What we collect, what we don't, and how to delete it.

Effective 2026-04-26 · Aloud (中文：说出来) · Android package com.yangyifei.aloud

简体中文

一句话总结

Aloud 是一个把"出门前 30 秒场景英语"做成卡片的 app。我们存的就只有：你的登录信息、你输入的场景文本、AI 生成的卡片、以及你的收藏/播放记录。没有第三方分析 SDK，没有广告，不卖数据。

谁是数据控制者

个人开发者：Yifei Yang。联系邮箱：yifei.yang.ai@gmail.com。

我们收集什么

账号信息：邮箱、密码（仅以哈希形式存于 Supabase）、可选的昵称、Google OAuth 返回的基本资料（如果你用 Google 登录）。
你输入的场景文本：例如"我要去看牙医"。会被发送给我们后端，再转发给一家 LLM 供应商（见下文）以生成卡片。
AI 生成的卡片：Say First / They Ask / Lifesaver 三段内容，存在我们的 Neo4j 数据库里。
使用记录：你收藏了哪些卡、播放过几次、生成时间。
服务器日志：标准 nginx 访问日志（含 IP、时间、UA），用于排障，30 天内自动滚动覆盖。

我们不收集什么

不收集通讯录、相册、定位、麦克风录音。
不接入 Google Analytics / Firebase Analytics / Sentry / 抖音 / 微信 SDK 等任何第三方追踪/分析 SDK。
不向广告商共享或出售数据。

关于朗读功能（TTS）

当你点击播放按钮时，卡片上的文本会通过 HTTPS 发送到我们后端，再由后端转发给 Google Translate 的 TTS 服务（基于开源 gTTS 库）合成音频后返回给 app 播放。这意味着卡片文本会经过 Google 的服务器。我们不存储这段文本和返回的音频（生成完即从临时文件删除）。

数据安全

所有客户端 ↔ 服务器的传输都走 HTTPS（TLS）。
密码不直接存储；由 Supabase 以哈希形式保存，我们看不到明文。
服务端的 Supabase service role key 仅在删除账号等特权操作时使用，不会下发给 app。
Neo4j 数据库部署在我们自有服务器，只暴露给后端，不对公网开放。

数据会到哪里去

Supabase（美国，supabase.com/privacy）：保存账号邮箱和加密后的密码。
我们自己的服务器：腾讯云新加坡，保存场景卡和使用记录的 Neo4j 数据库。
Google（美国，policies.google.com/privacy）：当你点播放按钮时，卡片文本会通过我们的后端转发到 Google Translate 的 TTS 服务来生成音频。
LLM 供应商（取决于服务端当前配置，可能是 Google Gemini API、OpenRouter、或 DeepSeek）：你输入的场景文本会被发送过去用于生成卡片。这些供应商按各自的隐私政策处理数据：
- Google Gemini API · ai.google.dev/gemini-api/terms
- OpenRouter · openrouter.ai/privacy
- DeepSeek · deepseek.com/privacy
Google Play Services（如果你从 Play 安装）：按 Google 自身隐私政策。

保留多久

账号和场景数据在你账号存在期间一直保留。一旦你在 app 内删除账号，所有相关数据立刻从 Supabase 和 Neo4j 中清除。服务器日志按 30 天滚动。

你的权利

查看 / 导出：发邮件给 yifei.yang.ai@gmail.com，我们 30 天内提供你账号下所有数据的导出。
删除：直接在 app 里 Profile → ✕ DELETE ACCOUNT 永久删除。无需联系。卸载了 app 仍想删数据？看删除账号页。
更正：登录后改昵称即可；要改邮箱请联系上述邮箱。

儿童

本 app 不面向 13 岁以下儿童，也不会主动收集儿童数据。如果你认为有儿童在使用本 app，请联系我们删除。

政策更新

如果本政策有重大变更，我们会在 app 内通知你，并更新本页顶部的"生效日期"。

English

TL;DR

Aloud generates short scenario cards for spoken English (e.g. "going to the dentist"). We only store: your login, the scenario text you type, the AI-generated cards, and your save/play history. No third-party analytics SDKs. No ads. We don't sell data.

Data controller

Solo developer: Yifei Yang. Contact: yifei.yang.ai@gmail.com.

What we collect

Account: email, password (stored as a hash by Supabase), optional display name, basic profile from Google OAuth if you sign in with Google.
Your scenario inputs: e.g. "I'm going to the dentist". Sent to our backend and forwarded to an LLM provider (see below) to generate the card.
AI-generated cards: the Say First / They Ask / Lifesaver content, stored in our Neo4j database.
Usage records: which cards you saved, play counts, timestamps.
Server logs: standard nginx access logs (IP, timestamp, user-agent) for troubleshooting, rotated within 30 days.

What we don't collect

No contacts, photos, location, or microphone recordings.
No third-party analytics/tracking SDKs (no Google Analytics, Firebase Analytics, Sentry, etc.).
We don't share or sell data to advertisers.

About text-to-speech (TTS)

When you tap a play button, the card's text is sent over HTTPS to our backend, which forwards it to Google Translate's TTS service (via the open-source gTTS library) to synthesize audio and stream it back to the app. This means card text passes through Google's servers. We do not retain the text or generated audio — temp files are deleted right after the response.

Data security

All client ↔ server traffic uses HTTPS (TLS).
Passwords are never stored in plaintext — Supabase stores only hashes, and we never see the original.
The Supabase service role key (used only for privileged operations like account deletion) lives on the server and is never shipped to the app.
Our Neo4j database runs on our own server, exposed only to the backend, never to the public internet.

Where data goes

Supabase (USA, supabase.com/privacy) — stores your account email and hashed password.
Our own server (Tencent Cloud, Singapore) — Neo4j database holding scenario cards and usage records.
Google (USA, policies.google.com/privacy) — when you tap play, card text is forwarded through our backend to Google Translate's TTS service to synthesize audio.
LLM provider (one of Google Gemini API, OpenRouter, or DeepSeek depending on current backend config) — your scenario text is sent to generate the card. Each handles data per their own privacy policy:
- Google Gemini API — ai.google.dev/gemini-api/terms
- OpenRouter — openrouter.ai/privacy
- DeepSeek — deepseek.com/privacy
Google Play Services (if installed via Play) — per Google's own privacy policy.

Retention

Account and scenario data are kept as long as your account exists. When you delete your account in-app, all related data is removed from Supabase and Neo4j immediately. Server logs rotate within 30 days.

Your rights

Access / export: email yifei.yang.ai@gmail.com; we'll provide an export within 30 days.
Delete: in-app, Profile → ✕ DELETE ACCOUNT. No need to contact us. Already uninstalled but still want your data gone? See the account deletion page.
Correction: edit your display name in-app; for email changes, email us.

Children

Aloud is not directed to children under 13 and we do not knowingly collect their data. If you believe a child is using this app, please contact us to remove the account.

Updates

Material changes to this policy will be announced in-app and reflected by the "Effective" date at the top of this page.