This Data Privacy Policy ("Privacy Policy" or this "Policy") represents the standards that Shanghai Blue Whale Technology Co., Ltd. and its affiliates (operating as "Whaletech AI", "we", "our", "us") have set with respect to data privacy, for ensuring that we collect, use, retain and disclose Personal Data in a fair, transparent and secure manner.
This Policy aligns with the main requirements of applicable laws and regulations, including the Personal Information Protection Law of the People's Republic of China (PIPL), the General Data Protection Regulation (GDPR) of the European Union, and other applicable local data protection laws.
In the event of a conflict between this Privacy Policy and applicable local law, the local law shall prevail.
本数据隐私政策("隐私政策"或本"政策")是上海蓝色鲸鱼科技有限公司及其关联公司(以"鲸鱼 AI"、"我们"名义运营)就数据隐私所设定的标准,用以确保我们以公平、透明和安全的方式收集、使用、保留和披露个人数据。
本政策遵循相关法律法规的主要要求,包括《中华人民共和国个人信息保护法》(PIPL)、欧盟《通用数据保护条例》(GDPR)以及其他适用的当地数据保护法律。
如本隐私政策与适用的当地法律冲突,以当地法律为准。
1. Scope
This Policy covers all Personal Data in any form, including electronic data and documents, and all types of processing, whether manual or automated, that is in Whaletech AI's possession or under its control. This includes information held about users, customers, partners, employees, contractors, suppliers, business contacts and any third parties.
This Policy applies to all products and services provided by Whaletech AI, including:
- Whale Excel — AI-powered add-in for Microsoft Excel
- Related websites, APIs, and backend services operated by Whaletech AI
- Any future products or services offered under the Whaletech AI brand
1. 适用范围
本政策涵盖我们持有或控制的任何形式的个人数据,包括电子数据和文档,以及所有类型的处理活动(无论是人工的还是自动化的)。这包括有关用户、客户、合作伙伴、员工、承包商、供应商、业务联系人及任何第三方的信息。
本政策适用于鲸鱼 AI 提供的所有产品和服务,包括:
- 鲸鱼 Excel — 基于 AI 的 Microsoft Excel 加载项
- 鲸鱼 AI 运营的相关网站、API 以及后端服务
- 以鲸鱼 AI 品牌推出的任何未来产品或服务
2. Definitions
- Whaletech AI / Company — Shanghai Blue Whale Technology Co., Ltd. and its affiliates, the relevant entity processing the Personal Data.
- Third Party — a third party or business partner who receives Personal Data from Whaletech AI, including suppliers, AI model providers, payment processors and other service providers.
- Data Subject — an identified or identifiable natural person whose Personal Data is being processed.
- Personal Data — any information enabling identification of a natural person, directly or indirectly, including name, email, phone number, account identifiers, usage data, and device information.
- Application Data — any Personal Data processed by our Services as part of providing the service, including spreadsheet content, chat messages, and file attachments.
- Processing — any operation performed upon Personal Data, including collection, storage, use, disclosure, deletion, and destruction.
- Services — the products and services provided by Whaletech AI, including Whale Excel.
2. 定义
- 鲸鱼 AI / 公司 — 上海蓝色鲸鱼科技有限公司及其关联公司,即处理个人数据的相关实体。
- 第三方 — 从鲸鱼 AI 接收个人数据的第三方或业务合作伙伴,包括供应商、AI 模型提供商、支付处理商及其他服务提供商。
- 数据主体 — 被处理个人数据的已识别或可识别的自然人。
- 个人数据 — 能够直接或间接识别自然人的任何信息,包括姓名、邮箱、电话号码、账户标识符、使用数据以及设备信息。
- 应用数据 — 在提供服务过程中被我们处理的任何个人数据,包括表格内容、聊天消息以及文件附件。
- 处理 — 对个人数据进行的任何操作,包括收集、存储、使用、披露、删除和销毁。
- 服务 — 鲸鱼 AI 提供的产品和服务,包括鲸鱼 Excel。
3. Information We Collect
3.1 Account Information
When you create an account, we collect your email address, display name, and authentication credentials through our identity provider. If you sign in via social login (e.g., WeChat, Google), we receive your public profile information from that provider.
3.2 Application Data (Spreadsheet and Chat)
To provide AI-powered assistance, Whale Excel processes the following data: cell values, formulas, and formatting; sheet names, row/column dimensions, and selected ranges; chat messages and prompts; AI responses; and tool-call inputs and results.
Application Data — your spreadsheet content, prompts, AI responses, and tool-call results — is stored on our servers (Neon Postgres, hosted in Singapore) so your chat history is available across sessions and devices. Chat threads and messages are retained while your account is active; you can delete individual threads at any time from the in-product menu. Anonymous trial messages are pinned to a per-browser identifier and are not carried over when you sign up for an account.
3.3 Usage and Analytics Data
We collect basic usage metrics to improve service quality and enforce usage quotas: AI call counts (daily, per user), feature usage frequency, error logs, and session metadata (timestamps, not content).
3.4 Payment Information
If you purchase a subscription, payment is processed by third-party providers (WeChat Pay, Alipay). We store transaction records (amount, status, plan, date) for accounting purposes but do not store your payment credentials, bank card numbers, or payment passwords.
3.5 Technical Data
We may automatically collect browser type, operating system, IP address, and device identifiers, used solely for security, debugging, and service improvement.
3. 我们收集的信息
3.1 账户信息
当您创建账户时,我们通过身份提供商收集您的邮箱地址、显示名称和认证凭据。如果您通过第三方登录(如微信、Google)登录,我们将从该提供商接收您的公开个人资料信息。
3.2 应用数据(表格和聊天)
为提供 AI 辅助功能,鲸鱼 Excel 会处理以下数据:单元格值、公式和格式;工作表名称、行/列尺寸和选定区域;聊天消息和提示词;AI 响应;以及工具调用的输入与结果。
应用数据 — 您的表格内容、提示词、AI 响应和工具调用结果 — 存储在我们的服务器上(Neon Postgres,托管于新加坡),以便您的聊天记录可在不同会话和设备间访问。聊天会话与消息在您的账户有效期内保留;您可随时通过产品内菜单删除单个会话。匿名试用消息以浏览器级标识符为锚点,注册账户时不会迁移到您的账户。
3.3 使用和分析数据
我们收集基本的使用指标以提升服务质量并实施用量控制:AI 调用次数(每日、按用户)、功能使用频率、错误日志以及会话元数据(时间戳,不含内容)。
3.4 支付信息
如果您购买订阅,支付由第三方支付机构(微信支付、支付宝)处理。我们出于会计目的存储交易记录(金额、状态、方案、日期),但不会存储您的支付凭据、银行卡号或支付密码。
3.5 技术数据
我们可能会自动收集浏览器类型、操作系统、IP 地址和设备标识符,仅用于安全、调试和服务改进。
4. Lawfulness, Fairness and Transparency
We will only use Personal Data on the basis of one or more of the following legal grounds:
- Performance of a contract — to provide our Services to you.
- Legal obligation — to comply with applicable laws or regulations.
- Legitimate interest — where we have a business need (e.g., improving service quality, preventing fraud), except where overridden by your rights.
- Consent — where specifically required by law. You may withdraw consent at any time without affecting the lawfulness of prior processing.
4. 合法性、公正性与透明度
我们仅基于以下一项或多项法律依据处理个人数据:
- 履行合同 — 向您提供服务。
- 法律义务 — 遵守适用法律法规。
- 合法利益 — 我们有正当业务需要(如改进服务质量、防止欺诈),除非您的权利优先。
- 同意 — 法律特别要求时。您可随时撤回同意,不影响此前基于同意所进行处理的合法性。
5. Purpose Limitation and Data Minimization
Personal Data is collected and processed only for specified, explicit and legitimate purposes. We use your information to:
- Process your requests and generate AI-powered responses
- Authenticate your identity and manage your account
- Process payments and manage subscriptions
- Enforce usage quotas and prevent abuse
- Improve service quality and reliability
- Communicate about service updates or support
- Comply with legal obligations
5. 目的限制与数据最小化
个人数据仅为特定、明确和合法的目的进行收集和处理。我们将您的信息用于:
- 处理您的请求并生成 AI 响应
- 验证您的身份并管理您的账户
- 处理付款和管理订阅
- 实施用量控制并防止滥用
- 提升服务质量和可靠性
- 就服务更新或支持与您沟通
- 遵守法律义务
6. Third-Party Services and Data Disclosure
We do not sell, trade, or rent your Personal Data. We use the following Third-Party service providers:
- AI inference provider — We send your prompts and selected spreadsheet context to our AI inference provider for response generation; the provider processes the request, returns a response, and does not use your data to train models.
- WeChat Pay / Alipay — Payment processing. Data shared: transaction amount, order ID (no personal financial credentials).
6. 第三方服务与数据披露
我们不会出售、交易或出租您的个人数据。我们使用以下第三方服务提供商:
- AI 推理服务商 — 我们将您的提示词和所选表格上下文发送至我们的 AI 推理服务商用于生成响应;服务商处理请求并返回响应,且不会将您的数据用于模型训练。
- 微信支付 / 支付宝 — 支付处理。共享数据:交易金额、订单 ID(不含个人金融凭据)。
7. Security and Confidentiality Measures
We protect Personal Data using industry-standard technical and organizational measures:
- All communication is encrypted via HTTPS/TLS
- Authentication via OIDC/OAuth 2.0 with PKCE
- Credentials and API keys stored as environment variables, never in source code
- Database in isolated private Docker network, no external port exposure
- Server ports bound to localhost only, accessible via encrypted tunnels
- Admin APIs protected by constant-time token comparison
7. 安全与保密措施
我们采用行业标准的技术和组织措施保护个人数据:
- 所有通信均通过 HTTPS/TLS 加密
- 身份认证通过 OIDC/OAuth 2.0 + PKCE 协议
- 凭据和 API 密钥作为环境变量存储,从不写入源代码
- 数据库部署在隔离的私有 Docker 网络中,不对外暴露端口
- 服务器端口仅绑定 localhost,通过加密隧道访问
- 管理 API 采用恒定时间令牌比较以防止计时攻击
8. Data Retention
We retain the following categories of data for the durations described:
- Chat threads & messages — title, content (JSONB), role, tokens, model. Retention: while your account is active; user-deletable per-thread from the in-product menu.
- Per-request audit log (
llm_call_events) — model, provider, outcome, duration, request id. Retention: 90 days. - Usage counters (
usage_daily) — per-day request count by metric. Retention: rolling 7 days for active quota enforcement; longer in aggregate for analytics. - Anonymous trial rows — per-browser identifier and trial counter. Retention: retained until manually pruned; not migrated to your account on sign-up.
- Account information — email, display name, authentication identifiers. Retention: while your account is active.
- Payment & subscription records — amount, status, plan, date, order id. Retention: retained for accounting and legal compliance.
- Error logs — stack traces and request metadata (no content). Retention: up to 90 days.
8. 数据保留期
我们按以下类别和时长保留数据:
- 聊天会话与消息 — 标题、内容(JSONB)、角色、token 数、模型。保留期:账户有效期内;可通过产品内菜单逐个删除会话。
- 逐次请求审计日志(
llm_call_events)— 模型、提供商、结果、耗时、请求 ID。保留期:90 天。 - 用量计数器(
usage_daily)— 按指标统计的每日请求次数。保留期:用于额度执行的滚动 7 天;用于分析的聚合数据保留时间更长。 - 匿名试用记录 — 浏览器级标识符与试用计数。保留期:保留至手动清理;注册账户后不会迁移到您的账户。
- 账户信息 — 邮箱、显示名称、认证标识符。保留期:账户有效期内。
- 支付与订阅记录 — 金额、状态、方案、日期、订单 ID。保留期:为会计和法律合规保留。
- 错误日志 — 堆栈跟踪与请求元数据(不含内容)。保留期:最多 90 天。
9. Your Rights as a Data Subject
Depending on your jurisdiction, you may have the following rights:
- Right of Access — request access to the Personal Data we hold about you.
- Right to Rectification — request correction of incomplete or inaccurate data.
- Right to Erasure — request deletion of your Personal Data.
- Right to Restriction — request that we restrict processing of your data.
- Right to Data Portability — receive your data in a structured, machine-readable format.
- Right to Object — object to processing based on legitimate interest or direct marketing.
- Right to Withdraw Consent — withdraw consent at any time.
To exercise these rights, contact us at info@whaletech.ai.
9. 您作为数据主体的权利
根据您所在的司法管辖区,您可能享有以下权利:
- 访问权 — 请求访问我们持有的您的个人数据。
- 更正权 — 请求更正不完整或不准确的数据。
- 删除权 — 请求删除您的个人数据。
- 限制处理权 — 请求限制我们对您数据的处理。
- 数据可携带权 — 以结构化、机器可读的格式接收您的数据。
- 反对权 — 反对基于合法利益或直接营销的处理。
- 撤回同意权 — 随时撤回您的同意。
如需行使上述权利,请联系 info@whaletech.ai。
10. Children's Privacy
Our Services are intended for users aged 13 and above. We do not knowingly collect Personal Data from children under 13. If you believe a child under 13 has provided us with Personal Data, please contact us at info@whaletech.ai.
10. 未成年人隐私
我们的服务面向 13 岁及以上的用户。我们不会故意收集 13 岁以下儿童的个人数据。如您认为 13 岁以下儿童向我们提供了个人数据,请联系 info@whaletech.ai。
11. International Data Transfers
Your data may be processed in countries other than your country of residence, including where AI model processing servers are located. We implement appropriate safeguards including contractual obligations with recipients, encryption in transit and at rest, and compliance with cross-border transfer requirements under PIPL and GDPR where applicable.
11. 跨境数据传输
您的数据可能在您居住地以外的国家/地区被处理,包括 AI 模型处理服务器所在的国家/地区。我们采取适当保障措施,包括与接收方签订合同义务、传输和静态加密,以及遵守 PIPL 和 GDPR(如适用)的跨境传输要求。
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of our Services after changes constitutes acceptance of the updated Policy.
12. 本政策的变更
我们可能不时更新本隐私政策。我们将通过更新本页顶部的"最后更新"日期通知您重大变更。变更后您继续使用我们的服务即表示接受更新后的政策。
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:
Shanghai Blue Whale Technology Co., Ltd.
Operating as: Whaletech AI
Address: Room 604, 6th Floor, Moli Community, Tower T1, Gate of Science, No. 1750 Zhongke Road, Pudong New Area, Shanghai, China
Email: info@whaletech.ai
Website: spreadsheet.whaletech.ai
13. 联系我们
如您对本隐私政策有任何问题、疑虑或请求,请联系:
上海蓝色鲸鱼科技有限公司
运营名称:鲸鱼 AI(Whaletech AI)
地址:中国上海市浦东新区中科路 1750 号科学之门 T1 塔楼 6 楼 604 室 磨砺社区
邮箱:info@whaletech.ai
网站:spreadsheet.whaletech.ai