XiaoYu Blog 隐私政策
更新日期:2026年5月29日
生效日期:2026年5月29日
我们是谁
本站地址:https://xiaoyublog.tdmc.top/
运营者:华曦博
备案主体:华晨光
联系地址:广东省深圳市龙华区鹊山工业区云峰路5号
数据保护联系邮箱:xiaoyu_admin@tdmc.top
我们收集何种及为何收集个人数据
评论
当访客在本站文章下发表评论时,我们会收集评论表单中显示的数据(昵称、电子邮件地址、网址(可选)),以及访客的 IP 地址 和 浏览器 User-Agent 字符串,用于帮助检测垃圾评论。
您的电子邮箱地址创建的哈希字符串可能会被提供给 Gravatar 服务,以检查您是否使用该服务。Gravatar 的隐私政策见:https://automattic.com/privacy/ 。在您的评论被批准后,您的头像(如有)将对公众可见。
您可以随时通过 WordPress 后台或请求我们来编辑或删除自己的评论,删除后相关数据将立即移除。
媒体
如果您上传图片或其他媒体文件至本站,请避免上传包含嵌入的 EXIF GPS 位置数据的文件,因为其他访客可能会下载并提取其中的位置信息。您可以自行在媒体库中管理文件,并随时公开、隐藏或删除它们。
联系表单
本站目前未安装联系表单插件。未来如果添加,我们将在本节更新说明所收集的数据类型、用途及保存期限,并取得您的同意。
人机验证
我们在登录、注册等关键页面接入了 Cloudflare Turnstile 人机验证服务,用于自动区分人类用户与恶意机器人。Turnstile 可能会自动收集您的 IP 地址、浏览器特征、行为数据 等必要技术信息以完成验证,且可能设置必要的会话 Cookie。这些数据由 Cloudflare 处理,其隐私政策详见:https://www.cloudflare.com/privacypolicy/ 。Turnstile 不会使用这些数据用于广告或追踪目的。
Cookies
本站使用必需型 Cookies 以确保基本功能,不涉及任何广告追踪。具体包括:
- 评论 Cookie:当您发表评论时,可选择“记住我的姓名、电子邮件地址和网站”,这些信息将存储在 Cookie 中,方便您下次评论时无需重新填写。这些 Cookie 会保留一年。
- 登录 Cookie:当您登录时,我们会设置一个临时 Cookie 以检测您的浏览器是否接受 Cookie,该 Cookie 不包含任何个人数据,并在您关闭浏览器时被删除。登录后,还会设置几个 Cookie 来保存您的登录信息和屏幕显示选项。登录 Cookie 保留两天,“记住我”选项下的登录 Cookie 保留两周,屏幕选项 Cookie 保留一年。如果您编辑或发布文章,还会保存一个额外的 Cookie,它只记录您刚刚编辑的文章 ID,并在一天后过期。
- 安全与认证 Cookie:用于防范 CSRF 攻击及保持身份验证状态的会话 Cookie,由 WordPress 及我们集成的 Logto 认证系统设置,均为会话级别且不含个人数据。
- Cloudflare Turnstile Cookie:为了完成人机验证,Cloudflare 可能会设置名为
__cf_bm等的必要 Cookie,这些 Cookie 属于功能性 Cookie,不用于跨站追踪。
您可以在浏览器设置中禁用 Cookie,但这可能导致评论记忆、自动登录、人机验证等功能失效。
其他站点的嵌入内容
本站文章可能包含嵌入内容(如视频、图片、推文等)。这些嵌入内容的行为等同于您直接访问来源网站,它们可能收集您的数据、使用 Cookie、嵌入第三方跟踪,并在您已登录该网站的情况下监控您的交互。我们对这些站点的隐私实践不承担责任。
统计
本站未使用任何第三方统计工具(如 Google Analytics、百度统计)。服务器日志仅用于安全监控和故障排查,日志中包含 IP 地址、访问时间等信息,但不用于用户行为分析或营销目的。
我们与谁共享您的信息
我们不会出售、交易或以其他方式将您的个人数据转移给第三方,除非:
- 自托管服务:本站的邮件发送(SMTP)与身份认证(Logto)服务均部署在同一台服务器上,数据不会离开服务器环境。
- Cloudflare:为了提供人机验证服务,部分验证数据(如 IP 地址)会被传输至 Cloudflare 进行处理,我们已与其签订数据处理协议。
- 法律要求:应政府部门、司法机关的强制要求,我们可能依法提供必要数据。
- 权益保护:为防止欺诈、安全事件等紧急情况。
我们保留多久您的信息
- 评论:评论内容及其元数据将无限期保留,除非您主动删除或要求我们删除。这样做是为了自动识别并批准后续评论,而无需将其保留在待审核队列中。
- 注册用户:您的账户信息在账户存续期间保留。您可以随时查看、编辑或删除您的个人信息(用户名不可更改)。注销账户后,我们将在15个工作日内删除或匿名化您的数据。
- 媒体:您上传的文件保留至您自行删除为止。
- 服务器日志:安全日志保留至少六个月以满足《网络安全法》要求。
- 其他暂存数据:如两步验证(MFA)的验证码仅在验证期间临时生成,使用后立即失效,不被存储。
您对您的信息有什么权利
依据中国《个人信息保护法》和欧盟 GDPR,您拥有:
- 访问与导出:获取您的个人数据副本;
- 更正:修改不准确或不完整的信息;
- 删除与注销:要求删除数据或注销账号(可通过
xiaoyu_admin@tdmc.top申请,15个工作日内响应); - 限制处理:在特定情形下限制我们对您的数据的使用;
- 数据携带:将数据转移至其他服务商;
- 撤回同意:对于可选收集的信息(如未来的手机号),可随时撤回同意;
- 自动化决策:本站不进行任何自动化决策或用户画像。
您的数据将发送到何处
所有数据存储在位于中国大陆宁波的服务器上。访客评论可能会通过自动垃圾检测服务(目前为 WordPress 内置的反垃圾机制,未来可能接入 Akismet 等,届时会更新本政策)进行检查。
由于使用了 Cloudflare Turnstile,您的部分验证数据可能会被传输至 Cloudflare 全球网络进行处理,但我们确保其符合数据保护法规(Cloudflare 已通过 ISO 27001 等认证)。我们承诺核心个人数据不会转移至境外,如有必要将进行安全评估并获取您的单独同意。
联系信息
数据保护相关问题,请联系:
数据保护负责人:华曦博
邮箱:xiaoyu_admin@tdmc.top
地址:广东省深圳市龙华区鹊山工业区云峰路5号
其他信息
我们如何保护您的数据
- 采用 HTTPS 全程加密传输。
- 服务器部署安全防护软件,实时监测入侵。
- 实施双因素认证(MFA)、严格的访问控制和定期备份。
- 相关人员接受数据保护培训。
我们有何种数据泄露处理流程
一旦检测到实际或潜在的数据泄露,我们的安全系统会立即通知运营者。我们承诺:
- 在 72 小时内向监管部门报告;
- 第一时间通过邮件或站内公告通知受影响用户;
- 与用户协商处理,提供补救措施,并采取技术手段防止事态扩大。
我们从哪些第三方接收数据
本站目前不从任何第三方接收用户数据。未来若启用社交账号登录,认证过程由第三方(如 GitHub、微信)完成,我们仅获取必要的身份标识(如 OpenID),第三方不会从本站获取您的任何数据。
行业监管披露要求
本站已依法完成 ICP 备案(黑 ICP备2023000867号-3)与 公安网备(黑公网安备23060002000308号),遵守《个人信息保护法》《网络安全法》《数据安全法》及国际数据保护法规。
Who We Are
Site URL: https://xiaoyublog.tdmc.top/
Operator: Xibo Hua
Filing Holder: Chenguang Hua
Address: No. 5, Yunfeng Road, Queshan Industrial Zone, Longhua District, Shenzhen, Guangdong, China
Data Protection Contact: xiaoyu_admin@tdmc.top
What Personal Data We Collect and Why
Comments
When visitors leave comments on the site, we collect the data shown in the comments form (name, email address, website (optional)), as well as the visitor’s IP address and browser User-Agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval of your comment, your profile picture (if any) is visible to the public.
You can edit or delete your own comments at any time through the WordPress dashboard or by contacting us; the related data will be removed immediately.
Media
If you upload images or other media files to the website, you should avoid uploading files with embedded location data (EXIF GPS) included. Visitors can download and extract any location data from images on the website. You can manage your files in the Media Library and choose to make them public, hidden, or delete them at any time.
Contact Forms
We currently do not use any contact form plugin. If we add one in the future, this section will be updated to explain what data is collected and why.
Bot Verification
We use Cloudflare Turnstile on key pages (login, registration) to automatically distinguish humans from malicious bots. Turnstile may collect technical information such as your IP address, browser characteristics, and behavioral data to complete the verification, and may set necessary session cookies. This data is processed by Cloudflare; please refer to their Privacy Policy: https://www.cloudflare.com/privacypolicy/ . Turnstile does not use this data for advertising or tracking purposes.
Cookies
We use strictly necessary cookies to ensure basic functionality, without any advertising tracking:
- Comment Cookies: When you leave a comment, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- Login Cookies: When you log in, we set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. Upon login, several cookies are set to save your login information and screen display choices. Login cookies last for two days, “Remember Me” login cookies persist for two weeks, and screen options cookies last for a year. If you edit or publish an article, an additional cookie will be saved in your browser; this cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
- Security and Authentication Cookies: Session-level cookies used for CSRF protection and maintaining authentication state, set by WordPress and our integrated Logto authentication system. They contain no personal data.
- Cloudflare Turnstile Cookies: Cloudflare may set necessary cookies such as
__cf_bmto complete the bot verification. These are functional cookies and are not used for cross-site tracking.
You can disable cookies in your browser settings, but this may affect comment memory, automatic login, and bot verification functionality.
Embedded Content from Other Sites
Articles on this site may include embedded content (e.g., videos, images, tweets). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content. We are not responsible for their privacy practices.
Analytics
We do not use any third-party analytics tools (e.g., Google Analytics). Server logs are kept solely for security monitoring and troubleshooting; they include IP addresses and timestamps but are not used for user profiling or marketing.
Who We Share Your Data With
We do not sell, trade, or transfer your personal data to third parties except:
- Self-Hosted Services: Our email delivery (SMTP) and authentication (Logto) services run on the same server; data never leaves the server environment.
- Cloudflare: To provide bot verification, some verification data (e.g., IP address) is transmitted to Cloudflare for processing under a data processing agreement.
- Legal Obligations: When required by law, court order, or governmental request.
- Protection of Rights: To detect, prevent, or address fraud, security, or technical issues.
How Long We Retain Your Data
- Comments: Comments and their metadata are retained indefinitely unless you delete them. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
- Registered Users: Your personal information is stored in your user profile. You can see, edit, or delete your personal information at any time (username cannot be changed). After account deletion, we will delete or anonymize your data within 15 business days.
- Media: Uploaded files are kept until you delete them.
- Server Logs: Security logs are kept for at least six months to comply with legal requirements.
- Temporary Data: MFA verification codes are generated transiently and are not stored.
What Rights You Have Over Your Data
Under Chinese PIPL and EU GDPR, you have the right to:
- Access and export your data;
- Rectify inaccurate or incomplete information;
- Erasure and account deletion (contact
xiaoyu_admin@tdmc.top, response within 15 business days); - Restrict processing under certain conditions;
- Data portability to another service;
- Withdraw consent for optional data collection;
- No automated decision-making: We do not perform profiling or automated decisions.
Where Your Data Is Sent
All data is stored on a server located in Ningbo, Mainland China. Visitor comments may be checked through an automated spam detection service (currently WordPress built-in anti-spam; future integrations such as Akismet will be disclosed here).
Due to Cloudflare Turnstile, some verification data may be transmitted to Cloudflare’s global network for processing. We ensure that such transfers comply with data protection regulations (Cloudflare holds ISO 27001 certifications, etc.). We do not transfer core personal data outside China; if such a transfer becomes necessary, we will conduct a security assessment and obtain your explicit consent.
Contact Information
Data Protection Officer: Xibo Hua
Email: xiaoyu_admin@tdmc.top
Address: No. 5, Yunfeng Road, Queshan Industrial Zone, Longhua District, Shenzhen, Guangdong, China
Additional Information
How We Protect Your Data
- Full HTTPS encryption in transit.
- Security protection software on the server with real-time intrusion monitoring.
- Multi-factor authentication (MFA), strict access controls, and regular backups.
- Staff handling data are trained on data protection.
Data Breach Procedures
In the event of a breach, our monitoring system immediately alerts the operator. We will:
- Report to the relevant supervisory authority within 72 hours;
- Notify affected users promptly via email or site notice;
- Work with users to mitigate harm and take corrective technical measures.
Third-Party Data Sources
We do not receive user data from third parties. If social login options are enabled later, the authentication process is handled by the third party (e.g., GitHub), and we only receive a minimal identifier; the third party does not receive any of our user data.
Industry Regulatory Disclosure
We are legally registered with ICP filing (ICP Bei 2023000867-3) and public security filing (Gong An Bei 23060002000308). We comply with the Personal Information Protection Law, Cybersecurity Law, Data Security Law, and international regulations such as GDPR.
© Copyright 2025-Now Y.M.A.C Inc. XiaoYu All Rights Reserved
