Privacy Policy
Last updated: April 17, 2026 Version: 1.0
1. Introduction and Data Controller
This Privacy Policy explains how [Company Name] Limited, a company incorporated in Hong Kong ("we," "us," or "our") collects, uses, stores, and protects personal data in connection with the website at chinatransit.guide and any related services (collectively, the "Service").
We act as the data controller for personal data processed in connection with your use of the Service.
Contact: [Company Name] Limited [Registered Address], Hong Kong Email: [email protected]
2. Scope of This Policy
This Policy applies to all users of the Service. The Service is intended solely for users located outside of Mainland China. This service is not directed to users located in Mainland China. If you are located in Mainland China, please do not use this Service.
3. Legal Framework
We operate under the following primary legal frameworks:
| Framework | Applicability |
|---|---|
| Hong Kong Personal Data (Privacy) Ordinance (PDPO) (Cap. 486) | Primary applicable law; governs all personal data processing |
| GDPR / UK GDPR | Applies to personal data of users in the European Economic Area and United Kingdom |
| California Consumer Privacy Act (CCPA) / CPRA | Applies to personal data of California residents |
4. Personal Data We Collect
We apply a data minimisation principle. We collect only what is strictly necessary for the operation of the Service.
4.1 Data You Provide Directly
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address (via Magic Link sign-in or Paddle receipt) | Authentication; delivery of Magic Link access; transaction verification | Contract performance (GDPR Art. 6(1)(b)); PDPO Data Protection Principle 1 |
| Planned entry date (optional, entered at checkout) | Calculating your active access period (MAX(purchased_at + 90d, planned_entry_date + 30d)) | Contract performance |
| Nationality and transit route (entered in eligibility checker) | Generating your eligibility assessment result | Legitimate interest in providing the core service function |
4.2 Data Collected Automatically via Authentication
| Data | Purpose | Legal Basis |
|---|---|---|
OAuth subject identifier (sub) from Google | Associating your login identity with your purchase entitlement; no other use | Contract performance |
We request only the openid and email scopes from Google OAuth. We do not request access to your Google profile, contacts, or any other data. We do not store your OAuth access_token or refresh_token.
4.3 Data Collected via Payment Processor (Paddle)
Paddle.com Market Limited acts as the Merchant of Record for all transactions. Payment card details, billing address, and transaction records are processed by Paddle under their privacy policy. We receive from Paddle only:
- A Paddle Order ID (used to verify your purchase and create your entitlement record)
- Your email address as provided to Paddle (used only for Magic Link transaction verification; see Section 4.4)
We do not store full payment card details at any time.
4.4 Temporary Data
| Data | Retention | Purpose |
|---|---|---|
Paddle receipt email (in pending_entitlements table) | 7 days, then automatically deleted | Matching an anonymous purchase to a user account via Magic Link |
4.5 Technical and Usage Data
If you have provided consent (where required), we may collect:
| Data | Purpose |
|---|---|
| IP address (truncated / anonymised) | Security monitoring; geolocation for feature restriction (see Section 9) |
| Browser type and version | Compatibility and error monitoring |
| Pages visited, events (e.g., form steps completed, checkout initiated) | Analytics to improve the Service (see Section 7) |
5. Data We Do Not Collect
We have made the following deliberate architectural decisions to minimise data collection:
- No phone numbers. We do not collect, request, or store mobile phone numbers at any point in the Service. This decision is permanent unless subject to a documented compliance review and privacy policy update.
- No passports or identity documents. We do not collect copies of passports or other identity documents.
- No payment card data. All payment data is handled exclusively by Paddle.
- No marketing emails without consent. We do not send marketing emails. Transactional communications (e.g., Magic Link sign-in links) do not require separate marketing consent.
- No behavioural profiling or retargeting. We do not build behavioural profiles of users for advertising purposes.
6. How We Use Your Personal Data
| Purpose | Legal Basis (GDPR) | Legal Basis (PDPO) |
|---|---|---|
| Providing and maintaining the Service | Contract performance (Art. 6(1)(b)) | DPP 1, DPP 3 |
| Verifying purchases and granting content access | Contract performance (Art. 6(1)(b)) | DPP 1, DPP 3 |
| Sending Magic Link authentication emails | Contract performance (Art. 6(1)(b)) | DPP 1, DPP 3 |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) | DPP 1, DPP 3 |
| Analytics and Service improvement (with consent) | Consent (Art. 6(1)(a)) | DPP 1 (with consent) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | DPP 3 |
| Responding to data subject requests | Legal obligation (Art. 6(1)(c)) | DPP 6 |
7. Analytics
7.1 We use Google Analytics 4 ("GA4") for analytics purposes.
7.2 For users in the European Economic Area and United Kingdom, analytics tracking scripts are loaded only after you have provided affirmative consent via our Consent Management Platform (CMP). You may withdraw consent at any time via the cookie preference centre.
7.3 If you do not provide consent, or if you withdraw consent, you can still access all core features of the Service, including the eligibility checker (read-only access is not conditioned on analytics consent).
7.4 We configure GA4 with IP anonymisation enabled. We do not enable Google Signals or cross-device tracking features.
8. Cookies and Similar Technologies
We use the following categories of cookies and similar technologies:
| Category | Examples | Consent Required? |
|---|---|---|
| Strictly Necessary | Session cookie (authentication state); cookie preference record | No |
| Analytics | GA4 measurement ID | Yes (EEA/UK); Cookie notice for others |
| Affiliate Tracking | Affiliate partner cookies (e.g., Airalo, Trip.com) loaded on click | Yes (EEA/UK) |
You can manage your cookie preferences at any time via the preference centre accessible in the footer of the Service.
9. Geolocation and Regional Restrictions
9.1 We use IP-based geolocation to implement the following restrictions for access from Mainland China IP addresses:
- The AI itinerary parsing feature is not rendered.
- Behavioural analytics, retargeting, and personalisation features are disabled.
- Affiliate tracking cookies are not loaded.
9.2 These controls are product-level measures. They do not constitute a legal determination of jurisdictional applicability. IP-based geolocation is not perfectly accurate.
9.3 If you are a user in the European Union or United Kingdom, your geolocation is used to determine applicable VAT treatment (handled by Paddle) and to display region-appropriate affiliate partners.
10. Data Sharing and Third-Party Processors
We share personal data with the following categories of third parties:
| Recipient | Role | Purpose | Data Shared |
|---|---|---|---|
| Paddle.com Market Limited | Merchant of Record / Data Processor | Payment processing, tax compliance, chargebacks | Order data; email for receipt |
| Google LLC | OAuth provider / Data Processor | Authentication (sub only) | OAuth sub; openid and email scope |
| Resend, Inc. | Email delivery / Data Processor | Sending Magic Link authentication emails | Email address; one-time token |
| Google LLC (Analytics) | Analytics processor | Service analytics (with consent) | Anonymised usage events |
| Hosting / Database provider (e.g., Vercel, Supabase) | Infrastructure processor | Storing entitlement records | Account ID; entitlement data |
| Cloudflare, Inc. | CDN / Security | Content delivery; DDoS protection | IP address (truncated) |
We do not sell personal data. We do not share personal data with data brokers or advertising networks.
Cross-Border Data Transfers. Our infrastructure is hosted outside Mainland China (Singapore and/or US West regions). Where personal data is transferred from the European Economic Area or United Kingdom to a third country, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission, and/or Data Processing Agreements (DPAs) with each processor.
11. Data Retention
| Data | Retention Period |
|---|---|
OAuth sub and entitlement record | Duration of active account + 90 days after active_until expiry, then deleted |
| Paddle receipt email (pending entitlement) | 7 days, then automatically deleted |
| Analytics events | As per GA4 default retention settings (up to 14 months); not linked to identifiable users |
| Access logs | 30 days rolling, then deleted |
| Legal hold / dispute records | Duration of applicable statutory limitation period (minimum 6 years under Hong Kong law) |
12. Your Rights
12.1 Rights Under GDPR (EEA and UK Users)
If you are located in the European Economic Area or United Kingdom, you have the following rights:
| Right | Description |
|---|---|
| Right of Access (Art. 15) | You may request a copy of all personal data we hold about you. We will respond within 30 days. |
| Right to Rectification (Art. 16) | You may request correction of inaccurate personal data. |
| Right to Erasure (Art. 17) | You may request deletion of your personal data. See Section 12.4 for the process. |
| Right to Restriction (Art. 18) | You may request that we restrict processing of your data in certain circumstances. |
| Right to Data Portability (Art. 20) | You may request your data in a structured, commonly used, machine-readable format. |
| Right to Object (Art. 21) | You may object to processing based on legitimate interests. |
| Right to Withdraw Consent | Where processing is based on consent (e.g., analytics), you may withdraw consent at any time. |
12.2 Rights Under CCPA (California Residents)
California residents have the right to know what personal information we collect, to delete personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.
12.3 Rights Under Hong Kong PDPO (All Users)
Under the PDPO, you have the right to request access to and correction of your personal data held by us.
12.4 How to Exercise Your Rights
Submit a request to: [email protected]
To make a deletion request, we will:
- Delete your
entitlementsrecord and associatedguide_access_logentries from our database. - Revoke your active session cookie.
- Submit a separate deletion request to Paddle for Paddle-held records (Paddle processes this independently under their own privacy policy).
- Respond to confirm completion within 30 days.
Note: Deletion of your account will result in permanent loss of access to your purchased content. We cannot recover deleted records.
12.5 Right to Lodge a Complaint
If you are located in the European Economic Area, you have the right to lodge a complaint with the supervisory authority of your EU member state. If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO). If you are located in Hong Kong, you may contact the Office of the Privacy Commissioner for Personal Data (PCPD).
13. Children's Privacy
The Service is not directed to children under 18 years of age. We do not knowingly collect personal data from children under 18. The Service's authentication flow requires users to confirm they are 18 years of age or older (or have parental permission). If we become aware that we have inadvertently collected personal data from a child under 18, we will delete that data promptly. Please contact us at [email protected] if you believe we have collected data from a child.
Note for GDPR users: Under GDPR, children under 16 years of age (or a lower age set by their EU member state) require verifiable parental consent to use online services. Under COPPA, children under 13 in the United States require verifiable parental consent.
14. Security
We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:
- HTTPS encryption for all data in transit
- HttpOnly, Secure session cookies
- Server-side entitlement verification (client-reported payment status is never trusted)
- Data hosted in jurisdictions with adequate security standards (Singapore / US West)
- No storage of OAuth access tokens or refresh tokens
- No storage of payment card data
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
15. Changes to This Policy
We will notify you of material changes to this Policy by updating the "Last updated" date at the top and displaying a notice on the Service. We will not retroactively reduce your rights under this Policy without your consent.
16. Contact and Complaints
For questions or to exercise your rights, contact us:
[Company Name] Limited [Registered Address], Hong Kong Email: [email protected]
We aim to respond to all privacy requests within 30 calendar days.
This document is provided in English only. In the event of any discrepancy arising from translation, the English version shall prevail.