Privacy Policy — Nexcart Ops

Effective date: June 2, 2026 · Last updated: June 2, 2026

This Privacy Policy explains how Nexcart Ops ("we", "the App") collects, uses, stores, and shares information when you use our iOS application.

1. Who we are

Nexcart Ops is published by Luchao Qi (developer team ID XD9AQDM7D8), based in California, USA. Contact: luqi0722@gmail.com.

The App is a team operations platform for live-commerce sellers, providing finance, warehouse, sales analytics, voice transcription, and AI-assisted decision tools.

2. Information we collect

2.1 Account information

When you sign in we store your username, encrypted password hash, role (admin / member), display name, and the modules an administrator has granted you. We do not store your password in plain text.

2.2 Business data you create

• Live-stream session records (date, platform, GMV, cost, buyers, items, notes)
• Sales records (brand, shoe type, size, price)
• Warehouse data (products, inventory, stock movements, photos of incoming boxes)
• Finance entries (cost items, categories, amounts, monthly summaries)
• Knowledge-base content for staff training
• AI chat history (your questions, AI responses, attached files)
• Voice recordings (only when you press "record", processed as described below)

2.3 Device information

We log standard request metadata: HTTP-session token, IP-derived approximate region, app version, iOS version. Used to keep your session secure and to diagnose crashes. NOT used for ad targeting.

2.4 Camera / microphone / photo library

The App asks for these permissions only when needed:

• Camera — scanning product barcodes, photographing incoming boxes for AI-assisted product identification.
• Microphone — recording live-stream voice notes for speech-to-text transcription.
• Photo library — attaching images to AI conversations or to training notes.

Granting a permission once does not give the App background access. We never scan your camera roll or microphone outside an explicit action you initiate.

3. Where your data lives

• Supabase Inc. (database, US-West region) — the primary store for all business data you create.
• Cloudflare Inc. (Workers + edge network) — proxies all API requests between the App and Supabase / AI providers. No persistent storage on Cloudflare beyond ephemeral request logs.
• Anthropic PBC — when you use the AI assistant (chat, image analysis, deep-analysis mode), the relevant portion of your conversation, attached images, and business context is sent to Anthropic's Claude API for processing. Anthropic states they do not train on API customer data by default; see anthropic.com/legal/privacy
• OpenAI, L.L.C. — when you record voice notes, the audio is sent to OpenAI's Whisper API for speech-to-text transcription. OpenAI states they do not train on API audio by default; see openai.com/policies/privacy
• Brave Software — when AI's deep-analysis mode performs a web search, the search query is forwarded to Brave Search via Anthropic's web-search tool. No personally identifying information is included in the search.

API keys for Anthropic, OpenAI, and Supabase are stored as environment secrets on the Cloudflare Worker — they never ship inside the App binary.

4. What we do NOT do

• We do not sell your data to third parties.
• We do not show advertising in the App.
• We do not track you across other apps or websites.
• We do not use your data to train any AI model.
• We do not share your data with analytics or marketing platforms.

5. How long we keep your data

Business records (sessions, sales, inventory, finance) are kept indefinitely unless you delete them, because they form your operating history.

AI chat history is kept on your device and on the server for as long as you keep the conversation. Deleting a conversation removes it from both.

Voice recordings are stored on your device only. Transcriptions (the text output) are stored as part of the relevant sales record.

Backup snapshots of the Supabase database are kept for 30 days for disaster recovery, then permanently destroyed.

6. Your rights

You can, at any time:

• Edit or delete any business record you created.
• Delete your AI conversation history from within the App.
• Request a complete export or deletion of your account-level data by emailing luqi0722@gmail.com. We will respond within 30 days.

California residents (CCPA), EEA / UK residents (GDPR), and other applicable jurisdictions have additional rights including access, correction, and portability. Email the address above to exercise them.

7. Children

The App is intended for business use by adults aged 18 and over. We do not knowingly collect data from anyone under 13.

8. Security

• All network traffic is encrypted in transit via HTTPS / TLS 1.2+.
• Passwords are hashed with PBKDF2-SHA256 (100,000 iterations).
• Session tokens are HMAC-signed with a server-side secret.
• Supabase Row-Level Security is enabled on team-collaboration tables.

We follow industry standards but no system is perfectly secure. If you suspect a security issue, please email luqi0722@gmail.com and we will respond within 72 hours.

9. Changes to this policy

We will update this policy as the App evolves. Material changes will be announced via an in-app notice the next time you sign in. The current version is always available at this URL.

10. Contact

Privacy questions, requests, or complaints: luqi0722@gmail.com

隐私政策 — Nexcart Ops

生效日期：2026 年 6 月 2 日 · 最近更新：2026 年 6 月 2 日

本《隐私政策》说明 Nexcart Ops（"我们"、"本 App"）在你使用本 iOS 应用时，如何收集、使用、存储和共享信息。

1. 我们是谁

Nexcart Ops 由 Luchao Qi（开发者团队 ID XD9AQDM7D8，地点：美国加利福尼亚）发布。联系方式：luqi0722@gmail.com。

本 App 是面向直播带货卖家的团队运营平台，提供财务、仓库、销售分析、语音转写、AI 辅助决策等工具。

2. 我们收集的信息

2.1 账号信息

当你登录时，我们存储你的用户名、加密后的密码哈希、角色（管理员 / 成员）、显示名称，以及管理员为你授予的模块权限。我们不以明文存储密码。

2.2 你创建的业务数据

• 直播场次记录（日期、平台、GMV、成本、买家、件数、复盘）
• 销售流水（品牌、鞋型、尺码、价格）
• 仓库数据（商品、库存、出入库流水、进货箱照片）
• 财务记录（成本项、分类、金额、月度汇总）
• 团队培训知识库内容
• AI 对话历史（你的提问、AI 回复、附件）
• 语音录音（仅当你按下"录音"时；处理方式见下文）

2.3 设备信息

我们记录标准请求元数据：会话令牌、由 IP 推断的大致区域、App 版本、iOS 版本。仅用于保持你的会话安全和故障诊断，不用于广告定位。

2.4 相机 / 麦克风 / 相册

• 相机：扫描商品条码、拍摄进货箱供 AI 识别商品。
• 麦克风：录制直播语音笔记并转为文字。
• 相册：在 AI 对话或培训笔记中附加图片。

授予权限不等于后台访问。除非你主动操作，否则 App 不会扫描你的相册或访问麦克风。

3. 你的数据存在哪里

• Supabase Inc.（数据库，US-West 区域）— 所有业务数据的主存储。
• Cloudflare Inc.（Workers + 边缘网络）— App 与 Supabase / AI 供应商之间的 API 代理。除短期请求日志外，Cloudflare 上不持久化任何数据。
• Anthropic PBC — 使用 AI 助手时，对话内容、附件图片、业务上下文会发送到 Anthropic Claude API 处理。Anthropic 声明默认情况下不用 API 客户数据训练模型；详见 anthropic.com/legal/privacy。
• OpenAI, L.L.C. — 录制语音笔记时，音频会发送到 OpenAI Whisper API 转写。OpenAI 声明默认不用 API 音频训练；详见 openai.com/policies/privacy。
• Brave Software — AI 深度模式联网搜索时，查询词通过 Anthropic 的 web-search 工具发送给 Brave，不包含个人身份信息。

Anthropic、OpenAI、Supabase 的 API 密钥作为 Cloudflare Worker 的环境变量存储，从不打包进 App 安装包。

4. 我们不做的事

• 我们不向第三方出售你的数据。
• 我们不在 App 内展示广告。
• 我们不跨 App / 网站追踪你。
• 我们不用你的数据训练任何 AI 模型。
• 我们不把你的数据共享给分析或营销平台。

5. 数据保留期限

业务记录（场次、销售、库存、财务）除非你删除，否则会一直保留，因为它们构成你的经营档案。

AI 对话历史在你设备上和服务器上保留，直到你删除该对话。删除对话会同时从两边清除。

语音录音仅存在你的设备上。转写结果（文字）作为对应销售记录的一部分存储。

Supabase 数据库备份保留 30 天用于灾难恢复，之后永久销毁。

6. 你的权利

你可以随时：

• 编辑或删除你创建的任何业务记录。
• 从 App 内删除 AI 对话历史。
• 发邮件到 luqi0722@gmail.com 申请导出或删除你的账号级数据，我们将在 30 天内回复。

加州居民（CCPA）、欧盟 / 英国居民（GDPR）及其他适用法域享有访问、更正、可携带等额外权利，邮件联系上述地址行使。

7. 儿童

本 App 面向 18 岁及以上的商业用户。我们不会有意收集 13 岁以下儿童的数据。

8. 安全

• 所有网络流量通过 HTTPS / TLS 1.2+ 加密传输。
• 密码使用 PBKDF2-SHA256（10 万次迭代）哈希。
• 会话令牌使用服务端密钥 HMAC 签名。
• 团队协作相关数据表启用了 Supabase 行级安全（RLS）。

我们遵循行业标准，但没有系统是绝对安全的。如果你怀疑存在安全问题，请发邮件至 luqi0722@gmail.com，我们将在 72 小时内回复。

9. 政策变更

我们会随 App 演进更新本政策。重大变更会在你下次登录时通过 App 内公告告知。最新版始终可在本页面查看。

10. 联系方式

隐私问题、请求或投诉：luqi0722@gmail.com