欢迎使用 MoveSee。本《隐私政策》详细说明了 OpenThink(以下简称“我们”)在您使用 MoveSee 应用程序时,如何收集、使用、存储和保护您的个人信息。请在使用前仔细阅读。使用 MoveSee 即表示您同意本政策所述的数据处理方式。
本政策适用于 MoveSee iOS 版、Android 版及对应的服务器端服务(以下统称“MoveSee 服务”)。
MoveSee 是一款面向老年人及其家庭成员设计的安全守护应用,涉及老人(被守护者)和子女(守护者)两类用户角色,两类用户均须遵守本政策。
MoveSee 为了提供老人安全守护服务,需要收集必要的用户数据。以下是详细说明:
2.1 账户注册信息
| 数据项 | 用途 | 是否必须 |
|---|
| 手机号码 | 账号注册、登录验证、紧急联系 | ✅ 必须 |
| 昵称 / 显示名称 | 在家庭守护圈中识别用户身份 | 可选 |
| 邮箱地址 | 账号找回、服务通知 | 可选 |
| 用户角色 | 区分老人账号与子女账号,决定功能权限 | ✅ 必须 |
2.2 健康与运动数据
以下健康数据仅从老人设备读取,子女设备不收集健康数据。所有健康数据经加密后存储于我们的安全服务器,仅限该老人账号及其绑定子女可见。
- 步数数据:通过 HealthKit(iOS)/ Google Fit(Android)读取,用于异常活动检测。
- 心率数据:如设备支持,从 HealthKit 读取,用于健康状态参考(非核心功能)。
- 活跃时长:基于步数计算的活跃与静止区间,用于报警决策。
- 心跳数据:应用每 30 分钟上报当前步数状态,用于判断是否超过报警阈值。
2.3 位置信息
MoveSee 在以下情形下使用位置权限:
- 报警位置:报警触发时,自动获取一次当前 GPS 位置,附带在报警通知中发送给子女。
- 足迹地图(高级功能):订阅高级功能后,老人设备每小时自动记录一次位置,用于在子女端生成每日行动轨迹地图。此功能需老人授权位置权限,子女可在地图上查看当日的时间轴位置记录。
- 老人主动点击"位置共享"功能时,获取并上传当前位置。
足迹地图仅记录整点位置数据(每小时一次),不进行后台持续秒级定位追踪。位置数据仅保留当天记录,仅限绑定的子女账号可见。老人可随时在系统设置中关闭位置权限以停止足迹记录,不影响步数监测和报警核心功能。
2.4 设备与技术信息
- 推送通知令牌(FCM Token / APNs Token):用于向子女手机发送报警推送通知。
- 操作系统类型与版本:用于兼容性处理和问题排查。
- 应用版本号:用于服务兼容性管理。
2.5 家庭绑定与报警记录
- 家庭绑定关系:记录老人账号与子女账号的绑定关系。
- 报警记录:包括触发时间、报警类型、位置信息(如有)等,永久保存。
- 报警通知偏好:子女设置的通知方式(推送/电话/短信)及对应配置。
2.6 订阅信息
- 订阅状态、订阅产品 ID、到期时间:用于管理 Premium 功能权限。
- 订阅平台(App Store / Google Play):用于与订阅验证接口通信。
- 我们不收集、不存储任何支付卡号或银行账户信息,所有支付均由 Apple / Google 处理。
To provide the senior safety guardian service, MoveSee collects the following necessary user data:
2.1 Account Registration
| Data | Purpose | Required |
|---|
| Phone Number | Account registration, login verification, emergency contact | ✅ Required |
| Nickname / Display Name | Identify user within the family guardian circle | Optional |
| Email Address | Account recovery, service notifications | Optional |
| User Role | Distinguish elder account from family account; determines feature access | ✅ Required |
2.2 Health & Activity Data
The following health data is read only from the elder's device; family devices do not collect health data. All health data is encrypted and stored on our secure servers, visible only to the elder's account and their bound family members.
- Step Count: Read via HealthKit (iOS) / Google Fit (Android) for abnormal activity detection.
- Heart Rate: If the device supports it, read from HealthKit for health reference (non-core feature).
- Active Duration: Active/inactive intervals calculated from step data, used for alarm decisions.
- Heartbeat Reports: App reports current step status every 30 minutes to determine whether the alarm threshold is exceeded.
2.3 Location Information
MoveSee uses location permission in the following cases:
- Alarm Location: When an alarm is triggered, the current GPS location is automatically obtained once and included in the alarm notification sent to family members.
- Footprint Map (Premium): With a premium subscription, the elder's device automatically records their location once per hour to generate a daily movement trail map for family members. This feature requires the elder to grant location permission. Family members can view the day's timeline-based location records on an interactive map.
- When the elder actively uses the "Share Location" feature.
The Footprint Map only records location data at the top of each hour (once per hour) — it does not perform continuous second-by-second background tracking. Location data is retained for the current day only and is visible only to bound family accounts. Elders can disable location permission in system settings at any time to stop footprint recording, without affecting step monitoring or alert core features.
2.4 Device & Technical Information
- Push notification tokens (FCM Token / APNs Token): Used to send alarm push notifications to family members' devices.
- OS type and version: Used for compatibility handling and troubleshooting.
- App version number: Used for service compatibility management.
2.5 Family Binding & Alarm Records
- Family bindings: Records the binding relationship between elder accounts and family accounts.
- Alarm records: Including trigger time, alarm type, and location (if any). Retained permanently.
- Notification preferences: Family members' preferred notification methods (push / call / SMS) and corresponding settings.
2.6 Subscription Information
- Subscription status, product ID, expiration date: Used to manage Premium feature access.
- Subscription platform (App Store / Google Play): Used for subscription validation communication.
- We do not collect or store any payment card numbers or bank account information. All payments are processed by Apple / Google.
我们收集上述信息仅用于以下明确目的,不会用于任何其他商业目的:
- 提供老人安全守护核心功能(步数监测、异常报警)
- 向绑定子女发送报警推送通知、触发自动电话和短信
- 管理用户账号和家庭绑定关系
- 验证 App Store / Google Play 订阅,提供 Premium 功能
- 应用性能监控和问题排查(不涉及个人信息)
- 响应用户的服务支持请求
- 我们不会将您的信息用于广告投放、用户画像分析或任何营销目的
We collect the above information solely for the following specific purposes and will never use it for any other commercial purpose:
- Provide core senior safety features (step monitoring, abnormal activity alerts)
- Send alarm push notifications, and trigger automated calls and SMS to bound family members
- Manage user accounts and family binding relationships
- Verify App Store / Google Play subscriptions and provide Premium features
- App performance monitoring and troubleshooting (no personal data involved)
- Respond to user support requests
- We will never use your information for advertising, user profiling, or any marketing purpose
我们采用行业标准的安全措施保护您的数据:
- 传输加密:客户端与服务器之间的所有通信采用 AES-256-GCM 算法端到端加密,加密密钥由系统统一管理,不在网络中传输明文数据。
- 存储安全:服务器数据库采用访问控制和加密存储,仅授权服务进程可访问数据库。
- 身份验证:采用 JWT(JSON Web Token)认证机制,令牌有效期为 7 天,过期自动失效。
- 数据隔离:老人的健康和报警数据仅对该老人本人及其绑定子女可见,其他用户无法访问。
We use industry-standard security measures to protect your data:
- Transmission Encryption: All communication between client and server is end-to-end encrypted using AES-256-GCM. Keys are managed by the system and no plaintext data is transmitted over the network.
- Storage Security: Server databases use access controls and encrypted storage; only authorized service processes can access the database.
- Authentication: JWT (JSON Web Token) authentication with a 7-day token validity period that expires automatically.
- Data Isolation: An elder's health and alarm data is only visible to that elder and their bound family members. Other users cannot access it.
While we apply these security measures, no method of internet transmission or electronic storage is 100% secure. If you discover any security vulnerability, please contact us immediately at
openthink@foxmail.com.
我们绝不出售、出租或以任何商业方式共享您的个人数据。
在以下有限情形下,我们可能需要共享部分数据:
- 家庭成员之间:老人的步数、报警记录和位置信息仅共享给其主动绑定的子女账号,这是服务的核心功能。
- 法律要求:若收到有效的法律要求(法院命令、政府传票等),我们可能依法披露必要信息,并在法律允许范围内尽可能通知用户。
- 运营服务商:如云服务提供商、推送通知服务商(Firebase / APNs),这些服务商签署了保密协议,仅用于提供技术服务,不允许将数据用于其他目的。
We never sell, rent, or share your personal data for any commercial purpose.
In the following limited circumstances, we may need to share certain data:
- Within the Family: An elder's step count, alarm records, and location are shared only with family members they have actively bound. This is a core feature of the service.
- Legal Requirements: If we receive a valid legal request (court order, government subpoena, etc.), we may disclose necessary information as required by law, and will notify users to the extent permitted by law.
- Service Providers: Such as cloud service providers and push notification services (Firebase / APNs). These providers have signed confidentiality agreements and may only use data to provide technical services — not for any other purpose.
MoveSee 使用以下第三方服务,这些服务有其独立的隐私政策:
| 服务 | 提供方 | 用途 |
|---|
| Apple HealthKit | Apple Inc. | 读取 iOS 设备上的步数、心率数据 |
| Google Fit / Health Connect | Google LLC | 读取 Android 设备上的步数数据 |
| Firebase Cloud Messaging (FCM) | Google LLC | 向 Android 设备发送推送通知 |
| Apple Push Notification Service (APNs) | Apple Inc. | 向 iOS 设备发送推送通知 |
| App Store 订阅验证 | Apple Inc. | 验证 iOS 订阅收据有效性 |
| Google Play Billing | Google LLC | 验证 Android 订阅有效性 |
以上服务提供方均有其独立的隐私政策,建议您参阅各方官方政策了解详情。我们与上述提供方的合作仅限于提供 MoveSee 核心功能所必需的范围。
MoveSee uses the following third-party services, each with their own independent privacy policies:
| Service | Provider | Purpose |
|---|
| Apple HealthKit | Apple Inc. | Read step count and heart rate data on iOS devices |
| Google Fit / Health Connect | Google LLC | Read step count data on Android devices |
| Firebase Cloud Messaging (FCM) | Google LLC | Send push notifications to Android devices |
| Apple Push Notification Service (APNs) | Apple Inc. | Send push notifications to iOS devices |
| App Store Subscription Validation | Apple Inc. | Validate iOS subscription receipts |
| Google Play Billing | Google LLC | Validate Android subscriptions |
Each of these providers has its own independent privacy policy; we encourage you to review them. Our use of these providers is strictly limited to what is necessary to deliver MoveSee's core features.
您对自己的数据拥有以下权利:
- 访问权:您可以在 App 内查看您的账号信息和历史数据。
- 更正权:您可以随时修改账号昵称、邮箱等个人信息。
- 删除权:您可以直接在 App「我的」页面底部点击「注销账号」,操作完成后您的全部个人数据将在 30 天内删除,无需联系客服。
- 撑回同意权:您可以随时在设备系统设置中撑回对 HealthKit / 位置 / 通知的授权,这不影响您继续使用基本功能。
- 解除绑定权:子女可随时在 App 内解除与老人账号的绑定关系,解绑后将不再接收相关报警通知。
- 数据导出权:如需导出您的历史数据,请联系我们,我们将在 15 个工作日内提供。
如需行使上述权利,请联系 openthink@foxmail.com,我们将在合理时间内响应您的请求。
You have the following rights over your data:
- Right to Access: You can view your account information and history data within the app.
- Right to Correction: You can update your nickname, email, and other personal information at any time.
- Right to Deletion: You can delete your account directly in the app — go to the “Profile” tab, scroll to the bottom, and tap “Delete Account”. All your personal data will be deleted within 30 days. No need to contact customer support.
- Right to Withdraw Consent: You can revoke permissions for HealthKit, location, and notifications in your device’s system settings at any time. This does not affect your ability to continue using basic features.
- Right to Unbind: Family members can unbind from the elder’s account at any time within the app. After unbinding, they will no longer receive alarm notifications.
- Right to Data Export: To export your historical data, please contact us and we will provide it within 15 business days.
To exercise any of these rights, contact openthink@foxmail.com and we will respond within a reasonable timeframe.
MoveSee 不面向 13 岁(或您所在地区适用法律规定的年龄)以下的儿童。我们不会故意收集未成年人的个人信息。
如果我们发现在不知情的情况下收集了儿童的个人信息,我们将立即采取措施删除相关数据。如果您认为我们收集了未成年人数据,请联系我们。
MoveSee is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from minors.
If we discover that we have inadvertently collected personal information from a child, we will take immediate steps to delete it. If you believe we have collected data from a minor, please contact us.
| 数据类型 | 保留期限 |
|---|
| 账号基础信息(手机号、昵称) | 账号存续期间,注销后 30 天内删除 |
| 步数 / 心率等健康数据 | 账号存续期间,注销后 30 天内删除 |
| 报警记录 | 账号存续期间保留;账号注销时同步删除 |
| 位置数据(报警附带) | 与对应报警记录同步删除 |
| 足迹地图位置数据 | 仅保留当天记录,次日自动清除;账号注销时立即删除 |
| 订阅记录 | 出于财务合规目的,保留至少 5 年 |
| 推送令牌 | 令牌无效或账号注销时立即删除 |
| Data Type | Retention Period |
|---|
| Account basics (phone number, nickname) | Retained while account is active; deleted within 30 days of account closure |
| Step count / heart rate and other health data | Retained while account is active; deleted within 30 days of account closure |
| Alarm records | Retained while account is active; deleted when account is closed |
| Location data (alarm-attached) | Deleted together with the associated alarm record |
| Footprint map location data | Retained for the current day only; automatically cleared the next day; deleted immediately on account closure |
| Subscription records | Retained for at least 5 years for financial compliance purposes |
| Push tokens | Deleted immediately when token becomes invalid or account is closed |
我们可能会不时更新本隐私政策,以反映服务变更或法规要求。当发生重大变更时,我们将:
- 在 App 内发出明显通知
- 更新本页面顶部的“最后更新日期”
- 对于影响您核心权利的重大变更,在生效前至少提前 30 天通知
在生效日期之后继续使用 MoveSee,即视为您已接受修订后的政策。
We may update this Privacy Policy from time to time to reflect service changes or regulatory requirements. When significant changes occur, we will:
- Provide a prominent notice within the app
- Update the “Last Updated” date at the top of this page
- For changes that materially affect your core rights, provide at least 30 days’ notice before they take effect
Continued use of MoveSee after the effective date constitutes your acceptance of the revised policy.
如果您对本隐私政策有任何疑问、意见或请求,欢迎随时与我们联系: