Privacy Policy
Last updated: 2025-11-03
This Privacy Policy describes how SmartDisplay Mobile (also referred to as “Datou SmartDisplay App” or “the App”) handles information when you use the App to scan a device QR code, connect via Bluetooth Low Energy (BLE), and configure network settings.
Overview
We designed the App to collect the minimum data necessary to provide its core features: pairing with your SmartDisplay device, performing a secure handshake, and sending Wi‑Fi credentials to the device. Sensitive credentials are encrypted in transit and never written to persistent storage by the App.
Information We Collect
Depending on how you use the App, we may process the following data:
- Account information (optional): if you sign in, we process your email address and basic account identifiers via our authentication provider (Supabase).
- Device binding metadata: device identifier, device name, device public key, firmware version, and timestamps associated with binding the device to your account. This may be synchronized to our backend to enable multi‑device access.
- Diagnostic data (limited): non‑personal logs or error codes needed to troubleshoot connectivity issues, when applicable.
Sensitive Data Handling
- Wi‑Fi credentials: transmitted to your SmartDisplay device via an end‑to‑end encrypted channel (X25519 ECDH + AES‑GCM) and not stored by the App.
- Cryptographic material: session keys are generated in memory and cleared after use.
Permissions and Device Access
- Camera: used to scan device QR codes. No images or video are stored.
- Bluetooth: used to discover and connect to your SmartDisplay over BLE.
- Location (Android requirement for BLE): on some Android versions, location permission is required to perform BLE scans. The App does not collect or store your location.
- Photos/Media (optional): used only if you choose to pick an image for QR decoding or device avatar in the future; images are not uploaded without your action.
How We Use Information
- To provide core App functionality (QR scanning, BLE pairing, secure configuration).
- To synchronize your device bindings across sessions and devices when signed in.
- To maintain security, prevent misuse, and improve reliability.
Data Storage and Security
- Local: certain data (e.g., your saved device list and last selected device) may be stored locally and scoped to your signed‑in account using secure storage on your device.
- Cloud: account and device‑binding records may be stored with our service provider (Supabase). We apply access controls so that your account can only access your own records.
- Encryption: sensitive network credentials are never persisted and are protected in transit with modern cryptography.
Sharing and Disclosure
We do not sell your personal information. We may share limited data with service providers strictly to operate the App (e.g., authentication and data storage via Supabase). These providers process data on our behalf under appropriate agreements.
Children’s Privacy
The App is not directed to children under 13, and we do not knowingly collect personal information from children.
Your Choices and Rights
- Sign out: you can sign out at any time from the App’s profile page.
- Access/Deletion: to request access to or deletion of your account data, please contact us.
- Permissions: you can revoke camera, Bluetooth, and location permissions in your device settings; some features may stop working.
Changes to This Policy
We may update this Privacy Policy to reflect changes to the App or applicable laws. We will revise the “Last updated” date accordingly. Material changes will be communicated within the App or via release notes when appropriate.
Contact Us
If you have questions about this Privacy Policy or your data, please reach out via our issue tracker: [email protected]。