Introduction
Welcome to VoiceExpense (Chinese name “鹦财记账”, Traditional Chinese “鸚財記帳”, the “App”). The App is developed and operated by Inner Mongolia Xuanqian Technology Co., Ltd. (registered address: Unit 25-6, Hongya New Town, Longxingchang Town, Wuyuan County, Bayannur, Inner Mongolia, China; “we” or “us”).
We understand how important your personal information is to you. The App is built around a “local-first” design: by default, your bookkeeping data is stored only on your own device, and our servers do not store your records. We protect your personal information in accordance with the Personal Information Protection Law, the Cybersecurity Law, the Data Security Law and the Regulations on Network Data Security Management of the People's Republic of China, with reference to applicable national standards, and we apply reasonable security measures consistent with prevailing industry practice.
Please read and fully understand this policy before using the App, especially the clauses highlighted in bold. When you first launch the App, a pop-up presents the key points of this policy and the bold-highlighted key clauses, together with tappable links to the full online versions (website pages) of the Privacy Policy and the User Agreement so you can read the full text; it applies to you only after you voluntarily and explicitly tap “Agree” (we never pre-tick consent for you). Before you agree to this policy, apart from the necessary network request generated when you actively tap to view the Privacy Policy or the User Agreement (which loads the corresponding website page and carries no personal information or device identifier), we perform no network transmission and collect no personal information.
If you do not agree to this policy, you may choose the basic-features mode — purely local, manual bookkeeping (in that mode, apart from your actively tapping to view the Privacy Policy or User Agreement website pages, the App collects no personal information, requests no system permissions and performs no network transmission) — or exit and stop using the App. We will not repeatedly show the consent pop-up because you declined.
You can access the latest online versions of this policy and the User Agreement (website pages) at any time via the entry under Settings in the App: Privacy Policy www.xuanqiantech.com/legal/voiceexpense/privacy.html, User Agreement www.xuanqiantech.com/legal/voiceexpense/terms.html.
Key Points at a Glance
To help you quickly grasp the core of this policy, we summarize as follows (please read the full text for details):
- Your bookkeeping data lives on your device (a local SQLite database). Our servers do not collect or store any of your transaction details, amounts or speech-recognition transcripts, unless you actively use cloud AI parsing or the (future) cloud backup feature.
- We do not collect your audio recordings, nor do we proactively upload them to our servers. Speech recognition is performed by your device's system speech service (Apple / Google or your device maker / Huawei) or by the App's built-in offline recognition model; when a system speech service is used, audio may be processed by that provider under its own terms.
- The recognized text substantively reflects your transactions and spending, so we protect it as sensitive personal information. When you are signed in and have remaining cloud-parsing credits (or are an active member), the App automatically prefers cloud AI parsing, uploading that text and the necessary auxiliary information to our servers and entrusting parsing to Volcano Engine's “Doubao” large language model. Before you first use this feature, we obtain your separate consent via a standalone pop-up. Parsed text is discarded immediately after use and is never written to our business database. If you do not want anything uploaded, simply sign out and the App will use local parsing only.
- The full local bookkeeping features work without an account. You only need to sign in for online features such as cloud AI parsing and daily check-in rewards.
- Membership subscriptions are handled by the App Store / Google Play / Huawei AppGallery. We do not collect your bank-card or payment-account information; we only receive the store-issued subscription receipt to verify entitlements. Membership is an auto-renewing subscription and can be cancelled at any time (see 1.4).
- The App currently integrates no third-party analytics, crash-reporting or advertising SDKs; the “ads” currently shown in the App are locally bundled placeholder images that send no data anywhere.
- You may view, correct, delete and export your data in the App at any time, and may initiate account deletion in-app with one action; we respond to rights requests within 15 business days.
Table of Contents
- 1. How We Collect and Use Your Personal Information (Scenario by Scenario)
- 2. System Permissions We Request
- 3. How We Share and Entrust Processing of Your Personal Information (Third-Party List)
- 4. Where Your Information Is Stored and for How Long
- 5. How We Protect Your Personal Information and Handle Security Incidents
- 6. Your Rights
- 7. Account Deletion
- 8. Protection of Minors
- 9. Updates to This Policy and Delivery of Notices
- 10. Liability and Your Obligations (Please Read Carefully)
- 11. Dispute Resolution and Governing Law (Please Read Carefully)
- 12. How to Contact Us
1. How We Collect and Use Your Personal Information (Scenario by Scenario)
We follow the principle of minimum necessity: we collect and use your information only in the scenarios below and only to the extent necessary for the corresponding feature. The App's basic features are local manual/voice bookkeeping, which require no personal information and no account.
1.1 Voice Bookkeeping (Core Feature)
(1) Recording and recognition both take place on your device. We do not collect your audio recordings, nor do we proactively upload them to our servers. Specifically:
- when you tap the record button, we request microphone permission and capture your speech;
- speech-to-text is performed in one of two ways: ① the system speech recognition service provided by your device's operating system (Apple's speech recognition on iOS; the speech engine provided by Google or your device maker on Android; Huawei's system speech recognition on HarmonyOS, Chinese only); or ② the App's built-in offline recognition model (the Android edition switches to it automatically when no network is detected; it runs entirely on your device with zero network transmission);
- please note: when a system speech service is used, depending on language and device, your audio may be processed by servers of Apple, Google, Huawei or your device maker under their respective privacy policies. We make no commitments regarding those system services; see the third-party list in Section 3. We do not collect or store your original recordings, and we do not extract any voiceprint features.
(2) The recognized text (the “speech transcript”) and the records generated from it (amount, item, category, date, currency, etc.) are saved only in the local database on your device. Please be aware that the speech transcript is part of your bookkeeping data: it is included in your locally saved records, in backup files you actively export, and (in future) in cloud sync/backup data you actively enable.
(3) Local smart parsing: by default, converting speech text into a record is done by the App's built-in local rule engine on your device, with no network transmission whatsoever.
1.2 Cloud AI Parsing (Optional Online Feature; Involves Sensitive Personal Information — Please Read Carefully)
The speech transcript and the records generated from it substantively reflect your transactions and spending and constitute sensitive personal information. We protect them to the standard applicable to sensitive personal information, and we hereby explain the specific purpose and necessity of processing and the impact on your interests: the purpose is to convert your natural language into more accurate record suggestions; the necessity lies in the fact that large-model parsing must be performed server-side; the potential impact on your interests is that the text is briefly relayed through our servers to an entrusted large-model service for processing (see below and Section 3 for handling and safeguards). Before your first use of this feature, we obtain your separate consent via a standalone pop-up (never pre-ticked, never bundled with other matters); without your separate consent, no speech transcript is ever uploaded.
Trigger conditions (please note): when you are signed in and have remaining cloud-parsing credits (or are an active member), the App automatically prefers cloud AI parsing. The recording result page shows whether each parse was done in the cloud or locally, and your remaining credits. If you do not want anything uploaded, simply sign out; the App will use local parsing only and bookkeeping is entirely unaffected. If we later add a standalone in-app switch for cloud parsing, we will update this policy accordingly. Cloud parsing takes effect when our backend service launches; until then, all parsing happens locally on your device and nothing is uploaded.
When cloud parsing is used, we send the following over an encrypted channel (HTTPS) to our server (api.voiceexpense.com, to be hosted on Tencent Cloud within the People's Republic of China):
| Data item | Description | Required? |
| Speech transcript (text; sensitive personal information) | Parsed by the large model into record suggestions | Required for this feature |
| Your custom category names and keywords | So results match your personal categories | Required for this feature |
| Device local date and current time (e.g., “2026-07-06 12:30”) | To infer relative times such as “yesterday” or “noon” | Required for this feature |
| Voice-language setting | To select the parsing language | Required for this feature |
| Account login token | Identity and credit verification | Required for this feature |
| Subscription receipt (members only, see 1.4) | Member-allowance verification | Required for members |
In this process we do not collect your transaction history, account balances, location, or any device hardware identifier.
Upon receiving the text, our server relays it in real time to Volcano Engine's “Doubao” large language model (an entrusted processor, see Section 3) for parsing, and returns the result for your confirmation. Parsed text is used and discarded: we never write your speech transcript to our business database and never intentionally record it in logging systems. If temporary technical records arise from troubleshooting, we delete them promptly once troubleshooting is complete. Our server only updates your account's credit counters (remaining and daily-used counts); it records no parsed content and keeps no per-request parsing logs. The entrusted processor may perform processing necessary for security and compliance as mandated by law (e.g., regulations governing generative AI services), subject to its own rules (see Section 3).
Please also note: to trigger the system's network (cellular data) permission prompt and check connectivity, the iOS edition sends a single probe request containing no personal information to Apple's connectivity-check address (captive.apple.com) the first time you use a feature that requires the network (e.g., opening the membership page, Sign in with Apple, or the first cloud-parsing attempt).
If a cloud-parsing request fails (including network unavailability or exhausted credits), the App automatically falls back to local parsing and bookkeeping is unaffected. AI parsing results are suggestions only and may contain errors; please verify before saving.
1.3 Account Registration and Sign-In (Optional)
You do not need an account for local bookkeeping. When you choose to sign in (for cloud-parsing credits and daily check-in rewards; cross-platform sharing of membership entitlements under one account is a planned feature, and we will provide further details when it launches):
(1) Sign in with Apple (live, iOS): we receive your identityToken via Apple's “Sign in with Apple” service and, after verification, store on our server only the user identifier assigned by Apple. The identity token may contain your email address (or an Apple-generated relay address); we use the token solely to complete authentication and do not extract or store the email inside it. Name information returned by Apple is used only to generate a local nickname stored in your device's keychain and is never uploaded to our servers; our servers store no name, email or phone number.
(2) Anonymous device identifier: to prevent abuse in which users repeatedly delete accounts or reinstall to farm free parsing credits (an anti-fraud purpose), the App generates at sign-in a random anonymous identifier (UUID) unrelated to your device hardware, stores it in the device's secure storage (the iOS keychain; it survives uninstall/reinstall), and uploads it with the sign-in request. This identifier is generated by the App itself; it is not IDFA, IMEI, Android ID or any other system device identifier and cannot be linked to your activity in other apps. We collect no system-level device identifiers.
(3) For your account, the server stores: an internal account ID, your sign-in identity (Apple user identifier / anonymous device identifier), cloud-parsing credit counters (remaining and daily-used counts, etc.), check-in records, and membership entitlement records. Our servers record none of your parsed text content and keep no per-request parsing logs.
(4) Google sign-in and Huawei sign-in are planned features and are not yet live; when they launch, we will update this policy and notify you separately.
1.4 Membership Purchase and Entitlement Verification (Optional)
(1) Membership subscriptions are completed through in-app purchase on the App Store (iOS) / Google Play (planned) / Huawei AppGallery (planned). Payment is handled by the respective app store; we do not collect or touch your card number, payment-account password or any other payment information.
(2) To verify your membership, the App sends our server the store-issued subscription receipt (on iOS, the StoreKit transaction JWS, which contains the subscription product ID, original transaction ID and expiry time — no payment information). The verification result is recorded under your account and used to provide member benefits (such as a larger daily cloud-parsing allowance).
(3) Membership status is cached locally on your device for offline entitlement checks.
(4) Please note in particular: membership is an auto-renewing subscription; it renews automatically before the end of each period (under app-store rules, usually within 24 hours before expiry). Tier prices, subscription periods and renewal rules are as shown on the purchase page and governed by the respective store's rules. You may cancel auto-renewal at any time: iOS: system Settings → your Apple account → Subscriptions; Google Play (once live): Play Store → Payments & subscriptions → Subscriptions; Huawei AppGallery (once live): Huawei ID center → Payment & billing → Auto-renewal/deduction services. Cancelling more than 24 hours before the current period ends prevents the next charge.
1.5 Daily Check-In (Optional)
After signing in, you may check in daily to earn cloud-parsing credit rewards. For this we record your account's check-in dates on the server. Check-in statistics (streaks, etc.) are computed on-device by the App from your local data.
1.6 Cloud Backup (Planned Feature, Not Yet Live)
We plan to offer a member cloud-backup feature: your ledger data (including transaction details and speech transcripts) would be packaged and uploaded to Tencent Cloud object storage leased by us, with a rolling retention of the latest 3 backups per account, deleted after account deletion within the period stated in Section 7. The data is encrypted in transit with HTTPS and encrypted at rest server-side, but it is not end-to-end encrypted. When this feature launches, we will update this policy and obtain your separate consent via a standalone pop-up before you first enable it; nothing is uploaded before you actively enable it.
Additionally, the iOS edition contains cloud sync/backup capability based on Apple iCloud (syncing to your own private iCloud space, which we cannot access). This feature is currently disabled and has no entry point in the App; if enabled, we will likewise notify you and obtain your consent. iCloud is provided by Apple under Apple's privacy policy, and data may be stored in regions determined by Apple's policy (iCloud data of Apple IDs registered in mainland China is operated by GCBD, “云上贵州”).
1.7 Data Export and Import (Local Feature)
You may export your records as CSV / JSON / Excel files. We guarantee that you can always export a CSV file of your record details (containing date, type, item, category and amount) free of charge, as the baseline channel for exercising your right to data portability and for retrieving and copying your own bookkeeping data; full JSON backup, Excel report export and bulk import are member features. Export files are unencrypted plain files, generated on your device and handed to the system share sheet, without passing through our servers. JSON backup files contain all transaction details and speech transcripts. You are responsible for safeguarding exported files; please store them carefully and avoid sharing them with untrusted parties.
1.8 Support and Contact
When you contact us by email, we receive your email address and the information you voluntarily provide in the message, used solely to respond to your inquiry, complaint or rights request, and retained after resolution for the period stated in Section 4.
1.9 What We Do Not Do
- we do not collect your location, contacts, photo library, clipboard or camera data, and we do not request the corresponding permissions;
- we do not collect IDFA, IMEI, Android ID, OAID or any other system device identifiers;
- we do not use any of your data for advertising profiles, user profiling or automated decision-making;
- we currently integrate no third-party analytics, crash-reporting, push or advertising SDKs;
- except in the following two cases, the App does not auto-start or chain-start other apps: ① redirects you actively trigger (e.g., going to the app store to manage a subscription, or opening your mail app to contact us); ② the Android edition is woken by the system after a device restart (the “boot” permission listed in Section 2) solely to reschedule the daily reminders you have enabled — no data collection or network transmission occurs in that process.
2. System Permissions We Request
We request only the permissions below; you may decline them or turn them off in system settings at any time. Declining any permission does not affect basic features such as manual bookkeeping. Timing: microphone and speech-recognition permissions are requested when you first open the recording page and use voice bookkeeping; the notification permission is requested once after you agree to this policy and first enter the main screen (for the daily bookkeeping reminder) — you may decline and re-enable it later in system settings.
2.1 iOS
| Permission | Purpose | If declined |
| Microphone | Capture speech for voice bookkeeping | Voice bookkeeping unavailable; manual bookkeeping unaffected |
| Speech recognition | Convert your speech to text | Same as above |
| Notifications | Daily bookkeeping reminder | No reminders; other features unaffected |
2.2 Android
| Permission | Purpose | If declined |
| Recording (RECORD_AUDIO) | Capture speech for voice bookkeeping | Voice bookkeeping unavailable; manual bookkeeping unaffected |
| Notifications (POST_NOTIFICATIONS, Android 13+) | Daily bookkeeping reminder | No reminders |
| Network (INTERNET / network state; normal install-time permissions) | Cloud parsing and account features; network state is read only to auto-switch to the built-in offline speech recognition when offline | — |
| Boot (RECEIVE_BOOT_COMPLETED, normal permission) | Reschedule your daily reminders after a device restart (see 1.9 regarding auto-start) | — |
The Android edition requests no storage read/write permissions; import and export use the system file picker.
2.3 HarmonyOS
| Permission | Purpose | If declined |
| Microphone (while in use) | Voice bookkeeping | Voice bookkeeping unavailable; manual bookkeeping unaffected |
| Agent reminders | Daily bookkeeping reminder | No reminders |
| Vibration | Haptic feedback | No haptic feedback |
3. How We Share and Entrust Processing of Your Personal Information (Third-Party List)
We do not sell your personal information. Your information is processed by third parties only in the circumstances below. The App currently integrates no third-party analytics, crash, push or advertising SDKs; items marked “planned” in the table are not yet in effect — if integrated in future, we will update this policy and notify you, and will obtain fresh consent for changes to personal-information processing rules. This list is kept in sync with releases and actual integrations.
| Name | Provider | Information involved | Permissions | Purpose | Status | Privacy policy |
| Volcano Engine “Doubao” LLM (entrusted processor) | Beijing Volcano Engine Technology Co., Ltd. | Speech transcript (sensitive personal information), current time, language setting, custom category names (relayed only via our server; the client never connects directly) | None | Cloud AI parsing of records | Planned (effective with backend launch) | volcengine.com/docs/6348/68918 |
| Tencent Cloud | Tencent Cloud Computing (Beijing) Co., Ltd. | Server hosting (account and credit data; effective with backend launch); object storage (cloud-backup data, server-side encrypted; planned) | None | Infrastructure | Planned (effective with backend launch) | cloud.tencent.com/document/product/301/17345 |
| Apple speech recognition | Apple Inc. (overseas recipient) | Your speech audio (processed by the system service, not via our servers) | Microphone, speech recognition | Speech-to-text | Live (iOS) | apple.com/legal/privacy |
| Sign in with Apple | Apple Inc. (overseas recipient) | Identity token, Apple user identifier | Network | Account sign-in | Live (iOS) | apple.com/legal/privacy |
| App Store in-app purchase (StoreKit) | Apple Inc. (overseas recipient) | Subscription transactions handled by Apple; we receive only the subscription receipt | Network | Membership subscription | Live (iOS) | apple.com/legal/privacy |
| Apple iCloud | Apple Inc. | Bookkeeping data (incl. speech transcripts) → your own private iCloud space | Network | Cloud sync/backup | Planned (currently disabled) | apple.com/legal/privacy |
| System speech recognition (Android) | Google LLC (overseas recipient) or your device maker | Your speech audio (processed by the on-device engine; may be uploaded to the engine provider when online; not via our servers) | Recording, network | Speech-to-text | Live (Android) | policies.google.com/privacy or your device maker's policy |
| Built-in offline speech recognition (sherpa-onnx) | Open-source model bundled in the App | Runs entirely on-device; zero network transmission | Recording | Speech-to-text when offline | Live (Android) | — (no data leaves the device) |
| Google sign-in / Google Play Billing | Google LLC (overseas recipient) | Identity token / subscription receipt | Network | Account / membership | Planned | policies.google.com/privacy |
| Huawei ID / Huawei IAP / Huawei system speech recognition | Huawei Technologies Co., Ltd. | Identity token / subscription receipt / speech audio (system service) | Microphone, network | Account / membership / speech-to-text | Speech recognition live (HarmonyOS); ID and IAP planned | consumer.huawei.com/cn/privacy/privacy-policy/ |
| Google AdMob (advertising) | Google LLC | — (current ads are locally bundled placeholder images; no SDK, no data leaves the device) | — | Advertising | Planned, not integrated | policies.google.com/privacy |
On entrusted processing (Volcano Engine): we sign a data-processing agreement with the entrusted processor requiring it to process your text solely to complete the parse at hand, not to retain it beyond the agreed purpose or use it for model training or other purposes, and we supervise its processing — except for processing necessary under mandatory legal requirements (such as security-compliance obligations for generative AI services), which is subject to its published rules. We require all entrusted processors to protect your personal information to a standard no lower than this policy.
On overseas recipients: the Apple / Google system-level services above (sign-in, payment, system speech recognition, iCloud) are services you engage directly with Apple, Google or your device maker, which act as independent personal-information handlers under their agreements with you and their privacy policies; related data may be transferred outside the People's Republic of China. Such processing is necessary for entering into and performing those service contracts with you and does not constitute our provision of personal information overseas — we only receive the verification results they return (such as user identifiers and subscription receipts) and store them on servers within China; our own servers are located within China and we never proactively transfer your personal information abroad. To help you exercise your rights of access, copy, correction and deletion with overseas recipients, their names, contacts and channels are as follows:
Other disclosures required by law: where disclosure is required by laws and regulations or by mandatory administrative or judicial demands, we require presentation of valid legal documents; where personal information is transferred due to merger, division or dissolution, we will inform you of the recipient, which remains bound by this policy or must otherwise obtain your fresh consent.
4. Where Your Information Is Stored and for How Long
4.1 Storage Location
- Bookkeeping data (incl. speech transcripts): locally on your device (local database). Our servers do not store it.
- Account data (identity, credits, check-ins, membership records): within the People's Republic of China (to be hosted on Tencent Cloud; before the backend launches, account and cloud features are inactive and nothing is uploaded).
- Data involved in system-level services (Sign in with Apple, iCloud, system speech recognition, etc.) is stored by the respective providers as described in Section 3.
- Please note: your operating system's whole-device cloud backup (e.g., iCloud device backup, or Google/vendor cloud backup on Android) may back up the App's local data to your own system cloud account; that is governed by your agreement with the system provider and is not collection by us.
4.2 Retention Periods (by Category)
| Category | Retention |
| Local bookkeeping data | Kept on your device under your control; deleted records enter a soft-deleted state first and are physically purged by the App after 30 days |
| Cloud-parsed text | Used and discarded: never written to the business database, never intentionally retained (see 1.2; the entrusted processor's lawful security-compliance processing is covered in Section 3) |
| Account data (identity, credit counters, check-ins, membership records) | Kept until you delete your account; then deleted within the period stated in Section 7 |
| Sign-in state (login token) | Until you sign out or delete your account; session data on the device is cleared immediately at sign-out |
| Cloud-backup files (once live) | Rolling retention of the latest 3 per account; deleted after account deletion within the period stated in Section 7 |
| Support email correspondence | No more than 3 years from resolution, for dispute handling and service improvement; then deleted or anonymized |
| Server operation logs | Operational logs of servers and network infrastructure (may contain network access information such as network addresses; never your parsed text), used only for security and troubleshooting, retained no less than six months as required by law and deleted or anonymized promptly after the statutory period |
| Anti-abuse records | See Section 7: after account deletion only an irreversible hash is retained for fraud prevention |
After these periods we delete your personal information or anonymize it, unless laws and regulations provide otherwise.
5. How We Protect Your Personal Information and Handle Security Incidents
5.1 Security Measures
- Architecture: the local-first design — bookkeeping data never reaching our servers — is the most fundamental protection;
- Encryption in transit: all client–server communication uses HTTPS;
- Minimal storage: servers hold only identity and credit/entitlement records — no names, emails, phone numbers, records or parsed text;
- Credential protection: on iOS, login credentials are stored in the system keychain; the iOS local database uses system file protection (encrypted while the device is locked); on Android / HarmonyOS, data resides in the OS's per-app isolated private directory;
- Anti-abuse hashing: anti-fraud records are stored only as salted one-way hashes that cannot be reversed to the original identifier;
- Access control: server database access is protected by keys and network isolation; signing keys are kept strictly confidential.
Please understand that the internet is never absolutely secure and no technical measure can guarantee absolute security. Statements in this policy that data is “not uploaded, not retained” describe our product design and intentional processing; they are not a guarantee against unexpected events such as unlawful attacks or malicious sabotage. Please safeguard your device, exported files and account, and do not disclose them to others.
5.2 Security Incident Response
In the event of a personal-information security incident, we will immediately activate our contingency plan, take remedial measures and, as required by law, promptly inform you — via in-app notice, email or announcement — of the basic facts and possible impact, the measures we have taken or will take, suggestions for you to mitigate risk, and remedies available to you, while reporting to the competent authorities as required. Where the measures we take can effectively prevent harm from leakage, tampering or loss, under Article 57 of the Personal Information Protection Law we may refrain from notifying each individual, unless the authority responsible for personal-information protection requires notification; where laws provide otherwise on notification, those provisions prevail.
6. Your Rights
You have the following rights over your personal information; we will respond within 15 business days of receiving a request:
- Access and copy: all your bookkeeping data is visible in the App; account information is under Me → Account; cloud-parsing credits are shown on the parsing/membership pages.
- Correction and supplementation: any record can be edited directly on its detail page; categories, ledgers and budgets can all be modified in the App.
- Deletion: any record can be deleted in the App (physically purged after 30 days); you may also uninstall the App to erase all local data (please export a backup first — local data lost through uninstalling cannot be recovered by us).
- Export (portability): export your records via Settings → Data Export. CSV export of your record details (date, type, item, category, amount) is free for all users; premium formats such as full JSON backup and Excel reports, and bulk import, are member features.
- Withdrawal of consent: you may turn off microphone, speech-recognition and notification permissions in system settings at any time; signing out stops cloud-parsing uploads and other account-related processing. Withdrawal does not affect the validity of processing already carried out based on your consent, nor the availability of local bookkeeping.
- Restriction and objection: you may restrict or object to specific processing of your personal information — by not using or disabling the relevant feature (e.g., not using voice bookkeeping, not signing in), by signing out, or by sending us a request via Section 12; we will respond and act within 15 business days.
- Account deletion: see Section 7.
- Explanations and complaints: you may ask us to explain our personal-information processing rules. If you believe our processing harms your lawful rights and interests, you may complain via Section 12 and we will reply within 15 business days; you may also complain or report to competent authorities such as the cyberspace administration and market regulation departments.
If you cannot complete the above in the App yourself, you may email the address listed in Section 12. For security, we may first need to verify your identity.
7. Account Deletion
- You may initiate deletion yourself at any time in the App under Me → Account → Delete Account; it is executed after confirmation, normally without calling support or submitting extra documents. To protect your account, we may first need to verify your identity where there are signs of account theft or abnormal activity. Once the Android edition is on Google Play, we will also provide a web deletion channel on our site (voiceexpense.com/delete-account) so you can request deletion without installing the App.
- Once effective, we delete within 15 business days all server data under your account: identity records (including the anonymous device identifier record), credit counters, check-in records, membership records, and (once cloud backup is live) all your cloud-backup files; your login token is invalidated immediately upon deletion. Please understand that data held in disaster-recovery backup systems is not erased instantly but is overwritten when the backup cycle rotates (no more than 30 days), and is not used for any other processing in the interim.
- Retention exception: to prevent the same identity from repeatedly claiming free trial credits via delete-and-re-register (a legitimate anti-fraud purpose), after deletion we retain only a single irreversible verification record derived from your sign-in identity via a salted one-way hash. It cannot be reversed to any original information, is linked to no account, and is used solely to check whether trial credits were already claimed.
- Please note in particular: deletion removes the cloud account; the bookkeeping data on your device is not deleted and remains entirely under your control. To erase it too, uninstall the App or delete the data in-app.
- Deletion does not affect billing arrangements of subscriptions purchased through app stores. To stop auto-renewal, cancel separately in the respective store's subscription management page (see 1.4(4) for paths).
8. Protection of Minors
- The App is intended primarily for adults. If you are a minor under 14, do not register an account or use cloud features yourself; please have your parent or other guardian read this policy and use the App under their consent and guidance.
- We do not knowingly collect personal information of minors under 14. If we find that children's personal information was collected without verifiable prior guardian consent, we will endeavor to delete it as soon as possible. Guardians who become aware of such a situation are asked to contact us via Section 12.
9. Updates to This Policy and Delivery of Notices
- We may revise this policy from time to time due to legal changes or product changes (e.g., launch of planned features such as cloud backup, Google/Huawei sign-in, or advertising SDKs). We will not reduce your rights under this policy without your explicit consent.
- After an update we will notify you in the App in a prominent manner such as an update notice, pop-up or announcement, and update the version number and date above; historical versions are available on request via Section 12. The updated policy takes effect on its published effective date. Continuing to use the App after receiving the update notice constitutes acceptance of the revised policy; if you disagree, you should stop using the relevant features or the App, and may delete your account under Section 7.
- For material changes — such as substantive changes to the purposes, methods or categories of personal-information processing — we will obtain your consent again in a prominent manner such as a pop-up before they apply; the “continued use constitutes acceptance” rule does not apply to such material changes.
- Delivery of notices: notices related to this policy (update notices, security-incident notifications, feature announcements) may be given via in-app pop-up, push notification, announcement or the email address you provide, and are deemed delivered on the date of publication or sending. Please watch for in-app notices.
10. Liability and Your Obligations (Please Read Carefully)
- You are responsible for the truthfulness and legality of the information you enter or import. The App is a personal bookkeeping tool; its statistics, charts and budget features merely organize your own records and do not constitute investment, financial, tax or legal advice.
- Speech-recognition and AI-parsing results may contain errors and are for reference only; please verify before saving. Errors arising from recognition or parsing deviations can be corrected by you at any time; we bear no liability for losses arising therefrom, except where caused by our intent or gross negligence, and without prejudice to your statutory rights.
- To the extent permitted by law, we are not liable for data loss or leakage caused by force majeure (including natural disasters, war, strikes, riots, epidemics and containment measures, government actions, changes in laws or regulatory policies, telecom line failures, large-scale network or power outages, hacking, computer viruses and other unforeseeable, unavoidable and insurmountable circumstances), by failure or loss of your own device, by your failure to safeguard exported files or to make backups, or for interruptions or data processing of third-party services (app stores, system speech recognition, iCloud, etc.) not attributable to our fault; provided that this clause does not exempt liability arising from our intent or gross negligence, nor exclude your statutory rights.
- The App's online features (cloud parsing, check-in, account and membership verification, etc.) may be affected by devices, networks, maintenance and upgrades; we do not warrant that they will be uninterrupted or error-free. Where online features are temporarily unavailable due to maintenance, upgrades or failures, we will restore them as soon as possible; local bookkeeping is unaffected. To the extent permitted by law we bear no liability for such temporary interruptions, except where caused by our intent or gross negligence; if membership services are unavailable for an extended period for reasons attributable to us, we will provide reasonable compensation such as extending the membership term.
- Liability cap: except as otherwise expressly provided by law or this policy, our aggregate liability arising from your use of or inability to use the App and related services (whether in contract, tort or otherwise) shall in no event exceed the total fees you actually paid us for the App in the twelve months preceding the event giving rise to liability (if any); if you paid nothing, our liability is capped at RMB 100. To the extent permitted by law, we are not liable for indirect losses, loss of anticipated profits or loss of the commercial value of data. This cap does not apply to damage caused by our intent or gross negligence, or to personal injury.
- If any provision of this policy is held invalid in whole or in part, the remaining provisions remain effective; the invalid provision shall be reinterpreted and applied, without violating the law, in the manner closest to its original purpose.
11. Dispute Resolution and Governing Law (Please Read Carefully)
The formation, validity, interpretation, performance and dispute resolution of this policy are governed by the laws of the mainland of the People's Republic of China (excluding conflict-of-laws rules). Any dispute arising from this policy or the use of the App shall first be resolved through friendly negotiation; failing that, you agree to submit the dispute to the competent people's court at our place of domicile — Wuyuan County, Bayannur, Inner Mongolia Autonomous Region.
The foregoing does not affect your statutory right to complain or report to competent authorities such as the cyberspace administration and market regulation departments (see Sections 6 and 12).
12. How to Contact Us
For any question, comment, complaint or rights request concerning this policy or personal-information protection, please contact us as follows; we will reply within 15 business days:
Operator: Inner Mongolia Xuanqian Technology Co., Ltd.
Registered address: Unit 25-6, Hongya New Town, Longxingchang Town, Wuyuan County, Bayannur, Inner Mongolia, China
Dedicated personal-information email: privacy@xuanqiantech.com (personal-information matters only; reply within 15 business days)
General contact: contact@xuanqiantech.com
Official website: xuanqiantech.com (ICP filing: 蒙ICP备2026005964号-1)
If you are dissatisfied with our reply, or believe our processing of personal information harms your lawful rights and interests, you may also complain or report to competent authorities such as the cyberspace administration and market regulation departments, or resolve the dispute as agreed in Section 11.
This policy is made and published in Chinese. Versions in any other language are provided for convenience only; in case of any ambiguity or discrepancy with the Chinese version, the Chinese version shall prevail.
Inner Mongolia Xuanqian Technology Co., Ltd.
July 6, 2026