Privacy Policy 隐私政策
Effective 14 May 2026 · Last updated 14 May 2026 生效日期 2026 年 5 月 14 日 · 最近更新 2026 年 5 月 14 日
1. Introduction1. 简介
This Privacy Policy (the "Policy") describes how Curio Design ("Curio", "we", "our", or "us") collects, uses, and discloses information about you in connection with your access to and use of the website at designbycurio.com and related applications, APIs, and tools (collectively, the "Service"). It supplements and forms part of our Terms of Service. 本隐私政策(以下简称「本政策」)说明 Curio Design(以下简称「Curio」「我们」)在您访问与使用 designbycurio.com 网站及相关应用程序、API 与工具(以下统称「本服务」)的过程中,如何收集、使用与披露关于您的信息。本政策是服务条款的组成部分。
2. Information we collect2. 我们收集的信息
We collect the following categories of information in the course of operating the Service: 在运营本服务的过程中,我们收集以下几类信息:
| Category类别 | Examples具体内容 | Source来源 |
|---|---|---|
| Account information账户信息 | Email address, display name, OAuth provider identifier, profile image URL邮箱地址、显示名、OAuth 服务商唯一标识、头像链接 | Provided by you or by your selected authentication provider由您本人或您所选的身份验证服务商提供 |
| Subscription information订阅信息 | Plan tier, billing cycle, period start and end dates, subscription status套餐档位、计费周期、订阅起止日期、订阅状态 | Curio and PayPalCurio 与 PayPal |
| Payment metadata付款元数据 | PayPal subscription identifier, transaction identifiers, last four digits of payment card, billing country. Full card numbers and security codes are processed and stored by PayPal; Curio does not receive or store them.PayPal 订阅唯一标识、交易唯一标识、付款卡片末四位、账单国家/地区。完整卡号与安全码由 PayPal 处理与保管;Curio 不会接收或存储该等信息。 | PayPalPayPal |
| Usage events使用事件 | Design Package views, downloads, share-link generations, recorded with timestamp, plan tier at the time, and Credits consumed设计包浏览、下载、分享链接生成记录,含发生时间、当时所属套餐及消耗的配额 | Your client device您的客户端设备 |
| Feedback (Max subscribers only)反馈意见(仅 Max 订阅者) | Subject, body, category, and timestamp of feedback submissions反馈提交的主题、正文、类别及提交时间 | Provided by you由您本人提供 |
| Technical and access information技术与访问信息 | IP address, browser type and version, operating system, referrer URL, language preferenceIP 地址、浏览器类型与版本、操作系统、来源页面 URL、语言偏好 | Automatically collected via Cloudflare经 Cloudflare 自动收集 |
3. How we use information3. 信息的使用
We use the information described above for the following purposes: 我们将上述信息用于以下目的:
- to provide, maintain, and operate the Service, including authenticating you, displaying your subscription status, and enforcing usage Credits;提供、维护与运营本服务,包括对您进行身份验证、显示您的订阅状态及执行配额规则;
- to process payments and issue receipts;处理付款并出具收据;
- to detect, prevent, and respond to fraud, abuse, scraping, or violations of our Terms of Service;检测、预防与应对欺诈、滥用、抓取或违反服务条款的行为;
- to communicate with you about your Account, billing, service announcements, and material policy updates;就账户事项、计费、服务公告及重大政策更新与您沟通;
- to analyze aggregate usage patterns in order to improve the Service and decide which Design Packages to produce next; and分析聚合的使用模式,用以改进本服务并决定下一批应产出的设计包;以及
- to comply with applicable legal obligations.遵守适用的法律义务。
We do not use your personal information for behavioral advertising, and we do not sell your personal information to third parties. 我们不将您的个人信息用于行为定向广告,亦不向第三方出售您的个人信息。
4. Legal bases for processing4. 处理的法律依据
Where the EU or UK General Data Protection Regulation applies, our legal bases for processing your personal data are: 在欧盟或英国《通用数据保护条例》(GDPR)适用的情形下,我们处理您个人数据的法律依据为:
- Performance of a contract — to provide the Service you have requested and to fulfill our obligations under the Terms of Service.合同履行 —— 为提供您所请求的本服务并履行服务条款下的义务。
- Legitimate interests — to operate, secure, and improve the Service, prevent abuse, and pursue commercially reasonable analytics.合法利益 —— 为运营、保障与改进本服务、防止滥用并进行合理商业分析。
- Compliance with legal obligations — where retention or disclosure is required by law.履行法律义务 —— 在法律要求保留或披露的情形下。
- Your consent — where we ask for it specifically, for example for optional communications.您的同意 —— 在我们特别征求同意的情形下,例如可选的通知订阅。
6. Service providers6. 服务提供商
We engage a limited number of third-party service providers (sometimes called "subprocessors") to operate the Service. Each provider receives only the data needed for the function described below, and is contractually required to protect that data. 为运营本服务,我们委托少数第三方服务提供商(有时称为「子处理者」)。每家提供商仅接收为下述功能所必需的数据,并依合同义务负责保护该数据。
| Provider提供商 | Function用途 | Data shared共享的数据 |
|---|---|---|
| Supabase | Authentication, database, file storage身份验证、数据库、文件存储 | Account, subscription, and feedback records账户、订阅与反馈记录 |
| PayPal | Recurring billing and payment processing周期性计费与付款处理 | Email address, plan tier, billing address as you provide it邮箱地址、套餐档位、您所提供的账单地址 |
| Cloudflare | Content delivery, DNS, and abuse mitigation内容分发、DNS 与防滥用 | Request metadata (IP address, user agent)请求元数据(IP 地址、User-Agent) |
| GitHub and GoogleGitHub 与 Google | OAuth sign-in (only if you choose to sign in via these providers)OAuth 登录(仅当您选择使用这些服务商登录时) | OAuth profile data (email, provider identifier, display name, avatar URL)OAuth 用户资料(邮箱、服务商标识、显示名、头像 URL) |
| Google AnalyticsGoogle Analytics | Aggregate site usage measurement (page views, sessions, referrers, country-level geography)整体站点使用情况衡量(浏览量、会话、来源、国家级地理) | Pseudonymous cookie identifier, IP address (truncated by Google), page URL, user agent匿名 Cookie 标识符、IP 地址(由 Google 截断)、页面 URL、User-Agent |
Each provider processes your data in accordance with its own privacy policy, which applies in addition to this Policy. 各提供商按其自身隐私政策处理您的数据;该等政策与本政策同时适用。
7. Disclosure of information7. 信息的披露
We disclose your personal information only in the following circumstances: 我们仅在下列情形下披露您的个人信息:
- to the service providers listed in Section 6, for the purposes described;向第 6 条所列服务提供商,且仅为相应用途;
- where required to comply with valid legal process, applicable law, or a binding governmental request;为遵循有效法律程序、适用法律或具有约束力的政府要求;
- to protect the rights, property, or safety of Curio, our users, or the public;为保护 Curio、我们的用户或公众的权益、财产或安全;
- in connection with a merger, acquisition, financing, or sale of assets, provided that the recipient is bound by terms no less protective than this Policy; and在合并、收购、融资或资产出售中,但前提是受让方受不低于本政策保护程度的条款约束;以及
- with your consent or at your direction.经您同意或依您的指示。
8. Data retention8. 数据保留
We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law: 我们仅在为收集目的所必需的期间内,或在法律要求的期间内保留个人信息:
- Account and subscription records — for the duration of your Account, plus a short period thereafter to permit reactivation.账户与订阅记录 —— 账户存续期间,加上一段较短的后续期间以便重新激活。
- Usage events — capped at the most recent 200 events per user; older events are discarded automatically.使用事件 —— 每位用户最多保留最近 200 条;更早的事件将自动删除。
- Billing records — retained for at least seven (7) years, or for a longer period if required by applicable tax, accounting, or audit laws.账单记录 —— 至少保留七(7)年;如适用的税务、会计或审计法律要求更长期限,则按该等法律执行。
- Feedback — retained until you request deletion or until the Service is discontinued.反馈 —— 直至您请求删除或本服务终止时为止。
9. Your rights9. 您的权利
Subject to applicable law (including the EU/UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act, and the mainland China Personal Information Protection Law), you may have the right to: 在适用法律允许的范围内(包括欧盟/英国 GDPR、美国加州 CCPA 与 CPRA、中华人民共和国《个人信息保护法》),您可能享有下列权利:
- access the personal information we hold about you;查阅我们持有的关于您的个人信息;
- request correction of inaccurate or incomplete information;请求更正不准确或不完整的信息;
- request deletion of your personal information, subject to any retention required by law;请求删除您的个人信息,但须遵守法律规定的保留义务;
- object to, or restrict, certain processing of your personal information;反对或限制对您个人信息的特定处理活动;
- receive a portable copy of your personal information in a structured, machine-readable format;以结构化、机器可读的格式获取您个人信息的可移植副本;
- withdraw consent, where processing is based on consent; and在处理依赖于您的同意时,撤回该同意;以及
- lodge a complaint with a competent data protection authority.向有管辖权的数据保护机构提出投诉。
To exercise any of these rights, send a request from the email address registered to your Account to [email protected]. We will respond within thirty (30) days, and may extend this period by up to a further two (2) months where necessary for complex requests, in which case we will notify you of the extension and its reason within the initial 30 days. We may request additional information to verify your identity before proceeding. 如需行使上述任一权利,请使用您账户注册时所用的邮箱地址向 [email protected] 提交请求。我们将在三十(30)日内回复;对于复杂请求,必要时可将该期限再延长最多两(2)个月,并在初始 30 日内告知您延长事项及理由。处理前可能要求您提供额外信息以核实身份。
California residents: Curio has not sold personal information in the preceding twelve (12) months and does not currently share personal information for cross-context behavioral advertising. You have the additional right under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA") to opt out of any future sale or sharing — should our practices change, an opt-out link will be added to this Policy and made available via the request channel above. 加利福尼亚州居民:Curio 在过去十二(12)个月内未曾出售个人信息,目前亦未为跨情境定向广告目的共享个人信息。根据《加州消费者隐私法》(CCPA)与《加州隐私权法》(CPRA),您还享有反对未来出售或共享的权利 —— 若我们的做法发生变更,相应的退出渠道链接将添加到本政策中,并通过上述请求渠道开放。
10. International transfers & EU representative10. 跨境传输与欧盟代表
Our service providers operate globally. Your personal information may be processed in jurisdictions other than the one in which you reside, including the United States. Where required by law (for example, the Standard Contractual Clauses under the GDPR), we put appropriate safeguards in place to protect cross-border transfers of personal data. 我们的服务提供商在全球范围内运营。您的个人信息可能在您居住地以外的司法管辖区被处理(包括美国)。在法律要求的情形下(例如 GDPR 项下的标准合同条款),我们将就个人数据的跨境传输采取相应的保护措施。
If you are located in the European Economic Area, United Kingdom, or Switzerland and wish to raise a data-protection matter, you may contact us at [email protected]. Where required under GDPR Article 27, we will designate a representative in the Union and publish their contact details in this Section once Service availability to EEA users commences. 如您身处欧洲经济区、英国或瑞士,且希望就数据保护事宜与我们联系,请通过 [email protected] 与我们联系。在 GDPR 第 27 条要求的情形下,我们将于欧盟范围内开始向 EEA 用户提供本服务时,指定一名联盟内代表并于本节公布其联系方式。
11. Children's privacy11. 未成年人保护
The Service is not directed at children under the age of thirteen (13), and we do not knowingly collect personal information from children under that age. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete such information promptly. If you believe that a child has provided personal information through the Service, please contact us at [email protected]. 本服务并非面向 13 周岁以下儿童,我们亦不会有意收集 13 周岁以下儿童的个人信息。一旦我们发现在未取得监护人可核实同意的情况下收集了 13 周岁以下儿童的个人信息,将及时予以删除。如您认为有儿童通过本服务提交了个人信息,请通过 [email protected] 与我们联系。
12. Security12. 安全措施
We apply technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include transport-layer encryption (HTTPS) for all traffic, encryption at rest through our hosting provider's standard mechanisms, and access controls based on the principle of least privilege. No method of transmission or storage is entirely secure; in the event of a personal-data breach affecting you, we will notify you without undue delay where required by law. 我们采取技术与组织措施以保护个人信息免遭未经授权的访问、变更、披露或销毁。该等措施包括:所有流量采用传输层加密(HTTPS);静态数据通过托管服务商的标准机制进行加密;以及基于最小必要原则的访问控制。任何传输或存储方式均不能保证绝对安全;如发生影响您的个人数据泄露事件,我们将依法在不当延迟的情况下通知您。
13. Changes to this Policy13. 本政策的变更
We may update this Policy from time to time. For material changes, we will update the "Last updated" date at the top of this document and notify active users by email at least seven (7) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy. 我们可不时更新本政策。对实质性变更,我们将更新本文档顶部的「最近更新」日期,并于变更生效前至少七(7)日通过邮件通知现有用户。您在生效日期之后继续使用本服务,即视为接受更新后的本政策。
14. Contact14. 联系方式
For questions about this Policy, data-subject requests, or any other privacy-related matter, contact us at [email protected]. See also our Terms of Service. 如对本政策有任何疑问、希望行使数据主体权利或就其他隐私事宜与我们联系,请通过 [email protected] 与我们联系。亦请查阅我们的服务条款。