ACoinSight

Privacy Policy

Last updated: April 19, 2026

Overview

ACoinSight (the "App") is a desktop application for the digital appreciation of ancient Chinese coins, running on Apple's macOS platform. We adhere to the principle of "data minimization": the App does not require you to create an account, and does not collect your email address, name, phone number, contacts, photos, location, or any information that directly identifies you.

This policy explains the limited categories of data we may access or process in the course of providing our services, and how we protect them.

Information We Do Not Collect

Information We Process

1. Apple Receipts and Entitlement Tokens

When you unlock paid content through an Apple App Store in-app purchase, the App receives a transaction receipt issued by Apple. We transmit this receipt to our servers for authenticity verification; once verified, our server issues an entitlement token (JWT) back to the App, which is used to authorize subsequent access to resources. Both the receipt and the token are generated by Apple's StoreKit framework and do not contain your Apple ID or your real name.

2. Device-Derived Identifier

The App uses standard Apple APIs to derive an encryption key locally on your device (based on the device's userDataDir path combined with an application-embedded salt, generated through PBKDF2 iterations) in order to encrypt paid resources cached to disk. This key exists only locally on your device, never leaves the device, and is never uploaded to any server. Its sole purpose is to prevent encrypted resource files from being copied to and used on other devices.

3. Request Metadata

When you request resources from the App—such as 3D models, high-resolution images, or content manifests—our servers log standard HTTPS request metadata (timestamp, resource path, and HTTP status code) solely for troubleshooting and security auditing. This metadata is not associated with any identifying information.

Third-Party Service Disclosure

The App relies on the following third-party infrastructure to deliver its services:

Should the App integrate any additional third-party services in the future (for example, error tracking or analytics tools), we will disclose and update this policy before enabling them.

Local Data Storage and Encryption

The App stores the following data locally on your device (the entitlement token in the macOS Keychain; everything else within the app’s sandboxed Application Support container):

You may clear all local data at any time by uninstalling the App.

Gallery Mode and the Local MCP Interface

The App includes an optional feature called "Gallery Mode," designed for AI coding assistants (such as Claude Code, Cursor, and OpenClaw). It works as follows:

Your Rights

For Users in the European Economic Area, the United Kingdom, and Switzerland (GDPR / UK DPA)

With respect to any data we process that relates to you, you have the following rights: the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, please contact us using the details provided below.

Because the App does not collect information that identifies you, most requests (such as "access my data") may return a response of "no associated data." In practice, an "erasure" request is equivalent to "unbinding the entitlement token associated with your existing Apple purchase records."

For Users in California, Virginia, Colorado, and Other U.S. States (CCPA / CPRA / VCDPA, etc.)

You have the right to: (i) know the categories of personal information we collect and the purposes for which it is used; (ii) request deletion of personal information collected about you; and (iii) opt out of the "sale" or "sharing" of your personal information (the App does not sell or share any personal information).

The App does not discriminate against users who exercise their rights.

For Users in Other Regions (Japan's APPI, Korea's PIPA, Singapore's PDPA, Taiwan's Personal Data Protection Act, etc.)

We respect the rights afforded to you under the data protection laws of your region. Please contact us using the details provided below, and we will respond in accordance with applicable law.

Children's Privacy

The App is intended as a cultural appreciation tool for a general audience and is not directed at children under the age of 13. We do not knowingly collect any information from children under 13. If you are the parent or guardian of a child in this age group and believe your child has provided us with data, please notify us using the details provided below, and we will delete it promptly.

International Data Transfers

The App's server-side infrastructure (Cloudflare R2 / Cloudflare Worker) is operated by global service providers, and data may flow between multiple jurisdictions, including the United States and the European Union. All transfers are encrypted using TLS. Our contracts with these providers incorporate Standard Contractual Clauses or equivalent safeguards.

Changes to This Policy

If we make material changes to this policy, we will indicate them by updating the "Last updated" date within the App, and we will provide a prominent in-app notice of any significant change affecting your rights. Your continued use of the App constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, requests to exercise your rights, or any inquiries about this policy:

Email: support@acoinsight.com