TKai

隐私政策

最后更新:2026-05-16

What we collect

  • Account: email, hashed password, sign-in timestamps.
  • Billing: PayPal subscription/order identifiers, purchase records (we do not store card numbers).
  • Usage: watch history, episode access events, referral clicks.
  • Technical: IP address, user-agent, security audit log.

How we use it

  • Provide the service: authentication, billing, playback access control.
  • Recommendations and metrics (aggregate, non-identifying).
  • Fraud prevention and abuse mitigation.
  • Legal compliance.

Sharing

We share data with: PayPal (payments), Resend (transactional email), Cloudflare R2 (encrypted media storage), and Sentry (error monitoring). We do not sell personal data.

Cookies

We use essential cookies for sign-in and CSRF protection. With your consent we may also set analytics cookies. You can change your preference at any time via the cookie banner.

Your rights

You can export or delete your account at any time from settings. EU/UK residents have additional rights under GDPR (access, rectification, erasure, restriction, portability, objection); to exercise these, contact support.

Retention

Account data is retained while your account is active. After deletion, personal data is removed immediately; anonymised aggregates may be retained for analytics.

Security

Passwords are bcrypt-hashed. Sessions use signed JWTs over HTTPS. Media is encrypted at rest (HLS+AES-128 with short-lived per-session keys). We follow OWASP-aligned controls including rate limiting, CSP, HSTS, CSRF protection, and audit logging.

Contact

privacy@tkai.example