Privacy Policy
Last updated: 2026-05-26
The short version: no public registration, no phone / email / real name collection. We only log the minimum necessary for analytics, security and regulatory retention.
1. What we collect
| Data | Purpose | Retention |
|---|---|---|
| IP address | Required regulatory retention (≥ 6 months); lawful disclosure; anti-abuse | 6 months |
| User-Agent | Device identification and dedupe | 6 months |
| Path + timestamp | PV / UV analytics, content quality signals | 6 months |
| Referrer | Understand inbound sources | 6 months |
| Like / Dislike actions | Engagement metrics | Long-term, removable on request |
| AI chat content | Only when blocked by the keyword filter: SHA-256 hash + matched terms. Original text not stored. | 6 months |
| Theme / search history | Local localStorage only, never uploaded | Clear via browser |
2. What we do not collect
- Phone, email, real name (no registration)
- Precise geolocation (only coarse IP-based country)
- Payment data, biometrics
- Third-party identities (except GitHub OAuth for /admin, owner-only)
3. Cookies & local storage
- No third-party ad trackers, recommendation pixels, Baidu Tongji, Facebook Pixel, etc.
- Only: theme preference + AI assistant session ID (expires on tab close)
- All tracking is same-origin; nothing sent to third parties
4. Third-party endpoints
The site loads from a few third-party hosts; visiting them exposes your IP to them per their own policies:
- Google Fonts — serif & sans-serif typefaces
- unpkg / jsdelivr — loads Decap CMS, KaTeX, highlight.js (only on
/adminor article pages) - Cloudflare Worker (decap-oauth.zoro1024111.workers.dev) — GitHub OAuth proxy, only on
/adminlogin
We do not actively share your data with them; they may log requests per their own terms.
5. Access
- Only the site owner Zoro accesses the data (via SSH + GitHub OAuth)
- Not sold or shared
- Exception: lawful requests from regulators / law enforcement
6. Security
- HTTPS via Let's Encrypt; HSTS 1 year
- SQLite database file mode 600, owner-only
- Daily backups, 200-day retention
- Per-IP rate limits on all API endpoints
- Content-Security-Policy to mitigate XSS / clickjacking
7. Your rights
Email 1437066318@qq.com at any time to:
- Query records about you (provide IP / time window to help locate)
- Request deletion of your records (handled within 48h after verification)
- Correct erroneous records
- Export your data
8. Minors
This site targets adults familiar with the internet. Users under 14 should browse with guardian supervision.
9. Changes
This policy may evolve. Updates take effect upon publication. Material changes (e.g. new data categories) are announced on the homepage for 7 days.
10. Contact
1437066318@qq.com · Operator: Zoro · 沪 ICP 备 2026021578 号-1
Related: Terms · Contact / Abuse