Privacy Policy

China Companion ("we", "our", or "us") is a travel knowledge and community platform for international visitors to China. We provide guides, Q&A, itinerary planning, and travelogue sharing via our website and mobile applications.

This Privacy Policy describes how we collect, use, store, and protect your information when you use our services. It applies to both our web platform and our mobile apps (iOS and Android).

The data controller responsible for your personal data is China Companion. For privacy-related questions or requests, you may contact us at the email address provided in the Contact section below.

Account and profile data. When you register or sign in (including via Google or Apple), we collect and store: email address, username, the identity of your sign-in provider (Google or Apple) and the unique identifier they assign to you, profile picture (avatar) URL if you provide one, and an optional short bio.

User-generated content. When you use our services, we store the content you create and the actions you take, including: travel articles, questions and answers, itineraries and trip plans, travelogues, comments, likes, bookmarks, and files you upload (such as images or PDFs, subject to our upload limits and allowed file types).

Usage and engagement data. We record how you interact with our platform to operate and improve the service, including: view counts on articles, questions, and travelogues; notifications we send you; and reports you submit (e.g. for content moderation).

Authentication data. To keep you signed in and secure, we use access and refresh tokens (JWT). We do not store your Google or Apple password; sign-in is handled by those providers.

We use your data to: provide, maintain, and improve our services; authenticate you and manage your account; personalize your experience (e.g. showing your content and preferences); display your profile and content to other users where you have chosen to share it; send you service-related notifications; moderate content and respond to reports; and comply with applicable laws and legal process.

We do not sell your personal data to third parties for advertising or marketing.

Your data is stored on our servers using a relational database (MariaDB), caching systems (Redis) for performance, and file storage for uploads. We take reasonable technical and organizational measures to protect your data, including secure transmission (e.g. HTTPS) and access controls.

Despite our efforts, no system can be guaranteed fully secure. We encourage you to use a strong password (where applicable) and to protect your account credentials.

We use Google and Apple only for sign-in (OAuth). When you choose to sign in with Google or Apple, they provide us with the information necessary to create or match your account (such as email and a unique identifier). Their use of your data is governed by their respective privacy policies: Google Privacy Policy (https://policies.google.com/privacy) and Apple Privacy Policy (https://www.apple.com/legal/privacy/).

We do not use third-party analytics or advertising SDKs that track you across other sites or apps for advertising purposes.

We retain your account and associated data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we are required to retain it for legal, regulatory, or safety reasons (e.g. responding to legal process or enforcing our terms).

Some content or usage data may remain in backups or in anonymized form for a limited time after account deletion.

Depending on where you live, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; request a copy of your data in a portable format (data portability); object to or restrict certain processing; withdraw consent where we rely on it; and lodge a complaint with a supervisory authority.

If you are in the European Economic Area (EEA) or the UK, these rights are provided under the GDPR and UK data protection law. If you are in California, you may have additional rights under the CCPA (e.g. to know what we collect and to request deletion).

To exercise any of these rights, please contact us using the email in the Contact section. We will respond within the time required by applicable law.

Our servers and service providers may be located in countries other than your own. If we transfer your data outside your country, we will do so in accordance with applicable law and, where required, use appropriate safeguards (such as standard contractual clauses or adequacy decisions) to protect your data.

Our services are not directed at children under 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may notify you by email or through a prominent notice on our platform.

Your continued use of our services after the effective date of the updated policy constitutes acceptance of the changes. We encourage you to review this policy periodically.

For any questions about this Privacy Policy or our privacy practices, or to exercise your rights, please contact us at: [email protected] (or replace with your actual contact email).