1. 我们处理哪些数据
- 账号与设备:用户 ID、测试密码验证状态、设备 ID、设备名称、配对码、扫码登录会话和同步状态。
- 对话与工作台:会话 ID、消息内容、语音转写结果、目标、提醒、运行状态和调试日志。
- 记忆系统:选中文本、全文上下文、memory drafts、审核动作、稳定记忆、分类、受保护标签和可见性设置。
- 偏好与形象:头像/宠物配置、匿名社交名片设置、兴趣订阅、兴趣卡片反馈、主题和语言设置。
2. 数据如何使用
这些数据用于登录和设备同步、生成回复、创建待审核记忆草稿、展示已确认记忆、管理目标和提醒、生成低频兴趣卡片、维护界面偏好以及排查 runtime 问题。记忆草稿默认不会直接进入稳定记忆,必须经过你的确认动作。
3. 存储与保留
当前项目以本地 runtime / runtime JSON / 测试存储为主。游客模式仅保留当前对话,不展示或导入个人资料。登录模式下,数据会按功能需要保留,直到你删除、重置、退出相关账号或后续正式版本提供更完整的数据管理入口。
4. 第三方模型与搜索
当启用 LLM、联网搜索、语音或外部工具时,你输入的相关内容可能会发送到你配置的 third-party model、搜索服务或语音服务。模型密钥默认应保留在 runtime 侧或本地配置中。请在启用前确认第三方服务的数据处理规则。
5. 受保护类别与展示限制
健康、身份、关系等敏感或受保护类别会使用更严格的默认设置,例如 visibility=private,并禁止进入兴趣卡片、推荐和 external display。系统会尽力执行这些默认限制,但你仍应避免输入不必要的敏感信息。
6. 你的选择
- 你可以使用游客试聊来避免写入账号级个人数据。
- 你可以在记忆审核中确认、编辑、抑制或删除 memory drafts。
- 你可以关闭兴趣资讯卡片、切换账号、退出登录或重新绑定设备。
- 正式备案和生产化后,可继续补充导出、删除、撤回同意和联系人流程。
7. 安全与未成年人
当前版本用于开发和测试,不应输入高度敏感、未授权或未成年人个人信息。请自行保护本地 runtime、浏览器和配置文件访问权限。
8. 联系与条款
服务使用边界请阅读 《服务条款》。正式联系方式、公司主体和备案信息确定后,可在本页更新。
Privacy Policy
This policy explains how the current Banivia MVP handles data in the local runtime and web workspace.
Data We Process
- Account and device data: user ID, test password state, device ID, device name, pairing token, QR sign-in sessions, and sync status.
- Conversation and workspace data: session ID, messages, voice transcripts, goals, reminders, runtime status, and debug logs.
- Memory data: selected text, full message context, memory drafts, review actions, stable memory, categories, protected labels, and visibility settings.
- Preferences and profile data: avatar/pet settings, anonymous social card settings, interest subscriptions, interest card feedback, theme, and language.
How Data Is Used
Data is used for sign-in, device sync, response generation, pending memory draft creation, confirmed memory display, goals and reminders, low-frequency interest cards, UI preferences, and runtime diagnostics. Memory drafts are not written to stable memory until you confirm them.
Storage and Retention
The current project primarily uses local runtime, runtime JSON, and test storage. Guest trial keeps only the current chat and does not show or import personal data. Signed-in data is retained as needed for the feature until you delete, reset, sign out, or a later production version provides fuller data controls.
Third-Party Model and Search
If you enable LLM, web search, voice, or external tools, relevant input may be sent to the third-party model, search provider, or voice provider you configure. Model keys should remain on the runtime side or in local config by default. Review each provider's data rules before enabling it.
Protected Categories
Sensitive or protected categories such as health, identity, and relationship information use stricter defaults, including visibility=private and exclusion from interest cards, recommendations, and external display. You should still avoid entering unnecessary sensitive information.
Your Choices
- Use guest trial to avoid writing account-level personal data.
- Confirm, edit, suppress, or delete memory drafts in memory review.
- Turn off interest info cards, switch accounts, sign out, or rebind devices.
- Export, deletion, consent withdrawal, and contact workflows can be expanded in a production version.
Security and Minors
This version is for development and testing. Do not enter highly sensitive, unauthorized, or minor-related personal information. Protect local runtime, browser, and configuration file access.
Terms
See the Terms of Service for service boundaries. Formal contact, company entity, and filing information can be added once finalized.