Information We Collect

When you use our platform, we gather different types of information to provide you with better budgeting tools and personalized financial insights.

Personal Identification Data

We collect basic information you provide when creating an account or contacting us:

• Full name and email address
• Phone number (optional, for account recovery)
• Mailing address if you request physical documents
• Company name and business registration number for business accounts
• Payment information processed through secure third-party payment gateways

Financial Information

To help you manage cash flow effectively, we collect:

• Income and expense data you manually enter
• Budget categories and spending patterns
• Financial goals and projections you set
• Bank account connections (only with your explicit consent through secure API connections)
• Transaction histories you choose to import

Technical and Usage Data

Our systems automatically collect certain technical information:

• IP address and browser type
• Device information and operating system
• Pages visited and features used within our platform
• Time spent on different sections
• Error logs and performance data
• Cookies and similar tracking technologies

How We Use Your Information

Your data helps us deliver a better budgeting experience. Here's what we do with it:

Communication Purposes

We'll send you important updates about your account, changes to our services, and occasional tips about better cash flow management. You can opt out of promotional emails anytime, but we'll still need to send you essential service notifications.

Analytics and Improvement

We analyze how people use our platform to make it better. This includes studying which features get used most, where people struggle, and what improvements would help. All this analysis happens with aggregated, anonymized data whenever possible.

Data Sharing and Third Parties

We don't sell your personal information. Period. But we do work with certain partners to provide our services:

Service Providers

We share limited data with companies that help us operate:

• Cloud hosting providers for secure data storage (currently using AWS Taiwan region)
• Payment processors for handling subscriptions (they never see your full financial data)
• Email service providers for sending notifications
• Analytics tools to understand platform usage
• Customer support software to help resolve your issues faster

Legal Requirements

We may disclose your information if required by Taiwan law, court order, or government regulation. This includes responding to lawful requests from authorities investigating fraud, tax matters, or other legal issues.

Business Transfers

If innovatefilebox is acquired or merges with another company, your data would transfer to the new entity. We'll notify you before this happens and explain any changes to how your information is handled.

Your Privacy Rights

Under Taiwan's Personal Data Protection Act, you have several rights regarding your personal information:

How to Exercise Your Rights

To make any of these requests, email us at [email protected] with "Privacy Request" in the subject line. Include your account email and specify which right you want to exercise. We'll verify your identity before processing the request.

Most requests are handled within 15 business days. If we need more time due to complexity, we'll let you know and explain why.

Data Security Measures

Protecting your financial information is our top priority. We use multiple layers of security:

Technical Safeguards

• 256-bit SSL/TLS encryption for all data transmission
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Automated threat detection and monitoring systems
• Secure API connections with OAuth 2.0 authentication
• Regular software updates and security patches

Access Controls

We limit who can access your data internally. Only employees who need it for their job can view personal information, and all access is logged and monitored. Our team receives regular security training.

Infrastructure Security

Your data is stored in secure data centers in Taiwan with physical security measures, redundant power systems, and regular backups. We maintain disaster recovery procedures to protect against data loss.

Data Retention

We keep your information only as long as necessary:

Active Accounts

While your account is active, we retain all your financial data, transaction history, and account information. This lets you access historical budgets and track long-term spending patterns.

Closed Accounts

After you close your account, we keep certain data for 7 years to comply with Taiwan's financial record-keeping requirements. This includes transaction records and tax-related information. Personal identifiers are anonymized where possible.

Marketing Data

If you opt out of marketing communications, we'll keep a record of your email address to ensure we don't contact you again—but we won't use it for any other purpose.

Legal Holds

If your data is subject to legal proceedings or investigations, we'll retain it until the matter is resolved, regardless of our standard retention periods.

Cookies and Tracking

We use cookies and similar technologies to make our platform work better. Here's what you should know:

Essential Cookies

These are necessary for the platform to function. They handle things like keeping you logged in, remembering your language preference, and maintaining your session security. You can't disable these without breaking the service.

Analytics Cookies

We use these to understand how people use our platform—which features are popular, where people get confused, what devices they're using. This helps us improve the service. You can opt out of these in your account settings.

Third-Party Cookies

Some features use cookies from external services (like embedded support chat). These are governed by those companies' privacy policies, though we only work with providers who meet our privacy standards.

Managing Cookies

Most browsers let you control cookies through their settings. You can block or delete cookies, but this might affect how our platform works. Check your browser's help section for specific instructions.

International Data Transfers

Your data is primarily stored and processed in Taiwan. However, some of our service providers operate globally, which means your information might be transferred to other countries.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant authorities. We only transfer data to countries that provide adequate data protection or where contractual protections are established.

Our primary cloud infrastructure is located in the AWS Taiwan region, minimizing the need for international transfers in most cases.

Children's Privacy

Our service is not intended for anyone under 18 years old. We don't knowingly collect information from minors. If you're a parent and discover your child has created an account, contact us immediately and we'll delete it.

If we learn we've accidentally collected information from someone under 18, we'll delete it as quickly as possible.

Changes to This Policy

We update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice on our platform.

The "Last Updated" date at the top shows when the most recent changes were made. We encourage you to review this policy periodically to stay informed about how we protect your information.

Continuing to use our service after changes take effect means you accept the updated policy.

California Privacy Rights

If you're a California resident using our services, you have additional rights under the California Consumer Privacy Act (CCPA), even though we're based in Taiwan.

You can request information about what personal data we've collected, how we've used it, and whether we've shared it. You can also request deletion of your personal information, subject to certain exceptions.

We don't sell personal information, so there's nothing to opt out of in that regard. To exercise your CCPA rights, use the same contact method described in the "Your Privacy Rights" section above.