Privacy Policy

Effective Date: January 1, 2025
Last Updated: May 5, 2025

Welcome to Breeze Pixel Studio (hereinafter referred to as "this App"). We understand the importance of your personal information and will protect your personal information and privacy in accordance with applicable laws and regulations. Please read and fully understand this Privacy Policy before using this App.

This Privacy Policy applies to the Breeze Pixel Studio client (including iOS, Android, Web, Windows, macOS, Linux and other platform versions) and related services.

1. How We Collect and Use Your Personal Information

1.1 Registration and Account

When you register an account, we need to collect the following information:

Information Type	Required	Purpose
Username	Yes	Unique account identifier for login
Password	Yes	Account security verification, stored using PBKDF2 encryption
Nickname	Yes	Community display name
Email	No	Account security verification, password reset, account deletion confirmation

1.2 Personal Profile

While using this App, you may voluntarily provide the following personal profile information:

Avatar: For personal homepage and community display
Background image: For personal homepage decoration
Gender: For personal homepage display (options: Unknown/Male/Female)
Bio: For personal homepage display
Title: Virtual titles earned through levels, achievements, events, memberships, etc.

All of the above information is provided voluntarily, and you may modify or delete it at any time.

1.3 Device Information

To ensure stable service operation and optimize user experience, we collect the following device information:

Device identifier: UUID v4 generated when the app is first launched, stored locally for session tracking and device binding
Operating system version: e.g., Android 14, iOS 17
Device model: e.g., Samsung Galaxy S24, iPhone 15 Pro
App version: Currently installed app version
Platform type: Android / iOS / Web / Windows / macOS / Linux

The above information is reported only when the app starts or returns to the foreground, and is used for:

Tracking app usage (session start/end, session duration)
Maintaining session heartbeat (every 30 seconds)
Binding device to user account after login

1.4 Usage Records

We record the following usage behavior data:

Session records: App start time, usage duration, session ID
Login records: Last login time
Interaction data: Followers/following count, artwork count, likes received, favorites count
Notification records: Read/unread status of system notifications and interaction notifications

1.5 User Creative Content

When you create and share using this App, we process the following content:

Pixel art works: Canvas data, project files, exported images
Collections: Artwork collection information
Topics: Topic creation and participation information

The above content is uploaded to the server when you actively publish it. Unpublished works are stored only on your local device.

1.6 Images and Files

We access your images and files in the following scenarios:

Selecting images from gallery: For creation reference images, avatar upload, background image upload
Taking photos: For creation reference images (requires camera permission)
Saving images to gallery: Exporting/saving created pixel art works
Selecting files: On desktop platforms (Windows/macOS/Linux) for selecting local image files

2. How We Use Permissions

2.1 Android Permissions

Permission	API Level	Purpose	Can Be Denied
`READ_MEDIA_IMAGES`	Android 13+	Read gallery images as reference or upload avatar/background	Yes, but image selection will be unavailable
`READ_EXTERNAL_STORAGE`	Android 12 and below	Read images from external storage	Yes, but image selection will be unavailable
Camera (runtime)	All	Take photos as reference images	Yes, but photo capture will be unavailable

2.2 iOS Permissions

Permission	Purpose	Can Be Denied
`NSPhotoLibraryUsageDescription`	Access photo library to select reference images, which help you as visual reference when drawing pixel art	Yes, but image selection will be unavailable
`NSPhotoLibraryAddUsageDescription`	Save images to photo library	Yes, but saving to library will be unavailable
Camera (runtime)	Take photos as reference images	Yes, but photo capture will be unavailable

2.3 Permission Notes

All permissions require your active authorization; we will not access relevant features without authorization
You can revoke granted permissions at any time in system settings
Denying permissions will not affect other app features, only the specific features that depend on that permission
Before requesting sensitive permissions (such as camera), we will display a dialog explaining the purpose

3. How We Store and Protect Your Personal Information

3.1 Information Storage Methods

Local Storage

SharedPreferences: Used to store authentication tokens (Access Token, Refresh Token) and device identifiers
SQLite database: Used to store local pixel art documents, animation frames, assets, and other creative data

Data stored locally does not leave your device (unless you actively upload and sync).

Server Storage

Cloudflare D1 database: Stores user account information, personal profiles, social relationships, artwork metadata, etc.
Cloudflare R2 object storage: Stores user-uploaded image files (avatars, background images, artwork images, etc.)
Cloudflare KV: Stores Refresh Tokens for server-side token revocation verification

Servers are located on Cloudflare's global edge network, with all data transmission encrypted via TLS.

3.2 Security Measures

We take the following measures to protect your personal information security:

Password protection: PBKDF2 algorithm (100,000 iterations) with salted hash storage; the server does not store plaintext passwords
Token security:
- Access Token valid for 7 days, signed with HS256
- Refresh Token valid for 30 days, using token rotation mechanism (old tokens automatically invalidated after use)
- Refresh Token record in KV deleted on logout, implementing server-side token revocation
- Automatic seamless token refresh when tokens expire; requests queue during refresh
Transmission encryption: All network communication uses HTTPS (TLS) encrypted transmission
Minimal privilege: API requests carry authentication tokens only when needed; public endpoints do not require authentication
Account deletion: Supports account deletion with a cooling-off period during which you can cancel the deletion

3.3 Data Retention Period

Account information: Retained during your use of the App; deleted or anonymized after account deletion
Authentication tokens: Access Token expires after 7 days; Refresh Token expires after 30 days or is deleted on logout
Device identifiers: Stored locally; automatically deleted when the app is uninstalled
Session data: Used for statistical analysis, retained for no more than 180 days
Creative content: Retained until you delete it or your account is deleted

We do not sell your personal information to any third party. We may share your information in the following circumstances:

Service providers: We use Cloudflare for server hosting, database, object storage, and CDN services. Cloudflare only processes your data as necessary to provide these services
Legal requirements: We may need to share your information as required by laws, regulations, litigation, or government mandatory requirements

4.2 Public Disclosure

The following information may be visible to other users:

Public profile: Nickname, avatar, gender, bio, current title, level, followers/following/artwork/likes/favorites count
Public works: Works you have published as public
Public collections: Collections you have created
Social relationships: Following list, followers list

You can control whether your works are visible to other users by setting work visibility (public/private).

We do not share the following information with third parties:

Your password (encrypted storage, no one can view the plaintext)
Your authentication tokens
Your email address (not displayed to other users)
Your device identifiers
Your unpublished works

5. Your Rights

5.1 Access and Correction

You have the right to access and correct your personal information through the following methods:

Personal profile: View and modify nickname, avatar, background image, gender, bio on the "Edit Profile" page
Email: Change bound email in account settings (verification code confirmation required)
Artwork management: View, edit, and delete your published works

5.2 Deletion

Artwork deletion: You can delete published works and collections
Account deletion: You can apply for account deletion in account settings
- After submitting a deletion request, a cooling-off period begins (specific duration as indicated in the app)
- During the cooling-off period, you can log in and cancel the deletion
- After the cooling-off period ends, the account and associated data will be permanently deleted

5.3 Permission Revocation

You can revoke granted permissions at any time in your device's system settings:

Android: Settings → Apps → Breeze Pixel Studio → Permissions
iOS: Settings → Privacy & Security → Corresponding permission

5.4 Data Export

You can export locally stored pixel art work files (.pxa format or image format), but batch export of server-side data is not currently supported.

6. Protection of Minors

We attach great importance to the protection of minors' personal information. If you are a minor under the age of 14, please use this App under the guidance and supervision of a guardian, and obtain your guardian's consent before registering and providing personal information.

If we discover that we have collected a minor's personal information without obtaining the guardian's consent, we will delete the relevant information as soon as possible.

7. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time. The updated Privacy Policy will be notified to you through in-app announcements or other appropriate means. For major changes, we will provide more prominent notifications.

If you continue to use this App after the Privacy Policy is updated, it means you agree to be bound by the revised Privacy Policy.

8. Contact Us

If you have any questions, opinions, or suggestions about this Privacy Policy, you can contact us through the following methods:

In-app feedback: Submit through the in-app feedback feature
Email: Please contact us through the contact information published in the app

We will respond to your request within 15 business days.

Appendix: Third-Party SDK List

The third-party SDKs integrated in this App and the information they may collect are as follows:

SDK Name	Purpose	Information Possibly Collected	Privacy Policy
Flutter Framework	App development framework	Device info, app info	https://flutter.dev/privacy
image_picker	Image selection	Gallery access (requires authorization)	https://pub.dev/packages/image_picker
file_picker	File selection (desktop)	File access (requires user action)	https://pub.dev/packages/file_picker
share_plus	System sharing	Does not collect personal information	https://pub.dev/packages/share_plus
permission_handler	Permission management	Does not collect personal information	https://pub.dev/packages/permission_handler
url_launcher	Open external links	Does not collect personal information	https://pub.dev/packages/url_launcher
shared_preferences	Local key-value storage	Does not collect personal information	https://pub.dev/packages/shared_preferences
sqflite	Local database	Does not collect personal information	https://pub.dev/packages/sqflite
device_info_plus	Device information	Device model, system version	https://pub.dev/packages/device_info_plus
package_info_plus	App information	App version number	https://pub.dev/packages/package_info_plus
http	Network requests	Does not collect additional information	https://pub.dev/packages/http
Cloudflare Workers	Backend API service	Request logs (automatic)	https://www.cloudflare.com/privacypolicy/
Cloudflare R2	File object storage	Does not collect additional information	https://www.cloudflare.com/privacypolicy/

Privacy Policy ​

1. How We Collect and Use Your Personal Information ​

1.1 Registration and Account ​

1.2 Personal Profile ​

1.3 Device Information ​

1.4 Usage Records ​

1.5 User Creative Content ​

1.6 Images and Files ​

2. How We Use Permissions ​

2.1 Android Permissions ​

2.2 iOS Permissions ​

2.3 Permission Notes ​

3. How We Store and Protect Your Personal Information ​

3.1 Information Storage Methods ​

Local Storage ​

Server Storage ​

3.2 Security Measures ​

3.3 Data Retention Period ​

4. How We Share, Transfer, and Publicly Disclose Your Personal Information ​

4.1 Sharing ​

4.2 Public Disclosure ​

4.3 Information We Do Not Share ​

5. Your Rights ​

5.1 Access and Correction ​

5.2 Deletion ​

5.3 Permission Revocation ​

5.4 Data Export ​

6. Protection of Minors ​

7. Updates to This Privacy Policy ​

8. Contact Us ​

Appendix: Third-Party SDK List ​