1. 我们收集的信息

1.1 您主动提供的信息

• 账户信息：用户名、头像（可选）
• 钱包信息：公钥地址（私钥仅存储在您的设备本地，我们无法访问）
• 通讯内容：消息、图片、语音（端到端加密，我们无法解密）

1.2 自动收集的信息

• 设备信息：设备型号、操作系统版本、唯一设备标识符
• 使用数据：功能使用频率、崩溃报告、性能数据
• 网络信息：IP 地址、连接类型

1.3 权限说明

• 相机（android.permission.CAMERA）：用于拍摄头像、发送图片及扫描二维码（钱包地址/好友添加）
• 麦克风（android.permission.RECORD_AUDIO）：用于发送语音消息
• 存储（READ/WRITE_EXTERNAL_STORAGE）：用于保存和发送图片、文件
• 通知（POST_NOTIFICATIONS）：用于接收消息推送和链上事件提醒
• 生物识别（USE_BIOMETRIC）：用于钱包解锁和交易确认
• 网络（INTERNET）：用于消息传输和区块链交互

所有权限均在使用时请求，您可以随时在系统设置中撤销。拒绝某项权限仅影响对应功能，不影响其他功能的正常使用。

2. 信息的使用方式

我们使用收集的信息用于：

• 提供、维护和改进 TokenTalk 服务
• 处理消息传输和区块链交互
• 发送服务通知（如安全提醒、功能更新）
• 分析使用模式以优化用户体验
• 检测和防止欺诈、滥用及安全威胁
• 遵守适用的法律法规

我们不会将您的个人信息出售给第三方，也不会将其用于广告定向投放。

3. 数据存储与安全

3.1 私钥与助记词

您的私钥和助记词仅存储在您的设备本地（iOS Secure Enclave / Android Keystore），通过生物识别或密码保护。TokenTalk 服务器从不接触、存储或传输您的私钥。

3.2 消息加密

所有点对点消息均采用端到端加密（E2EE）。消息在发送前在您的设备上加密，仅接收方可解密。TokenTalk 服务器仅传输加密数据，无法读取消息内容。

3.3 服务器数据

账户元数据（用户名、头像等）存储在我们的服务器上，采用行业标准加密措施保护。我们的服务器位于香港及主要云服务提供商的数据中心。

3.4 数据保留

我们仅在提供服务所需的时间内保留您的数据。您删除账户后，我们将在 30 天内删除您的个人数据（法律要求保留的除外）。

4. 信息共享

我们不会出售您的个人信息。在以下情况下，我们可能共享您的信息：

• 服务提供商：与协助我们运营服务的可信第三方（如云存储、推送通知服务），这些方受保密协议约束
• 法律要求：在法律要求或保护用户安全的情况下
• 业务转让：在合并、收购或资产出售时，我们会提前通知您
• 您的同意：在获得您明确同意的情况下

5. 第三方服务

TokenTalk 集成了以下第三方服务，各自适用其隐私政策：

• 区块链网络：Ethereum、Solana、BNB Chain 等（交易数据公开记录在链上）
• Firebase（Google）：崩溃报告和推送通知
• JuggleIM：即时通讯基础设施

6. 儿童隐私

TokenTalk 不面向 13 岁以下儿童。我们不会故意收集儿童的个人信息。如果您发现我们无意中收集了儿童信息，请联系我们，我们将立即删除。

7. 您的权利

根据适用法律，您享有以下权利：

• 访问权：查看我们持有的您的个人数据
• 更正权：更正不准确的个人数据
• 删除权：请求删除您的个人数据
• 可携带权：以结构化格式获取您的数据
• 撤回同意：随时撤回您之前给予的同意

如需行使上述权利，请通过以下方式联系我们。

8. 政策变更

我们可能会不时更新本隐私政策。重大变更时，我们将通过应用内通知或电子邮件提前告知您。继续使用服务即表示您接受更新后的政策。

9. 联系我们

如有任何隐私相关问题或请求，请联系：

1. Information We Collect

1.1 Information You Provide

• Account information: Username, profile photo (optional)
• Wallet information: Public key addresses (private keys are stored only on your device — we cannot access them)
• Communications: Messages, images, voice notes (end-to-end encrypted — we cannot decrypt them)

1.2 Automatically Collected Information

• Device information: Device model, OS version, unique device identifiers
• Usage data: Feature usage frequency, crash reports, performance data
• Network information: IP address, connection type

1.3 Permissions

• Camera (android.permission.CAMERA): For taking profile photos, sending images, and scanning QR codes (wallet addresses / adding friends)
• Microphone (android.permission.RECORD_AUDIO): For sending voice messages
• Storage (READ/WRITE_EXTERNAL_STORAGE): For saving and sending images and files
• Notifications (POST_NOTIFICATIONS): For receiving message push notifications and on-chain event alerts
• Biometrics (USE_BIOMETRIC): For wallet unlock and transaction confirmation
• Internet (INTERNET): For message transmission and blockchain interaction

All permissions are requested at the time of use. You can revoke any permission in your system settings at any time. Denying a permission only affects the corresponding feature and does not impact other functionality.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve TokenTalk services
• Process message delivery and blockchain interactions
• Send service notifications (e.g., security alerts, feature updates)
• Analyze usage patterns to optimize user experience
• Detect and prevent fraud, abuse, and security threats
• Comply with applicable laws and regulations

We do not sell your personal information to third parties or use it for targeted advertising.

3. Data Storage & Security

3.1 Private Keys & Seed Phrases

Your private keys and seed phrases are stored only on your device (iOS Secure Enclave / Android Keystore), protected by biometrics or passcode. TokenTalk servers never access, store, or transmit your private keys.

3.2 Message Encryption

All peer-to-peer messages use end-to-end encryption (E2EE). Messages are encrypted on your device before sending and can only be decrypted by the recipient. TokenTalk servers only relay encrypted data and cannot read message content.

3.3 Server Data

Account metadata (username, profile photo, etc.) is stored on our servers with industry-standard encryption. Our servers are located in Hong Kong and major cloud provider data centers.

3.4 Data Retention

We retain your data only as long as necessary to provide our services. After account deletion, we will delete your personal data within 30 days (except where required by law).

4. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: Trusted third parties that help us operate our services (e.g., cloud storage, push notification services), bound by confidentiality agreements
• Legal requirements: When required by law or to protect user safety
• Business transfers: In the event of a merger, acquisition, or asset sale, we will notify you in advance
• With your consent: When you have given explicit consent

5. Third-Party Services

TokenTalk integrates the following third-party services, each subject to their own privacy policies:

• Blockchain networks: Ethereum, Solana, BNB Chain, etc. (transaction data is publicly recorded on-chain)
• Firebase (Google): Crash reporting and push notifications
• JuggleIM: Instant messaging infrastructure

6. Children's Privacy

TokenTalk is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it immediately.

7. Your Rights

Under applicable law, you have the following rights:

• Access: View the personal data we hold about you
• Correction: Correct inaccurate personal data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Withdraw consent: Withdraw previously given consent at any time

To exercise these rights, please contact us using the details below.

8. Policy Changes

We may update this Privacy Policy from time to time. For significant changes, we will notify you in advance via in-app notification or email. Continued use of the service constitutes acceptance of the updated policy.

9. Contact Us

For any privacy-related questions or requests, please contact: