隐私政策 · 一句话先讲清
PRIVACY POLICY · TL;DR FIRST

你的数据,归你

Your data, stays yours.

Sift 不卖广告、不喂第三方训练、不囤你的对话换变现。 下面说清楚每一项 — 收集什么、怎么用、存哪里、你能做什么。

Sift does not sell ads, does not feed third-party training, does not hoard your conversations to monetize. Below is the line-by-line — what we collect, how we use it, where it lives, what you can do.

生效日期:2026-05-23 · 适用版本 v1

Effective: 2026-05-23 · Version v1

一、收集什么

账号信息:邮箱(必填,用于登录与重要通知)、订阅状态、付费记录。我们不要求你的真实姓名、电话或身份证。

对话内容与卡片:你跟 sift 说的话、sift 沉淀出来的卡片、你的笔记 — 这些是 sift 的全部内容。它们存在我们的服务器上,只跟你的账号绑定

设备信息:客户端版本、操作系统类型、屏幕尺寸 — 用于故障排查与适配。不收集设备 ID 用于跨服务追踪、不收集精确 GPS。

使用统计:每周对话条数、模型路由命中分布 — 仅用于改善路由质量与配额计算。匿名聚合,无法关联到个人。

二、怎么用

你的对话内容仅用于:提供 sift 服务本身(让 AI 回答、让记忆沉淀、让你下次能找回)。

  • 不卖给第三方
  • 不喂任何模型训练集(包括我们自己的,也包括上游 LLM 服务商的)
  • 不用于广告画像
  • 不在没有你同意的情况下提供给第三方分析平台

邮箱仅用于:登录、安全告警、订阅到期提醒。不发营销邮件,除非你主动订阅。

三、存哪里

数据加密存储(at rest)在我们位于美国洛杉矶的主服务器上。备份加密推送到上海(容灾镜像)与吉隆坡(异地冷备),均为加密密文,运维不可读取明文。

欧盟与英国用户的数据按 GDPR 标准合同条款(SCC)跨境传输;加州用户的删除请求按 CCPA 处理;中国大陆用户的数据按个人信息保护法(PIPL)的最小必要原则处理。

四、你的权利

  • 查看:在 App 内"设置 → 数据"看自己所有卡片与对话
  • 导出:一键导出为 .json.md,包含所有卡片明文
  • 删除:一键销户。销户后立即删除主库数据,备份在 30 天滚动周期内被覆盖;不存在 "30 天回收站" 可以反悔。删完就是真删完。
  • 反对处理:你可以随时关闭使用统计上报(在设置里),不影响功能使用

行使任何权利,App 内一键完成,或写信到 HuanNan520@outlook.com。我们承诺 30 天内回复。

五、LLM 调用

Sift 的核心是 AI 对话与记忆。我们调用以下 LLM 服务商完成推理(API 模式,不是把数据交给他们做训练):

  • DeepSeek(北京深度求索)— API 协议明确:API 请求不入训练集
  • SiliconFlow(硅基流动)— API 协议明确:不存储调用数据用于训练
  • Anthropic(Claude)— API 协议明确:不用于训练
  • OpenAI(GPT 系)— API 协议明确(zero retention 政策):不用于训练

每次请求只发送当前对话上下文与必要的卡片片段,不发整个 vault。所有上游服务商均签署数据处理协议(DPA),作为 GDPR 意义下的 data processor 而非 data controller。

六、Cookie

siftbrain.com 网站只用基本必要 cookie(登录状态保持、CSRF 防御)。不用 Google Analytics、Facebook Pixel 等任何第三方追踪。语言偏好用 localStorage 存在你的浏览器里,不上传服务器。

七、未成年人

Sift 不面向 13 岁以下用户。13–18 岁用户使用需监护人同意。欧盟用户按 GDPR-K 适用国年龄要求。

八、政策变更

这份隐私政策有重大变更时,我们会通过 App 内通知与邮件提前 30 天告知。本页底部永远显示当前生效版本与修订时间。

九、联系

任何与隐私相关的问题、投诉、数据主体权利申请:

HuanNan520@outlook.com

1. What we collect

Account info: your email (required for login and important notices), subscription status, payment records. We do not ask for your real name, phone number, or government ID.

Conversation content and cards: what you say to sift, the cards sift distills, the notes you write — this is the substance of sift. It lives on our servers, bound only to your account.

Device info: client version, OS family, screen size — used for diagnostics and rendering. We do not collect device IDs for cross-service tracking; we do not collect precise GPS.

Usage stats: weekly message counts, model routing hit distribution — used only to improve routing quality and compute quota. Aggregated, not linkable to individuals.

2. How we use it

Your conversation content is used only to deliver the sift service itself: let the AI respond, let memory crystallize, let you find it again.

  • Not sold to third parties
  • Not fed into any training dataset (ours or upstream LLM providers')
  • Not used for ad profiling
  • Not shared with third-party analytics platforms without your consent

Your email is used only for login, security alerts, and subscription renewal reminders. We do not send marketing emails unless you opt in.

3. Where it lives

Data is encrypted at rest on our primary servers in Los Angeles, USA. Encrypted backups replicate to Shanghai (disaster mirror) and Kuala Lumpur (offsite cold). Backup ciphertext is unreadable to operators.

EU and UK user data is transferred under the GDPR Standard Contractual Clauses (SCC). California user deletion requests are honored under CCPA. Mainland China user data is handled under the PIPL data minimization principle.

4. Your rights

  • Access: see all your cards and conversations in-app under Settings → Data
  • Export: one-click export as .json or .md, full plaintext of all your cards
  • Delete: one-click account deletion. We delete primary-store data immediately; backups roll off within 30 days. There is no recoverable "recycle bin" — once you delete, it's actually gone.
  • Object to processing: turn off usage stats reporting any time in settings, no impact on features

You can exercise any of these rights in-app, or by writing to HuanNan520@outlook.com. We commit to responding within 30 days.

5. LLM calls

Sift's core is AI conversation and memory. We call the following LLM providers for inference (via API, not handing data over for training):

  • DeepSeek (Beijing) — API ToS: requests not used for training
  • SiliconFlow — API ToS: request data not stored for training
  • Anthropic (Claude) — API ToS: not used for training
  • OpenAI (GPT family) — API ToS (zero retention policy): not used for training

Each request sends only the current conversation context and necessary card excerpts — never your full vault. All upstream providers operate under a Data Processing Agreement (DPA) as GDPR data processors, not controllers.

6. Cookies

siftbrain.com uses only strictly necessary cookies (login session, CSRF defense). No Google Analytics, no Facebook Pixel, no third-party trackers. Your language preference is stored in localStorage in your browser — never uploaded.

7. Minors

Sift is not intended for users under 13 years old. Users between 13 and 18 need parental consent. EU users follow GDPR-K age thresholds per member state.

8. Policy changes

For any material change to this policy, we notify you in-app and via email 30 days in advance. The bottom of this page always shows the current effective version and revision date.

9. Contact

For any privacy question, complaint, or data subject rights request:

HuanNan520@outlook.com