PRIVACY POLICY
Respecting boundaries is part of the rules.
We follow a minimum, transparent, and necessary approach to information. Public content does not require sign-in. 4G Dongle Manager cloud accounts remain closed until the real backend and security controls are ready.
1. Scope
This policy applies to the Rules & Beyond website (brbrhu.com), the iOS and Android apps, the WeChat Mini Program, and the 4G Dongle Manager macOS app.
The website currently provides public content, software release information, and a guestbook that does not require registration. 4G Dongle Manager accounts, multi-device sync, and purchasing are not open. Their endpoints return explicit HTTP 503 responses; they do not send codes, issue tokens, or complete transactions.
2. Information we process
Visitors may voluntarily provide a display name and a public message of 6–160 characters. Names and messages rotate publicly on the site. Do not include phone numbers, account handles, case information, or other personal data.
To limit guestbook spam, the server applies a daily one-way hash to the network address and uses it only to count submissions in a 24-hour period. Plain network addresses are not stored in guestbook records.
To avoid repeatedly showing reminders for content a visitor has already opened, the browser stores a content revision ID and first-opened time in first-party storage for brbrhu.com. This state is not used for advertising, does not use IP addresses or device fingerprints, and does not sync across browsers while the visitor is anonymous. It can be removed by clearing site data.
The mobile apps do not request sensitive permissions such as location, camera, microphone, photos, contacts, or Bluetooth, and do not include advertising, profiling, or third-party analytics SDKs.
The WeChat Mini Program writes https://brbrhu.com to the clipboard only when the user actively taps Copy Website Address. It does not read or upload other clipboard content.
4G Dongle Manager handles basic connectivity, messages, contacts, and this Mac's traffic locally without sign-in. Message bodies and contacts are not uploaded to the website or account service.
3. 4G Dongle Manager accounts and sync
When the account service opens, the website and 4G Dongle Manager will use one users record and one user_id. Email codes will be the preferred registration and sign-in method. Binding a phone while signed in will merge the phone into the current user_id and will not create a second account.
Only cross-device read state, cross-Mac traffic totals, two free initialization credits, and additional-credit purchasing require sign-in. The service will process only what is needed: email or phone, content revision IDs, random device IDs, device names, cycle IDs, counter IDs, cumulative received and sent bytes, and sample times.
One account can show This Mac and All Devices. The server will store monotonic cumulative values by account, device, cycle, and counter. Repeating the same cumulative value will not double-count or double-charge. If local data is deleted, the client starts a new counter ID.
Email and phone values must be encrypted and indexed with one-way lookup hashes. Codes, access tokens, and refresh tokens are stored only as hashes. Codes last five minutes, are single-use, lock after five failed attempts, and are rate-limited by email or phone, IP, and device. Aliyun SMS can be called only from the server, with CAPTCHA 2.0, anti-bombing controls, and a cost ceiling before launch.
Website sessions use HttpOnly, Secure, SameSite cookies. The Mac app uses short-lived access tokens and revocable, rotating, per-device refresh tokens stored in macOS Keychain.
These account features are not open. Email, SMS, refresh, phone binding, read-state sync, and traffic-sync endpoints return HTTP 503 Account Service Not Open responses.
4. Update-email subscription
Update email uses double opt-in. The form is enabled only after a public status check confirms that the sending domain and server-side configuration are complete. While the service is unavailable, the page neither collects nor stores an email address and never displays a fictitious success state.
We process the email address, explicit consent, language preference, request and confirmation times, confirmation or unsubscribe status, and necessary delivery records. The address is encrypted in our database and indexed with a one-way lookup hash. Confirmation tokens are stored only as hashes. A network address is used only for a daily one-way rate-limit hash and is not an identity key.
Our database—not a separate marketing-contact list at the delivery provider—is the source of truth for consent, language preference, and unsubscribe status. Resend acts only as the delivery provider. Messages use the verified updates.brbrhu.com sending subdomain and appear from Rules & Beyond <letter@updates.brbrhu.com>; replies go to hu.zexian@qq.com. Resend processes a recipient address and delivery status only when a necessary message is sent.
We send a restrained notice only when a new essay, tool, or important release goes live—not promotional blasts. Every content item has an independent content key, is delivered no more than once to the same subscriber, and includes a one-click unsubscribe link managed by this site.
5. Network and platform information
When the site is visited, the server may create basic access logs for security and operations, such as request time, address, response status, and network address. These logs are used only for stability, security troubleshooting, and legal network-security duties—not for advertising targeting.
Apple App Store, other app stores, and WeChat may process device, account, or download information under their own policies when users download, install, or use a product through those platforms.
6. Sharing and retention
A display name and guestbook message submitted voluntarily are public and visible to all visitors. We do not sell personal information or share other personal information with third parties for marketing.
We do not share an email address with third parties for marketing beyond the delivery needed for update emails. Basic access logs are retained only as long as needed for security and operations. Guestbook messages may be hidden or deleted when they are no longer suitable for public display, and subscription records are kept until unsubscribe or lawful deletion. After account launch, identity, device, traffic, read-state, and authorization records are retained only as needed for the service, security audit, and legal duties, with lawful channels for access, correction, or deletion requests.
7. Children
The products provide public knowledge content to a general audience. They are not directed primarily at children and do not intentionally collect children's personal information. A guardian who identifies a concern may contact us through the published website address.
8. Policy updates
Before accounts, payments, AI conversations, or another feature involving new personal-information processing goes live, we will review this policy again, complete necessary filings or assessments, and obtain consent where required.
A revised effective date will be published on this page whenever the policy changes.
9. Contact
For questions about this policy, guestbook content, or information processing, email hu.zexian@qq.com.