Privacy Policy

This Privacy Policy describes how the Operator of Nightwatch / Alpha 夜航社 ("Operator", "we", "us", or "our") collects, uses, discloses, and protects personal data when you use https://yehangshe.com and the related Nightwatch service (the "Service").

By accessing or using the Service, you agree to the practices described in this Privacy Policy.

1. Contact

If you have any questions or requests about this Privacy Policy, contact us at:

• Email: [email protected]
• Website: https://yehangshe.com

2. Personal Data We Collect

We collect only the information needed to operate the Service, manage subscriptions, provide support, and keep the Service secure.

• Account data: Discord user ID, Discord username, email address, and related login information received through Discord OAuth.
• Discord fulfilment data: OAuth grant status and encrypted OAuth grant tokens where needed to add you to our Discord server and assign, refresh, or revoke subscription roles.
• Subscription and payment data: plan tier, billing cycle, subscription status, transaction reference identifiers, billing country, currency, tax country, and limited payment metadata received from the relevant payment provider or merchant of record. We do not store full payment card numbers.
• Technical data: IP address, user-agent string, device/browser information, accessed URLs, timestamps, error logs, and security diagnostics.
• Session and cookie data: first-party cookies needed for authentication, session management, and CSRF protection.
• Support communications: messages you send to us by email or through Discord support channels.

3. How We Use Personal Data

We use personal data to:

• create and authenticate your account;
• provide, operate, secure, and improve the Service;
• manage subscriptions, payments, receipts, renewals, cancellations, and access rights;
• perform Discord-based fulfilment, including server access and role assignment;
• respond to support requests and service issues;
• detect fraud, abuse, security incidents, and violations of our Terms of Service;
• comply with legal, accounting, tax, and dispute-resolution obligations.

We do not sell or rent personal data, and we do not use personal data for behavioural advertising.

4. Sharing and Third-Party Providers

We share personal data only where needed to operate the Service or comply with law. Recipients may include:

• Discord, for authentication and Discord-based fulfilment;
• third-party payment providers or merchants of record, for payment processing, tax handling, invoices, refunds, chargebacks, and subscription management;
• hosting, database, security, and content delivery providers;
• legal, regulatory, or law-enforcement authorities where disclosure is required by law or necessary to protect rights, safety, or the integrity of the Service.

We do not transfer personal data to third parties for their own marketing purposes.

5. Cookies

We use first-party cookies that are necessary for login, session management, user preferences, and security. We do not use third-party advertising cookies or cross-site behavioural tracking cookies. Blocking cookies may prevent core features, including login, from working correctly.

6. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy.

• Account data is retained while your account is active and for a reasonable period after closure.
• Subscription and transaction records may be retained as needed for accounting, tax, fraud prevention, chargebacks, and legal obligations.
• Server logs are generally retained for a limited operational period, unless needed longer for security or incident investigation.
• Support communications may be retained for customer support history and dispute resolution.

7. Security

We use commercially reasonable technical and organisational measures to protect personal data, including encrypted transport, managed database protections, access controls, audit logging, and routine infrastructure review. Authentication is delegated to Discord; you are responsible for protecting your Discord account.

No system can guarantee absolute security. If a data incident requires notice under applicable law, we will provide notice as required.

8. International Processing

The Service is operated globally and relies on infrastructure and payment providers that may process data in countries other than your country of residence. By using the Service, you acknowledge that cross-border processing may occur.

9. Your Rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or request a copy of your personal data. You may also have the right to lodge a complaint with a data protection authority. To make a request, email [email protected]. We may need to verify your identity before responding.

10. Children's Privacy

The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, contact [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. The Effective Date above reflects the latest revision. Material changes may be communicated by email or by notice on the Service.