Privacy Policy

Last Updated: March 11, 2026 | Effective: March 11, 2026

lylai (hereinafter referred to as "the Service") is developed and operated by Cheng-I Wu (hereinafter referred to as "I"). In accordance with the Personal Data Protection Act of the Republic of China (Taiwan) and related regulations, I have established this Privacy Policy to explain how I collect, process, use, and protect your personal data.

By using the Service, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Categories and Purposes of Personal Data Collected

Pursuant to Article 8 of the Personal Data Protection Act, I hereby inform you of the following:

Collection Methods: Through information you actively provide within the App, authorization via third-party sign-in (Apple ID, Google Account), or attendee lists imported by event organizers.

2. Duration, Region, Recipients, and Methods of Personal Data Use

• Duration: From the date of collection until you delete your account. Event-related data is retained for 12 months after the event concludes, then automatically deleted.
• Region: Within the territory of the Republic of China (Taiwan). Data is stored on Supabase cloud services (servers located in Sydney, Australia), in compliance with cross-border transfer provisions under Article 21 of the Personal Data Protection Act, with security measures equivalent to those applied domestically.
• Recipients:
  • The Service's operations team (limited to the scope necessary for providing the Service)
  • Event organizers (limited to registration and check-in information for their respective events)
  • Other users with whom you consent to exchange business cards (only upon mutual QR code scanning consent)
• Methods: Processed through automated means with encrypted transmission and access control measures.

3. Third-Party Services

The Service uses the following third-party services, each with its own privacy policy:

• Supabase (data storage, authentication) — Privacy Policy
• Apple (Sign in with Apple) — Privacy Policy
• Google (Google Account sign-in) — Privacy Policy
• Expo (push notification service) — Privacy Policy
• RevenueCat (in-app purchase and subscription management) — Privacy Policy
• Anthropic Claude (Claude Vision API, business card image recognition OCR) — Privacy Policy. Uploaded card photos are transmitted to Anthropic's API for text extraction; images are not stored by Anthropic, only extracted text is returned.

4. Data Security Measures

In accordance with Article 12 of the Enforcement Rules of the Personal Data Protection Act, I implement the following security measures:

• All data transmission is encrypted using HTTPS/TLS
• Database access is controlled via Row Level Security (RLS)
• Passwords and sensitive data are hashed and never stored in plaintext
• Security measures are periodically reviewed for adequacy

5. Data Breach Notification

In the event of a personal data breach, I will notify affected users within 72 hours of becoming aware of the incident, via App push notification or email, and report to the competent authority in accordance with the Personal Data Protection Act. The notification will include: the facts of the breach, the categories of data affected, response measures taken, and recommendations for users to protect themselves.

6. Data Subject Rights

Pursuant to Article 3 of the Personal Data Protection Act, you have the following rights regarding your personal data:

1. To inquire about or request access to your data
2. To request a copy of your data
3. To request supplementation or correction
4. To request cessation of collection, processing, or use
5. To request deletion

You may exercise these rights through the "Settings" page within the App, or by emailing crucify0202@gmail.com. I will respond within 30 days of receiving your request.

Exercising any of the above rights is free of charge.

7. Consequences of Not Providing Personal Data

You are free to choose whether to provide personal data. If you choose not to provide it, the following impacts may occur:

• Not providing Email: Unable to register an account or use the Service
• Not providing name/organization/job title: Business card exchange feature will not display complete information
• Not authorizing push notifications: Unable to receive event reminders

8. Cookies and Tracking Technologies

The App does not use cookies. The web component (event registration pages) uses only essential cookies to maintain proper functionality. No advertising tracking or behavioral analytics is performed.

9. Protection of Minors

The Service is not directed at children under the age of 13. I do not knowingly collect personal data from children under 13. If a parent or guardian discovers that their child has provided personal data without consent, please contact me and I will promptly delete it.

Minors under the age of 18 must obtain consent from a legal guardian before using the Service.

10. Amendments to This Privacy Policy

If this Policy is amended, I will publish the updated effective date on this page. Material changes will be communicated via App push notification or email. If you do not agree with the amendments, you may delete your account and discontinue use of the Service before the amendments take effect. Continued use of the Service after the amendments become effective constitutes your acceptance of the revised Policy.

11. Contact Information

If you believe the Service has violated any provisions of the Personal Data Protection Act, in addition to contacting me, you may also file a complaint with the National Development Council or your local government.