (Barcode Scanning)
• 3.3 SDWebImage
• 3.4 SQLite / Drift Database
• 3.5 Flutter Secure Storage
• 3.6 Dio (HTTP Client)
• 3.8 cached_network_image
• 3.9 go_router
• 3.10 flutter_screenutil
• 3.11 phosphor_flutter
• 3.13 Apple Push Notification Service (APNs)
• 3.14 Firebase Cloud Messaging (FCM)
• 3.15 Xiaomi Push (MiPush)
• 3.16 Huawei Push Kit (HMS Push)
• 3.17 OPPO PUSH Client SDK (com.heytap.msp)
• 3.18 vivo Push (VPush)
• 3.19 Honor Push SDK (com.hihonor.push)
• 3.20 Huawei Performance Acceleration Library (com.huawei.hms.stats)

3.1 Matrix Protocol (matrix.org)

• Purpose: Core messaging infrastructure for sending and receiving messages
• Data processed: User ID, messages, media files, contact lists
• Data location: Matrix homeserver (may be located outside your country)
• Privacy Policy: https://matrix.org/legal/privacy-notice

3.2 Google ML Kit (Barcode Scanning)

• Purpose: QR code scanning for adding friends and joining groups
• Personal information collected:
  • Camera images: processed locally on device only, never uploaded to any server
  • SDK diagnostic data (collected automatically): per-installation identifier (identifies the app installation instance, not the user), device information (manufacturer, model, OS version, available ML hardware accelerators), application information (package name, version), performance metrics (processing latency), API configuration (image format, resolution), feature events (initialization, detection events)
• Processing method: Image data is processed entirely on-device; diagnostic/analytics data is transmitted to Google servers via HTTPS encryption. Google does not share this data with third parties
• Privacy Policy: https://developers.google.com/ml-kit/terms

3.3 SDWebImage

• Purpose: Efficient image loading and caching
• Data processed: Image URLs and cached images
• Data location: Local device storage only

3.4 SQLite / Drift Database

• Purpose: Local storage of messages and app data for offline access
• Data processed: Messages, contacts, settings
• Data location: Local device storage only - not transmitted to any server

3.5 Flutter Secure Storage

• Purpose: Secure storage of login credentials and session tokens
• Data processed: Authentication tokens, Matrix access tokens
• Data location: iOS Keychain / Android Keystore (encrypted, local only)

3.6 Dio (HTTP Client)

• Purpose: Network requests to our backend API (registration, profile, group management, version check, etc.)
• Data processed: Request payloads including user credentials, profile data, and API responses
• Data transmission: All requests are sent over HTTPS/TLS to our servers
• SDK source: Open-source Flutter package (dio on pub.dev)

3.7 flutter_webrtc (WebRTC — Voice & Video Calls)

• Purpose: Enable peer-to-peer voice and video calls within the app
• Personal information collected: Audio and video streams during an active call; IP addresses (local and public IP addresses exposed through ICE candidates during call establishment); STUN/TURN server negotiation data
• Processing method: Media streams are encrypted via DTLS/SRTP; direct peer-to-peer (P2P) connection is preferred; when P2P is unavailable, data is relayed through TURN servers; call signaling is handled through the Matrix homeserver
• Data location: Media does not pass through our servers when a direct P2P connection is established
• SDK source: Open-source Flutter WebRTC package (Hubei Jizhiyun Technology Co., Ltd.)

3.8 cached_network_image

• Purpose: Efficient loading and local caching of remote images (avatars, shared photos)
• Data processed: Image URLs and downloaded image files
• Data location: Cached files stored locally on device only
• SDK source: Open-source Flutter package

3.9 go_router

• Purpose: In-app navigation and deep linking
• Data processed: Navigation routes and URL parameters (processed locally, not transmitted)
• Data location: Local only
• SDK source: Open-source Flutter package

3.10 flutter_screenutil

• Purpose: Responsive UI scaling across different screen sizes and densities
• Data processed: Device screen dimensions (read-only, not transmitted)
• Data location: Local only
• SDK source: Open-source Flutter package

3.11 phosphor_flutter (Icon Library)

• Purpose: UI icon rendering
• Data processed: None — icon assets bundled locally with the app
• Data location: Local only
• SDK source: Open-source Flutter package

3.12 Ronglian Cloud (SMS Verification Service — 容联云)

• Purpose: Send SMS verification codes for registration, login, and password reset
• Service provider: Beijing Ronglian Yitong Information Technology Co., Ltd. (容联云)
• Integration method: Server-side REST API call (not a client-side SDK); your device does not communicate directly with Ronglian's servers
• Personal information collected: Phone number, SMS verification code content
• Processing method: Your phone number is transmitted from our server to Ronglian's SMS gateway via HTTPS-encrypted REST API; Ronglian then delivers the verification code SMS to your phone
• Data location: Ronglian infrastructure (mainland China)
• Privacy Policy: https://www.yuntongxun.com/about/privacy

3.13 Apple Push Notification Service (APNs)

• Purpose: Deliver push notifications (new messages, incoming calls) to iOS devices
• Data processed: Device APNs token; notification payload (sender, preview snippet if enabled, call signal)
• Data transmission: Token and minimal payload are sent to Apple's APNs servers to route notifications
• Data location: Apple infrastructure (United States and other Apple data centers)
• Privacy Policy: https://www.apple.com/legal/privacy/

3.14 Firebase Cloud Messaging (FCM) — Android (Google devices / standard Android)

• Purpose: Deliver push notifications (new messages, incoming calls) to Android devices on Google Play services-enabled ROMs
• Personal information collected: FCM registration token (device push identifier), Firebase Installation ID (FID), Android ID, app package name and version, device model, OS version; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Encrypted via HTTPS and transmitted to Google FCM servers
• Data location: Google infrastructure (United States and other Google data centers)
• Privacy Policy: https://firebase.google.com/support/privacy

3.15 Xiaomi Push (MiPush) — Xiaomi / Redmi / POCO devices

• Purpose: Deliver push notifications to Xiaomi, Redmi, and POCO devices via Xiaomi's system-level push channel
• SDK provider: Beijing Xiaomi Mobile Software Co., Ltd.
• Personal information collected: OAID (anonymous device identifier), encrypted Android ID, MiPush registration token, app package name and version, device manufacturer, device model, OS version, network type (WiFi/cellular), carrier info, notification bar settings; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Transmitted via encrypted channel to Xiaomi push servers; de-identified processing applied
• Data location: Xiaomi infrastructure (mainland China and overseas Xiaomi data centers)
• Privacy Policy: https://dev.mi.com/console/doc/detail?pId=1822

3.16 Huawei Push Kit (HMS) — Huawei devices

• Purpose: Deliver push notifications to Huawei devices via Huawei Mobile Services (HMS) push channel (Note: Honor devices use the independent Honor Push SDK — see Section 3.19)
• SDK provider: Huawei Technologies Co., Ltd.
• Personal information collected: AAID (anonymous application identifier), HMS push token, app package name and version, device model, OS version, network type (WiFi/cellular), country code; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Encrypted via HTTPS and transmitted to Huawei push servers; de-identified processing applied
• Data location: Huawei cloud infrastructure (mainland China and overseas Huawei data centers)
• Privacy Policy: https://consumer.huawei.com/en/privacy/privacy-policy/

3.17 OPPO PUSH Client SDK (com.heytap.msp) — OPPO / OnePlus / realme devices

• Purpose: Deliver push notifications to OPPO, OnePlus, and realme devices via OPPO's system-level push channel
• SDK provider: Guangdong Huan Tai Technology Co., Ltd.
• Personal information collected: OAID (anonymous device identifier), Android ID, OPush registration token, app package name and version, device model, OS version, network type (WiFi/cellular), IP address, notification bar settings; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Transmitted via encrypted channel to OPPO push servers; de-identified processing applied
• Data location: OPPO infrastructure (mainland China and overseas OPPO data centers)
• Privacy Policy: https://open.oppomobile.com/new/developmentDoc/info?id=11228

3.18 vivo Push (VPush) — vivo devices

• Purpose: Deliver push notifications to vivo devices via vivo's system-level push channel
• SDK provider: Vivo Mobile Communication Co., Ltd.
• Personal information collected: OAID (anonymous device identifier), VPush registration token, app package name and version, device model, OS version, network type (WiFi/cellular), notification bar settings; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Transmitted via encrypted channel to vivo push servers; de-identified processing applied
• Data location: vivo infrastructure (mainland China and overseas vivo data centers)
• Privacy Policy: https://www.vivo.com.cn/about-vivo/privacy-policy

3.19 Honor Push SDK (com.hihonor.push) — Honor devices

• Purpose: Deliver push notifications to Honor devices via Honor's independent system-level push channel
• SDK provider: Shenzhen Honor Software Technology Co., Ltd.
• Personal information collected: OAID (anonymous device identifier), Honor Push registration token, app package name and version, device model, OS version, network type (WiFi/cellular), notification bar settings; notification payload (sender, preview snippet if enabled, call signal)
• Processing method: Transmitted via encrypted channel to Honor push servers; de-identified processing applied
• Data location: Honor cloud infrastructure (mainland China and overseas Honor data centers)
• Privacy Policy: https://developer.honor.com/cn/docs/11002/guides/sdk-data-security

3.20 Huawei Performance Acceleration Library (com.huawei.hms.stats)

• Purpose: Improve app performance and stability on Huawei devices; collect app performance metrics (e.g., startup time, frame rate, crash reports) to optimize user experience
• SDK name: Performance Acceleration Library (性能加速库)
• SDK provider: Huawei Software Technologies Co., Ltd. (华为软件技术有限公司)
• Personal information collected: App performance data (startup time, page rendering time, frame rate), device model, OS version, app version, anonymous crash/ANR logs; no user identity information is collected
• Processing method: Encrypted via HTTPS and transmitted to Huawei servers; de-identified processing applied
• Data location: Huawei cloud infrastructure (mainland China and overseas Huawei data centers)
• Privacy Policy: https://developer.huawei.com/consumer/cn/doc/development/graphics-Guides/sdk-data-security-0000001050700772

4. How We Use Your Information

• Provide messaging service: Deliver your messages to intended recipients
• Account management: Create and maintain your account, authenticate your identity
• Feature functionality: Enable features like voice messages, photo sharing, group chats
• Push notifications: Send timely alerts for new messages and incoming calls via APNs (iOS) or the appropriate Android push channel (FCM / MiPush / HMS / OPush / VPush) selected automatically by device manufacturer; push tokens are used solely for notification routing and are never used for advertising or profiling
• Service improvement: Fix bugs and improve app performance
• Customer support: Respond to your inquiries and support requests
• Legal compliance: Comply with applicable laws and regulations

5. Data Storage and Security

5.1 Local Storage

• Messages and media are cached locally on your device for offline access
• Login credentials are stored in iOS Keychain (encrypted)
• Local data is deleted when you uninstall the App or delete your account

5.2 Server Storage

• Messages are transmitted through and stored on Matrix homeservers
• Server data retention follows the Matrix homeserver operator's policies

5.3 Security Measures

• All network communications use HTTPS/TLS encryption
• Credentials are stored using platform-native secure storage
• We implement industry-standard security practices

6. Data Retention

7. Data Sharing

We do NOT sell your personal information.

We may share limited data with:

• Matrix homeserver operators: For message delivery (necessary for the service to function)
• Other users: Your profile information and messages are shared with people you communicate with
• Push notification providers: Your device push token and a minimal notification payload are shared with the applicable push service provider (Apple APNs, Google FCM, Xiaomi MiPush, Huawei HMS, OPPO OPush, or vivo VPush) solely for the purpose of delivering notifications to your device
• SMS service provider (Ronglian Cloud): Your phone number is shared with Ronglian Cloud solely to deliver verification code SMS messages during registration or password reset
• Law enforcement: Only when legally required by valid legal process

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including but not limited to:

• Matrix homeservers: May be located outside your country
• Apple (APNs): United States and other Apple data centers
• Google (FCM): United States and other Google data centers
• Xiaomi (MiPush), Huawei (HMS), OPPO (OPush), vivo (VPush): Mainland China and overseas data centers operated by the respective manufacturer — applicable only when you use a device from that manufacturer
• Ronglian Cloud (SMS): Mainland China — applicable only during SMS verification

By using WeLiao (韦聊), you acknowledge and consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We take reasonable steps to ensure your data is handled securely in accordance with this Privacy Policy.

9. Your Rights

You have the right to:

• Access: View your personal data stored in the App
• Correction: Update your profile information at any time
• Deletion: Delete your account and associated data
• Data portability: Export your data (contact us for assistance)
• Withdraw consent: Revoke permissions in device settings

How to Delete Your Account

1. Open WeLiao (韦聊)
2. Go to Settings → Account Settings → Delete Account
3. Enter your password to confirm
4. Your account and data will be permanently deleted

Alternatively, email us at vliaochat@gmail.com with subject "Account Deletion Request". We will process your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: What personal information we collect, use, and share
• Right to delete: Request deletion of your personal information
• Right to opt-out: We do not sell personal information, so no opt-out is necessary
• Right to non-discrimination: We will not discriminate against you for exercising your rights

See our "Do Not Sell My Personal Information" page for more details.

11. Children's Privacy

WeLiao (韦聊) is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at vliaochat@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• We may notify you through the App or via email
• Your continued use of the App after changes constitutes acceptance

13. Governing Law

This Privacy Policy shall be governed by the laws of the People's Republic of China. Any disputes arising from or related to this Privacy Policy shall first be resolved through friendly negotiation; if negotiation fails, you agree to submit the dispute to the competent People's Court in Nanjing, Jiangsu Province, China.

隱私政策

生效日期：2026-01-19 | 最後更新：2026-03-10

南京領動世紀傳媒有限公司（以下簡稱「我們」）是韋聊（WeLiao）的開發者和營運者，非常重視用戶的隱私和個人資訊保護。本隱私政策說明我們在您使用韋聊行動應用（「應用」）時如何收集、使用、披露和保護您的資訊。在使用本產品前，請您務必仔細閱讀並充分理解本隱私政策。

1. 我們收集的資訊

1.1 帳戶資訊

• Matrix 用戶 ID（使用者名稱）和身份驗證憑據
• 手機號碼（用於註冊和帳戶恢復）
• 您提供的個人資料資訊（顯示名稱、頭像）

1.2 通訊資料

• 您發送和接收的文字訊息
• 您分享的媒體內容（照片、影片、語音訊息）
• 訊息中繼資料（時間戳記、已讀回執、送達狀態）
• 群組聊天資訊（群組名稱、成員列表）

1.3 裝置資訊

• 裝置類型和型號
• 作業系統和版本
• 應用版本
• 裝置語言設定
• 網路連線類型（WiFi/行動網路）
• 推播通知權杖——iOS 上為 APNs 權杖；Android 上根據裝置品牌使用對應製造商通道權杖（FCM / MiPush / HMS / OPush / VPush）——僅用於向您的裝置發送通知

1.4 媒體和檔案

• 您選擇分享的照片和影片（僅在您選擇時存取）
• 您為語音訊息建立的錄音
• 您掃描的 QR 碼（在裝置本地處理）

2. 裝置權限

我們的應用請求以下權限，您可以在裝置設定中管理這些權限：

2.1 背景/靜默狀態下的資料處理

作為即時通訊應用，為保障您及時收到訊息和來電通知，本應用在背景或靜默狀態下存在有限的資料處理活動。以下逐項說明：

3. 第三方服務和 SDK

為了給您提供更好的服務，在您授權同意的前提下，我們的應用使用以下第三方服務和軟體開發套件（SDK）。我們會要求第三方SDK提供方依法保護您的個人資訊。

3.0 個人敏感資訊收集情況說明

根據相關法律法規要求，以下逐項說明本應用及所整合的第三方SDK對各類個人敏感資訊的收集情況，包括是否收集、由哪個SDK/功能收集、收集目的及處理方式：

3.0.1 通用「不收集」聲明 — 適用於不收集14類個人敏感資訊的SDK

以下SDK在運行過程中不收集14類個人敏感資訊（IMEI、IMSI、裝置MAC位址、SUPI、SUCI、軟體安裝列表、位置資訊、通訊錄/聯絡人、通話記錄、日曆、簡訊、本機電話號碼、圖片、音視頻）中的任何一項。本聲明適用於：

• 3.2 Google ML Kit（條碼掃描）
• 3.3 SDWebImage
• 3.4 SQLite / Drift 資料庫
• 3.5 Flutter Secure Storage
• 3.6 Dio（HTTP網路客戶端）
• 3.8 cached_network_image（圖片快取）
• 3.9 go_router（路由導航）
• 3.10 flutter_screenutil（響應式佈局）
• 3.11 phosphor_flutter（圖示庫）
• 3.13 Apple 推播通知服務（APNs）
• 3.14 Firebase 雲端訊息傳遞（FCM）
• 3.15 小米推播（MiPush）
• 3.16 華為推播（HMS Push）
• 3.17 OPPO PUSH 客戶端SDK（com.heytap.msp）
• 3.18 vivo推播（VPush）
• 3.19 榮耀推播SDK（com.hihonor.push）
• 3.20 華為性能加速庫（com.huawei.hms.stats）

以下為第三方SDK資訊彙總（含SDK名稱、所屬公司、收集的個人資訊類型、處理方式及用途）。我們要求第三方SDK提供方依法保護您的個人資訊，並對其個人資訊處理活動負責。

3.1 Matrix 協議 (matrix.org)

• 用途：發送和接收訊息的核心訊息基礎設施
• 處理的資料：用戶 ID、訊息、媒體檔案、聯絡人列表
• 資料位置：Matrix 主伺服器（可能位於您所在國家/地區之外）
• 隱私政策：https://matrix.org/legal/privacy-notice

3.2 Google ML Kit（條碼掃描）

• 用途：用於新增好友和加入群組的QR碼掃描
• 收集的個人資訊：
  • 相機影像：僅在裝置本地處理，不上傳至任何伺服器
  • SDK運行診斷資料（自動收集）：安裝標識符（per-installation identifier，用於標識應用安裝實例，非用戶身份標識）、裝置資訊（製造商、型號、作業系統版本、可用ML硬體加速器）、應用資訊（套件名稱、版本號）、效能指標（處理延遲）、API配置資訊（影像格式、解析度）、功能事件（初始化、檢測事件）
• 處理方式：影像資料在裝置端本地處理；診斷分析資料透過HTTPS加密傳輸至Google伺服器，Google不會將該資料傳輸給第三方
• 隱私政策：https://developers.google.com/ml-kit/terms

3.3 SDWebImage

• 用途：高效的圖片載入和快取
• 處理的資料：圖片 URL 和快取的圖片
• 資料位置：僅限本地裝置儲存

3.4 SQLite / Drift 資料庫

• 用途：本地儲存訊息和應用資料以供離線存取
• 處理的資料：訊息、聯絡人、設定
• 資料位置：僅限本地裝置儲存 - 不傳輸到任何伺服器

3.5 Flutter Secure Storage

• 用途：安全儲存登入憑據和工作階段權杖
• 處理的資料：身份驗證權杖、Matrix 存取權杖
• 資料位置：iOS 鑰匙圈 / Android Keystore（加密，僅限本地）

3.6 Dio（HTTP 網路客戶端）

• 用途：向我們的後端 API 發起網路請求（註冊、個人資料、群組管理、版本檢查等）
• 處理的資料：請求載荷，包括用戶憑據、個人資料資料及 API 回應
• 資料傳輸：所有請求透過 HTTPS/TLS 加密發送至我們的伺服器
• SDK 來源：開源 Flutter 套件（pub.dev 上的 dio）

3.7 flutter_webrtc（WebRTC — 語音與視訊通話）

• 用途：在應用內實現點對點語音和視訊通話
• 收集的個人資訊：通話期間的音訊流、視訊流；IP位址（通話建立時的ICE候選位址，包含本地IP和公網IP，用於建立通話連線）；STUN/TURN伺服器協商資料
• 處理方式：媒體流透過DTLS/SRTP加密傳輸；優先建立點對點（P2P）連線，無法直連時透過TURN中繼伺服器轉發；通話信令透過Matrix主伺服器處理
• 資料位置：建立直接P2P連線時，媒體流不經過我們的伺服器
• SDK 來源：開源Flutter WebRTC套件（湖北捷智雲技術有限公司）

3.8 cached_network_image（圖片快取）

• 用途：高效載入和本地快取遠端圖片（頭像、分享的圖片）
• 處理的資料：圖片 URL 和下載的圖片檔案
• 資料位置：快取檔案僅儲存在本地裝置
• SDK 來源：開源 Flutter 套件

3.9 go_router（路由導航）

• 用途：應用內導航和深度連結
• 處理的資料：導航路由和 URL 參數（本地處理，不傳輸）
• 資料位置：僅限本地
• SDK 來源：開源 Flutter 套件

3.10 flutter_screenutil（響應式佈局）

• 用途：在不同螢幕尺寸和密度下實現響應式 UI 縮放
• 處理的資料：裝置螢幕尺寸（唯讀，不傳輸）
• 資料位置：僅限本地
• SDK 來源：開源 Flutter 套件

3.11 phosphor_flutter（圖示庫）

• 用途：UI 圖示渲染
• 處理的資料：無 —— 圖示資源隨應用本地打包
• 資料位置：僅限本地
• SDK 來源：開源 Flutter 套件

3.12 容聯雲（簡訊驗證服務）

• 用途：在註冊、登入和密碼重設時發送簡訊驗證碼
• 服務提供方：北京容聯易通資訊技術有限公司
• 接入方式：透過伺服端REST API呼叫（非客戶端SDK整合），您的客戶端裝置不會直接與容聯雲伺服器通訊
• 收集的個人資訊：手機號碼、簡訊驗證碼內容
• 處理方式：您的手機號碼由我們的伺服器透過HTTPS加密REST API傳輸至容聯雲簡訊閘道，容聯雲負責將簡訊驗證碼發送至您的手機
• 資料位置：容聯雲基礎設施（中國大陸）
• 隱私政策：https://www.yuntongxun.com/about/privacy

3.13 Apple 推播通知服務（APNs）

• 用途：向 iOS 裝置發送推播通知（新訊息、來電提醒）
• 處理的資料：裝置 APNs 權杖；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 資料傳輸：權杖及最小化載荷發送至 Apple APNs 伺服器以路由通知
• 資料位置：Apple 基礎設施（美國及其他 Apple 資料中心）
• 隱私政策：https://www.apple.com/legal/privacy/

3.14 Firebase 雲端訊息傳遞（FCM）—— Android（Google 裝置 / 標準 Android）

• 用途：向支援 Google Play 服務的 Android 裝置發送推播通知（新訊息、來電提醒）
• 收集的個人資訊：FCM註冊權杖（裝置推播標識）、Firebase安裝ID（FID）、Android ID、應用套件名稱及版本號、裝置型號、作業系統版本；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過HTTPS加密傳輸至Google FCM伺服器
• 資料位置：Google 基礎設施（美國及其他 Google 資料中心）
• 隱私政策：https://firebase.google.com/support/privacy

3.15 小米推播（MiPush）—— 小米 / 紅米 / POCO 裝置

• 用途：透過小米系統級推播通道向小米、紅米、POCO 裝置發送推播通知
• SDK 提供方：北京小米移動軟體有限公司
• 收集的個人資訊：OAID（匿名裝置標識符）、加密的Android ID、MiPush註冊權杖、應用套件名稱及版本號、裝置製造商、裝置型號、作業系統版本、網路類型（WiFi/行動網路）、電信業者資訊、通知欄設定狀態；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過加密通道傳輸至小米推播伺服器；採用去標識化處理
• 資料位置：小米基礎設施（中國大陸及海外小米資料中心）
• 隱私政策：https://dev.mi.com/console/doc/detail?pId=1822

3.16 華為推播服務（HMS Push）—— 華為裝置

• 用途：透過華為行動服務（HMS）推播通道向華為裝置發送推播通知（注：榮耀裝置使用獨立的榮耀推播SDK，詳見3.19節）
• SDK 提供方：華為技術有限公司
• 收集的個人資訊：AAID（匿名應用標識符）、HMS推播權杖、應用套件名稱及版本號、裝置型號、作業系統版本、網路類型（WiFi/行動網路）、國家碼；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過HTTPS加密傳輸至華為推播伺服器；採用去標識化處理
• 資料位置：華為雲基礎設施（中國大陸及海外華為資料中心）
• 隱私政策：https://consumer.huawei.com/tw/privacy/privacy-policy/

3.17 OPPO PUSH 客戶端SDK（com.heytap.msp）—— OPPO / 一加 / realme 裝置

• 用途：透過 OPPO 系統級推播通道向 OPPO、一加、realme 裝置發送推播通知
• SDK 提供方：廣東歡太科技有限公司
• 收集的個人資訊：OAID（匿名裝置標識符）、Android ID、OPush註冊權杖、應用套件名稱及版本號、裝置型號、作業系統版本、網路類型（WiFi/行動網路）、IP位址、通知欄設定狀態；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過加密通道傳輸至OPPO推播伺服器；採用去標識化處理
• 資料位置：OPPO 基礎設施（中國大陸及海外 OPPO 資料中心）
• 隱私政策：https://open.oppomobile.com/new/developmentDoc/info?id=11228

3.18 vivo 推播（VPush）—— vivo 裝置

• 用途：透過 vivo 系統級推播通道向 vivo 裝置發送推播通知
• SDK 提供方：維沃移動通信有限公司
• 收集的個人資訊：OAID（匿名裝置標識符）、VPush註冊權杖、應用套件名稱及版本號、裝置型號、作業系統版本、網路類型（WiFi/行動網路）、通知欄設定狀態；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過加密通道傳輸至vivo推播伺服器；採用去標識化處理
• 資料位置：vivo 基礎設施（中國大陸及海外 vivo 資料中心）
• 隱私政策：https://www.vivo.com.cn/about-vivo/privacy-policy

3.19 榮耀推播SDK（com.hihonor.push）—— 榮耀裝置

• 用途：透過榮耀獨立系統級推播通道向榮耀裝置發送推播通知
• SDK 提供方：深圳榮耀軟體技術有限公司
• 收集的個人資訊：OAID（匿名裝置標識符）、榮耀推播註冊權杖、應用套件名稱及版本號、裝置型號、作業系統版本、網路類型（WiFi/行動網路）、通知欄設定狀態；通知載荷（寄件人、訊息預覽摘要（如已開啟）、來電信號）
• 處理方式：透過加密通道傳輸至榮耀推播伺服器；採用去標識化處理
• 資料位置：榮耀雲基礎設施（中國大陸及海外榮耀資料中心）
• 隱私政策：https://developer.honor.com/cn/docs/11002/guides/sdk-data-security

3.20 華為性能加速庫（com.huawei.hms.stats）

• 用途：提升應用在華為裝置上的性能與穩定性；收集應用性能指標（如啟動時長、幀率、崩潰報告）以優化用戶體驗
• SDK名稱：性能加速庫
• 開發者：華為軟體技術有限公司
• 收集的個人資訊：應用性能資料（啟動時長、頁面渲染時長、幀率）、裝置型號、作業系統版本、應用版本、匿名崩潰/ANR日誌；不收集任何用戶身份資訊
• 處理方式：透過HTTPS加密傳輸至華為伺服器；採用去標識化處理
• 資料位置：華為雲基礎設施（中國大陸及海外華為資料中心）
• SDK隱私政策連結：https://developer.huawei.com/consumer/cn/doc/development/graphics-Guides/sdk-data-security-0000001050700772

4. 我們如何使用您的資訊

• 提供訊息服務：將您的訊息傳遞給預期收件人
• 帳戶管理：建立和維護您的帳戶，驗證您的身份
• 功能實現：啟用語音訊息、照片分享、群組聊天等功能
• 推播通知：透過 APNs（iOS）或適配裝置製造商的 Android 推播通道（FCM / MiPush / HMS / OPush / VPush）及時發送新訊息和來電提醒；推播權杖僅用於通知路由，絕不用於廣告或用戶畫像
• 服務改進：修復錯誤並提高應用效能
• 客戶支援：回應您的諮詢和支援請求
• 法律合規：遵守適用的法律法規

5. 資料儲存和安全

5.1 本地儲存

• 訊息和媒體快取在您的裝置本地以供離線存取
• 登入憑據儲存在 iOS 鑰匙圈中（加密）
• 當您解除安裝應用或刪除帳戶時，本地資料將被刪除

5.2 伺服器儲存

• 訊息透過 Matrix 主伺服器傳輸和儲存
• 伺服器資料保留遵循 Matrix 主伺服器營運商的政策

5.3 安全措施

• 所有網路通訊使用 HTTPS/TLS 加密
• 憑據使用平台原生安全儲存
• 我們實施業界標準的安全實踐

6. 資料保留

7. 資料共享

我們不會出售您的個人資訊。

我們可能與以下方共享有限資料：

• Matrix 主伺服器營運商：用於訊息傳遞（服務運行所必需）
• 其他用戶：您的個人資料資訊和訊息會與您通訊的人共享
• 執法機構：僅在有效法律程序要求時

8. 國際資料傳輸

您的資料可能在您居住國以外的 Matrix 主伺服器上處理和儲存。使用韋聊即表示您同意將您的資訊傳輸到可能具有不同資料保護法律的國家。

9. 您的權利

您有權：

• 存取：檢視應用中儲存的個人資料
• 更正：隨時更新您的個人資料資訊
• 刪除：刪除您的帳戶和相關資料
• 資料可攜性：匯出您的資料（請聯繫我們獲取協助）
• 撤回同意：在裝置設定中撤銷權限

如何刪除您的帳戶

1. 開啟韋聊
2. 前往 設定 → 帳戶設定 → 刪除帳戶
3. 輸入密碼確認
4. 您的帳戶和資料將被永久刪除

或者，發送電子郵件至 vliaochat@gmail.com，主旨為「帳戶刪除請求」。我們將在 30 天內處理您的請求。

10. 加州隱私權利 (CCPA)

如果您是加州居民，根據《加州消費者隱私法》(CCPA)，您享有額外權利：

• 知情權：了解我們收集、使用和共享哪些個人資訊
• 刪除權：請求刪除您的個人資訊
• 拒絕出售權：我們不出售個人資訊，因此無需選擇退出
• 非歧視權：我們不會因您行使權利而歧視您

請查看我們的「不要出售我的個人資訊」頁面了解更多詳情。

11. 兒童隱私

韋聊不適用於 13 歲以下的用戶。我們不會故意收集 13 歲以下兒童的個人資訊。如果您認為我們收集了 13 歲以下兒童的資訊，請立即透過 vliaochat@gmail.com 聯繫我們。

12. 政策變更

我們可能會不時更新本隱私政策。當我們進行重大變更時：

• 我們將更新本政策頂部的「最後更新」日期
• 我們可能透過應用或電子郵件通知您
• 變更後繼續使用應用即表示接受

13. 管轄與法律適用

本隱私政策的成立、生效、履行、解釋及糾紛解決，適用中華人民共和國大陸地區法律。若您和我們發生任何糾紛或爭議，首先應友好協商解決；協商不成的，您同意將糾紛或爭議提交至本隱私政策簽訂地（江蘇省南京市）有管轄權的人民法院管轄。