Lucky Day (Curiobox AI) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App, website, and related services (collectively, the "Services").
1. Information We Collect
1.1 Information You Provide to Us
| Category | Examples | When Collected |
|---|---|---|
| Account Information | Email address, display name, password | Registration, profile setup |
| BaZi / Birth Data | Date of birth, time of birth, place of birth, gender | Core fortune-telling features |
| Payment Information | Transaction history, subscription status | Purchasing premium features |
| Communication Data | Support messages, feedback submissions | Contacting support |
| Preferences | Language preference, notification settings | App settings customization |
1.2 Information Collected Automatically
| Category | Description |
|---|---|
| Device Information | Device model, OS version, unique identifiers (IDFA/GAID) |
| Usage Data | Features used, time spent, interaction patterns with AI tools |
| Log Data | IP address, browser type, pages visited, access times |
| Location Data | General location from IP (not precise GPS unless granted) |
1.3 Sensitive Personal Information
For BaZi fortune-telling analyses, the Services require your date of birth, time of birth, and place of birth. While this may be considered sensitive in some jurisdictions, it is essential for core functionality. By providing this data, you acknowledge and consent to its use as described herein.
AI-Powered Features: Lucky Day uses AI and large language models to generate personalized destiny analyses based on your birth data. The AI processes your data algorithmically; generated content is for entertainment only; conversation transcripts are not stored beyond what's necessary for service improvement.
2. How We Use Your Information
| Purpose | Description |
|---|---|
| Providing Services | Deliver BaZi analyses, personalize experience, operate the Services |
| Account Management | Create/manage accounts, authenticate identity, process subscriptions |
| Customer Support | Respond to inquiries, provide technical support |
| Security & Fraud Prevention | Protect against unauthorized access, detect fraud |
| Legal Compliance | Comply with laws, regulations, governmental requests |
| Analytics & Research | Understand user interaction, improve UX (opt-out available) |
| Marketing | Send promotional messages (with consent only, unsubscribe anytime) |
We do NOT sell your personal information as defined by CCPA/CPRA or any other applicable privacy law.
3. Sharing of Information
We may share information in limited circumstances:
3.1 Service Providers
| Service Category | Example Providers | Purpose |
|---|---|---|
| Cloud Hosting | Tencent Cloud / AWS | Hosting, storage, infrastructure |
| AI Service Providers | OpenRouter / Multi-provider APIs | Intelligent fortune-telling analysis |
| Analytics | Firebase Analytics, Google Analytics | Usage analytics, performance monitoring |
| Payment Processing | Apple App Store, Google Play Store | Payment processing, subscription mgmt |
| Email Delivery | SendGrid or similar | Transactional and marketing email |
All service providers are contractually obligated to protect your information and use it only for specified purposes.
3.2 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request — including responding to subpoenas, court orders, complying with applicable laws, protecting rights/safety, and detecting fraud.
3.3 Business Transfers
In the event of merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email or prominent notice.
4. Data Security and Retention
4.1 Security Measures
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
- Access controls and authentication mechanisms;
- Regular security assessments and vulnerability testing;
- Employee training on data protection practices.
No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
4.2 Data Retention
- We retain personal information while your account is active or as needed to provide Services;
- We also retain information necessary to comply with legal obligations, resolve disputes, detect fraud;
- When no longer needed, we securely delete or anonymize your data;
- Upon account deletion request, we delete within thirty (30) days (some info retained where legally required).
4.3 Storage Location
Your data is primarily stored on servers located in Mainland China. International users' data may also be processed in other jurisdictions as described in Section 6.
5. Your Rights and Choices
5.1 General Rights (PIPL Compliant)
To exercise these rights, contact us at [email protected].
5.2 GDPR Rights (EEA, UK, Switzerland Users)
| Right | Description |
|---|---|
| Access | Request copy of personal info we hold about you |
| Rectification | Correct inaccurate or incomplete info |
| Erasure ("Right to Be Forgotten") | Request deletion under certain conditions |
| Restriction of Processing | Limit how we use your data |
| Data Portability | Receive machine-readable copy of your data |
| Object | Object to processing based on legitimate interests |
Legal Basis: Consent, contract performance, legitimate interests, legal obligations.
5.3 CCPA Rights (California Residents)
| Right | Description |
|---|---|
| Right to Know | Disclosure of categories of info collected/past 12 months |
| Right to Delete | Request deletion (subject to exceptions) |
| Right to Correct | Fix inaccurate personal info |
| Opt Out of "Sale" | We do not sell data; confirm upon request |
We respond to verifiable requests within forty-five (45) days.
5.4 Additional Choices
| Choice | How to Exercise |
|---|---|
| Push Notifications | Device Settings > Notifications > Lucky Day |
| Marketing Emails | "Unsubscribe" link in any email |
| Location Permissions | Device Settings > Privacy > Location Services |
| Account Deletion | In-app: Profile > Settings > Delete Account |
6. International Data Transfers
Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other jurisdictions whose data protection laws may differ from those of your country.
For EEA, UK, and Switzerland Users: Where we transfer data to countries without an adequacy decision, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.
Contact us at [email protected] to obtain a copy of safeguards we rely on.
7. Children's Privacy
The Services are not directed to children under 13 (or under 16 in the EEA).
We do not knowingly collect personal information from children under the applicable age without parental consent. If we become aware that we have collected such information, we will take steps to delete it promptly.
If you are a parent/guardian and believe your child has provided us personal information, please contact us immediately at [email protected].
COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect PII from children under 13.
8. Third-Party Services
The Services may integrate with third-party websites, applications, or services not operated by us. These include:
- Social Media Platforms: For optional sharing features (if available)
- App Stores: Apple App Store and Google Play for distribution
- Analytics Tools: As described in Section 3.1
We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before interacting with them.
9. Cookies and Tracking Technologies
We use cookies and similar technologies for authentication, session management, and understanding usage patterns.
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies/Tokens | Authentication, session security | Session-based |
| Analytics Cookies/Pixels | Usage patterns, performance measurement | Up to 26 months |
| Advertising Identifiers | Ad measurement (if applicable) | Per platform policies |
You can manage cookie preferences through device settings and browser controls. For details, see aboutcookies.org.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the updated policy with a revised "Last Updated" date;
- Notify you through the App (in-app notification or banner) for significant changes;
- If required by law, obtain your consent before the updated policy takes effect.
Your continued use after the effective date constitutes acceptance of changes.
Version History:
| Version | Date | Summary |
|---|---|---|
| 1.0 | May 8, 2026 | Initial publication |
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
| Contact Type | |
|---|---|
| Privacy Inquiries | [email protected] |
| General Support | [email protected] |
| Data Protection Officer | [email protected] |
Website: https://curioboxai.com
Response Timeline: We aim to respond to all privacy-related inquiries within thirty (30) days. For complex requests, up to an additional thirty (30) days may be needed.
Lucky Day(Curiobox AI)尊重并保护您的隐私。本隐私政策说明我们如何收集、使用、存储和保护您在使用我们的应用、网站及相关服务(统称"本服务")时的个人信息。
1. 信息收集
1.1 您主动提供的信息
| 信息类别 | 内容示例 | 收集时机 |
|---|---|---|
| 账户信息 | 邮箱地址、昵称、密码(加密存储) | 注册时主动提供 |
| 八字/出生数据 | 出生日期、出生时辰、出生地、性别 | 使用核心功能时提供 |
| 支付信息 | 交易记录、订阅状态 | 购买高级功能时 |
| 沟通数据 | 客服消息、反馈提交 | 联系客服时 |
| 偏好设置 | 语言偏好、通知设置 | 应用设置自定义 |
1.2 自动收集的信息
| 类别 | 描述 |
|---|---|
| 设备信息 | 设备型号、操作系统版本、唯一标识符(IDFA/GAID) |
| 使用数据 | 使用的功能、使用时长、与 AI 工具的交互模式 |
| 日志数据 | IP 地址、浏览器类型、访问页面、访问时间 |
| 位置信息 | 从 IP 推断的一般位置(非精确 GPS,除非明确授权) |
1.3 敏感个人信息特别说明
为生成八字算命分析,本服务需要您的出生日期、出生时间和出生地点。虽然此类信息在某些司法管辖区可能被视为敏感信息,但它是核心功能的必要条件。提供此数据即表示您确认并同意按本文所述方式使用。
AI 功能说明: Lucky Day 使用人工智能和大语言模型基于您的出生数据生成个性化命运分析。AI 通过算法处理您的数据;生成的内容仅供娱乐;对话记录不会超出服务改进所需范围进行存储。
2. 信息使用
| 用途 | 描述 |
|---|---|
| 提供服务 | 交付八字分析、个性化体验、运营服务 |
| 账户管理 | 创建/管理账户、身份验证、处理订阅 |
| 客户支持 | 回复咨询、提供技术支持 |
| 安全保障 | 防止未授权访问、检测和防范欺诈 |
| 合法合规 | 遵守法律法规、政府要求 |
| 分析研究 | 了解用户交互模式、优化体验(可退出) |
| 营销沟通 | 经同意后发送产品更新和优惠信息(可随时退订) |
我们不会出售您的个人信息。我们不会按照《加州消费者隐私法》(CCPA)或任何其他适用隐私法定义的方式出售个人信息。
3. 信息共享
我们仅在以下有限情况下共享信息:
3.1 服务提供商
| 服务类别 | 示例提供商 | 用途 |
|---|---|---|
| 云服务托管 | 腾讯云 / AWS | 主机托管、存储、基础设施 |
| AI 服务提供商 | OpenRouter / 多家 AI 提供商 | 智能运势解读分析 |
| 数据分析 | Firebase Analytics、Google Analytics | 使用分析、性能监控 |
| 支付处理 | Apple App Store、Google Play 商店 | 支付处理、订阅管理 |
| 邮件投递 | SendGrid 或类似服务 | 交易性和营销邮件发送 |
所有服务提供商均通过合同义务保护您的信息,仅将信息用于指定目的。
3.2 法律法规要求
如法律、法规、法律程序或政府机关依法要求披露信息,包括响应传票、法院命令、遵守适用法律、保护权利/安全和检测欺诈等情形,我们可能会披露信息。
3.3 业务转让
如发生合并、收购或资产出售,您的信息可能作为交易的一部分被转让。我们将通过邮件或显著通知告知您。
4. 信息存储与安全
4.1 安全措施
- 传输中采用 TLS 1.2+ 加密;静态数据采用 AES-256 加密;
- 访问控制和身份验证机制;
- 定期安全评估和漏洞测试;
- 员工数据保护培训。
互联网上的任何传输方式都无法保证 100% 安全,我们不能保证绝对安全。
4.2 数据保留
- 在您的账户存续期间或为提供服务所需的期间内保留个人信息;
- 同时保留履行法律义务、解决争议、检测欺诈所必需的信息;
- 不再需要时,我们将安全删除或匿名化您的数据;
- 收到账户删除请求后,将在三十(30)天内删除(法律要求保留的信息除外)。
4.3 存储位置
您的数据主要存储在位于中国大陆的服务器上。国际用户的数据也可能在其他司法管辖区进行处理(详见第 6 节)。
5. 您的权利与选择
5.1 一般性权利(《个保法》合规)
行使以上权利请联系:[email protected]
5.2 GDPR 权利(欧洲经济区、英国、瑞士用户)
| 权利 | 描述 |
|---|---|
| 访问权 | 请求获取我们持有的关于您的个人信息的副本 |
| 更正权 | 请求更正不准确或不完整的个人信息 |
| 删除权(被遗忘权) | 在特定条件下请求删除 |
| 限制处理权 | 请求限制我们对您数据的使用方式 |
| 数据可携权 | 请求获取机器可读格式的个人数据副本 |
| 反对权 | 反对基于合法利益的处理 |
处理的法律依据:同意、合同履行、合法利益、法律义务。
5.3 CCPA 权利(加利福尼亚州居民)
| 权利 | 描述 |
|---|---|
| 知情权 | 了解过去 12 个月收集/披露的信息类别 |
| 删除权 | 请求删除(受某些例外限制) |
| 更正权 | 请求更正不准确的个人信息 |
| 退出"出售" | 我们不出售数据;如需确认可提出请求 |
我们将在四十五(45)天内回复可核实的请求。
5.4 其他选择
| 选项 | 操作方式 |
|---|---|
| 推送通知 | 设备设置 > 通知 > Lucky Day |
| 营销邮件 | 任意营销邮件中的"取消订阅"链接 |
| 位置权限 | 设备设置 > 隐私 > 定位服务 |
| 账户删除 | 应用内:个人资料 > 设置 > 删除账户 |
6. 国际数据传输
您的信息可能被传输至、存储于您居住国以外的国家(包括美国及其他数据保护法律可能与您所在国不同的司法管辖区)并进行处理。
对于欧洲经济区、英国和瑞士用户:如我们将数据传输至欧盟委员会未认定具有充分保护水平的国家,我们将实施适当的保障措施,包括欧盟委员会批准的标准合同条款(SCC)。
如需获取我们所依赖的保障措施副本,请联系 [email protected]。
7. 儿童隐私
本服务不面向 13 周岁以下儿童(欧洲经济区为 16 周岁以下)。
我们不会故意在未经家长同意的情况下收集适用年龄以下儿童的个人信息。如发现已收集此类信息,我们将立即采取删除措施。
如您是家长或监护人,发现孩子向我们提供了个人信息,请立即联系 [email protected],我们将采取适当行动。
COPPA 合规:我们遵守《儿童在线隐私保护法》(COPPA)。我们不会故意收集 13 周岁以下儿童的个人信息。
8. 第三方服务
本服务可能集成非由我们运营的第三方网站、应用或服务,包括:
- 社交媒体平台:用于可选分享功能(如有)
- 应用商店:Apple App Store 和 Google Play 商店用于分发
- 分析工具:如第 3.1 节所述
我们不对这些第三方的隐私实践负责。建议您在与其交互前查阅其隐私政策。
9. Cookie 与追踪技术
我们使用 Cookie 和类似技术进行身份验证、会话管理和了解使用模式。
| 类型 | 用途 | 期限 |
|---|---|---|
| 必要 Cookie/令牌 | 身份验证、会话安全 | 会话期间 |
| 分析 Cookie/像素 | 使用模式、性能测量 | 最长 26 个月 |
| 广告标识符 | 广告衡量(如适用) | 按各平台政策 |
您可通过设备设置和浏览器控件管理 Cookie 偏好。详情参见 aboutcookies.org。
10. 政策更新
我们可能会不时更新本隐私政策。重大变更时,我们将:
- 发布更新后的政策并修订"最后更新日期";
- 通过应用内通知或横幅通知您重大变更;
- 如法律要求,在新政策生效前征得您的同意。
生效日期后的持续使用即构成接受变更。
版本历史:
| 版本 | 日期 | 摘要 |
|---|---|---|
| 1.0 | 2026年5月8日 | 首次发布 |
11. 联系我们
如有关于本隐私政策或数据处理实践的疑问、投诉或建议,请联系:
| 联系类型 | 邮箱 |
|---|---|
| 隐私专用邮箱 | [email protected] |
| 一般咨询 | [email protected] |
| 数据保护负责人 | [email protected] |
回复时限:我们将在三十(30)个工作日内回复所有隐私相关咨询。对于复杂请求,可能需要额外三十(30)天,届时我们会在初始 30 天期限内通知您。