For data-related inquiries, contact our Data Protection Officer at privacy@cihang.app.

Cihang is intended for users in Singapore, Malaysia, and the global Chinese-speaking diaspora. Cihang does not target or serve users in mainland China (PRC). This service has not obtained the Internet Religious Information Services Permit (互联网宗教信息服务许可) required under PRC law for religious content services. Users in the PRC access this service at their own discretion.

We collect only the data necessary to provide the service (data minimisation):

• Account identifiers (e.g. email address or third-party auth token) when you create an account.
• Fortune drawing history, stored locally on your device and, if signed in, synced in encrypted form to your account.
• Anonymised usage analytics (page views, feature interactions) to improve the service. No personal identifiers are attached.
• Standard server logs (IP address, user agent) retained for up to 90 days for security and abuse prevention.

By using Cihang's devotional features — including fortune drawing, sutra reading, shrine offerings, and the Dharma Mirror — you may reveal information about your religious beliefs. Under GDPR Article 9, Malaysia's PDPA Section 40, and similar laws, this constitutes sensitive or special-category data. We process this data only with your explicit consent, which you provide during account creation. You may withdraw this consent at any time by contacting privacy@cihang.app, though withdrawal may affect your ability to use certain devotional features.

We process your data for the following purposes and on the following legal bases (GDPR Article 6):

• Providing and maintaining the service — lawful basis: performance of a contract (GDPR Art. 6(1)(b)).
• Security monitoring and fraud prevention — lawful basis: legitimate interests (GDPR Art. 6(1)(f)).
• Service improvement through anonymised analytics — lawful basis: legitimate interests (GDPR Art. 6(1)(f)).
• Compliance with applicable law — lawful basis: legal obligation (GDPR Art. 6(1)(c)).

Account data is retained while your account is active and deleted within 30 days of account deletion.

Server logs are retained for up to 90 days.

Anonymised analytics data may be retained for up to 24 months.

Dharma Mirror and Ciyun Chat interaction logs are retained for rate-limiting purposes for 90 days, then permanently deleted.

Fortune drawing records (lot number, timestamp, encrypted question) are retained while your account is active and deleted within 30 days of account deletion.

Shrine offering records (type and timestamp) are retained while your account is active and deleted within 30 days of account deletion.

Encrypted database backups are retained for up to 30 days and then automatically purged.

Your data is processed on servers in Singapore (AWS ap-southeast-1). Certain services involve transfers to the United States: Stripe Inc. (payment processing, participant in the EU-US Data Privacy Framework), OpenRouter and upstream AI model providers (AI-generated dharma reflections — prompts are processed transiently and not stored by the provider), and Google LLC (OAuth authentication, participant in the EU-US Data Privacy Framework). Where personal data is transferred from the EEA/UK to the US, we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). For transfers involving Singapore or Malaysia resident data, we apply safeguards consistent with the respective PDPA frameworks.

Depending on your jurisdiction, you have the following rights regarding your personal data:

To exercise any of these rights, contact our Data Protection Officer at privacy@cihang.app. We will respond within 30 days (or within the timeframe required by applicable law).

Cihang is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately so we can delete it. If you are between 16 and 18, use of Cihang requires the consent of a parent or legal guardian.

We apply privacy-by-design principles throughout the service. Fortune questions are encrypted client-side using AES-256-GCM with a unique key generated in your browser before reaching our servers. We never store plaintext copies. We regularly review our data practices and security controls.

We use a limited number of third-party services (e.g. authentication provider, cloud infrastructure). Each is bound by a data processing agreement and is only permitted to process your data as directed by us for the specified purpose.

We may update this policy from time to time. Material changes will be notified via in-app notices. The 'Last updated' date at the top reflects the most recent revision. Continued use after a change constitutes acceptance.

For privacy requests, data subject rights exercises, or questions about this policy, contact our Data Protection Officer at privacy@cihang.app.