次元空間DIMENSION SPACE
EN
⚠️ The Traditional Chinese (zh-HK) version is the legally authoritative version. This English version is provided for convenience; in case of any conflict, the Traditional Chinese version prevails.

Dimension Space — Privacy Policy

Version: v1.0
Effective Date: 8 May 2026
Last Updated: 6 May 2026
Legally Binding Version: The Traditional Chinese version of this policy is the legally binding version. This English version is for convenience only; in case of discrepancy, the Traditional Chinese version shall prevail.

Key Points First

We are Dimension Space, an AI learning companion app built by a Hong Kong team for Hong Kong secondary school students (Form 1 to Form 6, ages 11–18).

If you are a parent, the three most important things to remember:

  1. ✅ All of your child's data is stored only in Hong Kong and will not be transferred outside Hong Kong
  2. ✅ We will not use your child's data to train AI models
  3. ✅ We will not sell any data to advertisers or third parties

1. Who We Are

ItemContent
Data UserFLYER GROUP LIMITED
Registered AddressFLAT/RM 705, 7/F, FA YUEN COMMERCIAL BUILDING, NO. 75 FA YUEN STREET, MONG KOK, KOWLOON, HONG KONG
Contact Emailsupport@starcloudedu.com
RegulatorOffice of the Privacy Commissioner for Personal Data (PCPD), www.pcpd.org.hk

This policy is governed by Hong Kong SAR law, in particular the Personal Data (Privacy) Ordinance (Cap. 486, hereinafter "PDPO").

2. Scope

This policy applies to the Dimension Space iOS application, official website, and related email services.

This policy does not apply to third-party apps / websites, or to information about teachers / schools / others contained in exam papers uploaded by students (the providers of such information are themselves responsible).

3. What Data We Collect

3.1 Data You Actively Provide

  • Account basics: Apple ID identifier, nickname (customisable), grade, age band
  • Personalisation: AI companion name, etc.
  • Learning content: question photos, text questions, selected answers
  • Parent contact: parent email (only when user is < 13 or upon first subscription)
  • Payment data: subscription status

3.2 Data Generated Automatically

  • Learning progress: knowledge-point mastery, correct / incorrect history
  • AI conversation history
  • Device info: iOS version, model, language settings
  • Usage statistics: anonymous feature usage counts
  • Error reports: app crashes, API errors

3.3 Data We Do Not Collect

  • ❌ Real names, school, class, student ID
  • ❌ ID card number, date of birth (only the age band)
  • ❌ Phone number
  • ❌ Contacts / photo album (except your study photos)
  • ❌ Location, GPS, IP-based geolocation
  • ❌ Microphone (if voice features are added later, we will prompt separately)
  • ❌ Sensitive data such as health, race, or religion

3.4 Photos Uploaded by Students

When students photograph questions or exam papers, the photos may incidentally include school name, teacher's red marks, or student IDs. We:

  1. Original-image protection: originals are stored only in your personal space and will not be shown to other users
  2. Can be deleted at any time
  3. Will not enter any public question bank, will not be used for AI training

4. Why We Collect This Data

Under PDPO Data Protection Principle 1, only for these explicit, lawful purposes:

  • Providing your selected services: core learning features, cross-device sync, parent weekly report (if subscribed)
  • Improving the product: anonymous aggregated statistics, fixing low-quality content
  • Customer support: responding to inquiries, refund requests, troubleshooting
  • Legal compliance: responding to lawful requests from Hong Kong government authorities, fraud prevention

Purposes We Will Not Use Data For

  • We will not proactively use your data to train AI models; the commercial AI API contract also prohibits using customer input for training. If third-party contracts change, we will notify under the change protocol
  • We will not use it for behavioural / personalised advertising
  • We will not sell it to educational institutions, tutoring centres, or publishers
  • We will not use it for school evaluation (unless you / your parent voluntarily export)

5. Where Is Your Data Stored?

5.1 Hong Kong, Only Hong Kong

We solemnly commit: all user data is stored only on servers in Hong Kong, and will absolutely not be transferred outside Hong Kong (except for the necessary exceptions listed below).

Primary storage: Alibaba Cloud (Hong Kong) — servers, PostgreSQL database, encrypted image storage; encrypted backups also remain in Hong Kong.

5.2 Necessary Cross-Border Exceptions (Fully Disclosed)

Third PartyPurposeData Involved
Apple Inc. (USA)App Store account identification, IAP payment, push notificationsApple ID identifier, subscription status
Email push serviceParent weekly report / account verification emailRecipient email, email content

These are industry-standard necessary services for which we cannot use a Hong Kong local substitute.

5.3 Services We Actively Avoid

To ensure data stays in Hong Kong, we do not use:

  • ❌ Apple iCloud / CloudKit (primary servers in the USA)
  • ❌ Google Firebase / Analytics (data crosses borders)
  • ❌ Cloud-service nodes outside Hong Kong
  • ❌ Meta / TikTok / any social-platform SDKs
  • ❌ Any third-party advertising SDK

6. How Long Do We Retain Your Data?

Under PDPO Data Protection Principle 2, we retain only the minimum necessary time:

Data CategoryDefault Retention
Account basicsAccount lifetime + 30-day grace after deletion
Learning progress / mistakes / vocabularyAccount lifetime
AI conversation historyAuto-deleted 6 months after last use, or up to 12 months from account registration, whichever is earlier (adjustable in Settings)
Uploaded photosAuto-deleted after 90 days by default (adjustable in Settings)
App crash reports6 months
Payment records7 years (required by Hong Kong tax and commercial laws)

Account deletion flow: Delete → 30-day grace (revocable) → primary database hard delete → encrypted backups cleared after another 90 days. Data retained by law (e.g., payment records) is kept only in minimum necessary fields, anonymised.

7. With Whom Do We Share Your Data?

7.1 Service Providers (Data Processors)

We will provide your data only to the following service providers, all of whom have signed Data Processing Agreements:

  • Alibaba Cloud (Hong Kong): servers, database, object storage, AI model API (all calls routed via Hong Kong nodes)
  • Apple Inc.: App Store, IAP, push notifications
  • Email push service: parent weekly report, verification emails

7.2 Situations We Will Not Share

  • ❌ Advertisers, marketing companies
  • ❌ Schools, the Education Bureau (unless you / your parent voluntarily export)
  • ❌ Tutoring centres, publishers, textbook developers
  • ❌ Data brokers
  • ❌ Any third party claiming to be "for research purposes"

7.3 Mandatory Legal Disclosure

We will respond to valid law enforcement requests under Hong Kong SAR law by disclosing the minimum necessary data, including (but not limited to):

  • Valid search warrants, subpoenas, or court orders issued by Hong Kong courts
  • Formal written requests from the Hong Kong Police Force (including all branches) under the Police Force Ordinance (Cap. 232), relevant criminal procedure ordinances, or the Implementation Rules of Article 43 of the Hong Kong National Security Law
  • Requests within the statutory powers of authorities such as Customs and Excise, the ICAC, and the Social Welfare Department
  • Imminent serious threats to personal safety

For each disclosure, we will, where legally permitted, notify affected users in advance (some law enforcement requests legally prohibit notification, in which case we must comply); we will provide only the minimum necessary data and reserve the right to review the legality of the request.

8. Special Statement on AI Processing

Dimension Space uses the commercial AI Model API of Alibaba Cloud's Hong Kong nodes.

8.1 Your Conversation Flow with AI

Your input → sent via HTTPS to our Hong Kong backend → AI API called via Hong Kong nodes → answer returned → conversation saved in the Hong Kong database (default 12 months).

8.2 Key Commitments

  • Data does not leave Hong Kong: AI API calls are completed entirely within Hong Kong nodes (within our control)
  • No AI training: the commercial API contract explicitly prohibits using customer input for model training (depends on the API provider's contract)
  • No long-term storage by third parties: the API provider does not retain your request content long-term (depends on the API provider's technical measures)
Reservation: the latter two commitments depend on the API provider's contract / technical measures. If the provider materially modifies its terms in a way that affects these commitments, we will notify users within 30 days and offer the option to delete the account.

8.3 AI Errors Disclaimer

AI models can make mistakes. Before exams or important decisions, please rely on textbooks and teacher input. See the Terms of Service for details.

9. Special Protection for Children and Youth

9.1 Users Under 13

Under PCPD's children's privacy guidance, users under 13 must have parental consent: enter parent email → parent receives verification email → click to confirm → user gains access. The parent can at any time view the child's data, request account deletion, or withdraw consent.

9.2 Users Aged 13–17

  • Must tick to agree to the Terms and Privacy Policy before first use of sensitive features
  • Subscriptions require parent email confirmation
  • Daily Diamond purchases default to a HK$50 cap; parent email is required to raise it
  • Parents may opt-in to "parental supervision mode"

9.3 For All Users Under 18

  • No behavioural / personalised advertising
  • No psychological profiling for marketing
  • Student data is not used to train AI models
  • No proactive direction of students to external social platforms
  • No collection of unnecessary data

9.4 Child's Voice and Reporting Channels (UNCRC Art. 12 and Art. 17)

We respect children's rights to express their views and seek help independently. Even without parental help, you or your child may use the following channels directly:

Emergency or personal-safety related (priority):

  • Imminent personal safety: 999 (Police)
  • SWD child protection hotline: 2755 1122
  • Samaritans Suicide Prevention: 2389 2222 (24 hours)
  • Suicide Prevention Services Hotline: 2382 0000 (24 hours)
  • Against Child Abuse

App experience / child safety / privacy matters:

  • Email support@starcloudedu.com (subject "Child Safety Report" / "Privacy")
  • We will respond within 7 working days; matters involving personal safety are prioritised

10. Your Rights (PDPO Data Protection Principle 6)

RightHow to Exercise
AccessSettings → My Data → Download all my data (JSON + photo ZIP)
CorrectionMost data can be edited in Settings; otherwise email support@starcloudedu.com
ErasureSettings → Delete Account (30-day grace, revocable); legally retained items will be anonymised
ObjectSettings → Privacy & Security → turn off anonymous statistics
Unsubscribe MarketingWe do not currently engage in marketing; if added later, one-click unsubscribe

We will respond within 40 days (the PDPO statutory upper limit; usually within 7 days in practice). The first request each calendar year is free; each subsequent request is HK$50 (administrative cost). We will not penalise you for exercising your rights.

11. Security Measures

Under PDPO Data Protection Principle 4:

  • Transport encryption: HTTPS / TLS
  • Storage encryption: photos use server-side encryption; sensitive database fields have additional application-layer encryption
  • Access control: backend requires JWT; signed URLs for photos (short default expiry)
  • Network isolation: database is not exposed to the public internet
  • Audit logging: all reads of personal data are logged
  • Personnel: confidentiality agreements signed before access; least-privilege principle

Data Breach Notification

In the event of a data breach, we will notify affected users and the PCPD within 72 hours, publishing the scope of impact and remediation steps.

12. Policy Updates

  • Material changes will be announced via mandatory in-app prompt, requiring re-confirmation, with 30-day advance notice
  • Minor changes will only update the version number on this page

13. Cookies and Similar Technologies

The Dimension Space iOS app does not use web cookies.

We use standard iOS facilities: Keychain (login token), UserDefaults (non-sensitive settings), local database (backend cache), and IDFV (anonymous identifier for the same device).

We do not use Apple IDFA, any third-party tracking SDK, or any cross-app advertising technology.

14. International Users

Dimension Space is designed primarily for Hong Kong users; the App Store may make it available in other regions.

If you are a non-Hong Kong user: your data is still stored only in Hong Kong and you have the rights granted under this policy and the PDPO. This service is not specifically designed to comply with privacy requirements in other jurisdictions (e.g., EU GDPR, UK GDPR, US COPPA / CCPA). If you are located in a region with additional privacy requirements, please consider whether the service is geographically suitable before use.

15. Contact Us

ItemDetails
Privacy matterssupport@starcloudedu.com
Response timeInitial response within 7 working days; full processing within 40 days

If unresolved, you may complain to the Hong Kong Office of the Privacy Commissioner for Personal Data:

ItemDetails
Websitewww.pcpd.org.hk
Emailenquiry@pcpd.org.hk
Phone(852) 2827 2827
AddressGPO Box 1376, Hong Kong

Appendix — Trilingual Versions

This policy is provided in Traditional Chinese (legally binding version), Simplified Chinese, and this English version (for convenience only). In case of discrepancy, the Traditional Chinese version shall prevail.

VersionEffective Date
v1.02026-05-08

If you are a parent and still have questions, email support@starcloudedu.com.

— The Dimension Space Team