Privacy Policy
Jinshu — Immersive Multilingual Reader
Effective date: April 10, 2026
Jinshu is designed with privacy as a core principle. The app works fully offline by default, requires no account to use, and collects the minimum data necessary to provide its services.
1. Data We Do Not Collect
- We do not collect personal information (name, email, phone number, address)
- We do not track your location
- We do not use analytics or crash reporting services
- We do not use advertising identifiers (IDFA) or any tracking technologies
- We do not share any data with third parties for advertising or marketing
- We do not access your contacts, calendar, or other personal data
2. Data Stored on Your Device
All of your reading data is stored locally on your device and is never sent to our servers:
- Imported books (EPUB, Markdown, PDF)
- Reading progress and bookmarks
- Highlights and notes
- Vocabulary words you save
- App settings and preferences
- Custom fonts you upload
If you enable iCloud sync, this data may be synced to your personal iCloud account via Apple's CloudKit. We do not have access to your iCloud data.
3. Data Sent to Our Server
The app communicates with our servers only in the following scenarios:
a) Purchase Verification
When you make an iOS in-app purchase, the app sends the following to our server to verify the transaction with Apple. Android purchases made through Stripe create an activation code tied to the buyer email and device redemption records.
- Device ID — a random UUID generated by the app, not linked to your Apple ID or hardware
- Purchase receipt or activation record — provided by Apple App Store or created by Jinshu after Stripe checkout
- User ID (optional) — only if you signed in with Apple, your Apple-provided user identifier
This data is used solely to verify that a purchase is valid and to determine your premium status. Purchase records are stored on our server to enable purchase restoration across devices.
b) Annotation Error Reports
If you report an incorrect word annotation (wrong translation, wrong CEFR level, etc.), the app sends:
- The word and its CEFR level
- The reason for the report
- The text context around the word
- Your device ID (random UUID)
This data is used solely to improve the quality of our dictionary and annotations. Reports are rate-limited to 10 per device per hour.
c) Device Problem Reports
Shake to Report is on by default; you can turn it off in Settings → Shake to Report. When you submit a problem report, the app sends:
- Your description of the problem
- Your device ID (random UUID)
- App version, build number, platform, OS version, UI language, and basic screen state
- Optional screenshot: when you shake the device, the app captures a snapshot of the current screen and shows it in the report sheet. It is uploaded only if you keep it before tapping Send. You can remove it with one tap. iOS automatically blanks secure-input fields and DRM views in the snapshot.
Screenshots are stored in Cloudflare R2 and auto-deleted after 30 days. Reports are rate-limited to 5 per device per hour and are used only to diagnose product issues.
d) Read-Aloud Speech Synthesis (Experimental)
When you use the experimental read-aloud feature with the Cloud voice engine, the app sends the text of the current sentence to our speech synthesis server for audio generation. Specifically:
- Text content — the sentence currently being read aloud
- Voice preferences — selected gender and speed settings
This data is processed in real time to generate speech audio and is not stored, logged, or retained on the server. No user identity, device ID, or book metadata is transmitted. The server is stateless — text is discarded immediately after audio generation.
You can avoid sending any data by switching to the on-device voice engine, which works entirely offline. You can also self-host your own speech synthesis server for full control over data handling.
The app displays a one-time notice when you first use the Cloud voice engine, informing you that text will be sent to a server for speech synthesis.
4. Sign in with Apple
Sign in with Apple is entirely optional. The app works fully without an account. If you choose to sign in:
- We receive your Apple-provided user identifier, display name, and email (if you choose to share it)
- This information is stored locally on your device in encrypted storage (iOS Keychain)
- Your Apple user ID may be sent to our server during purchase verification to link purchases to your account
- You can delete your account and all associated server-side data at any time from within the app
5. iCloud Sync
If you enable iCloud sync (a Premium feature), your reading data is synced via Apple's CloudKit to your personal iCloud account. This sync is between your devices through Apple's infrastructure — we do not have access to your iCloud data.
6. LAN Transfer
The LAN transfer feature allows you to transfer books between your devices over your local network. Data is sent directly between devices and never passes through our servers. Transfers are protected by a PIN code.
7. Permissions We Request
- Photo Library — to select book cover images. We do not access or upload your photos.
- Microphone — for voice-based word lookup (speech recognition). Audio is processed on-device and is not recorded or transmitted.
8. Children's Privacy
Jinshu does not knowingly collect personal information from children under 13. The app does not require an account, does not contain ads, and does not include social features.
9. Data Retention and Deletion
- Device data: Deleted when you uninstall the app or manually clear data
- Server data: Purchase verification records and annotation reports are retained to provide service. If you signed in with Apple, you can delete your account and all server-side data from within the app.
- iCloud data: Managed by Apple according to your iCloud settings
10. Third-Party Services
The app interacts with the following third-party services only when necessary:
- Apple App Store — for in-app purchase processing and receipt verification
- Stripe — for Android activation-code checkout and subscription management
- Apple CloudKit — for iCloud sync (only if enabled by user)
- Speech synthesis server — for Cloud voice read-aloud (only when user activates this feature). Self-hosted on Cloudflare. No data is stored or logged.
We do not use any third-party analytics, advertising, or tracking SDKs.
11. Security
Sensitive data (authentication tokens, purchase receipts) is stored in encrypted storage (iOS Keychain / Android EncryptedSharedPreferences). Server communication uses HTTPS. We perform server-side rate limiting to prevent abuse.
12. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the updated policy.
13. Contact
If you have questions about this privacy policy, contact us at happinesz+jinshu@gmail.com.