1. Who we are
This Privacy Policy describes how China Travel Copilot ("the App", "we", "us", or "our")
handles information when you use our iOS application. This Policy applies only to the iOS app
published on the Apple App Store under the name China Travel Copilot and to
this website (cnjoygo.com).
We are a small independent development team. If you have any privacy question, you can email us at cfd007@qq.com.
2. Our privacy principles
- Offline by default. The 24 city guides, 500+ phrases, address cards, and emergency content are bundled inside the app at install time. They never leave your device.
- No account required. You are not asked to register, sign in, or provide identity information to use the app.
- Minimum data, anonymous. The very small amount of usage data we use is keyed to a randomly generated, device-local identifier β not to you personally.
- No advertising network. The app contains no third-party ad SDKs.
- No selling, ever. We do not sell or rent personal information to anyone, for any purpose.
3. Information we do not collect
To make this very explicit, the following information is never collected, accessed, or stored by us:
- Your name, email address, phone number, or postal address.
- Your precise or approximate location β we do not request the iOS Location permission.
- Your contacts, calendar, photos, microphone input, or camera input.
- Your health, fitness, or biometric data.
- Your browsing history outside of the app.
- Your payment card, bank account, or any financial credentials.
- The Apple IDFA (Identifier for Advertisers) β we do not display App Tracking Transparency prompts because we do not track you across other apps or websites.
4. Information we do collect
4.1 Anonymous device identifier
The first time the app launches, it generates a random string (UUID) on your device, called
anonymous_id. This identifier:
- is generated locally and is not derived from your Apple ID, IDFV, IDFA, phone number, or any personal data;
- is stored in the app's sandboxed
UserDefaultson your device; - is reset if you uninstall and reinstall the app;
- is used only to deduplicate event reports (so we don't double-count the same install).
4.2 Aggregate usage events
The app records a small set of anonymous events to help us understand which features are useful and which are broken. These events do not contain personal information. The complete list is:
| Event | What it captures |
|---|---|
app_opened |
The app was launched. |
city_detail_opened |
A city detail page was opened (city ID only). |
attraction_detail_opened |
An attraction detail page was opened (attraction ID only). |
route_template_detail_opened |
A recommended route page was opened. |
checklist_opened |
The pre-trip checklist was viewed. |
phrase_copied |
A phrase was copied to the clipboard (category only, never the text). |
address_copied |
A Chinese address card was copied (city ID only). |
paywall_shown |
A paywall was displayed (trigger name only). |
iap_purchased / iap_failed / iap_restored |
The outcome of an in-app purchase attempt (product ID and Apple-returned reason). |
builtin_content_loaded / builtin_content_updated |
Diagnostics for the bundled-content loader. |
Each event includes the anonymous identifier above, the app version, the platform (always
ios), and a timestamp. Events are queued locally and sent in small batches over HTTPS.
4.3 Technical request metadata
When the app contacts our servers (for example, to check for content updates), our servers automatically receive standard request information: app version, platform, language, and IP address. We use the IP address only to deliver the response, to detect abuse, and for coarse country-level statistics. We do not derive a precise location from it.
4.4 In-app purchases
All purchases (Phrasebook Pack, Full Pro, and the launch offer)
are processed by Apple using StoreKit. We never receive your credit-card number,
billing address, or Apple ID password. The app stores a local entitlement flag (free /
phrasebook / pro) on your device. This flag, together with Apple's
Transaction.currentEntitlements API, is what unlocks paid features. To restore a
purchase on a new device, simply tap "Restore Purchase" in Settings while signed into the
same Apple ID.
5. How we use information
We use the limited information described above only for the following purposes:
- Run the app. Deliver content updates, validate in-app purchases, and recover from errors.
- Improve the app. Aggregate, anonymous metrics tell us which features are used and which crash.
- Prevent abuse. Detect automated attacks and protect the service for legitimate users.
- Comply with the law. Respond to lawful requests from competent authorities, when required.
We do not use your information to build advertising profiles, to target you with ads, or to make automated decisions that produce legal effects on you.
6. Permissions the app may request
The app is intentionally light on permissions. The following are the only iOS permissions the app may request, and only when you actively use the corresponding feature:
- Network access β used to check for content updates and report anonymous events. Standard for any iOS app and not shown as a system prompt.
- (Optional) Local notifications β used only if you enable trip reminders inside Settings. You can disable this at any time in iOS Settings β Notifications.
The app does not request: Location, Contacts, Calendars, Reminders, Photos, Microphone, Camera, Bluetooth, Speech Recognition, HealthKit, HomeKit, or Motion & Fitness.
7. Sharing your information
We do not sell your information. We share information only with the following service providers, strictly to operate the app:
- Apple Inc. β App Store distribution, in-app purchases, push notifications. Apple's handling of your data is governed by the Apple Privacy Policy.
- Cloud hosting providers β used to host our content delivery and event-collection endpoints. They process data on our behalf under data-processing agreements and may not use it for any other purpose.
We may also disclose information if we are legally required to do so by valid court order, subpoena, or law enforcement request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
8. International data transfers
Our infrastructure is operated outside your country of residence. By using the app, you understand that the limited information described in this Policy may be transferred to, and processed in, jurisdictions whose data-protection laws may differ from those of your country. Where required by law, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
9. How long we keep data
- Anonymous events: retained for up to 18 months in aggregated form, then deleted or fully anonymized.
- Server access logs: retained for up to 90 days for security and abuse-prevention purposes.
- Local data on your device: retained until you delete the app. Uninstalling the app erases all local content, the anonymous identifier, and your local entitlement cache.
10. Children's privacy
The app is rated 4+ and is suitable for all ages, but it is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will delete it promptly.
11. Your rights
Because we do not collect personal information that identifies you, in most cases there is no personal data to access, correct, port, or delete. However, depending on where you live, you may have the following rights under applicable laws (such as the GDPR in the European Economic Area, the UK GDPR, the California Consumer Privacy Act, and similar laws):
- The right to access any personal data we may hold about you.
- The right to request correction of inaccurate data.
- The right to request deletion of data we hold.
- The right to object to or restrict certain processing.
- The right to data portability.
- The right to withdraw consent, where processing is based on consent.
- The right to lodge a complaint with your local data-protection authority.
To exercise any of these rights, email cfd007@qq.com with your request and the device identifier shown in Settings β About inside the app (so we can locate any associated event records).
12. California residents (CCPA / CPRA)
In the past 12 months we have not "sold" or "shared" personal information as defined by the CCPA and CPRA, and we do not knowingly sell or share personal information of consumers under 16. The categories of information we collect and how we use them are described in Sections 3β5. You may exercise your right to know, delete, correct, or opt out of sale/sharing by contacting cfd007@qq.com. We will not discriminate against you for exercising any privacy right.
13. Security
We use industry-standard security measures to protect the small amount of data we collect, including transport-level encryption (HTTPS/TLS) for all network requests, restricted access controls on server infrastructure, and routine deletion of unnecessary data. No method of transmission or storage is 100% secure, but we work hard to limit the risks.
14. Changes to this Policy
We may update this Policy from time to time, for example to reflect new features or legal requirements. When we do, we will post the updated Policy at this URL and update the "Last updated" date at the top. If the changes are material, we will display an in-app notice on the next launch. Continued use of the app after the effective date of an update indicates acceptance of the revised Policy.
15. Contact us
If you have any question about this Privacy Policy or how we handle data, please contact us at:
China Travel Copilot Team
Email: cfd007@qq.com
Website: https://cnjoygo.com