Privacy Policy 隱私政策

Important Disclaimer

DappGo is not a registered investment advisor, broker-dealer, bank, or financial services provider in any jurisdiction. All content (AI analysis, signals, insights, technical indicators, verdict labels, options strategies) is for educational and informational purposes only and does NOT constitute investment advice, instructions to buy or sell any security, personal financial or tax counsel, or financial services of any kind. Past performance does not predict future results. All investments carry risk including loss of principal. Consult a licensed financial advisor before making decisions.

Who we are

DappGo is operated by Yan Long Lai (doing business as DappGo) as a sole proprietor, primarily based in California, United States. This statement will be updated if the operating entity changes.

Controller: Yan Long Lai (DBA DappGo), sole proprietor based in California, United States. Contact: admin@dappgo.com. A postal mailing address is available on request via the contact email.

What we collect

App usage

• Anonymous Firebase uid (auto-generated by Firebase Anonymous Auth, stored on device) — used to link in-app events, push registration, and feedback to the same device; not linked to your name or email, resets when the app is reinstalled.
• Behavioural events: which tabs/reports you open, which strikes you tap — to compute aggregate "hot strikes". Watchlist/portfolio/trade content is never uploaded.

Subscription email

• Email address — only collected when you opt-in via the website popup, used to send the daily report.
• Language preference and subscription date.

Form submissions

When you voluntarily submit via the website Contact Form (business inquiries) or the In-App Feedback Form (product feedback), we receive the content you fill in:

• Contact Form: Company / Name / Email / Message / Phone (optional).
• Feedback Form: Email (optional) / Product / Type / Message / App version (optional).

Form data is processed by Google Forms (Google as DappGo's data processor), stored in Google Workspace under admin@dappgo.com, retained for 3 years (then permanently deleted — all identifying fields removed; no re-identifiable data is retained), and used only to reply to your submission and improve the product. Never used for marketing or shared with third parties.

Website analytics

The site uses Google Analytics 4 with automatic IP anonymization. We don't do cross-site tracking, and we don't set non-essential cookies for marketing or advertising. Use private browsing, an ad blocker, or DNT to opt out.

Firestore collections stored on our backend

The app obtains an anonymous uid via Firebase Anonymous Authentication. This uid is a random identifier issued by Firebase that does not contain your name, email, Apple ID, or any directly-identifying information; under GDPR Article 4(5) it qualifies as a "pseudonymous identifier". The uid is reset when you reinstall the app or tap "Delete my data".

To make the app work, we store the following collections in Google Firestore (Firebase acts as data processor):

• events/ — anonymous user-event log: uid, event type, timestamp, market (TW/US/options), optional ticker / screen / strike. Used for product analytics (top tickers, DAU, push CTR). Retention: 30 days raw, 90 days aggregated.
• feedback/ — user-submitted text feedback from the in-app Feedback form: uid, category, rating, body, app version. Used for product improvement and audit. Retention: identifying fields removed after 3 years.
• users/{uid} — APNs device token, notification preferences, locale, device_tz, bundle_id, markets_subscribed. The APNs token is a per-device opaque identifier issued by Apple and is not a personal identifier. Retention: until you opt out of notifications or delete your data.
• push_log/ — record of push delivery attempts: uid, market, outcome (success/failure), timestamp. Used for debugging and delivery-quality monitoring. Retention: 30+ days as needed for debugging.
• iv_history/{ticker} — per-ticker daily IV snapshot. Not user-scoped, no privacy impact.

You can tap the "Delete my data" button in the app's Settings at any time to immediately clear all Firestore documents tied to your uid. For more advanced requests (export, field-level correction), email admin@dappgo.com.

AI Processing

DappGo uses third-party large language models (Google Gemini) to generate analysis and insights on public market data. Key points:

• AI prompts contain ONLY public market data (prices, volume, earnings, news headlines) — never your personal info, watchlist, form submissions, or app usage.
• AI-generated content is the model's interpretation of public data and does NOT constitute investment advice or a substitute for professional counsel.
• We do NOT use your data to train any ML model.
• Third-party AI provider: Google Gemini API (processed under Google's Privacy Policy).

What we DON'T collect

• No location, contacts, photos, microphone, camera, or audio data.
• No tracking across other apps or websites — ATT prompt not required.
• No advertising IDs (IDFA / AAID).
• No user-input financial info. We only analyze public market data — no broker connection, no portfolio input required.
• We don't use your data to train ML models, and we don't sell or rent it.

Third parties

• Google Analytics 4 (privacy, Google LLC) — anonymized website visitor analytics; IP anonymization enabled; US data center.
• Firebase Analytics (GA4 in-app) — retired on 2026-05-18; the app no longer calls @react-native-firebase/analytics. All in-app event analytics now flow through the Firestore collections described below.
• Firebase Firestore & Anonymous Auth (Google LLC) — backend database storing the collections listed under §"Firestore collections stored on our backend" (events / feedback / users / push_log / iv_history). US data center (multi-region nam5); EU transfers governed by Google's DPF certification and SCCs in the Firebase DPA. Purpose: product analytics, push routing, user-preference storage.
• Apple Push Notification Service (APNs) (Apple Inc.) — delivers push notifications to your device. We store the opaque APNs device token Apple provides in users/{uid} and send notification payloads via Apple's servers. Apple does not disclose your Apple ID to us. Governed by Apple's privacy policy.
• Google Forms (Google LLC) — processes Contact and Feedback form submissions on DappGo's behalf.
• Google Workspace (Google LLC) — admin@dappgo.com mailbox, Drive storage of form responses, Apps Script for scheduled tasks (weekly digest, daily report sending).
• Google Gemini API (Google LLC) — AI analysis on public market data only (no personal data); see "AI Processing" above.
• GitHub Pages / GitHub Inc. (Microsoft Corp.) — hosts this website; subscriber list stored in a private repository; US data center. GitHub (Microsoft) is the data processor for the stored subscriber list; processing is governed by GitHub's Data Protection Agreement at https://github.com/customer-terms/data-protection-agreement and Microsoft's DPF certification.
• jsDelivr — CDN serving daily report JSON files.
• Subscription flow — Subscription emails are collected via Google Forms (data residency follows Google Workspace; governed by Google's DPA). FormSubmit has been removed from the data flow as of 2026-05-10.
• Apple Inc. (via App Store and TestFlight) — distribution; if paid subscriptions launch, payments will be processed via Apple In-App Purchase (see §Subscriptions).

Data retention

• Form submissions (Contact / Feedback): permanently deleted 3 years after receipt — name, email, and any identifying fields are removed; no re-identifiable data is retained.
• Subscription email: until you unsubscribe.

International transfers

Some service providers (GitHub, Google) process data outside the EU (primarily US). These transfers rely on:

• Standard Contractual Clauses (SCCs) — in place with all vendors via their data processing addenda.
• EU-US Data Privacy Framework certification (Google, Microsoft / GitHub).

If you are an EU user and prefer your data not to leave the EU, contact admin@dappgo.com.

Should the EU-US Data Privacy Framework adequacy decision be suspended or invalidated, transfers will continue under the Standard Contractual Clauses (SCCs) incorporated in each vendor's Data Processing Agreement, without interruption.

Your rights

• In-app "Delete my data" button: The app's Settings screen exposes a one-tap delete button that immediately purges every Firestore document tied to your anonymous uid (events, feedback, users/{uid}, push_log). This is the fastest, most direct way to exercise the right to erasure.
• GDPR (EU users, Arts. 15–22): you may exercise the right of access (Art. 15), rectification (Art. 16), erasure / right to be forgotten (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and the right to not be subject to automated decision-making (Art. 22). Use the in-app "Delete my data" button (for erasure) or email admin@dappgo.com for any other right. We reply within 30 days of a verifiable request. You also have the right to lodge a complaint with your local EU supervisory authority — directory at https://edpb.europa.eu/about-edpb/board/members_en.
• CCPA / CPRA (California users, §1798.100 et seq.): you may exercise the right to know (§1798.110), delete (§1798.105), correct (§1798.106), limit use of sensitive personal information (§1798.121), and opt out of sale/sharing (§1798.120) — we do not sell or share. Use the in-app "Delete my data" button or email admin@dappgo.com.
• Response time limits: Time limits for responding to access/deletion requests are calculated from the date we receive a verifiable request, in accordance with GDPR Article 12(3) (1 month, extendable by 2 additional months for complex requests) and CCPA §1798.130 (45 days, extendable once).
• Unsubscribe by replying unsubscribe or emailing admin@dappgo.com.

Legal Basis for Processing (Art. 6 GDPR)

• Anonymous usage analytics via Firebase Firestore: Article 6(1)(f) — legitimate interests in product improvement. Use the in-app "Settings → Delete my data" button to immediately purge every events document tied to your anonymous uid, or email admin@dappgo.com to object.
• Voluntary feedback / contact form submissions: Article 6(1)(a) (explicit consent) or Article 6(1)(b) GDPR where the submission relates to a business inquiry (pre-contractual steps). You may withdraw consent at any time by emailing admin@dappgo.com requesting deletion of any submitted information.
• Email newsletter subscription (when implemented): Article 6(1)(a) — explicit opt-in. Unsubscribe link in every email.
• Website analytics via Google Analytics 4: Article 6(1)(f) — legitimate interests in website performance. You can opt out via your browser's "do not track" settings or by blocking GA cookies.
• AI commentary via Google Gemini: Article 6(1)(f) GDPR — legitimate interests in providing core app functionality. Prompts contain only public market data (no personal information, no user identifiers, no behavioral data). Google's processing is governed by their AI/ML terms; outputs are returned to our engine and rendered to all users identically — no per-user training.

Children & COPPA

DappGo's App Store age rating is 4+ across all platforms (iPhone, iPad, Mac, Vision Pro). The data we collect from any user — including minors under 13 — is an anonymous Firebase uid plus the associated event records described in §"Firestore collections stored on our backend", along with optional crash reports that do not contain personal information. We do not collect names, email addresses, location, or any other directly-identifying personal information at install or use. We do not knowingly collect personal information from children under 13 within the meaning of COPPA. The in-app Feedback form displays a prominent warning — "This app contains investment-related content and is not intended for users under 18. Do not submit any personally identifiable information." — as a product-level mitigation. A child or parent who believes personal information has been collected may contact us at admin@dappgo.com; we will review and delete within 30 days.

Security

Subscriber emails and form responses are stored under the admin@dappgo.com Workspace (private GitHub repo and Google Drive), accessible only by the DappGo operator. All transit is HTTPS/TLS. We don't operate our own application servers; all processing is done by the third-party vendors listed above under their privacy practices and our data processing agreements.

Subscriptions & Paid Features (future)

DappGo App and daily reports are currently free. Paid subscription tiers may launch in the future to expand features. When paid features go live:

• App Store subscriptions are processed by Apple In-App Purchase. Apple is the payment processor between you and us; we never receive your credit card or bank info.
• We receive an anonymous receipt token from Apple to verify your subscription status. Receipts do NOT contain your Apple ID or contact info.
• Cancel or refund subscriptions via Apple Settings → Apple ID → Subscriptions, per Apple's standard terms.
• EU users have a 14-day cooling-off period; refund requests through Apple.
• Any pricing or feature changes will be notified in advance and require re-confirmation.

Changes

Material changes will be announced on this page. We will:

• Update the "Last updated" date above;
• Notify email subscribers via the daily report footer;
• Display a one-time prompt in-app on launch when a new policy version is detected.

For material changes that affect consent-based processing (e.g., introducing a new data use for an existing data type), we will request affirmative re-consent rather than relying on passive notification. We recommend reviewing this page periodically.

Contact

Questions about privacy or your data: email admin@dappgo.com. Reply within 30 days of a reasonable verifiable request.