Information Stewardship

What We Record and Why It Matters

Information arrives at our systems through three distinct channels. When someone establishes an account, they provide identifying markers — typically a name, an electronic address, and authentication credentials. This intake happens once, at the moment of registration, because we need a stable method to recognize returning users.

As users navigate the platform and analyze their financial activity, operational traces emerge organically. These include timestamps of access, features activated, reports generated, and configuration adjustments made within the interface. We capture these because they shape the analytical outputs users request. Without this activity layer, we couldn't deliver meaningful business intelligence or maintain session continuity.

A third category surfaces when users reach out through support channels or feedback mechanisms: communication records. Messages, inquiries, and technical descriptions help us resolve issues and refine product behavior. This dialogue data persists only as long as resolution requires — typically through the conclusion of the support interaction plus a brief window for quality review.

Device characteristics arrive automatically: browser type, screen resolution, operating system version, language preference. These technical markers allow us to render interfaces correctly and diagnose compatibility problems. IP addresses appear in server logs for security monitoring — we don't use them to build behavioral profiles or track movements across other properties.

How Information Moves Through Our Systems

Once details reach our infrastructure, they serve specific operational functions. Authentication data validates identity during login attempts. Activity logs power the dashboard that shows you your own usage history. Communication exchanges inform our support documentation and help us prioritize feature development based on actual user needs rather than speculation.

Transaction analysis — the core of what we offer — requires temporary processing of financial details. When you initiate a report or visualization, algorithms examine patterns, calculate trends, and generate insights. This work happens in memory, and processing artifacts disappear once the output reaches your screen. The finished reports belong to you; we keep aggregated, anonymized statistical summaries to improve analytical accuracy over time.

• Account management: Your registration details allow system access and preference storage. They sit in encrypted databases with restricted internal access — only authentication services and account administration functions can reach them.
• Service delivery: Operational traces enable session persistence, personalized dashboard configuration, and historical reference. When you adjust filters or save custom views, those choices are associated with your account so they persist across sessions.
• Platform improvement: Aggregated, de-identified usage patterns inform decisions about interface refinements and feature prioritization. We might observe that many users struggle with a particular workflow step, prompting a redesign — but we can't trace that observation back to individual accounts.
• Communication continuity: Support tickets and feedback submissions stay linked to accounts so follow-up responses reach the right recipient and context remains available if issues resurface.

We don't repurpose information for unrelated activities. Details gathered for transaction analysis won't suddenly appear in marketing campaigns or third-party data marketplaces. Our business model depends on delivering valuable insights, not monetizing user details.

External Transfers and Service Dependencies

Our infrastructure relies on cloud hosting services based in facilities that meet international security certifications. These providers receive encrypted data fragments necessary for storage and computation but lack the keys to reconstruct meaningful information. Contractual terms forbid them from accessing, copying, or using hosted content for their own purposes.

Payment processing — when you subscribe to premium features — involves specialized financial intermediaries. They receive transaction details required to authorize charges: billing name, payment instrument identifiers, amounts. We never see complete payment credentials; tokens representing authorized instruments flow back to us for future billing cycles. These processors operate under strict financial regulations and maintain separate privacy practices you should review.

Legal demands occasionally force disclosure. If Taiwan authorities present valid requests for specific account information in connection with legitimate investigations, we comply after verifying the legal basis. Where permissible, we notify affected users unless such notification would undermine the investigation's purpose. Annual transparency reports summarizing these requests appear in our public documentation.

Business restructuring — mergers, acquisitions, asset sales — might transfer our operations to new ownership. In such scenarios, user information would move with the platform to ensure service continuity. We'd notify affected accounts beforehand and provide options to export data or close accounts if the new steward's practices differ materially from ours.

Protection Measures and Remaining Risks

Information at rest lives in encrypted databases. Transport between your browser and our servers occurs over secure channels with current cryptographic standards. Access controls limit which internal systems and personnel can reach specific data categories — someone troubleshooting a UI bug can't peek at financial transaction details.

Authentication mechanisms include rate limiting, anomaly detection, and credential strength requirements. We enforce password complexity rules and offer optional multi-factor verification. Session tokens expire after inactivity periods, forcing re-authentication. Failed login attempts trigger temporary lockouts and alert monitoring systems.

• Encryption layers: Data encryption applies both during transmission and while stored in databases. Decryption keys exist separately from the encrypted content, reducing exposure if storage systems are compromised.
• Access segmentation: Internal teams access only the information categories necessary for their roles. Support staff see communication history but not financial transaction details; infrastructure engineers handle server logs but can't view account profiles.
• Audit trails: Systems log all data access events with timestamps and actor identifiers, creating accountability records reviewed during security assessments.
• Vulnerability management: Regular security testing identifies weaknesses before malicious actors can exploit them. Software dependencies receive prompt updates when vulnerabilities surface in underlying libraries or frameworks.

Despite these precautions, absolute security remains impossible. Sophisticated attackers, insider threats, or unforeseen vulnerabilities could breach defenses. If such an incident affects your information, we'll notify you promptly with details about what was exposed, potential consequences, and steps we're taking to contain the damage and prevent recurrence.

Retention, Control, and Your Options

Different information types persist for different durations based on operational necessity and regulatory requirements. Account credentials remain active as long as your account exists. Activity logs stay accessible through your dashboard for ninety days, after which they archive into aggregated, anonymized statistical summaries. Financial transaction data uploaded for analysis persists for the duration you specify in account settings — options range from immediate deletion after report generation to retention for historical comparison over multiple fiscal periods.

You control much of this lifecycle directly through account settings. Export functions let you retrieve complete copies of stored information in machine-readable formats. Deletion requests trigger immediate removal from active systems; backup copies purge during the next scheduled backup rotation, typically within thirty days. Account closure initiates full information removal within sixty days, though some fragments might persist in archived logs or backups beyond that window before eventual expiration.

• View and verify: Account dashboards display current stored information. Review these details periodically to ensure accuracy and completeness.
• Correct inaccuracies: Update profile details, modify preferences, or revise categorization rules through standard interface controls. Changes propagate immediately.
• Limit processing: Object to specific analytical operations by adjusting feature permissions. Disabling certain insights prevents the corresponding data analysis.
• Request deletion: Targeted removal of specific information categories or complete account closure both trigger documented deletion procedures.
• Withdraw consent: Where processing depends on your explicit permission rather than contractual necessity, you can revoke that permission. Doing so might limit platform functionality.
• Export data: Retrieve structured copies of your information for personal records or transfer to alternative services.

Legal frameworks governing information handling vary by jurisdiction. If you're in the European Economic Area, GDPR provisions apply. Taiwan users benefit from Personal Information Protection Act safeguards. Other regions might offer different protections. We apply consistent baseline practices globally while honoring jurisdiction-specific requirements where they exceed our standard approach.

Questions, concerns, or formal requests reach us through the contact channels below. We respond within fifteen business days for routine inquiries, though complex requests involving extensive information retrieval might require up to thirty days. If you're unsatisfied with our response, escalation options exist through regulatory authorities in your jurisdiction — specific complaint mechanisms depend on your location.