Privacy Policy

Applies to: TinyTrove (Chinese name: 人生小事)

Effective: April 12, 2026  |  Last updated: April 17, 2026

中文版

We know your memories and personal records are sensitive. This policy explains how we collect, use, store, and protect information when you use TinyTrove, and what rights you have. By using the app, you acknowledge that you have read and understood this policy; if you do not agree, please stop using it.

1. Information we process and why

The app is built with a local-first approach: your posts (including encrypted photos, videos, text, etc.) are stored primarily in the app sandbox on your device and protected with encryption and related measures. We process the following only as needed to provide functionality:

• Content you provide: media you select from your library, text you enter, and optional location-related information (for example, coordinates from media EXIF converted into a readable address).
• Account and security-related data: such as your main PIN for unlock and key derivation, recovery key (Secret Key) display and backup flows, and device identifiers used to distinguish devices in key management (see in-app copy for details). Sensitive items are stored using the system secure storage or an encrypted database. We do not upload your main PIN to our servers in reversible plaintext (the app does not rely on our own “content cloud” to store your post bodies and media by default).
• Operational and diagnostic information: the app may write logs locally for stability (e.g. troubleshooting). Release builds may disable or limit logging; when enabled, logs typically stay on the device. We do not use logs for advertising profiles.
• Optional cloud sync (WebDAV): if you configure WebDAV (e.g. personal cloud or NAS), encrypted files may sync to the third-party service you choose. That processing is governed by your agreement with the provider; we cannot access your cloud account password and are not responsible for the provider’s availability or security practices.
• In-app purchases: purchases are processed by Apple App Store / Google Play (as applicable). We receive order or subscription status from the platform as needed to grant entitlements, not your full card number.

2. Permissions (system authorization)

The app may request permissions including:

• Photos / media library: to pick images and videos for your posts.
• Camera: for scenarios such as scanning a QR code to import keys (as shown in the app).
• Biometrics (if you enable them): for convenient unlock; biometric data is handled by the OS, and we do not store raw fingerprint or face data.
• Microphone: if you use in-app features that record audio (such as voice notes), audio is captured and stored according to how the feature works in your version (typically on-device as part of your post content).
• Location (if you grant access): to attach location-related labels to your posts, in addition to address information derived from media EXIF where applicable.
• Network: for optional reverse geocoding, WebDAV sync, update checks, in-app purchase validation, etc.

You can revoke permissions in system settings; some features may stop working.

3. Third-party services and network transmission

• Reverse geocoding (maps): when you add photos, the app may send latitude and longitude to Amap (Gaode) and/or Baidu Maps platform APIs to obtain a human-readable address. Details follow each provider’s policies.
• WeChat-related features: the app may include WeChat-related SDKs (depending on the build). Whether WeChat login, sharing, or other features are enabled depends on configuration and your actions. If enabled, Tencent may process data under its policies. See Tencent’s WeChat terms and related privacy notices.
• Other SDKs / libraries: components such as encrypted databases, networking, PDF, and media playback typically process data on-device and do not upload your post content to our servers.

4. Storage and security

• Posts and media are stored locally in encrypted form; the database may use SQLCipher or equivalent (as implemented in your version).
• Keys and sensitive credentials use platform secure storage (e.g. iOS Keychain, Android Keystore) where applicable.
• No encryption can fully protect against a compromised unlocked device, malware, screenshots/screen recording, or you sharing keys/backup files. Keep your PIN, recovery key, and backups safe.

5. Retention and deletion

• Content stays on your device until you delete the app, clear data, or use in-app deletion / “Recently deleted” (or similar) features.
• If you use WebDAV, remote copies depend on your sync actions and your provider’s policies.

6. Minors

If you are a minor, please use the app under parental guidance. We do not knowingly collect minors’ personal information for marketing.

7. Your rights

Where applicable law allows, you can manage data through in-app settings, backup/restore, and deletion. You may contact us using the details below to ask about access, correction, deletion, or withdrawal of consent. For data held by third-party services you configured, contact those providers as well.

8. Changes to this policy

We may update this policy for new features or legal requirements. We will publish updates in the app or on the web and change the “Last updated” date above; for material changes we may provide additional notice.

9. Contact us

For questions, comments, or complaints about this policy:

• Email: dutycode@gmail.com
• Web: https://tinytrove.me/en/feedback