Seasonturn Privacy Policy · 时令隐私政策
English
Version 1.1 · Effective date: June 8, 2026
Operator / Data controller: Seasonturn, operated by an independent developer. Privacy contact: privacy@getshiling.com
Seasonturn (时令) helps you turn screenshots, pasted text, voice transcripts, and calendar notes into editable calendar candidates. This policy explains what the app processes during the Phase 1 TestFlight and early release period.
Summary
• We do not sell personal data, and we do not use third-party advertising SDKs or cross-app tracking (no IDFA, no App Tracking Transparency prompt).
• Calendar events and app records stay on your device and in Apple Calendar/EventKit unless you choose a cloud AI parsing action.
• When cloud AI parsing is used, the app sends text (OCR text, pasted text, or a voice transcript) to the Seasonturn backend at api.getshiling.com, which forwards the text to a third-party AI provider to generate structured calendar fields.
• Raw screenshots and audio files are not sent to the Seasonturn backend in the current release.
• All network traffic between the app and the backend is encrypted in transit (HTTPS/TLS).
Information processed by the app
Calendar and event content
Seasonturn stores local app records, EventKit mappings, candidate cards, settings, and calendar sync state on your device. The app's own records are stored locally on your device and are not synced to Seasonturn servers. When you save an event, the app writes it to Apple Calendar/EventKit; that calendar data is then handled by Apple and may sync across your devices through iCloud according to your Apple settings.
Screenshots, pasted text, and voice transcripts
If you choose screenshot, paste, text, or voice input, Seasonturn may process the extracted text to create editable event candidates. Screenshot OCR and speech transcription are performed by Apple system frameworks on the device before any cloud parsing. The backend accepts text requests only and rejects raw image or audio payloads.
Cloud AI parsing
If hybrid/cloud AI parsing is enabled and you request parsing, the app sends the relevant text, your locale/time-zone context, and limited request metadata (such as app version and a hashed device-integrity token) to the Seasonturn backend hosted on Cloudflare Workers at api.getshiling.com. The backend forwards the text to a third-party AI provider and returns structured calendar fields to the app. The app does not contact the AI provider directly. The current provider and its location are listed under "Current service providers" below.
Device integrity and security signals
For production builds, Seasonturn uses Apple App Attest to protect the backend from abuse. This involves challenge, attestation, assertion, token, and key-state data used to verify that requests come from a legitimate app instance. These signals are used only for security and abuse prevention, not to identify you personally.
Diagnostics and reliability data
The app uses Apple MetricKit to receive crash, hang, and performance diagnostics. In the current release, MetricKit payloads are stored locally by the app unless you choose to export or share diagnostics. The backend logs operational metrics such as route, status, request size, latency, token/cost counters, model alias, and a hashed token identifier. Backend audit logs are designed not to include raw calendar text, screenshots, or audio.
Purchases
If the app offers paid features, purchases and subscription status are handled by Apple through StoreKit / the App Store. Seasonturn does not collect or process your payment card details and does not operate a separate payment processor.
Legal basis for processing (EEA/UK)
Where the EU/UK GDPR applies, we rely on:
• Your consent — for cloud AI parsing of the text you submit, and for processing any sensitive details you choose to include. You can withdraw consent at any time by switching to on-device-only parsing.
• Our legitimate interests — for securing the backend (App Attest, rate limiting), preventing abuse, and maintaining reliability, in a way that does not store raw user content in audit logs.
• Performance of the service you request — for creating candidates and syncing accepted events to Apple Calendar/EventKit.
How information is used
Seasonturn uses the information above to:
• create editable calendar candidates;
• sync accepted events with Apple Calendar/EventKit;
• provide on-device fallback behavior when network or cloud parsing is unavailable;
• secure the backend with App Attest and rate limiting;
• monitor reliability, cost, and abuse without storing raw user content in audit logs.
Current service providers
Seasonturn relies on:
• Apple frameworks and services — EventKit, Speech, Vision/OCR, MetricKit, App Attest, and StoreKit.
• Cloudflare Workers — hosting for the Seasonturn backend.
• Third-party AI provider for cloud text parsing — currently OpenAI, located in the United States.
These providers process information only as needed to provide the functionality, security, and reliability described here. We may change or add AI providers; when we do, we will update this section and the effective date. (For a future mainland China edition, cloud parsing is intended to use a China-based AI provider — see "International processing".)
Your choices and rights
• You can choose on-device-only parsing for supported flows in the app's AI/privacy settings.
• You can decline Calendar, Photos, Microphone, or Speech permissions; some features may not work without the related permission.
• You can edit or reject AI-generated candidates before they are saved.
• You can delete local app data by deleting the app from your device. Events already saved to Apple Calendar may remain in Apple Calendar unless you delete them there or through Seasonturn.
Subject to applicable law (including the GDPR and California CCPA/CPRA), you may have the right to access, correct, delete, or export your personal data, to restrict or object to certain processing, and to withdraw consent. California residents have the right to know, delete, and correct personal information and to opt out of "sale" or "sharing" — note that we do not sell personal information and do not share it for cross-context behavioral advertising. We do not discriminate against you for exercising these rights. To make a request, contact privacy@getshiling.com. EEA/UK users may also lodge a complaint with their local data protection authority.
Data retention
• Local app data remains on your device unless deleted by you or by app behavior.
• Calendar data written to Apple Calendar is retained according to Apple Calendar/iCloud behavior and your settings.
• Backend operational logs are retained for no longer than 90 days; security and rate-limit state for no longer than 30 days.
• The third-party AI provider processes submitted text to return results; for the current provider (OpenAI), API-submitted data is not used to train its models by default and is retained for up to about 30 days for abuse monitoring before deletion, per the provider's terms.
• The backend is designed not to retain raw screenshots, audio files, or raw calendar text in audit logs.
Sensitive information and children
Seasonturn is intended for general productivity and family calendar organization, and is not directed to children under 13 (or the minimum age in your region). You may enter family, school, health, travel, or other sensitive information into calendar text. If you use cloud AI parsing, that text — including any sensitive details you include — is processed by the AI provider solely to produce calendar fields, on the basis of your explicit consent. Submit only information you are comfortable processing through the parsing mode you selected; choose on-device-only parsing for anything you prefer not to send.
International processing
Seasonturn's backend and service providers may process data in locations outside your country or region. For the current overseas edition, when you use cloud AI parsing your text is transferred to and processed by an AI provider in the United States; this transfer is based on your consent and, where required, appropriate safeguards. Phase 1 is intended for overseas TestFlight and early validation, not mainland China public commercialization. A future mainland China edition is intended to use a China-based AI provider so that parsing data is not transferred outside mainland China; that arrangement will be described in the edition that introduces it.
Changes
We may update this policy as Seasonturn changes. We will revise the version number and effective date above, and for material changes we will provide a prominent notice in the app or on this page.
Contact
Privacy contact: privacy@getshiling.com. For TestFlight builds, you can also use the TestFlight feedback channel or the support contact listed in App Store Connect.
中文
版本 1.1 · 生效日期:2026 年 6 月 8 日
运营者 / 数据控制者: Seasonturn(时令),由独立开发者运营。隐私联系方式: privacy@getshiling.com
时令(Seasonturn)帮助你把截图、粘贴文本、语音转写和日历笔记转成可编辑的日历候选。本政策说明 App 在第一阶段(Phase 1)TestFlight 及早期发布期间处理哪些信息。
中英文如有歧义,以英文版为准。
摘要
• 我们不出售个人数据,不使用第三方广告 SDK,也不做跨 App 追踪(无 IDFA,不弹"App 追踪透明度"授权)。
• 除非你主动发起云端 AI 解析,日历事件与 App 记录都保存在你的设备本地以及 Apple 日历/EventKit 中。
• 使用云端 AI 解析时,App 会把文本(OCR 文本、粘贴文本或语音转写)发送到时令后端 api.getshiling.com,后端再转发给第三方 AI 服务商以生成结构化日历字段。
• 当前版本不会把原始截图和音频文件发送到时令后端。
• App 与后端之间的网络通信均经传输层加密(HTTPS/TLS)。
App 处理的信息
日历与事件内容
时令把本地 App 记录、EventKit 映射、候选卡、设置和日历同步状态保存在你的设备上。App 自身的记录仅存于本地设备,不会同步到时令服务器。当你保存事件时,App 会将其写入 Apple 日历/EventKit;该日历数据随后由 Apple 处理,并可能依你的 Apple 设置通过 iCloud 在你的设备间同步。
截图、粘贴文本与语音转写
若你选择截图、粘贴、文本或语音输入,时令可能处理其中提取出的文本以生成可编辑的事件候选。截图 OCR 与语音转写均由 Apple 系统框架在设备端完成,先于任何云端解析。后端只接受文本请求,拒绝原始图片或音频负载。
云端 AI 解析
若启用混合/云端 AI 解析并由你发起解析,App 会把相关文本、你的地区/时区上下文,以及有限的请求元数据(如 App 版本和经哈希处理的设备完整性令牌)发送到托管于 Cloudflare Workers 的时令后端 api.getshiling.com。后端将文本转发给第三方 AI 服务商,并把结构化日历字段返回给 App。App 不会直接联系 AI 服务商。当前服务商及其所在地见下方"当前服务商"。
设备完整性与安全信号
对于生产版本,时令使用 Apple App Attest 保护后端免受滥用。这涉及 challenge、attestation、assertion、令牌与密钥状态等数据,用于验证请求来自合法的 App 实例。这些信号仅用于安全与防滥用,不用于识别你的个人身份。
诊断与可靠性数据
App 使用 Apple MetricKit 接收崩溃、卡顿和性能诊断。当前版本中,除非你选择导出或分享诊断,MetricKit 数据由 App 保存在本地。后端会记录运营指标,如路由、状态、请求大小、延迟、token/成本计数、模型别名,以及一个经哈希处理的令牌标识。后端审计日志的设计目标是不包含原始日历文本、截图或音频。
购买
如 App 提供付费功能,购买与订阅状态由 Apple 通过 StoreKit / App Store 处理。时令不收集或处理你的支付卡信息,也不运营独立的支付处理方。
处理的法律依据(欧盟/英国)
在适用欧盟/英国 GDPR 的情形下,我们依据:
• 你的同意 —— 用于对你提交文本的云端 AI 解析,以及处理你选择纳入的任何敏感信息。你可随时切换为仅设备端解析以撤回同意。
• 我们的正当利益 —— 用于保护后端(App Attest、限流)、防止滥用、维持可靠性,且不在审计日志中保存原始用户内容。
• 履行你所请求的服务 —— 用于生成候选并把已接受的事件同步到 Apple 日历/EventKit。
信息的用途
时令使用上述信息以:
• 生成可编辑的日历候选;
• 把已接受的事件同步到 Apple 日历/EventKit;
• 在网络或云端解析不可用时提供设备端兜底;
• 用 App Attest 与限流保护后端;
• 监控可靠性、成本与滥用,且不在审计日志中保存原始用户内容。
当前服务商
时令依赖:
• Apple 框架与服务 —— EventKit、Speech、Vision/OCR、MetricKit、App Attest 与 StoreKit。
• Cloudflare Workers —— 托管时令后端。
• 用于云端文本解析的第三方 AI 服务商 —— 当前为 OpenAI,位于美国。
这些服务商仅在为提供本政策所述功能、安全与可靠性所必需的范围内处理信息。我们可能更换或新增 AI 服务商;届时会更新本节与生效日期。(对于未来的中国大陆版本,云端解析拟使用位于中国境内的 AI 服务商 —— 见"跨境处理"。)
你的选择与权利
• 你可以在 App 的 AI/隐私设置中为支持的流程选择仅设备端解析。
• 你可以拒绝日历、照片、麦克风或语音权限;缺少相应权限时部分功能可能无法使用。
• 你可以在保存前编辑或拒绝 AI 生成的候选。
• 你可以通过从设备删除 App 来删除本地 App 数据。已保存到 Apple 日历的事件可能仍留在 Apple 日历中,除非你在那里或通过时令删除它们。
在适用法律(包括 GDPR 与加州 CCPA/CPRA)允许的范围内,你可能有权访问、更正、删除或导出你的个人数据,限制或反对某些处理,以及撤回同意。加州居民有权知悉、删除和更正个人信息,并有权选择退出"出售"或"共享"—— 请注意我们不出售个人信息,也不为跨情境行为广告而共享个人信息。你行使这些权利不会受到歧视性对待。如需提出请求,请联系 privacy@getshiling.com。欧盟/英国用户亦可向当地数据保护监管机构投诉。
数据留存
• 本地 App 数据会保留在你的设备上,直到你或 App 行为将其删除。
• 写入 Apple 日历的日历数据按 Apple 日历/iCloud 行为及你的设置留存。
• 后端运营日志的留存不超过 90 天;安全与限流状态不超过 30 天。
• 第三方 AI 服务商处理你提交的文本以返回结果;就当前服务商(OpenAI)而言,经 API 提交的数据默认不用于训练其模型,并依服务商条款为滥用监控最多保留约 30 天后删除。
• 后端的设计目标是不在审计日志中保留原始截图、音频文件或原始日历文本。
敏感信息与儿童
时令面向通用效率与家庭日历整理,并非面向 13 岁以下(或你所在地区最低年龄)的儿童。你可能会在日历文本中输入家庭、学校、健康、出行或其他敏感信息。若你使用云端 AI 解析,该文本(包括你纳入的任何敏感信息)将由 AI 服务商基于你的明示同意、仅为生成日历字段而处理。请只提交你愿意经所选解析模式处理的信息;对于你不希望发送的内容,请选择仅设备端解析。
跨境处理
时令的后端与服务商可能在你所在国家或地区之外处理数据。就当前的海外版本而言,当你使用云端 AI 解析时,你的文本会被传输至位于美国的 AI 服务商并在该处处理;此传输基于你的同意,并在必要时辅以适当保障措施。第一阶段面向海外 TestFlight 与早期验证,并非面向中国大陆的公开商业化。未来的中国大陆版本拟使用位于中国境内的 AI 服务商,使解析数据不传输至中国大陆境外;该安排将在引入它的版本中说明。
变更
我们可能随时令的变化更新本政策。我们会更新上方的版本号与生效日期;对于重大变更,我们会在 App 内或本页提供显著提示。
联系
隐私联系方式:privacy@getshiling.com。对于 TestFlight 版本,你也可以使用 TestFlight 反馈渠道或 App Store Connect 中列出的支持联系方式。
Public URL: https://getshiling.com/privacy