diff --git a/en/guide/privacy.md b/en/guide/privacy.md index fe7d43e..46de566 100644 --- a/en/guide/privacy.md +++ b/en/guide/privacy.md @@ -1,10 +1,12 @@ # EasyTier Privacy Policy -**Effective Date: January 18, 2026** +**Effective Date: July 15, 2026** -EasyTier is a simple, secure, decentralized tool for intranet penetration and remote networking. This Privacy Policy explains how we handle relevant privacy information during the installation and use of the EasyTier software. +EasyTier is a simple, secure, decentralized tool for intranet penetration and remote networking. In this document, “EasyTier Official” and “we” refer to the development team of the open-source version of EasyTier, while “EasyTier” and “the software” refer to software officially distributed by EasyTier and its related services. This Privacy Policy explains how we handle relevant privacy information when you install and use EasyTier. -_This policy applies only to first-party software released by EasyTier and officially maintained servers, and does not apply to any third-party services or software._ +_This policy applies only to first-party software officially distributed by EasyTier and services provided by EasyTier Official. It does not apply to any third-party services or software._ + +_EasyTier Pro is a commercial version based on the EasyTier open-source project and is developed by Chengdu Yisitai Technology Co., Ltd. This policy does not apply to EasyTier Pro._ _The original version of this policy is written in Chinese. In the event of any discrepancies in interpretation, the Chinese version shall prevail._ @@ -12,7 +14,7 @@ _The original version of this policy is written in Chinese. In the event of any ### 1.1 Node Discovery Information -In networking scenarios other than “Standalone” mode, in order to enable interconnection between devices across networks and perform NAT traversal, EasyTier will access networking servers manually specified by the user. When initiating a network or searching for peer nodes, the client program sends connection requests to the server. Such requests may include, but are not limited to, the local node’s network configuration parameters and virtual IP address. Based on these requests, the server identifies and returns the client’s public-facing IP address and port information, and announces the necessary metadata to authorized peer nodes whose network configurations are compatible. +In networking scenarios other than “Standalone” mode, in order to enable interconnection between devices across networks and perform NAT traversal, the software will access networking servers manually specified by the user. When initiating a network or searching for peer nodes, the client program sends connection requests to the server. Such requests may include, but are not limited to, the local node’s network configuration parameters and virtual IP address. Based on these requests, the server identifies and returns the client’s public-facing IP address and port information, and announces the necessary metadata to authorized peer nodes whose network configurations are compatible. ### 1.2 Network Connection Information @@ -26,21 +28,25 @@ The data described in this section may contain information capable of identifyin ### 2.1 Data Encryption -EasyTier uses industry-standard symmetric encryption algorithms (such as AES-GCM or ChaCha20-Poly1305) by default to protect all transmitted traffic. Users are required to configure a consistent pre-shared key (PSK) among networking nodes. All data transmitted through this software is encrypted before leaving the sender, ensuring that only legitimate nodes holding the correct key can decrypt and read the communication content. We do not possess your private keys and therefore cannot access any of your communication data. +The software uses industry-standard symmetric encryption algorithms (such as AES-GCM or ChaCha20-Poly1305) by default to protect all transmitted traffic. Users are required to configure a consistent pre-shared key (PSK) among networking nodes. All data transmitted through this software is encrypted before leaving the sender, ensuring that only legitimate nodes holding the correct key can decrypt and read the communication content. We do not possess your private keys and therefore cannot access any of your communication data. ### 2.2 Data Handling in Relay Mechanisms In complex network environments where direct P2P connections cannot be established, encrypted traffic may be forwarded through relay nodes. Even in such scenarios, the traffic remains symmetrically encrypted. Relay nodes are responsible only for packet forwarding and routing, do not have decryption capabilities, and cannot access or analyze the encrypted original data content. -## 3. Servers +### 2.3 End-to-End Encryption + +EasyTier provides an optional end-to-end encryption feature that allows users to establish independent encrypted channels between nodes. When this feature is enabled, data is encrypted at the sender and decrypted at the recipient, preventing any intermediary relay or server from accessing the plaintext data. Users are responsible for managing their end-to-end encryption keys and configurations to ensure secure communications. + +## 3. Third-Party Services -### 3.1 Public Servers +### 3.1 STUN Services -To assist with NAT detection and hole punching, this software provides public EasyTier servers hosted by third-party service providers for user access. When the software interacts with these servers, your public IP address, port information, and basic network metadata may be exposed to those third-party service providers. The processing of such data is governed by the respective providers’ own privacy policies. We recommend that you review the relevant policies of those parties. +To assist with NAT detection and hole punching, the software allows users to optionally use third-party STUN servers, all of whose addresses are disclosed in the relevant source code. When the software interacts with these servers, your public IP address, port information, and basic network metadata may be exposed to those third-party service providers. The processing of such data is governed by the respective providers’ own privacy policies. Please review the relevant policies of those parties. -### 3.2 Third-Party Servers +### 3.2 Third-Party Nodes -This software allows users to specify and connect to networking servers or relay nodes operated by third parties. Users should be aware that connecting to such servers means that your connection metadata (such as IP address and network information) will be visible to the server operator. The developer assumes no responsibility for the security, data handling practices, or service stability of any third-party servers, nor any direct or indirect legal liability arising therefrom. +The software allows users to specify and connect to EasyTier networking or relay nodes operated by third parties. Users should be aware that connecting to such servers means that your connection metadata (such as IP address and network information) will be visible to the server operator. We assume no responsibility for the security, data handling practices, or service stability of any third-party servers, nor any direct or indirect legal liability arising therefrom. ## 4. Data Retention and Storage @@ -54,7 +60,7 @@ This software does not collect or transmit user operation logs, behavioral patte ### 4.3 Server-Side Data Storage -For official public networking servers provided by us, we temporarily maintain node discovery and network connection information in memory only when necessary. Such data becomes invalid as soon as a node goes offline or a connection is established. Unless explicitly required by laws, regulations, or regulatory authorities, we do not persistently store such data, nor do we use it for any purpose other than connection establishment. For third-party servers specified by users, we cannot control their data storage policies and assume no responsibility for their storage practices. +EasyTier Official does not provide or maintain any official EasyTier servers. It only distributes server-side source code and software that users may deploy themselves. Server software officially distributed by EasyTier temporarily maintains node discovery and network connection information in memory only when necessary. Such data becomes invalid as soon as a node goes offline or a connection is established. The software does not persistently store such data or use it for any purpose other than connection establishment. For third-party servers to which users connect, we cannot control their data storage policies and assume no responsibility for their storage practices. ## 5. Children’s Privacy Protection diff --git a/guide/privacy.md b/guide/privacy.md index f0476b2..b964544 100644 --- a/guide/privacy.md +++ b/guide/privacy.md @@ -1,18 +1,20 @@ # EasyTier 隐私政策 -**发布日期:2026 年 1 月 18 日** +**发布日期:2026 年 7 月 15 日** -EasyTier 是一款简单、安全、去中心化的内网穿透和异地组网工具。本隐私政策说明了您在安装及使用 EasyTier 软件过程中,我们如何处理相关的隐私信息。 +EasyTier 是一款简单、安全、去中心化的内网穿透和异地组网工具。本文中,“EasyTier 官方”及“我们”指代 EasyTier 开源版本开发团队,“EasyTier”及“本软件”指代 EasyTier 官方发行的软件及其相关服务。本隐私政策说明了您在安装及使用 EasyTier 过程中,我们如何处理相关的隐私信息。 -_本协议仅适用于 EasyTier 发行的第一方软件及官方维护的服务器,不适用于任何第三方服务或软件。_ +_本政策仅适用于 EasyTier 官方发行的第一方软件及 EasyTier 官方提供的服务,不适用于任何第三方服务或软件。_ -_本协议原文为中文版本,如有任何理解上的差异,以中文版本为准。_ +_EasyTier Pro 是成都亿思泰科技有限公司基于 EasyTier 开源项目的商业版本,本政策不适用于 EasyTier Pro。_ + +_本政策原文为中文版本,如有任何理解上的差异,以中文版本为准。_ ## 1. 节点间通信相关信息 ### 1.1 节点发现信息 -在“独立”模式以外的组网场景下,为实现跨网络设备间的互联及 NAT 穿透,EasyTier 会访问由用户手动指定的组网服务器。在发起组网或寻找对端节点时,客户端程序会向服务器发送连接请求,该请求包含但不限于本地节点的网络配置参数、虚拟 IP 地址等信息。服务器将根据请求识别并返回客户端的公网出口 IP 地址及端口信息,并将这些必要元数据向经过授权且网络配置相符的合法对端节点进行公告。 +在“独立”模式以外的组网场景下,为实现跨网络设备间的互联及 NAT 穿透,本软件会访问由用户手动指定的组网服务器。在发起组网或寻找对端节点时,客户端程序会向服务器发送连接请求,该请求包含但不限于本地节点的网络配置参数、虚拟 IP 地址等信息。服务器将根据请求识别并返回客户端的公网出口 IP 地址及端口信息,并将这些必要元数据向经过授权且网络配置相符的合法对端节点进行公告。 ### 1.2 网络连接信息 @@ -26,21 +28,25 @@ _本协议原文为中文版本,如有任何理解上的差异,以中文版 ### 2.1 数据加密说明 -EasyTier 默认采用工业级对称加密算法(如 AES-GCM 或 ChaCha20-Poly1305)对所有传输的流量进行保护。用户需要在组网节点间配置一致的预共享密钥(PSK)。所有通过本软件传输的数据在离开发送端前均会完成加密,确保只有持有正确密钥的合法节点能够解密并读取通信内容。我们不持有您的私有密钥,因此无法查阅您的任何通信数据。 +本软件默认采用工业级对称加密算法(如 AES-GCM 或 ChaCha20-Poly1305)对所有传输的流量进行保护。用户需要在组网节点间配置一致的预共享密钥(PSK)。所有通过本软件传输的数据在离开发送端前均会完成加密,确保只有持有正确密钥的合法节点能够解密并读取通信内容。我们不持有您的私有密钥,因此无法查阅您的任何通信数据。 ### 2.2 中继机制中的数据处理 在无法建立直接 P2P 连接的复杂网络环境下,加密流量可能通过中继节点进行转发。即便在此场景下,流量依然保持对称加密状态。中继节点仅负责数据包的透传与路由,不具备解密能力,无法获取或分析被加密的原始数据内容。 -## 3. 服务器说明 +### 2.3 端到端加密说明 + + EasyTier 提供可选的端到端加密功能,允许用户在节点间建立独立的加密通道。启用此功能后,数据在发送端被加密,并在接收端解密,中间任何中继或服务器均无法访问明文数据。用户需自行管理端到端加密的密钥和配置,以确保通信安全。 + +## 3. 第三方服务说明 -### 3.1 公共服务器 +### 3.1 STUN 服务 -为了辅助 NAT 探测与打洞,本软件提供用户使用公共的架设在第三方服务商的 EasyTier 服务器。当软件向这些服务器发起交互请求时,您的公网 IP 地址、端口信息及基本网络元数据可能会暴露给这些第三方服务提供商。此类数据的处理流程受各服务商自身隐私政策的约束,建议您查阅相关方的政策说明。 +为了辅助 NAT 探测与打洞,本软件提供用户可选使用的第三方 STUN 服务器,所有服务器地址均于相关源代码处披露。当软件向这些服务器发起交互请求时,您的公网 IP 地址、端口信息及基本网络元数据可能会暴露给这些第三方服务提供商。此类数据的处理流程受各服务商自身隐私政策的约束,请查阅相关方的政策说明。 -### 3.2 第三方服务器 +### 3.2 第三方节点 -本软件允许用户自行指定并连接到由第三方运行的组网服务器或中继节点。用户需知晓,连接此类服务器意味着您的连接元数据(如 IP 地址、网络信息等)将对该服务器运行方可见。开发者不对任何第三方服务器的安全性、数据处理行为或服务稳定性负责,亦不承担由此产生的任何直接或间接法律责任。 +本软件允许用户自行指定并连接到由第三方运行的 EasyTier 组网或中继节点。用户需知晓,连接此类服务器意味着您的连接元数据(如 IP 地址、网络信息等)将对该服务器运行方可见。我们不对任何第三方服务器的安全性、数据处理行为或服务稳定性负责,亦不承担由此产生的任何直接或间接法律责任。 ## 4. 数据保留与存储 @@ -54,7 +60,7 @@ EasyTier 默认采用工业级对称加密算法(如 AES-GCM 或 ChaCha20-Poly ### 4.3 服务器端数据存储 -对于我们提供的官方公共组网服务器,我们仅在必要时于内存中临时维护节点发现与网络连接信息。此类数据随节点离线或连接完成即行失效。除非法律法规或监管部门有明确要求,我们不会持久化存储此类数据,也不会将其用于连接建立以外的任何目的。对于用户自行指定的第三方服务器,我们无法控制其数据存储策略,亦不对其存储行为承担任何责任。 +EasyTier 官方不提供官方维护的 EasyTier 服务器,仅发行可供运行的服务端源代码及软件,提供用户部署。EasyTier 官方发行的服务端软件仅在必要时于内存中临时维护节点发现与网络连接信息。此类数据随节点离线或连接完成即行失效,不会持久化存储此类数据,也不会将其用于连接建立以外的任何目的。对于用户连接的第三方服务器,我们无法控制其数据存储策略,亦不对其存储行为承担任何责任。 ## 5. 儿童隐私保护 diff --git a/index.md b/index.md index 394ead3..b69eefd 100644 --- a/index.md +++ b/index.md @@ -17,6 +17,9 @@ hero: - theme: alt text: 下载 link: /guide/download + - theme: alt + text: 隐私政策 + link: /guide/privacy - theme: sponsor text: 💚 赞助 link: /#sponsor