Million AI 隐私政策 / Privacy Policy

生效日期 / Effective date: 2026-05-11

中文版

Million AI（以下简称”本 App”，”我们”）是一款 AI 工作空间 iOS 客户端。我们尊重您的隐私，本政策说明我们会收集哪些信息、为什么收集、如何存储与共享、以及您拥有的选择。

1. 我们收集的信息

账号信息：当您通过”通过 Apple 登录”（Sign in with Apple）登录时，我们会收到 Apple 提供的用户标识符（user identifier）以及您选择共享的邮箱（可为 Apple 中转邮箱）。我们不会获取您的 Apple ID 密码。
服务器连接信息：您手动配置或在局域网内自动发现的 Home Node 服务器地址，保存在设备本地，用于建立 App 与对应服务器之间的连接。
聊天与工作区内容：您在本 App 内发送的消息、文件、生成的会话与制品等业务数据。默认情况下，这些数据会上传至我们运营的官方 Home Node 服务器（默认 https://api.shulingai.com）进行存储与处理，用于在您的不同设备间同步会话、提供 AI 助手能力。技术高级用户可在「设置 → Home Node」切换到自部署服务器，此时业务数据仅存储于您自己的服务器，我们不持有副本。
语音转文字：当您主动按下麦克风按钮时，本 App 调用 iOS 系统的语音识别框架将语音转写为文字填入输入框。原始音频与识别过程由 Apple 处理，详见 Apple 的隐私政策。我们不存储原始音频；转写后的文字在您主动发送后才会进入正常的聊天数据流。
相册访问：仅在您主动点击”保存到相册”时写入相册，本 App 不读取相册中的其他内容。
日历访问：仅在您主动启用日历集成时，本 App 读取您本机日历事件。为支持 AI 排程能力，相关日历事件（标题、时间、参与者等）会被上传至我们运营的官方 Home Node 服务器，并按下文”AI 模型提供方”所述转发给您选择的模型用于推理。您随时可以在 iOS “设置 → 隐私与安全性 → 日历”撤销日历权限。
本地网络访问：本 App 使用 Bonjour 在局域网内发现 Home Node 服务器，仅用于建立连接，不收集您的网络环境信息。

2. 信息的用途

完成账号登录与会话保持
与 Home Node 服务器建立连接，提供 AI 工作区、聊天、工作区同步、日程辅助等功能
将您主动触发的语音转为文字、保存图片到相册
将您选择交给 AI 处理的日历事件等输入转发给 AI 模型完成推理

3. 第三方服务与数据控制者

当您连接默认的官方 Home Node 时，我们（Million AI）作为数据控制者处理上述业务数据。本 App 在运行时可能与以下第三方服务通信：

Apple：提供”通过 Apple 登录”以及 iOS 系统语音识别，受 Apple 隐私政策约束。
Supabase：作为我们的账号鉴权与基础数据后端，受我们与 Supabase 之间的数据处理协议约束，仅存储完成鉴权与会话所必需的最小账号标识（user id、邮箱等）。
AI 模型提供方（如 Anthropic、OpenAI 等）：当您使用 AI 功能时，必要的输入内容（您发送的消息、附件、被纳入对话上下文的日历事件等）会由我们的服务器转发给您选择的模型提供方进行推理。模型提供方各自的隐私政策对它们所接收到的数据负责。

我们不会将您的个人信息出售、出租给任何第三方，也不会将其用于上述功能之外的目的。

4. 数据存储位置与保留

存储位置：业务数据当前存储于中国大陆境内的服务器。后续我们计划在新加坡部署节点；如有变更，我们会通过更新本政策提前告知。
账号信息：保留至您注销账号为止。
业务数据（默认 Home Node）：存储于我们运营的服务器，保留至您注销账号或主动删除相应内容为止。
业务数据（自部署 Home Node）：仅存储于您自己的服务器，我们不持有副本，不在我们这边产生保留期。
设备本地缓存：删除本 App 即可清除。

5. 您的权利

您有权：

随时撤销 Apple 登录授权（在 iOS “设置 → Apple ID → 密码与安全性 → 使用您 Apple ID 的 App”）。
撤销麦克风、相册、日历、本地网络等系统权限——本 App 在缺少这些权限时仍可使用其余功能。
联系我们查询、导出、更正或删除我们所持有的您的个人数据，以及注销账号。
切换到自部署 Home Node，由您自己掌控业务数据。

6. 儿童隐私

本 App 不面向 13 岁以下儿童设计，亦不刻意收集其个人信息。

7. 政策更新

本政策可能随产品演进而更新。重大变更（包括存储位置或数据用途的变更）将在本页面公告，建议您定期回访。

8. 联系我们

如对本政策有任何疑问或希望行使您的权利，请联系：

邮箱： ziyou0704@gmail.com

English Version

Million AI (“we”) is an iOS client for an AI workspace product. This policy explains what information we collect, why, how we store and share it, and the choices you have.

1. Information we collect

Account info: When you “Sign in with Apple”, we receive an Apple-provided user identifier and the email you choose to share (which may be Apple’s relay email). We never receive your Apple ID password.
Server connection info: The Home Node server address you manually configure or discover on the local network is stored on-device and used to connect the app to that server.
Chat and workspace content: Messages, files, sessions, and artifacts you create in the app. By default these are uploaded to our official Home Node server (default https://api.shulingai.com) for storage and processing, to sync your sessions across devices and to power AI features. Advanced users may switch to a self-hosted Home Node under “Settings → Home Node”; in that case the data is stored solely on your own server and we retain no copy.
Speech-to-text: When you tap the microphone button, the app uses iOS speech recognition to transcribe your voice into the input field. Audio and transcription are handled by Apple — see Apple’s privacy policy. We do not store raw audio; the transcribed text only enters the normal chat data flow if you choose to send it.
Photo library: We only write to your photo library when you explicitly tap “Save to album”. We do not read other photos.
Calendar: We only read your local calendar events when you explicitly enable calendar integration. To support AI-assisted scheduling, the relevant calendar events (title, time, participants, etc.) are uploaded to our official Home Node server and forwarded to the AI model you select, as described under “AI providers” below. You can revoke calendar permission at any time in iOS Settings → Privacy & Security → Calendars.
Local network: We use Bonjour to discover Home Node servers on the local network for connection purposes only. We do not collect information about your network environment.

2. How we use this information

Sign-in and session continuity
Connecting to a Home Node server and powering AI workspace, chat, sync, and scheduling features
User-initiated speech-to-text and saving images to your album
Forwarding inputs you choose to send to AI (including calendar events you opt to share) to AI providers for inference

3. Third-party services and data controller

When you connect to the default official Home Node, we (Million AI) act as the data controller for the business data described above. The app may communicate with the following third-party services at runtime:

Apple — Sign in with Apple and iOS speech recognition. Governed by Apple’s privacy policy.
Supabase — Our auth and basic data backend, governed by a data processing agreement between us and Supabase. Stores the minimum account identifiers (user id, email) required for authentication and sessions.
AI providers (e.g. Anthropic, OpenAI) — When you use AI features, the necessary inputs (your messages, attachments, calendar events you opt to share, etc.) are forwarded by our server to the AI provider you select, for inference. Each provider’s privacy policy governs the data they receive.

We do not sell or rent your personal information to any third party, and we do not use it for purposes beyond the features described above.

4. Data location and retention

Storage location: Business data is currently stored on servers located in mainland China. We plan to add a node in Singapore in the future; we will update this policy in advance of any change.
Account info: retained until you delete your account.
Business data (default Home Node): stored on our servers, retained until you delete your account or remove the content yourself.
Business data (self-hosted Home Node): stored solely on your own server; we retain no copy and have no retention period on our side.
On-device cache: removed when you uninstall the app.

5. Your rights

You may:

Revoke “Sign in with Apple” at any time (iOS Settings → Apple ID → Password & Security → Apps Using Apple ID).
Revoke microphone, photo, calendar, or local network permissions — the app continues to work without those specific features.
Contact us to access, export, correct, or delete the personal data we hold about you, and to close your account.
Switch to a self-hosted Home Node so you fully control your business data.

6. Children’s privacy

The app is not directed at children under 13. We do not knowingly collect personal information from children under 13.

7. Changes to this policy

We may update this policy as the product evolves. Material changes (including changes to data location or purpose) will be posted on this page. Please check back periodically.

8. Contact

For questions or requests, please contact:

Email: ziyou0704@gmail.com