Net-Diagnotor Privacy Policy
Effective: 2026-06-04 · Policy Version: v9
App-specific Privacy Policy is self-hosted by our Server: https://api-net-diagnotor.zinben.net/legal/privacy-policy.en.html. The legal entity name and the company-wide master Privacy Policy URL are rendered in the "Company-Level Legal Documents" section at the bottom of this page (single source of truth, injected from
AppConfig.Legal.companyPrivacyPolicyUrlbyLegalDocRenderer). Relationship: this app-specific policy is the specific application of the company-wide master policy to Net-Diagnotor. Where they do not conflict, this policy applies first; for matters not covered here, the company-wide policy applies.Material updates trigger a "new version" prompt in Settings → Privacy and re-show the first-launch consent screen.
Contact: contact@zinben.com
1. Who We Are
Net-Diagnotor (the "App", "we") is a network-diagnostic and Discovery mobile application developed and operated by the Zinben team. Our data-protection contact is contact@zinben.com.
2. Data We Collect — Why and How Long
| Category | Examples | Source | Purpose | GDPR Lawful Basis | Retention |
|---|---|---|---|---|---|
| Device IDs | IDFA / Android Ad ID (after consent), App Instance ID, Crashlytics Installation UUID (Android only) | OS / SDK | Ad serving, analytics, crash attribution | Consent (Art.6(1)(a)) / Legitimate interest (Art.6(1)(f)) | While consent is granted, max 60 days |
| Device info | Model, OS version, screen, language, carrier, network type | OS | Diagnostics, product improvement, ad serving | Legitimate interest | 90 days |
| Ad anti-fraud & attribution signals | OAID / Android ID (where available to the OS / SDK), installed-app list (subject to OS restrictions), accelerometer / gyroscope / gravity / magnetometer sensor data | Ad SDKs (such as Tencent GDT, Android ad builds only) | Ad serving, anti-fraud, ad measurement, attribution | Consent (Art.6(1)(a)) / Legitimate interest (Art.6(1)(f)) | While consent is granted, max 60 days |
| Coarse location | Country / region resolved server-side via GeoLite2, local IP-lookup logic, and fallback third-party services (Baidu IP / ip-api.com; only the public IP is transmitted) | Server / 3rd-party IP lookup services | Discovery map regionalization, regional ads | Legitimate interest | Not stored as raw IP — only de-identified IP prefix (IPv4 last octet zeroed; IPv6 truncated to /48) is persisted in probe records |
| Discovery probe records | Timestamp, carrier, network type, signal strength, connectivity result, de-identified IP prefix | App | Network reachability heatmap, carrier-quality stats, community sharing | Legitimate interest / Consent | Server-persisted ≤ 90 days (matches scheduler), exposed only as aggregates |
| Usage & ad events | Screen views, button taps, ad impressions / clicks | App | Funnel analysis, ad measurement | Consent / Legitimate interest | 90 days (analytics) / 60 days (ads) |
| Crash & performance | Stack traces, custom logs, request latency, frame rate | SDK | Stability and performance optimization | Legitimate interest | 90 days |
| Purchase data | Transaction ID / Original Transaction ID / Purchase Token / Subscription ID / OpenDev order ID | StoreKit / Google Play / Huawei IAP / OpenDev Web Payment (official / Desktop builds) | Subscription validation, tip fulfillment, refund handling, tax compliance | Contract (Art.6(1)(b)) / Legal obligation (Art.6(1)(c)) | 5 years (tax retention) |
| OpenDev account ID | accountId, sign-in method metadata (OAuth / phone / email; no passwords) | OpenDev Accounts (via Server BFF) | Cross-device entitlement sync, account binding | Contract | While account is active; deleted on unbind per DSR |
| Rewarded Basic membership | deviceId / accountId (when signed in), rewarded-ad claim records | Server + ad SDKs (portal Web / some app channels) | Short-term Basic days after rewarded video | Consent / Contract | Matches reward validity; audit logs ≤ 90 days |
| Discovery short-video interactions | deviceId (required); accountId when signed in (OpenDev, Bearer-verified, not forgeable via URL) | App Discovery H5 WebView | Like / favorite / follow PGC authors; anonymous view stats | Legitimate interest / Contract | Raw events ≤ 90 days; when signed in, interaction view may sync across bound devices; unbind / sign-out reverts to device-only view without deleting history |
| Portal speed test (M-Lab) | Speed-test session metrics (including client public IP address, up/down/latency; no account) | Submitted to Measurement Lab (M-Lab) NDT7 after explicit user consent | M-Lab public network-measurement dataset (IP and related fields may be publicly retained long-term) | Consent | Retained by M-Lab under its policy (see measurementlab.net/privacy); we do not build separate user profiles |
| Portal monitor check | Checks run in the browser; check results are not uploaded (except when you manually copy JSON) | Portal Web / in-app WebView (NetSafe H5) | Network environment self-check (DNS, proxy, clock drift, etc.) | Legitimate interest / user-initiated | Not stored; same-origin probe APIs are real-time only |
| User-submitted content | Text and device model in feedback / Discovery / forum | User | Customer support, community ops | Consent / Contract | Until user deletion, lawful deletion request, or service sunset |
We do not collect: precise GPS, contacts, photo library (unless the user explicitly attaches to a feedback ticket), biometrics, or health data.
Note on Discovery probe records: to power Wi-Fi / cellular signal heatmaps and community sharing, probe records are persisted server-side (the
probe_recordstable). The server never stores the full IP — only a de-identified prefix (IPv4 last octet zeroed; IPv6 truncated to /48) is kept, used solely for carrier- and region-level aggregates. All public endpoints return aggregated results, never per-device data.
3. Sharing With Third Parties
We share certain data with the SDK / service providers below. The complete list (versions, fields, provider privacy links) is maintained at: https://api-net-diagnotor.zinben.net/legal/sdk-list.html
Categories:
- Advertising & monetization: Google AdMob (with UMP consent; configured with
maxAdContentRating=G+tagForChildDirectedTreatment=NO, consistent with our current Google Play / App Store age ratings), Tencent GDT (China channels only; may collect OAID / Android ID, device information, installed-app list, and accelerometer / gyroscope / gravity / magnetometer sensor data for ad serving, anti-fraud and measurement), Huawei Ads Kit (Publisher Service, HarmonyOS NEXT Ark client only); portal Web (netdiagnotor.zinben.com) shows web ads by region: Tencent GDT H5 (CN mobile Web), Baidu Union (CN desktop Web), Google AdSense (overseas Web; separate from in-app AdMob IDs; CN mobile Web rewarded video may grant short-term Basic membership; see third-party SDK disclosure) - Analytics & crash: Firebase Analytics / Performance; Crashlytics (Android & KMP only, not integrated on iOS)
- Payments: Apple StoreKit / Google Play Billing / Huawei IAP (Android Huawei flavor) / HarmonyOS IAPKit (HarmonyOS NEXT AppGallery build) / OpenDev Web Payment (official APK, Desktop, and some channels via browser checkout; WeChat / Stripe etc. processed by OpenDev and payment providers — we do not store card numbers)
- Accounts: OpenDev Accounts (optional sign-in via Server-hosted H5 + BFF for cross-device entitlements)
- Maps & geolocation: AMap / Mapbox / MaxMind GeoLite2 / Baidu IP / ip-api.com (public IP-lookup service, only the raw IP is sent)
- Portal speed test: after explicit consent on the portal speed-test page, metrics (including IP address) are sent via M-Lab NDT7 to Measurement Lab's public dataset, which may be publicly retained long-term for research — see https://www.measurementlab.net/privacy/
- Portal monitor check: when you run Monitor check on the portal or in an in-app WebView, checks run in the browser and we do not upload or store check results. Some modules may connect directly from your browser to DoH / public IP lookup services (similar to the portal DNS tool). Same-origin
/api/v1/tools/netsafe/probe endpoints (echo / time / cert) return real-time responses only and are not persisted.
We do not:
- Sell your personal information (CCPA
Do Not Sell My Personal Information); - Use ads / analytics data for legal, credit, hiring, or other automated decision-making;
- Transmit location, device IDs, installed-app lists, or sensor data to advertising / analytics SDKs before you complete the basic privacy-policy choice.
4. Your Choices and Rights
4.1 Consent Management
- First launch: a consent screen offers two choices:
- "Agree and Continue" — we deliver personalized ads based on your interests and collect Analytics / Crashlytics data to improve the product;
- "Decline (show non-personalized ads only)" — we still show non-personalized ads (not based on your interests or behavior) but will not upload Analytics / Crashlytics data. To remove ads entirely, upgrade to Pro.
- Any time: in Settings → Privacy you can:
- Toggle Personalized Ads off (still shows ads, no longer interest-based);
- Toggle Usage & Crash Data off;
- Revoke Consent (immediately stops all SDK data collection and re-shows first-launch consent);
- Reopen the Privacy Options form (Google UMP) on overseas channels.
- After choosing "Decline", you may upgrade to the full experience (personalized ads / Analytics) at any time by toggling the relevant switch in Settings → Privacy; we will re-confirm your consent before applying the change.
- iOS system tracking toggle: Settings → Privacy & Security → Tracking → Net-Diagnotor.
4.2 GDPR / CCPA / China PIPL Data Subject Rights
You have the right to access, correct, delete, port, restrict, or object — and, under CCPA, to opt out of "sale".
- Withdraw consent any time in the App via Settings → Privacy;
- Self-serve device-bound historical data deletion: tap Settings → Privacy → Delete My Data
and confirm twice; the server will then physically delete, by
DeviceId, all records in probe records (probe_records), follow lists (probe_followees), feedback (help_feedback), Discovery short-video interaction events on this device (discovery_short_video_events, matched by one-way deviceId hash), and this device's short-video account alias (discovery_short_video_device_account_links).- Scope: only the categories above for this device; does not delete the same account's events on other bound devices;
- Rate limit: at most once per hour per device (anti-mistap + anti-abuse);
- Out of scope: subscription / tax-related data (kept for the 5-year statutory tax retention; cancel via App Store / Google Play / Huawei account); server access logs (90-day rolling purge, IP / DeviceId already minimized);
- Backups: the primary database is purged immediately; offline backups (DB snapshots / archives)
roll over within at most 30 days. After any backup-restore drill, the latest DSR deletion
list is re-applied so that already-deleted
DeviceIddata never reappears.
- Access / export / correction / cross-device deletion or other rights requests by
emailing contact@zinben.com with subject
[Privacy] DSR Requestand your device model + approximate first install date.
We respond within 30 days to email requests. Self-serve deletion is effective immediately. Step-by-step guide: https://api-net-diagnotor.zinben.net/legal/revoke-consent.html
4.3 Children
Our content ratings on the App Store, Google Play, Huawei AppGallery, and other stores are
4+ / all ages (as shown on each store listing). That reflects content suitability for a
general audience. We do not market the App as directed at children. We configure AdMob
with tagForChildDirectedTreatment=NO and maxAdContentRating=G, consistent with this approach.
Age requirements for personal-information processing:
- We do not knowingly collect personal information from children under 14 in mainland China.
- Users under 13 (US COPPA) or 16 (EEA/UK and some other regions, as applicable local law requires) should use the App only with guardian consent and supervision.
- If you are a guardian and believe we have inadvertently collected a child's information, contact contact@zinben.com to request deletion.
5. Security
- All network traffic uses HTTPS / TLS 1.2+.
- No plain-text sensitive data persisted on device.
- Server retains only required diagnostic / analytics data and purges per the retention schedule in §2; all IPs are de-identified before persistence.
- Internal access follows least-privilege; all access is audited.
6. International Transfers
- AdMob / Firebase / Crashlytics data is processed by Google in its global data centers (including the EU and the US) under EU Standard Contractual Clauses and the EU-US Data Privacy Framework.
- GDT / Huawei IAP / Huawei Ads Kit / HarmonyOS IAPKit data is processed by Tencent / Huawei within China.
- Net-Diagnotor's own API and business database run on Tencent Cloud in Hong Kong, China. If you access the product from mainland China, relevant server-side data may be transferred cross-border to Hong Kong for processing and storage.
- If you are a mainland China user, in addition to this notice we assess the necessity of cross-border transfer under applicable law and, where required, follow procedural obligations such as personal-information protection impact assessments and standard contracts (as required by regulators and our compliance program).
- The public portal (
netdiagnotor.zinben.com) is static hosting only. Anonymous conversion analytics on the portal (e.g. download button clicks, app-download gate impressions) contain no account, email, or precise IP; events are sent to the Hong Kong API above, retained for about 90 days as raw events, then rolled into anonymous daily aggregates for product improvement. - Discovery short videos (PGC clips in the in-app Discovery H5 WebView) use anonymous view
analytics (play start / complete / like via a one-way deviceId hash, no account, email, or
precise IP), stored on the same Hong Kong API for about 90 days with anonymous daily
aggregates for content operations and product improvement. When signed in with OpenDev,
likes / favorites / follows may also be linked to a one-way accountId hash and sync across
devices bound via
device bind; unbind or sign-out reverts to a device-only view without deleting historical events until retention expires or you exercise deletion rights. - Data of overseas users may also transit third-party SDK infrastructure cross-border.
7. Subscription & Purchase Data
7.1 Store IAP
When you subscribe via App Store / Google Play / Huawei AppGallery (Android Huawei APK or HarmonyOS NEXT Ark build), we collect the following data to manage subscription state:
| Data | Source | Purpose | Storage |
|---|---|---|---|
Apple originalTransactionId / Google purchaseToken / Huawei purchaseToken | StoreKit 2 / Play Billing / Huawei IAP / HarmonyOS IAPKit | Subscription identification, prevent duplicate provisioning | Device-local (App Group / Keychain / EncryptedSharedPreferences) + server-side order ledger |
| Subscription product ID | Same as above | Identify which product you bought | Same as above |
| Expiration date | Same as above | Determine entitlement status | Same as above |
revocationDate (refund time) | Same as above | Detect refunds and revoke entitlement promptly | Same as above |
We do not collect: credit card info (handled by the payment platforms), Apple ID / Google Account / Huawei Account, family member information.
Third-party processors:
- Apple: handles iOS subscription lifecycle. Privacy policy: https://www.apple.com/privacy/.
- Google: handles Android subscription lifecycle. Privacy policy: https://policies.google.com/privacy.
- Huawei: handles Android Huawei-channel and HarmonyOS NEXT Ark subscription lifecycle. Privacy policy: https://consumer.huawei.com/en/legal/privacy-policy/.
7.2 OpenDev Web Payment (official / Desktop)
For Basic / Pro subscriptions or one-time tips via the Server-hosted checkout H5 (OpenDev
Web Payment) on official APK, Desktop, and some other channels, we record OpenDev order IDs,
productId, deviceId / OpenDev accountId, and payment status for fulfillment and tax
compliance — not full payment credentials. Renewal/cancellation follows OpenDev checkout and
the relevant payment provider; contact contact@zinben.com for order lookup.
7.3 Rewarded Basic (rewarded membership)
Some surfaces (including CN mobile portal Web) let you earn short-term Basic days by watching rewarded video ads (daily cap and stack cap as shown in-app / on the portal). Watching rewarded ads does not charge you; earned Basic days are not a paid subscription or auto-renewing plan — no automatic billing when they expire.
Detailed consumer-side subscription rules (auto-renewal, cancellation, refund, cross-device restore, family sharing, free trial) are in Net-Diagnotor Subscription Terms.
8. Updates
For material changes we will:
- Show a "new version" notice in Settings → Privacy;
- Increment the backend
LEGAL_POLICY_VERSIONso the App re-shows the first-launch consent on next launch.
Prior versions are available on request to contact@zinben.com.
9. Relationship with the Company-Wide Master Privacy Policy
Net-Diagnotor is operated by Zinben. This app-specific policy is the specific application of the company-wide master Privacy Policy to Net-Diagnotor. Where they do not conflict, this policy applies first; for matters not covered here, the company-wide policy applies. Company-wide rules (global office addresses, DPO contact, cross-product data-sharing framework, etc.) are governed by the master policy.
The legal entity name, master Privacy Policy URL, and contact email are rendered in the "Company-Level Legal Documents" section below. The backend can adjust them via the
LEGAL_COMPANY_NAME/LEGAL_COMPANY_PRIVACY_POLICY_URLenvironment variables without editing this Markdown file.
Zinben Net-Diagnotor Team · Last updated: 2026-05-31