Information We Collect

Running an invoice automation service means we process different types of data. Some you give us directly. Other information gets created when you use our platform. Here's what we're talking about:

Business Information You Provide

When you sign up or use our services, we collect:

• Company name, business registration details, and tax identification numbers
• Contact information including names, email addresses, phone numbers, and business addresses
• Payment details and billing information for service fees
• Invoice data including vendor information, amounts, dates, and transaction details
• Account credentials and security information for platform access

Technical Data We Generate

Our systems automatically log certain information to keep things running smoothly:

• IP addresses and device identifiers when you access our platform
• Browser type, operating system, and system configuration details
• Pages visited, features used, and time spent on different sections
• Error logs and performance metrics that help us troubleshoot issues
• File upload timestamps and processing completion records

How We Use Your Information

We're not in the business of selling data. Every piece of information we collect serves a specific purpose related to providing and improving our invoice processing services.

We don't use your invoice data to train AI models that benefit other clients. Your financial information stays isolated within your account.

Data Storage and Security

Financial data deserves serious protection. We store your information on encrypted servers located in secure data centers with physical access controls and 24/7 monitoring.

Security Measures We've Implemented

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-factor authentication required for all user accounts
• Regular security audits conducted by independent third-party assessors
• Access controls limiting employee access to only necessary information
• Automated backup systems with geographically distributed redundancy
• Intrusion detection systems monitoring for suspicious activity

Data Sharing and Disclosure

We keep your information within our organization except in specific, limited circumstances. When sharing is necessary, we maintain strict controls.

Service Providers

We work with carefully vetted vendors who help us deliver our services:

• Cloud infrastructure providers for secure data storage and processing
• Payment processors handling subscription billing and transactions
• Email service providers for system notifications and communications
• Analytics platforms helping us understand system performance

These partners sign data processing agreements and can only use your information for the specific services they provide to us.

Legal Requirements

Sometimes we're legally required to share information:

• When Taiwan government authorities issue valid legal requests
• To comply with court orders or subpoenas
• During tax audits or regulatory investigations
• When necessary to protect rights, property, or safety

We review each request carefully and only provide the minimum information legally required.

Your Rights and Control

This is your data. You have specific rights regarding how we handle it, and we've built tools to make exercising those rights straightforward.

Access and Portability

You can request a complete copy of all personal and business information we hold about you. We'll provide this in a structured, commonly used format within 30 days. This includes your account details, invoice processing history, and any communications we've stored.

Correction and Updates

Found outdated information in your account? You can update most details directly through your dashboard. For changes requiring verification (like business registration numbers), contact our support team and we'll process updates within 5 business days.

Deletion Requests

You can request deletion of your account and associated data. We'll complete this within 60 days. However, we may need to retain certain records for:

• Seven years for financial transaction records (Taiwan tax law requirement)
• Five years for business correspondence related to contracts
• Ongoing legal proceedings or disputes
• Fraud prevention and security purposes

We'll clearly explain what we're keeping and why.

Processing Restrictions

You can ask us to limit how we process your data while we investigate a concern you've raised. During this time, we'll only store your information and won't use it for other purposes without your consent.

Objection Rights

If we're processing your data based on legitimate interests rather than contractual necessity, you can object. We'll stop unless we can demonstrate compelling reasons that override your interests.

Data Retention

We don't keep information longer than necessary. Different types of data have different retention periods based on business needs and legal requirements.

After retention periods expire, we securely delete or anonymize data so it can no longer identify you or your business.

International Data Transfers

Our primary servers are located in Taiwan, but some service providers operate globally. When we transfer data internationally, we ensure adequate protection through approved mechanisms.

For transfers to countries without adequate data protection laws, we use:

• Standard contractual clauses approved by relevant authorities
• Additional security measures like encryption and access controls
• Regular compliance reviews of international service providers
• Data processing agreements that meet Taiwan legal standards

You can request information about specific international transfers affecting your data and the safeguards we've implemented.

Cookies and Tracking

Our platform uses cookies and similar technologies. We're upfront about what we're tracking and why.

Essential Cookies

These are necessary for the platform to function. They remember your login session, security preferences, and interface settings. You can't disable these without breaking core functionality.

Analytics Cookies

We use these to understand how clients navigate our platform and which features get used most. This helps us identify confusing workflows and prioritize improvements. You can opt out through your account settings.

What We Don't Use

We don't use advertising cookies or third-party tracking for marketing purposes. We don't share your browsing behavior with ad networks or data brokers.

Children's Privacy

Our services are designed for business use and not directed at individuals under 18. We don't knowingly collect information from minors. If we discover we've inadvertently collected such information, we'll delete it immediately.

Changes to This Policy

Business practices and regulations change. When we update this policy, we'll notify you at least 30 days before changes take effect. Significant changes affecting how we handle your data will require your explicit consent.

We maintain an archive of previous policy versions so you can see exactly what changed and when. You'll always have the option to review modifications before they apply to your account.

Taiwan-Specific Provisions

As a service operating in Taiwan, we comply with the Personal Data Protection Act (PDPA) and related regulations. This includes:

• Registering our data processing activities with appropriate authorities
• Conducting regular privacy impact assessments for new features
• Maintaining detailed records of data processing activities
• Cooperating with the National Development Council on data protection matters
• Following local requirements for cross-border data transfers

Taiwan residents have additional rights under local law. If you believe we've violated PDPA requirements, you can file a complaint with the relevant supervisory authority in addition to contacting us directly.