Privacy

Privacy Policy

Last updated: 2026-05-10

Suanji (the "extension") respects your privacy. This page discloses what data we collect, how it's used, and your rights.

1. The core works fully locally

Hexagram casts and daily fortune values are computed in your browser. No internet is required. The extension's core features work offline.

2. What we collect

2.1 Anonymous device data (on by default, togglable in popup settings)

• Device ID: a random UUID generated locally on first launch, used only to distinguish anonymous devices, never tied to your real identity.
• Language preference: zh / en, for localization.
• Coarse User-Agent: browser + OS, for compatibility analytics.
• Behavioral events: the type and timestamp of actions like popup_open, cast_started/completed/canceled, fortune_viewed, lang_switch, settings_changed, trigger_button_click. We do not record URLs you visit, nor the text of questions you type.
• Cast result metadata: the hexagram key, localized copy at the time, language, and source (popup or page button). When anonymous, the original question text is not recorded.

2.2 Registered account data (only when you sign up)

• Email: account identifier. We don't send marketing email. In the future it will only be used for password reset.
• Password hash: your password is derived through PBKDF2-SHA256 (100,000 iterations + 16-byte random salt) before storage. The plaintext password is never stored — we cannot recover it.
• Preferences: cloud-stored nickname, zodiac, sound/aura toggles.
• History: casts and fortunes produced while signed in are associated with your account; raw question text is retained only when signed in.

2.3 Uninstall feedback (only if you choose to submit)

When you uninstall the extension, Chrome opens a feedback page where you can optionally select "reasons" (multi-select) + a comment + an email. Submission attaches:

• Your deviceId (linking the feedback to your past anonymous behavior, but never to PII)
• Extension version + language preference
• Selected reasons and the comment you wrote

This page is fully optional. You can close the tab without submitting and nothing is recorded.

3. How data is stored

All cloud data lives in Cloudflare D1 (SQLite). IP addresses are stored as salted SHA-256 hashes — we never keep raw IPs. Session is via HttpOnly + Secure cookie; no client-side persistence of user data.

4. Retention

• Behavior events: retained 90 days, then auto-deleted.
• Casts and fortunes: kept while your account exists. Signing out does not delete; deleting your account does.
• Magic-link tokens (deferred): 15-minute TTL, single-use, only the hash is stored.

5. Your rights

• Opt out of analytics: toggle in the popup settings; when off, the extension makes no fetch calls.
• Export data: planned, available from the account page.
• Delete account: signed-in users can call "Delete account" → user record, profile, sessions, and history associated with the account are cascade-deleted. Device rows are retained but their user_id is reset to NULL.

6. Third-party services

• Cloudflare: hosts the site and API; processes basic logs per their privacy policy.
• Resend (deferred): used to send password-reset emails when enabled.
• We do not use Google Analytics, Facebook Pixel, Sentry, or any third-party trackers.

7. Cookies

An HttpOnly session cookie is set only after sign-in. Not used for tracking.

8. Contact

Questions about this policy: [email protected]