Privacy Policy

Last Updated: March 28, 2025

Introduction and Scope

Welcome to “3:00 AM” (hereinafter referred to as “the App”). We highly value your personal information and privacy protection. In accordance with applicable laws, regulations, and Apple review policies, we explain how we collect, use, store, protect, and share your personal information during the provision of services. This policy applies to all users of the App. By continuing to use the App, you signify that you have fully read and agree to the contents of this policy.

Policy Update Notice: As our business develops and regulations change, we may revise this policy. If you continue to use the App after updates, it will be deemed that you accept the updated content. If you disagree, please stop using the App and contact customer service.

I. Scope and Methods of Information Collection

  1. Personal Data:
    • Profile Picture and Gender: When you register or complete your profile, we may collect the profile picture you upload and the gender information you select.
    • Contact Information (if applicable): If future features require collecting phone numbers, email addresses, etc., we will clearly explain on the relevant page and seek your consent.
  2. Location Information:
    • Based on GPS/Background Location Permission (only with your consent): In features such as the “Date” theme messaging or “Flash Chat” nearby match, we will request your consent to obtain more accurate geographic location information (including possible background location data) to provide services like nearby people or regional matching.
    • Approximate City Information Based on IP Address: Regardless of whether you authorize location information, when you use the App, we may infer your approximate city or region through your IP address to display on your profile page. However, this city information based on IP location will not be used for features requiring precise location like “Date” or “Nearby Match”. Rest assured, without location permission, we will not use GPS data.
  3. Camera Permission:
    • When you need to take photos (for example, to share images instantly during chat), we will request access to your camera.
    • This permission is used only for taking photos for chat scenarios and will not collect additional unrelated information.
  4. Photo Library Permission:
    • When you upload or share images, we will request access to your photo library so that you can select existing photo files.
    • Without your consent, we will not proactively read or collect other content in the photo library unrelated to sharing.
    • This permission is used only in chat or profile picture change scenarios, and images will not be used for posts, feeds, or other purposes.
  5. Log and Device Information:
    • To ensure stable app operation and conduct necessary security monitoring, we may collect log information such as the current app version, user's preferred language, and IP address.
    • This information is mainly used for troubleshooting, performance optimization, preventing malicious attacks, or detecting violations.
  6. Local Cache (e.g., Local Storage, Keychain, etc.):
    • We currently do not use Cookies for cross-site or cross-app tracking, but we may use local caches or keychains to save account credentials, preference settings, etc.
    • These local caching technologies will not perform uncontrolled access to your device or collect additional data.
  7. Third-Party SDKs:
    • To provide features such as payments, analytics, social sharing, or cloud storage, we may integrate third-party SDKs and share necessary information with them (such as device identifiers, IP addresses, order numbers, etc.).
    • We will sign appropriate agreements with third-party service providers or use technical means to ensure the security of your information.

II. Purpose of Information Use

  1. Improving Service Quality:
    • Personalized Recommendations: Based on your behavior or authorized location information, recommend more suitable friends or content for you.
    • Performance Optimization: Monitor app performance and troubleshoot based on log or device information.
  2. Enabling Core Functions:
    • Gender Matching (Required during initial registration): Used solely for core matching logic to help recommend better-suited matches. This information will not be used for advertising or any non-matching purposes and cannot be changed once submitted.
    • Location Matching (requires GPS/location permission): Provide features such as “Date” themes and nearby match, and display your approximate location to others (only if you have authorized).
    • City Information Based on IP Address: If you do not authorize GPS, we will infer and display city information on your profile page based on your IP address (not used for matching). When chat partners view your information, they will only see the approximate city (without specific addresses or sensitive information).
    • Image Sharing: When you upload or share photos using camera or photo library permissions, the images are used only for chat or profile picture change scenarios to enhance social experience.
  3. Account and App Security:
    • We may use collected device information, IP addresses, or logs for anti-cheating and security monitoring to prevent malicious attacks or account theft.
  4. Legal Compliance:
    • When required by laws or regulations, we may use or provide necessary information to relevant authorities.

III. Information Sharing and Disclosure

  1. Sharing in Business Scenarios:
    • Payment Services: If you make purchases (subscriptions, recharges, etc.), we may share necessary information such as order numbers and transaction amounts with payment institutions.
    • Third-Party SDKs: Share necessary data with third-party service providers only within the scope required to complete specific features.
  2. Legal and Regulatory Disclosure:
    • In cases where required by laws, regulations, or regulatory authorities (e.g., court summons, legal investigations, government directives), we may disclose the relevant information in accordance with regulations.
  3. Mergers, Acquisitions, or Reorganizations:
    • If a company merger, acquisition, asset transfer, bankruptcy, or reorganization occurs, your personal information may be transferred to a new entity; we will require the new entity to continue to be bound by this policy or otherwise re-obtain your consent.
  4. Explicit Authorization or Consent:
    • Except as mentioned above, if we need to share your information with other third parties, we will explain again and obtain your explicit consent before sharing.

IV. Information Storage and Protection

  1. Storage Method and Retention Period:
    • We will store the collected information on secure servers or databases through encryption and hierarchical access control, retaining it as required by laws and business needs.
    • When you cancel or delete your account, we will delete or anonymize the relevant information as required by applicable regulations.
  2. Security Measures:
    • We adopt security measures that meet industry standards (such as transport layer encryption, firewalls, access control, etc.) to protect data from leakage, tampering, or misuse.
    • If a personal information security incident occurs, we will promptly notify you as required by law and report to the relevant authorities.

V. User Rights

  1. Access, Correction, Deletion:
    • You have the right to access, correct, or delete your personal information (such as profile picture, gender, location information, etc.) at any time through relevant in-app features or by contacting customer service, to ensure its accuracy, correctness, and validity.
  2. Revocation of Permissions:
    • If you no longer wish to use location, camera, photo library permissions, you can disable them in the system settings. This may affect the normal use of corresponding features (such as nearby match or instant image capture).
    • Even if you refuse this Privacy Policy or decline to enable the corresponding permissions, you can still use other features that are not related to these permissions.
  3. Logout and Account Deletion:
    • Logout:
      • Button Position: The "Logout" button is located at the bottom of the "Me" page. Simply scroll down to find it, allowing you to log out at any time.
      • Effect after Clicking: When you click the "Logout" button, your current session will end immediately and you will be redirected to the login screen. This action only disconnects your current session—no user data is deleted, and you will not receive any notifications during this period. Your previous settings and data will remain intact for your next login.
    • Cancel Account:
      • Button Position: The "Cancel Account" button is located at the bottom of the "Me" page. Scroll down to locate it; when clicked, a confirmation prompt will appear to prevent accidental activation.
      • Effect after Clicking:
        • 1. Deletion of Personal Information: Your personal information (including profile picture, nickname, gender, etc.) will be permanently deleted;
        • 2. Processing of Chat Data and Posted Content: Your chat data will be anonymized, and any content you have posted on the "Explore" page will be removed immediately;
        • 3. Retention of Transaction Records and Logs: In compliance with legal requirements, your transaction records and log data will be retained for 6 months;
        • 4. Account Deletion Grace Period: To protect your rights and prevent accidental operations, a 7-day grace period is applied. During this period, if you log in again, the deletion request will be automatically canceled and your account will be restored to its normal state;
        • 5. Immediate Logout: Once you confirm account deletion, you will be logged out immediately, and all associated data will be permanently deleted after the grace period expires.
      • Important Notice: Account cancellation is irreversible. Please read all related instructions carefully to fully understand the consequences. Are you sure you want to proceed?
  4. Additional Rights in the EU (GDPR) and Other Regions:
    • If you use the App in the European Union or other regions with specific privacy regulations, you are entitled to rights such as data access, data portability, deletion, and restriction of processing under local laws.

VI. Explanation of Approximate City Display via IP

  1. Scope of Collection:
    • If you do not grant location (GPS) permission, we may infer your approximate city or region through your IP address.
    • This inference is based on the network provider's IP database and may contain some errors; it cannot pinpoint specific addresses or other sensitive information.
  2. Display Method:
    • We may display this approximate city information to the other party on the "Info Page" at the top right of the chat screen, so that they know the city you are in.
    • Without location permission, this IP-based city information will not be used for features such as “Date” or “Nearby Match” that require more precise location information, and will only be used for personal information display.
  3. User Awareness and Control:
    • If you are more concerned about location privacy or do not wish to display any form of city information, you can check in the settings or contact customer service to see if it can be hidden or restricted through account settings.
    • We promise not to use city information derived from IP addresses for purposes unrelated to social scenarios or share it with unrelated third parties.

VII. Compliance Statement for Number Verification Service (For Mainland China Users Only)

  1. Function Overview:
    • We have integrated Alibaba Cloud’s Number Verification Service to provide more convenient one-click login and number verification functionality for mobile numbers.
    • This service collects necessary device and network information when you explicitly authorize or use related features, in order to complete core functions such as pre-fetching and token verification.
  2. iOS System Information Collection:

    When using Alibaba Cloud Number Verification Service, the SDK may obtain the following permissions and information:

    Permission Name Purpose of Collection Usage Scenario Frequency of Invocation
    Mobile Data Network Permission Essential information for using SDK functions. Calling the pre-fetch interface. Used when calling the pre-fetch interface under normal conditions.

    Additionally, the SDK will collect basic device information as follows:

    Type of Personal Information Purpose of Collection Usage Scenario Frequency of Collection
    IP Address Essential for the SDK’s functionality. Used when calling the SDK’s pre-fetch interface, or when obtaining a one-click login or verifying a token. Required each time the interface is called.
    Network Type To check network status. Helps determine if the network environment is suitable for one-click login. Required each time the interface is called.
    Device Manufacturer, Device Model, Mobile Operating System To identify the device type, used to determine the appropriate adaptation scheme for one-click login or verification. Used to adapt one-click login or number verification for the device. Required each time the interface is called.
  3. Data Usage and Security:
    • All data collection and transmission follow the principle of minimal necessity and is used solely to complete number verification-related functions; no extra information will be used for other purposes.
    • This service strictly complies with Alibaba Cloud’s security and compliance requirements. For more details, please refer to: Number Verification Service Compliance Guidelines.
    • You can manage these settings via your system settings or corresponding options in the app. If you refuse the relevant permissions or stop using this feature, you will not be able to use convenient services such as “one-click login” and “number verification,” but other features remain unaffected.
  4. Privacy Policy Link:

VIII. Use by Minors

  1. Protection of Minors:
    • If you are not of legal adult age, please use the App under the accompaniment or with the explicit consent of a guardian.
    • If we discover that a minor has provided personal information without guardian consent, we will promptly take measures such as deletion, anonymization, or other necessary actions.

IX. Special Notice

Before using the App, please ensure that you have fully read and understood all the contents of this policy. If you cannot accept or have objections to this policy, please immediately stop using the App and uninstall it.

Thank you for your trust and support of “3:00 AM”. Enjoy using the App!

X. Contact Us

If you have any questions, comments, or suggestions regarding this Privacy Policy or the App's privacy protection, or if you need to exercise your related rights, please contact us through the following methods:

We will review and process your request within a reasonable time.

XI. Technical Dependencies and Key Statements (Appendix)

Mobile Dependencies (iOS Project)

Name / Dependency Provider / Organization Data That Might Be Collected/Used Usage / Scenario
Kingfisher Open Source Community (GitHub) - Only downloads and caches images locally
- Does not actively collect or upload user information 		Used for loading, displaying, and caching images (typically loaded from own servers or third-party CDNs). It does not have automatic reporting or statistics functionality and will not send information to Kingfisher officials.
Starscream Open Source Community (GitHub) - Does not collect or transmit personal information to third-party servers of the library
- Only responsible for underlying WebSocket communication 		Used to establish a real-time WebSocket connection between the client and the backend server. The actual data transmitted is determined by business logic; Starscream does not collect or report additional user information.
Alibaba Cloud Number Verification SDK Alibaba Cloud - SIM card information (SIM State), IP address, network type
- Device manufacturer, device model, mobile operating system 		Used for one-click login and verification via the user's phone number, determining the terminal type to adapt the login process. It collects necessary information when calling pre-fetch or verifying a token. For more details, please refer to the Number Verification Service Privacy Policy (available only for Mainland China users).

Backend Dependencies (Java Project)

Name / Dependency Provider / Organization Data That Might Be Collected/Used Usage / Scenario
Pushy(com.eatthepath:pushy) Eatthepath (Open Source Project) - Device push identifier (Device Token of iOS device)
- Push-related logs (if any)		 Communicates with Apple APNs to send push notifications to iOS clients. Only saves or uses the push token on the server side, and does not upload it to Pushy officials or other third parties.
Spring Boot Starter(Web, Security, Cache, Data Redis, AMQP, AOP) Spring Community / VMware - Does not directly collect personal information;
- May internally process data such as user accounts, permissions, caches, sessions, message queues, etc. (depending on business logic) 		Provides basic functionalities such as web services, authentication, caching, message queuing, and AOP. All data flows within own servers or internal networks and is not uploaded to Spring officials.
Hibernate Validator(org.hibernate.validator:hibernate-validator) Hibernate / JBoss Open Source Community - User input or request parameters (for validation only) Validates the format/rules of data submitted by users, and does not upload information to third parties.
Lombok(org.projectlombok:lombok) Project Lombok (Open Source) - Does not collect any personal information A compile-time annotation library that simplifies Java code without transmitting data externally.
fastjson(com.alibaba:fastjson) Alibaba / Open Source Community - Serialization/deserialization of Java object data;
- Does not actively report user information 		Used solely for converting JSON data on the server side, and will not send data to fastjson official servers.
Jackson Dataformat XML(com.fasterxml.jackson.dataformat:xml) FasterXML Community - Data to be serialized/deserialized
- Does not actively report user information		 Used for data format conversion, and will not transmit data to officials.
JJWT(io.jsonwebtoken:jjwt) JSON Web Token (Open Source) - User ID, roles, permissions in the token
- Not uploaded externally		 Used to generate/parse/validate JWT for login authentication and permission control.
MyBatis-Plus(com.baomidou:mybatis-plus-boot-starter) Shenzhen Baozupa Information Technology / Open Source Community - Business data in the database (users, orders, etc.)
- Does not actively transmit to third parties 		Performs CRUD operations on the database only; data remains in own database.
MySQL Connector(mysql:mysql-connector-java) Oracle / MySQL Community - Database requests and result sets
- Does not actively collect user information		 Used to connect to local/self-built MySQL databases, and will not upload user data to MySQL officials.
Druid(com.alibaba:druid-spring-boot-starter) Alibaba / Open Source Project - Database SQL/connection pool monitoring information
- If SQL contains personal data, may write to logs 		Used solely for monitoring and managing the database connection pool internally on the server, and does not upload logs externally.
Hutool(cn.hutool:hutool-all) dromara / Open Source Community - Does not collect personal information
- Various utility methods (string operations, encryption/decryption, time handling, etc.) 		A purely local utility library that does not transmit data externally.
Swagger2 / Swagger UI(io.springfox:…) Springfox / Open Source Community - Scans backend interface metadata to generate API documentation
- Does not actively collect personal information 		Displays API documentation for developers or testers locally/intranet without uploading data to Swagger officials.
Netty(io.netty:netty-all / io.netty-transport) Netty Open Source Community - Does not actively collect user information;
- Only used for network communication, whether transmitted content contains personal information depends on business logic 		A low-level communication framework responsible for high-concurrency network IO. Whether data contains personal information is determined by the application layer.
Logback(ch.qos.logback:logback-core) QOS.ch / Open Source Project - Server-side logs (may contain user actions, error information)
- Not uploaded externally 		Records system logs and does not send logs to Logback officials.
sensitive-word (com.github.houbb:sensitive-word) Open Source Community / GitHub (houbb) - Sensitive word filtering
- Detect and replace sensitive words in text		 Used to locally integrate sensitive word filtering on the server side to detect and replace sensitive content in text, without uploading any data to third parties.
JUnit(junit:junit) JUnit Open Source Organization - Test environment, does not involve real user data
- Does not collect personal information 		Used only for unit testing during development, unrelated to production environment user data.
Alibaba Cloud Number Verification (dypnsapi20170525) Alibaba Cloud - Minimal necessary information such as phone number and IP address required for pre-fetch or token verification Invoked on the backend to call Alibaba Cloud Number Verification service for one-click login or number verification (available only for Mainland China users).

Key Statements

  1. 1. Internal/Local Processing:
    • Most of the above dependencies are “basic functions” or “utility libraries” that process data locally or on the server side and will not upload users' personal information to third-party servers.
    • For libraries such as Pushy that need to communicate with Apple APNs, we will only transmit the necessary push token for push notifications without including other personal information.
  2. 2. External Data Transmission / Third-Party Services:
    • The WebSocket (Starscream) or Netty communication layer exchanges data only between the client and your own backend, and does not upload any personal information to external third parties.
    • Number Verification Service (For Mainland China Users Only):
      • We use Alibaba Cloud’s Number Verification Service to provide a more secure and convenient one-click login and number verification feature. When the service is invoked for operations such as pre-fetching or token verification, it collects minimal necessary information, including device network type, IP address, device model, and SIM status, to complete the verification process.
      • The collected information is used solely to complete core functions related to “number verification” and will not be used for other purposes. If you refuse or disable the relevant permissions, you will be unable to use the one-click login feature; however, other functionality unrelated to this feature will remain unaffected.
      • We sign relevant data protection or confidentiality agreements with Alibaba Cloud to ensure strict security and compliance measures are implemented at both the technical and procedural levels. For more details, please refer to Number Certification Service Compliance Guidelines.
  3. 3. Security and Compliance:
    • We strictly adhere to the principle of minimization, processing user data only when necessary to implement required functions. All logs, database, or cache information are stored, encrypted, or anonymized on our own servers to prevent leakage or improper use.
    • If in the future we add or enable third-party SDKs/services that may involve transmitting user information externally, we will promptly update this list and Privacy Policy, and seek your consent again if necessary.
  4. 4. Scope of Application:
    • The above explanations pertain to the current version of backend and mobile dependencies, and are ultimately subject to the dependencies and functionalities in the actual released version.
    • Other libraries/SDKs not mentioned here or added in the future will also be described and managed in compliance according to the same principles.