1. 适用范围与数据控制者
aardwin(以下简称"本服务")由 aardpro(个人开发者,所在地:中国)运营。本隐私政策适用于 aardwin 提供的全部登录方式与数据处理活动,包括通过第三方 OAuth 提供商(WeChat、Google、Microsoft Outlook、GitHub、Discord)完成的登录,以及 aardwin 直接提供的邮箱验证码(OTP)登录。
就适用法律(包括《通用数据保护条例》(GDPR)与《加州消费者隐私法》(CCPA))而言,aardpro 是您通过 aardwin 完成登录所产生的个人数据的"数据控制者",并对其履行数据保护义务。aardwin 不持有 WeChat、Google、Microsoft Outlook、GitHub 或 Discord 用于完成授权之外的客户端密钥,也不会以您的身份访问这些平台中超出授权范围的数据。
如果您是接入 aardwin 的开发者应用终端用户,您的数据处理同时受该开发者应用的隐私政策约束;本政策仅描述 aardwin 在身份交换与登录代理过程中直接处理的数据。
2. 我们收集的信息
我们仅在完成登录、身份交换、安全审计与故障排查所必需的范围内收集与处理个人数据,具体类别如下:
- 身份提供商返回的稳定用户标识,例如 Google sub、Microsoft oid、GitHub 账户 ID、Discord 用户 ID、WeChat openid / unionid
- 邮箱地址(用于账户识别与邮箱验证码登录的送达)
- 公开个人资料信息,例如昵称、显示名称、头像 URL
- 邮箱验证码(OTP)登录产生的邮箱地址、一次性验证码及其验证状态、签发与失效时间
- 运行与安全审计数据:登录时间、来源应用或站点标识、回调地址、用户代理、IP 地址(仅在必要时)、错误日志与请求关联标识
3. 我们如何使用信息
我们仅将上述信息用于以下明示、限定且必要的用途,绝不超出该等用途进行处理:
- 完成 OAuth 授权流程、邮箱验证码登录流程、账户识别与登录态建立
- 向接入 aardwin 的开发者应用返回完成身份验证所必需的身份字段
- 检测异常流量、防范滥用、排查登录故障与安全事件
- 保留必要的审计日志以履行法律法规、监管要求与安全合规义务
4. 登录方式与 OAuth 范围(数据最小化)
aardwin 严格遵循数据最小化原则,对每个支持的登录方式仅请求完成身份认证所必需的最小权限范围:
- Google:openid、email、profile
- Microsoft Outlook:openid、profile、email
- GitHub:read:user、user:email
- Discord:identify、email
- WeChat:snsapi_login(微信网页授权,仅获取 openid 与基础个人信息)
- 邮箱验证码(OTP)登录:仅使用您提供的邮箱地址发送一次性验证码,不涉及任何第三方 OAuth 范围
- 我们明确不请求、不读取、不存储您的 Gmail 邮件正文、Outlook 邮件正文、联系人、日历、文件、云盘内容、聊天记录或任何超出上述身份认证所必需范围的敏感数据。aardwin 不会以您的身份发布内容、发送消息、修改账户设置或执行除完成登录与身份交换之外的任何操作。
5. 数据保留
我们对不同类别的数据采取以下保留期限:
超过上述保留期限后,数据将被删除或进行不可逆匿名化处理。若法律强制要求更长的保留期限,则以该等法律规定为准。
- 登录与扫码审计日志(auth_logs / scan_logs):默认自生成之日起 30 天后自动删除
- 邮箱验证码(email_verification_codes):在短命过期(分钟至小时级)后由清理任务定期删除
- 终端用户身份数据(邮箱、provider 唯一 ID、昵称、头像等):长期保留,直至您请求删除、撤销授权或关闭账户后的一段合理期限内删除或匿名化
- 依法必须保留或因举证、争议解决需要保留的数据,在必要且相称的期限内保留
6. 数据共享与第三方处理者
我们不会出售、出租个人数据,也不会将个人数据与广告商或广告网络共享。我们仅在以下情形下与第三方共享或委托处理数据:
上述处理者仅在其提供服务的必要范围内处理数据,并受其各自的隐私政策与数据处理条款约束。我们要求所有处理者提供不低于本政策所要求的保护标准。
- 基础设施与托管服务:Cloudflare Pages / Vercel(前端)、独立 VPS 提供商(bff 边缘代理节点)、PostgreSQL 托管服务(数据库)
- 身份提供商:WeChat、Google、Microsoft、GitHub、Discord,仅在您主动选择对应登录方式时,用于完成授权与身份交换
- 依法披露:在合理认为必要时为遵守适用法律法规、监管要求、司法或行政程序而进行的披露
- 经您明确授权的其他用途
7. 国际数据传输
由于 aardwin 采用分布式部署(前端托管、多台 VPS、跨区域数据库),您的数据可能在您所在司法管辖区之外(包括中国与海外节点)被处理、传输或存储。
对于来自欧洲经济区(EEA)、英国或瑞士的数据主体,我们依赖 GDPR 标准合同条款(SCC)或第 49 条等适当保障措施来确保跨境数据传输符合 GDPR 要求。对于其他管辖区,我们将依据适用法律采取合理的等效保障措施。
在数据传输至或自上述节点传输时,所有链路均使用 TLS 加密,敏感字段在存储时进行加密处理。
8. 数据安全
我们采取合理的技术与组织措施保护您的个人数据,包括但不限于:
尽管采取上述措施,任何互联网传输或存储都无法做到绝对安全。如发生影响您个人数据的安全事件,我们将依据适用法律在合理期限内通知您与监管机构。
- 所有客户端与服务端、服务与服务之间的数据传输使用 TLS 加密
- 敏感字段(如 OAuth 客户端密钥、令牌、凭证)加密存储,bff 边缘节点不持有客户端密钥
- 最小必要访问控制,仅授权人员可在必要范围内访问生产数据
- 集中审计与错误日志记录,日志默认 30 天后自动删除
- 一次性验证码短命设计,过期后由清理任务定期删除
- 定期安全审查与依赖项更新
9. 您的权利(GDPR / CCPA)
如果您位于欧洲经济区(EEA)、英国、瑞士或其他适用 GDPR 的管辖区,您在适用法律范围内享有以下权利:
如果您是加州居民,依据 CCPA 您享有:知情权(了解我们收集、出售或共享的个人数据类别及目的)、删除权(请求删除我们持有的个人信息)、不歧视权(行使上述权利不会受到歧视性对待),以及反对"出售或共享"个人数据的权利。aardwin 不出售或共享个人信息用于跨情境行为广告。
行使权利的方式:请发送邮件至 admin@aard.win,并在合理范围内提供必要的身份验证信息。我们将在收到有效请求后的 30 天内予以响应;如确需延期,将在 30 天内向您说明原因与预计响应时间,最长不超过适用法律允许的期限。撤销 Google 或 Microsoft 授权也可直接在对应账户的安全或应用授权设置中操作;撤销后,相关登录方式将无法继续使用。
- 访问权:请求获取我们持有的关于您的个人数据的副本
- 更正权:请求更正不准确或过时的个人数据
- 删除权(被遗忘权):请求删除我们持有的关于您的个人数据
- 限制处理权:在某些情形下请求我们限制对您数据的处理
- 数据可携权:以结构化、机器可读格式接收您的个人数据,并传输给其他控制者
- 反对权:基于正当利益或特定情形反对我们处理您的个人数据
- 自动化决策相关权利:不受仅基于自动化处理且产生法律或类似重大影响的决策约束
- 撤销授权同意权:随时撤销此前给予的处理同意或 OAuth 授权
10. 儿童隐私
aardwin 不面向 13 岁以下(部分管辖区为 16 岁以下)儿童,也不故意收集该等儿童的个人信息。如果您是父母或监护人,发现我们无意中收集了未达适用同意年龄儿童的信息,请通过 admin@aard.win 联系我们。我们将在核实后及时删除相关数据。
11. 政策变更
我们可能不时更新本隐私政策以反映业务、技术或法律要求的变化。政策变更时,我们将更新本页"最近更新日期"。
对于重大变更(例如新增数据类别、新增处理用途或新增处理者),我们将通过在本页显著位置发布公告或向您预留的邮箱发送通知的方式告知您。继续使用 aardwin 服务即视为您接受更新后的政策;如您不同意,您可选择停止使用并撤销授权。
12. 联系我们
如果您对本隐私政策、您的数据权利、数据删除请求或 aardwin 的数据处理实践有任何疑问,请联系:admin@aard.win。我们承诺在合理期限内予以响应。
1. Scope and Data Controller
aardwin ("the Service") is operated by aardpro (an individual developer based in China). This Privacy Policy applies to all sign-in methods and data processing activities offered by aardwin, including sign-in through third-party OAuth providers (WeChat, Google, Microsoft Outlook, GitHub, Discord) and the email one-time passcode (OTP) sign-in provided directly by aardwin.
For the purposes of applicable law, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), aardpro is the "data controller" of the personal data generated when you sign in through aardwin, and is responsible for fulfilling data protection obligations. aardwin does not retain the client secrets of WeChat, Google, Microsoft Outlook, GitHub, or Discord beyond what is required to complete the authorization, and does not access data in those platforms on your behalf beyond the authorized scope.
If you are an end user of a developer application that integrates aardwin, your data handling is also governed by that developer application's privacy policy; this Policy only describes the data that aardwin directly processes during identity exchange and sign-in proxying.
2. Information We Collect
We collect and process personal data only to the extent necessary for completing sign-in, identity exchange, security auditing, and troubleshooting. The categories of data are as follows:
- Stable user identifiers returned by identity providers, such as Google sub, Microsoft oid, GitHub account ID, Discord user ID, and WeChat openid / unionid
- Email address (used for account identification and for delivering email one-time passcode sign-in)
- Public profile information, such as display name, screen name, and avatar URL
- Email one-time passcode (OTP) sign-in data, including email address, one-time codes, verification status, and issuance/expiration timestamps
- Operational and security audit data: sign-in timestamps, source app or site identifier, callback URL, user agent, IP address (where necessary), error logs, and request correlation identifiers
3. How We Use Information
We use this information only for the following explicit, limited, and necessary purposes, and never process it beyond those purposes:
- To complete OAuth authorization flows, email one-time passcode sign-in flows, account identification, and establishment of sign-in state
- To return the identity fields necessary for completing authentication to the developer application integrating aardwin
- To detect anomalous traffic, prevent abuse, and troubleshoot sign-in failures and security incidents
- To retain audit logs necessary to meet applicable legal, regulatory, security, and compliance obligations
4. Sign-in Methods and OAuth Scopes (Data Minimization)
aardwin strictly follows the data minimization principle and requests only the minimum scopes necessary for each supported sign-in method:
We explicitly do not request, access, or store your Gmail message content, Outlook message content, contacts, calendars, files, cloud storage content, chat messages, or any other sensitive data beyond what is necessary for identity verification as listed above. aardwin will not post content on your behalf, send messages, modify account settings, or perform any operation other than completing sign-in and identity exchange.
- Google: openid, email, profile
- Microsoft Outlook: openid, profile, email
- GitHub: read:user, user:email
- Discord: identify, email
- WeChat: snsapi_login (WeChat web authorization; retrieves only openid and basic profile information)
- Email one-time passcode (OTP) sign-in: uses only the email address you provide to deliver a one-time code; does not involve any third-party OAuth scope
5. Data Retention
We apply the following retention periods to different categories of data:
After the retention period above, data is deleted or irreversibly anonymized. Where a longer retention period is mandated by law, that law prevails.
- Sign-in and scan audit logs (auth_logs / scan_logs): automatically deleted 30 days after generation by default
- Email one-time passcodes (email_verification_codes): periodically deleted by a cleanup task after their short-lived expiration (minutes to hours)
- End-user identity data (email, provider-unique ID, display name, avatar, etc.): retained long-term until you request deletion, revoke authorization, or close your account, after which it is deleted or anonymized within a reasonable period
- Data that must be retained by law or for evidentiary or dispute-resolution purposes is retained for as long as necessary and proportionate
6. Data Sharing and Third-Party Processors
We do not sell or rent personal data, and we do not share personal data with advertisers or advertising networks. We share or commission processing of data with third parties only in the following circumstances:
The above processors handle data only to the extent necessary to provide their services, and are bound by their respective privacy policies and data processing terms. We require all processors to provide a level of protection no less protective than that set out in this Policy.
- Infrastructure and hosting: Cloudflare Pages / Vercel (frontend), independent VPS providers (bff edge proxy nodes), and a managed PostgreSQL service (database)
- Identity providers: WeChat, Google, Microsoft, GitHub, and Discord, only when you actively choose the corresponding sign-in method, used solely to complete authorization and identity exchange
- Legal disclosure: disclosures made where reasonably necessary to comply with applicable laws, regulations, and judicial or administrative processes
- Any other purpose you explicitly authorize
7. International Data Transfers
Because aardwin is deployed across distributed infrastructure (frontend hosting, multiple VPS nodes, and cross-region databases), your data may be processed, transmitted, or stored outside your jurisdiction, including in China and overseas nodes.
For data subjects in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the GDPR Standard Contractual Clauses (SCCs) or Article 49 (where applicable) as appropriate safeguards to ensure that cross-border data transfers comply with the GDPR. For other jurisdictions, we will take reasonable equivalent safeguards as required by applicable law.
Whenever data is transmitted to or from these nodes, all links are encrypted with TLS, and sensitive fields are encrypted at rest.
8. Data Security
We take reasonable technical and organizational measures to protect your personal data, including but not limited to:
Despite these measures, no transmission or storage over the internet can be guaranteed to be completely secure. In the event of a security incident affecting your personal data, we will notify you and the relevant regulators within a reasonable period as required by applicable law.
- All data in transit between clients and servers, and between services, is encrypted with TLS
- Sensitive fields (such as OAuth client secrets, tokens, and credentials) are encrypted at rest; bff edge nodes do not hold client secrets
- Least-privilege access controls, so that only authorized personnel may access production data where necessary
- Centralized audit and error logging; logs are automatically deleted after 30 days by default
- Short-lived one-time passcode design; expired codes are periodically removed by a cleanup task
- Periodic security reviews and dependency updates
9. Your Rights (GDPR / CCPA)
If you are located in the European Economic Area (EEA), the United Kingdom, Switzerland, or another jurisdiction to which the GDPR applies, you have the following rights under applicable law:
If you are a California resident, under the CCPA you have the right to: know (the categories and purposes of personal data we collect, sell, or share), delete (request deletion of the personal information we hold), opt-out (of any "sale or share" of personal information for cross-context behavioral advertising), and non-discrimination (not to be discriminated against for exercising these rights). aardwin does not sell or share personal information for cross-context behavioral advertising.
How to exercise your rights: send an email to admin@aard.win, providing the identity verification reasonably necessary to process your request. We will respond to valid requests within 30 days of receipt; where an extension is genuinely necessary, we will inform you of the reason and estimated response time within those 30 days, not to exceed the period permitted by applicable law. You may also revoke Google or Microsoft authorization directly from the security or app authorization settings of the corresponding account; after revocation, the related sign-in method will no longer be usable.
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or outdated personal data
- Right to erasure ("right to be forgotten"): request deletion of the personal data we hold about you
- Right to restrict processing: request that we restrict processing of your data in certain circumstances
- Right to data portability: receive your personal data in a structured, machine-readable format and transmit it to another controller
- Right to object: object to our processing of your personal data based on legitimate interests or in specific situations
- Rights related to automated decision-making: not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects
- Right to withdraw consent: withdraw any previously given consent or OAuth authorization at any time
10. Children's Privacy
aardwin is not directed to children under 13 (or, in certain jurisdictions, under 16), and we do not knowingly collect personal information from such children. If you are a parent or guardian and you believe we have inadvertently collected information from a child under the applicable age of consent, please contact us at admin@aard.win. We will delete the relevant data after verification.
11. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our business, technology, or legal requirements. When the Policy changes, we will update the "Last updated" date on this page.
For material changes (for example, adding new categories of data, new processing purposes, or new processors), we will notify you by posting a prominent notice on this page or sending a notice to your reserved email address. Continued use of aardwin constitutes acceptance of the updated Policy; if you do not agree, you may stop using the Service and revoke authorization.
12. Contact Us
If you have any questions about this Privacy Policy, your data rights, data deletion requests, or aardwin's data handling practices, contact us at admin@aard.win. We commit to responding within a reasonable period.