Privacy Policy
Effective Date: May 22, 2026
Last Updated: May 8, 2026
WanderChina ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the WanderChina mobile application (the "Service").
1. Information We Collect
1.1 Information You Provide
Account Information:
- Email address (required for account creation)
- Display name and password (for email-based registration)
- Profile photo (optional)
Authentication Identifiers (when you choose third-party sign-in):
- Apple User Identifier (a stable Apple-issued ID, when you sign in with Apple)
- Google Account Identifier (a stable Google-issued ID, when you sign in with Google)
- Email address provided by Apple or Google during sign-in (which may be a privacy-relay address)
Travel Planning Inputs:
- Destination cities you select
- Travel dates and duration
- Trip preferences and customization requests
- Voice translation inputs (audio recordings during translation requests)
Payment Information:
- Subscription purchase records (transaction ID, product purchased, purchase date)
- We do not store credit card numbers or payment credentials. All payments are processed by Apple In-App Purchase, and we only receive transaction confirmations.
1.2 Information Collected Automatically
Device and Usage Data:
- Device model, operating system version, app version
- Approximate location (country/region) for content localization
- Precise location (with your explicit permission) to detect nearby points of interest
- Language preference and locale settings
- Crash reports and error logs (via Sentry)
- Usage events: features used, frequency, session duration
Service Usage Records:
- Number of itineraries generated (for free quota tracking)
- Number of voice translations used per day (for free quota tracking)
- AI editing actions on saved trips
1.3 Information We Do NOT Collect
- We do not access your contacts, photos, calendar, or other personal data outside the Service.
- We do not collect biometric data.
- We do not track you across other applications or websites.
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service: Generate AI-powered travel itineraries, translate points of interest, perform voice translations, display maps and routes.
- Authenticate users: Verify your identity for sign-in and protect your account from unauthorized access.
- Process payments: Verify Apple In-App Purchase receipts, manage Trip Pass subscriptions, and track subscription status.
- Improve the Service: Analyze usage patterns to identify bugs, optimize performance, and develop new features.
- Communicate with you: Send password reset codes, account verification codes, and service-critical notifications.
- Enforce our terms: Detect fraudulent activity, prevent abuse, and comply with legal obligations.
- Conduct research: Aggregate and anonymize usage data to understand traveler needs (we do not share individual data for research).
We do not use your personal data for advertising, profiling for marketing, or selling to third parties.
3. How We Share Your Information
We share your information only with the following categories of service providers, strictly to provide the Service:
| Provider | Purpose | Data Shared |
|---|
| DeepSeek (AI provider) | Generate itineraries and translate POI names | Your trip preferences and POI text. We do not share your account identity. |
| Baidu Cloud (voice services) | Convert your voice to text and synthesize spoken translations | Audio recordings during voice translation. Audio is processed in real-time and not retained by us. |
| AMap (Gaode/Autonavi) | Display maps, search points of interest, calculate routes | Your location coordinates when you grant location permission. |
| Tencent Cloud (infrastructure) | Store user data, run cloud functions, host images | All user data (encrypted at rest in PostgreSQL, located in Mainland China). |
| Apple | Process In-App Purchases and Sign in with Apple | Transaction receipts, Apple User Identifier. Governed by Apple's Privacy Policy. |
| Google (Firebase) | Sign in with Google authentication | Google ID token. Governed by Google's Privacy Policy. |
| Sentry | Crash and error monitoring | Anonymized crash reports and stack traces. May include device model, OS version, and app state at time of error. |
We do not sell your personal data to anyone.
We may also disclose your information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).
4. Data Storage and International Transfers
Primary Data Storage Location: Your data is stored on Tencent Cloud servers located in Mainland China (Guangzhou region).
For users outside Mainland China:
- By using the Service, you understand and consent that your data will be transferred to and stored in China.
- China has different data protection laws than your home jurisdiction (e.g., EU GDPR, California CCPA, UK Data Protection Act).
- We implement appropriate safeguards including encryption in transit (TLS) and at rest, access controls, and regular security audits.
Sub-processors outside China: Apple and Google services (for sign-in and payment processing) operate globally and may store authentication tokens in their respective data centers.
5. Your Rights
Depending on your location, you have the following rights:
Universal Rights (all users)
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated data.
- Withdrawal of consent: Revoke previously given permissions (e.g., location access) at any time via your device settings.
Account Deletion
You can delete your account at any time within the app: Profile → Settings → Delete Account
Upon deletion:
- Your email, password, profile information, and identifiers are permanently removed.
- Your saved trips and translation history are deleted.
- Subscription records are retained for financial audit purposes (required by law) in anonymized form linked to a transaction ID, not to you.
- Account deletion takes effect immediately. Backup copies are purged within 30 days.
EU/UK Users (GDPR)
You also have the right to:
- Data portability: Receive your data in a structured, machine-readable format.
- Restriction of processing: Limit how we use your data.
- Object to processing: Object to processing based on legitimate interests.
- Lodge a complaint: File a complaint with your local Data Protection Authority.
California Users (CCPA/CPRA)
You also have the right to:
- Know: Know what categories of personal information we collect and how we use them.
- Delete: Request deletion of your personal information.
- Opt-out of sale: We do not sell your personal information; this right is automatically honored.
- Non-discrimination: Exercise your rights without facing discriminatory treatment.
To exercise any of these rights, contact us at the email below. We will respond within 30 days.
6. Data Retention
| Data Type | Retention Period |
|---|
| Active account data | Until you delete your account |
| Saved trips and translations | Until you delete them or your account |
| Daily voice translation usage records | 30 days (for quota reset purposes), then deleted |
| Subscription transaction records | 7 years (required by financial regulations), in anonymized form after account deletion |
| Crash reports and error logs | 90 days |
| Authentication session tokens | 30 days of inactivity, then expired |
| Password reset tokens | 15 minutes |
7. Security
We implement the following security measures:
- Encryption in transit: All communication between the app and our servers uses TLS 1.2 or higher.
- Encryption at rest: Sensitive data including passwords (bcrypt hashed), authentication tokens, and personal identifiers are encrypted in our database.
- Access controls: Access to production data is restricted to authorized personnel and audited.
- Network isolation: Our database is deployed in a private VPC, not directly accessible from the internet.
- Regular monitoring: Errors and anomalies are monitored via Sentry; security events are logged.
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Children's Privacy
WanderChina is not intended for children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
9. Third-Party Links and Integrations
Our Service includes deep links to third-party applications, including:
- Alipay Mini-Programs (for ticket booking, payments)
- DiDi (滴滴) (for ride-hailing)
When you tap these links, you leave our Service and enter the third-party application. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before using them.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy at https://wanderchina.app/privacy
- Updating the "Last Updated" date at the top of this policy
- Sending an in-app notification for material changes affecting how we use your data
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: privacy@wanderchina.app
App Operator: Sen Xia (individual developer, doing business as WanderChina)
Location: Guangzhou, Guangdong Province, China
We aim to respond to all inquiries within 5 business days.