隐私政策 Privacy Policy

1. 适用范围

本政策适用于南京宝銮信息科技有限公司（以下简称“我们”）运营的官方网站 https://www.baocloud.net、开发者主体展示页面、在线联系入口、邮箱支持、隐私权利请求以及与官网访问相关的通用处理活动。

2. 我们收集的信息

您主动提供的信息

• 联系信息：姓名、邮箱地址、公司或身份说明，以及您在邮件或表单中主动填写的内容。
• 支持沟通信息：问题描述、反馈内容、附件、请求类型、沟通记录。
• 隐私权利请求信息：用于核实和处理访问、更正、删除、撤回同意等请求所需的信息。

自动处理的技术信息

• 网站访问日志：IP 地址、访问时间、页面 URL、浏览器类型、操作系统、设备类型、来源页面。
• 安全与性能信息：错误日志、服务器响应状态、网络安全事件、DDoS 防护相关记录。
• Cookie 或类似技术：语言偏好、必要安全令牌、基础访问分析标识。

我们不会通过官网主动收集身份证件号码、银行卡号、精确 GPS 定位、生物识别信息、通讯录联系人或具体 App 内用户生成内容。

3. 我们如何使用信息

• 提供、维护和展示官方网站及开发者主体信息。
• 回复咨询、支持请求、合作沟通和隐私权利请求。
• 维护网站安全、防范滥用、攻击、欺诈或未经授权访问。
• 统计网站访问情况，改进页面可用性、加载速度和内容质量。
• 遵守法律法规、平台规则、审计、争议解决或监管要求。

4. 处理依据

对于欧盟、英国、瑞士等适用 GDPR 或类似法律的用户，我们可能基于以下法律依据处理个人信息：

5. Cookie 与分析

我们的网站可能使用 Cookie 或类似技术，以实现安全防护、语言偏好、访问统计和基础性能分析。

• 严格必要 Cookie：用于网站安全、访问稳定性和基础功能。
• 偏好 Cookie：用于记住语言选择等偏好。
• 分析 Cookie：用于了解访问趋势和页面性能。对于需要同意的地区，我们会在取得同意后启用。
• 营销 Cookie：当前不主动使用。如未来启用，将在取得必要同意或提供退出机制后使用。

6. 共享与服务商

我们不会出售、出租或交易您的个人信息。我们可能在必要范围内与以下服务商共享或由其处理信息：

• 网站托管、CDN、安全防护服务商，例如 Cloudflare、GitHub Pages、Vercel 或同类服务。
• 邮件、客服、工单或业务沟通服务商。
• 网站分析、错误诊断或性能监控服务商。
• 法律、审计、合规、监管或争议解决所需的专业顾问或机构。

服务商仅能为本政策所述目的处理必要信息，并应采取合理的安全和保密措施。

7. 服务器与托管说明

截至本政策最后更新日期，我们没有自建网站服务器，也不通过自建服务器保存官网访客信息。我们的官网主要依赖第三方托管、CDN、安全防护、域名解析、邮件和代理类服务提供访问、加速、防护和沟通能力。

• 当前服务形态：使用托管服务、CDN、代理服务和安全防护服务，而非自建服务器。
• 可能处理的数据：访问 IP、请求时间、页面地址、浏览器和设备信息、安全日志、邮件沟通内容。
• 处理目的：网站展示、访问加速、DDoS 防护、异常访问拦截、故障排查、邮件支持和合规记录。
• 服务商责任：托管和代理服务商可能按照其隐私政策、数据处理条款和安全规则处理必要技术数据。

后期我们可能根据业务发展和合规要求部署海外自建服务器或专用云服务器。如果启用自建或专用服务器，我们会在上线前更新本政策，说明服务器所在地区、处理的数据类别、处理目的、保存期限、跨境传输机制和用户权利行使方式。

8. 跨境传输

我们总部位于中国南京。由于网站托管、CDN、安全防护、邮箱或分析服务可能由全球服务商提供，您的信息可能在您所在国家或地区以外被处理。

在适用法律要求的情况下，我们会采取适当保障措施，例如数据最小化、加密、供应商尽职调查、数据处理协议、标准合同条款或其他合法传输机制。

9. 保存期限

• 网站访问和安全日志：通常保存不超过 90 天，除非安全调查或法律要求需要更长时间。
• 联系和支持沟通记录：通常自最后一次沟通起保存 3 年，用于后续查询、纠纷处理和服务改进。
• 隐私权利请求记录：通常保存 3 年，用于证明我们已处理相关请求。
• Cookie 偏好记录：保存至您清除 Cookie、撤回同意或记录过期。

超过必要期限后，我们会删除、匿名化或按照适用法律进行处理。

10. 您的权利

根据您所在地区的适用法律，您可能享有访问、更正、删除、限制处理、反对处理、撤回同意、数据可携带、了解信息类别和披露对象等权利。

加州用户还可能享有 CCPA/CPRA 下的知情权、删除权、更正权、选择退出出售或共享个人信息的权利、限制使用敏感个人信息的权利以及不受歧视的权利。我们不会出售或共享个人信息用于跨场景行为广告。

如需行使权利，请发送邮件至 support@baocloud.net。为保护信息安全，我们可能需要验证您的身份。欧盟/英国用户也可向所在地数据保护监管机构投诉。

11. 儿童隐私

我们的官方网站和开发者主体页面不面向儿童。我们不会故意通过官网收集 13 岁以下儿童，或适用法律规定的更高年龄门槛以下未成年人的个人信息。若监护人认为未成年人向我们提供了个人信息，请联系我们处理。

12. 安全措施

我们采取合理的技术、管理和组织措施保护信息安全，包括 HTTPS 加密传输、访问控制、最小权限、服务商安全审查、日志监控和安全事件响应。请理解，任何互联网传输或电子存储方式都无法保证绝对安全。

13. 政策更新

我们可能根据网站功能、服务商、法律要求或运营情况更新本政策。更新后的版本将在本页面发布，并更新“最后更新”日期。如涉及重大变更，我们会在合理范围内通过官网公告或其他适当方式提示。

14. 联系我们

1. Scope

This Policy applies to the official website https://www.baocloud.net, developer profile pages, online contact channels, email support, privacy rights requests, and general website-related processing activities operated by Nanjing Baoluan Information Technology Co., Ltd. ("we," "our," or "us").

2. Information We Collect

Information you provide

• Contact information: name, email address, company or identity description, and content you submit in emails or forms.
• Support communications: issue descriptions, feedback, attachments, request types, and communication records.
• Privacy rights request information: information needed to verify and process requests such as access, correction, deletion, or withdrawal of consent.

Technical information processed automatically

• Website logs: IP address, access time, page URL, browser type, operating system, device type, and referring page.
• Security and performance information: error logs, server response status, security events, and DDoS protection records.
• Cookies or similar technologies: language preferences, necessary security tokens, and basic analytics identifiers.

Through the website, we do not actively collect government ID numbers, bank card numbers, precise GPS location, biometric information, address book contacts, or user-generated content inside any specific app.

3. How We Use Information

• Provide, maintain, and display the website and developer profile information.
• Respond to inquiries, support requests, business communications, and privacy rights requests.
• Maintain website security and prevent abuse, attacks, fraud, or unauthorized access.
• Measure website visits and improve usability, loading speed, and content quality.
• Comply with laws, platform rules, audits, dispute resolution, or regulatory requirements.

4. Legal Bases

For users in jurisdictions where GDPR, UK GDPR, Swiss law, or similar laws apply, we may process personal information under the following legal bases:

5. Cookies and Analytics

Our website may use cookies or similar technologies for security, language preferences, website analytics, and basic performance measurement.

• Strictly necessary cookies: used for website security, access stability, and core functionality.
• Preference cookies: used to remember language choices and similar preferences.
• Analytics cookies: used to understand visit trends and page performance. In regions requiring consent, these are enabled only after consent.
• Marketing cookies: not actively used at this time. If enabled in the future, they will be used only with required consent or opt-out mechanisms.

6. Sharing and Service Providers

We do not sell, rent, or trade your personal information. We may share information with, or have it processed by, the following service providers where necessary:

• Website hosting, CDN, and security providers, such as Cloudflare, GitHub Pages, Vercel, or similar services.
• Email, customer support, ticketing, or business communication providers.
• Website analytics, error diagnostics, or performance monitoring providers.
• Professional advisors or authorities where needed for legal, audit, compliance, regulatory, or dispute resolution purposes.

Service providers may process only the information necessary for the purposes described in this Policy and are expected to use reasonable security and confidentiality measures.

7. Servers and Hosting

As of the last updated date of this Policy, we do not operate self-built website servers and do not store website visitor information on self-built servers. Our website currently relies mainly on third-party hosting, CDN, security, DNS, email, and proxy services to provide access, acceleration, protection, and communication capabilities.

• Current service model: hosted services, CDN, proxy services, and security services are used instead of self-built servers.
• Data that may be processed: access IP, request time, page URL, browser and device information, security logs, and email communication content.
• Purposes: website display, access acceleration, DDoS protection, abnormal access blocking, troubleshooting, email support, and compliance records.
• Service provider responsibility: hosting and proxy providers may process necessary technical data under their own privacy policies, data processing terms, and security rules.

In the future, we may deploy overseas self-built servers or dedicated cloud servers based on business development and compliance requirements. Before enabling self-built or dedicated servers, we will update this Policy to explain the server region, categories of data processed, processing purposes, retention periods, cross-border transfer mechanisms, and how users may exercise their rights.

8. International Transfers

We are headquartered in Nanjing, China. Because website hosting, CDN, security, email, or analytics services may be provided by global service providers, your information may be processed outside your country or region.

Where required by applicable law, we use appropriate safeguards such as data minimization, encryption, vendor due diligence, data processing agreements, Standard Contractual Clauses, or other lawful transfer mechanisms.

9. Retention

• Website access and security logs: generally retained for no more than 90 days, unless a security investigation or legal requirement requires a longer period.
• Contact and support communications: generally retained for 3 years after the last contact for follow-up, dispute handling, and service improvement.
• Privacy rights request records: generally retained for 3 years to demonstrate request handling.
• Cookie preference records: retained until you clear cookies, withdraw consent, or the record expires.

After the necessary period, information will be deleted, anonymized, or otherwise handled according to applicable law.

10. Your Rights

Depending on applicable law in your region, you may have rights to access, correct, delete, restrict processing, object to processing, withdraw consent, request data portability, and know categories of information and recipients.

California users may also have rights under CCPA/CPRA to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and be free from discrimination. We do not sell or share personal information for cross-context behavioral advertising.

To exercise your rights, email support@baocloud.net. To protect information security, we may need to verify your identity. EU/UK users may also lodge a complaint with their local data protection authority.

11. Children's Privacy

Our website and developer profile pages are not directed to children. We do not knowingly collect personal information through the website from children under 13, or a higher age threshold where required by applicable law. If a parent or guardian believes a minor has provided personal information to us, please contact us.

12. Security

We use reasonable technical, administrative, and organizational measures to protect information, including HTTPS encrypted transmission, access controls, least-privilege permissions, vendor security review, log monitoring, and security incident response. No internet transmission or electronic storage method can be guaranteed to be completely secure.

13. Changes to This Policy

We may update this Policy based on website features, service providers, legal requirements, or operational needs. The updated version will be posted on this page with a new "Last updated" date. For material changes, we will provide notice through the website or other appropriate methods where reasonable.

14. Contact Us