Privacy Policy

1. Scope

This policy applies to the SeichiGo website (Chinese, English, and Japanese pages) and related account/content APIs.

By using SeichiGo, you acknowledge this policy.

2. Data We Collect

• Account and identity data: email address, display name, avatar URL, and session data (NextAuth).
• Authentication security data: password hash (scrypt) for password login, OTP hash and salt for email code login.
• Profile data you provide: bio and social links (for example GitHub, X, Weibo, Bilibili).
• Content and interactions: submissions, revisions, comments, comment likes, favorites, and waitlist status.
• Upload data: image file bytes, file name, and MIME type.
• Abuse-prevention data: hashed IP used for OTP and submission rate limiting.
• Technical request data: browser basics and country/region header used for first-visit locale redirect.

3. How We Use Data

• To provide login, authentication, session management, and account security.
• To operate submissions, moderation, comments, favorites, and profile features.
• To enforce anti-abuse controls such as OTP cooldown and submission rate limits.
• To send verification emails and account-related notices.
• To improve product and content quality through language preference and traffic analysis.

4. Cookies and Analytics

• We use the `NEXT_LOCALE` cookie to remember your language preference.
• We use Google Analytics (Measurement ID: `G-F7E894BEWR`) for aggregate traffic analytics.
• Authentication relies on session cookies; disabling them may break sign-in features.

5. Sharing and Third-Party Processing

We do not sell personal data. We share data only when required to provide the service or by law.

• Infrastructure and database providers for hosting and storage.
• Email providers (Resend or configured SMTP provider) for OTP delivery.
• Analytics provider (Google Analytics) for aggregated reporting.
• If enabled by admins, content may be sent to external AI/SEO services (for example Gemini, Google Search Console, SerpAPI) for translation or SEO workflows.
• Regulators, courts, or law enforcement where legally required.

6. Storage and Security

• Data is stored in the PostgreSQL database configured by deployment.
• Passwords are stored as hashes; OTP values are hashed and time-limited.
• We use server-side validation, access control, and content sanitization to reduce security risks.
• No method of storage or transmission is absolutely secure, and we continue improving controls.

7. Retention

• Account, submission, comment, and favorite data may be retained while the service is active unless deletion is requested or required by law.
• OTP records expire and become invalid after use or timeout.
• Operational/security logs may be retained for a reasonable period.

8. Your Choices

• You can update profile fields in account settings.
• You can request access, correction, or deletion by contacting us.
• One-click self-service account deletion is not available in the current version.

9. Children

If you are under applicable age requirements, please use the service with guardian guidance. Guardians can contact us regarding child data concerns.

10. Policy Changes

We may update this policy due to product or legal changes. We will revise the "Last Updated" date on this page and provide additional notice when required.