Privacy Policy

Effective Date: May 24, 2026
Last Updated: June 26, 2026

WanderChina ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the WanderChina mobile application (the "Service").

1. Information We Collect

1.1 Information You Provide

Account Information:

Email address (required for account creation)
Display name and password (for email-based registration)
Profile photo (optional)

Authentication Identifiers (when you choose third-party sign-in):

Apple User Identifier (a stable Apple-issued ID, when you sign in with Apple on iOS)
Email address provided by Apple during sign-in (which may be a privacy-relay address)
Google Account Identifier (a stable Google-issued ID, when you sign in with Google on Android)
Email address and basic profile information (name, profile picture) provided by Google during sign-in

Travel Planning Inputs:

Destination cities you select
Travel dates and duration
Trip preferences and customization requests
Voice translation inputs (audio recordings during translation requests)
AI-generated search keywords derived from your trip context (used to fetch travel photography)

Payment Information:

Subscription purchase records (transaction ID, product purchased, purchase date)
We do not store credit card numbers or payment credentials. All payments are processed by Apple In-App Purchase (iOS) or Google Play Billing (Android), and we only receive transaction confirmations.

1.2 Information Collected Automatically

Device and Usage Data:

Device model, operating system version, app version
Approximate location (country/region) for content localization
Precise location (with your explicit permission) to center the map on your position and detect nearby points of interest. On iOS this is obtained via the AMap location service; on Android via the device's system location services (Google Play services / GPS).
Language preference and locale settings
Crash reports and error logs (via Sentry)
Usage events: features used, frequency, session duration

Service Usage Records:

Number of itineraries generated (for free quota tracking)
Number of voice translations used per day (for free quota tracking)
AI editing actions on saved trips

1.3 Information We Do NOT Collect

We do not access your contacts, photos, calendar, or other personal data outside the Service.
We do not collect biometric data.
We do not track you across other applications or websites.

2. How We Use Your Information

We use the information we collect to:

Provide and maintain the Service: Generate AI-powered travel itineraries, translate points of interest, perform voice translations, display maps and routes.
Authenticate users: Verify your identity for sign-in and protect your account from unauthorized access.
Process payments: Verify Apple In-App Purchase (iOS) or Google Play Billing (Android) receipts, manage Trip Pass subscriptions, and track subscription status.
Improve the Service: Analyze usage patterns to identify bugs, optimize performance, and develop new features.
Communicate with you: Send password reset codes, account verification codes, and service-critical notifications.
Enforce our terms: Detect fraudulent activity, prevent abuse, and comply with legal obligations.
Conduct research: Aggregate and anonymize usage data to understand traveler needs (we do not share individual data for research).

We do not use your personal data for advertising, profiling for marketing, or selling to third parties.

3. How We Share Your Information

We share your information only with the following categories of service providers, strictly to provide the Service:

Provider	Purpose	Data Shared
DeepSeek (AI provider, China)	Generate itineraries and translate POI names	Your trip preferences and POI text. We do not share your account identity.
Baidu Cloud (voice services, China)	Convert your voice to text and synthesize spoken translations	Audio recordings during voice translation. Audio is processed in real-time and not retained by us.
AMap (Gaode/Autonavi) (China)	Display maps, search points of interest, calculate routes	Your location coordinates when you grant location permission.
Unsplash (photography, United States)	Fetch high-quality travel photography for points of interest	AI-generated search keywords based on POI context (e.g., "Cantonese dim sum", "ancient city wall Xi'an"). No personal information or location data.
Tencent Cloud (infrastructure, China)	Store user data, run cloud functions, host images	All user data (encrypted at rest in PostgreSQL, located in Mainland China).
Apple (United States)	Process In-App Purchases and Sign in with Apple (iOS)	Transaction receipts, Apple User Identifier. Governed by Apple's Privacy Policy.
Google (United States)	Process Google Play Billing and Sign in with Google (Android)	Transaction receipts, Google Account Identifier, email and basic profile (name, picture). Governed by Google's Privacy Policy.
Resend (transactional email, United States)	Deliver password reset and account verification emails	Your email address and the verification code being sent. Not used for marketing.
Sentry (United States)	Crash and error monitoring	Crash reports and stack traces. May include device model, OS version, app state, and (if signed in) a pseudonymous user identifier at time of error.

We do not sell your personal data to anyone.

We may also disclose your information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

4. Data Storage and International Transfers

Primary Data Storage Location: Your data is stored on Tencent Cloud servers located in Mainland China (Guangzhou region).

For users outside Mainland China:

By using the Service, you understand and consent that your data will be transferred to and stored in China.
China has different data protection laws than your home jurisdiction (e.g., EU GDPR, California CCPA, UK Data Protection Act).
We implement appropriate safeguards including encryption in transit (TLS) and at rest, access controls, and regular security audits.

Sub-processors outside China: Apple services (for sign-in and payment processing on iOS) and Google services (for sign-in and payment processing on Android) operate globally and may store authentication tokens in their respective data centers.

5. Your Rights

Depending on your location, you have the following rights:

Universal Rights (all users)

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data.
Withdrawal of consent: Revoke previously given permissions (e.g., location access) at any time via your device settings.

Account Deletion

You can delete your account at any time within the app: Profile → Settings → Delete Account

Upon deletion, the following data is permanently removed and cannot be recovered:

Your email, password, profile information, and personal identifiers (Apple ID, Google ID, device ID)
Custom trip descriptions and any text you wrote
Editing instructions you sent to our AI assistant
AI-generated itinerary content (which may have referenced details you shared)
Translation history
Daily usage and quota records

The following anonymized, aggregate data is retained to improve our AI travel recommendations for future users:

City selections, dates, and trip duration
Aggregated usage statistics (with no personal identifiers)
AI model performance metadata (generation timestamps, model version)

This retained data cannot be linked back to you and is no longer considered your personal information under applicable privacy laws.

Subscription transaction records are retained for financial audit purposes (required by law) in anonymized form linked to a transaction ID, not to you.

Account deletion takes effect immediately. Backup copies are purged within 30 days.

Complete deletion request: If you require deletion of all data including anonymized records (e.g., to fully exercise the right to erasure under GDPR Article 17), please contact support@wanderchina.app. Additional identity verification will be required.

EU/UK Users (GDPR)

You also have the right to:

Data portability: Receive your data in a structured, machine-readable format.
Restriction of processing: Limit how we use your data.
Object to processing: Object to processing based on legitimate interests.
Lodge a complaint: File a complaint with your local Data Protection Authority.

California Users (CCPA/CPRA)

You also have the right to:

Know: Know what categories of personal information we collect and how we use them.
Delete: Request deletion of your personal information.
Opt-out of sale: We do not sell your personal information; this right is automatically honored.
Non-discrimination: Exercise your rights without facing discriminatory treatment.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

6. AI Processing and Generated Content

WanderChina uses artificial intelligence to deliver several core features. This section explains in plain language what AI is used, what data is processed, and how to identify AI-generated content.

6.1 Which AI Services We Use

AI Provider	Used For	Data Sent
DeepSeek (China)	Generating personalized travel itineraries, modifying itineraries based on your natural-language edit requests, generating search keywords for travel photography	Your trip preferences (cities, dates, interests, free-text descriptions), existing itinerary content when you edit it
Baidu Cloud Speech (China)	Real-time voice-to-text and text-to-speech for translation	Audio recordings during translation requests (processed in real-time, not retained)

6.2 What This Means for You

Your trip preferences are sent to DeepSeek to generate itineraries. We do not send your account identity, email, or any personal identifier — DeepSeek receives only the travel context.
Your voice recordings are sent to Baidu Cloud only during active translation. Recordings are processed in real-time and not stored by us or by Baidu.
AI providers may temporarily process and log this data per their own privacy policies, which we recommend you review:
- DeepSeek Privacy Policy: https://www.deepseek.com/privacy
- Baidu AI Cloud Privacy Policy: https://cloud.baidu.com/doc/Agreements/s/zk7l03gd9

6.3 Identifying AI-Generated Content

All itineraries and itinerary edits in WanderChina are generated by AI. To make this transparent:

Itineraries are visibly labeled with a "Generated by AI" indicator in the app
AI-modified content (after AI Edit) is shown with the same indicator
Voice translation outputs are clearly framed as machine translations, not human-verified translations

6.4 Accuracy and Limitations

AI-generated content (itineraries, translations, descriptions) may contain inaccuracies. Restaurant hours, venue availability, prices, and travel times may not be current. Always verify critical travel information (visa requirements, booking confirmations, official venue hours) through official sources before relying on AI suggestions.

6.5 Your Choices

You will see a one-time disclosure of these AI data flows when you first set up your destination city in the app. By continuing to use the AI features (Generate Plan, AI Edit, Voice Translate), you acknowledge this processing.

You can stop AI processing at any time by:

Not using the AI features (other parts of the app — saved trips, map navigation, profile — work without sending data to AI providers)
Deleting your account (see Section 5: Your Rights → Account Deletion)

7. Data Retention

Data Type	Retention Period
Active account data	Until you delete your account
Trip descriptions and AI itinerary content	Until you delete the trip or your account; permanently deleted upon account deletion
Anonymized trip metadata (city, dates, duration only — no personal data)	Indefinitely after account deletion, used to improve AI travel recommendations
Translation history	Until you delete them or your account
Daily voice translation usage records	30 days (for quota reset purposes), then deleted
Subscription transaction records	7 years (required by financial regulations), in anonymized form after account deletion
Crash reports and error logs	90 days
Authentication session tokens	30 days of inactivity, then expired
Password reset tokens	15 minutes

8. Security

We implement the following security measures:

Encryption in transit: All communication between the app and our servers uses TLS 1.2 or higher.
Encryption at rest: Sensitive data including passwords (bcrypt hashed), authentication tokens, and personal identifiers are encrypted in our database.
Access controls: Access to production data is restricted to authorized personnel and audited.
Network isolation: Our database is deployed in a private VPC, not directly accessible from the internet.
Regular monitoring: Errors and anomalies are monitored via Sentry; security events are logged.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

WanderChina is intended for adult travelers and is not directed to minors. The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If you believe someone under 18 has provided us with personal information, please contact us and we will delete it.

10. Third-Party Links and Integrations

Our Service includes deep links to third-party applications, including:

Alipay Mini-Programs (for ticket booking, payments)
DiDi (滴滴) (for ride-hailing)

When you tap these links, you leave our Service and enter the third-party application. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before using them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy at https://wanderchina.app/privacy
Updating the "Last Updated" date at the top of this policy
Sending an in-app notification for material changes affecting how we use your data

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@wanderchina.app
App Operator: Sen Xia (individual developer, doing business as WanderChina)
Location: Guangzhou, Guangdong Province, China

We aim to respond to all inquiries within 5 business days.