We collect information that helps us provide security testing and vulnerability assessment services effectively:

• Contact details you provide when requesting consultations or services
• Technical information about your systems shared during security assessments
• Communication records from our interactions about your security needs
• Website usage data through standard analytics tools
• Payment information processed through secure third-party providers
• System logs and security test results generated during our assessments

Your information serves specific purposes directly related to protecting your digital assets:

• Conducting thorough security assessments and vulnerability testing
• Preparing detailed reports about your security posture
• Communicating findings and recommendations clearly
• Providing ongoing security consultation and support
• Maintaining records for compliance and quality assurance
• Improving our testing methodologies based on real-world findings

We don't use your data for marketing campaigns, sell it to third parties, or share it beyond what's necessary for the services you've requested.

Given the sensitive nature of security data, we maintain strict protection measures:

• All data encrypted both in transit and at rest using industry-standard protocols
• Access restricted to team members directly involved in your security project
• Regular security audits of our own systems and processes
• Secure data centers with physical and digital access controls
• Multi-factor authentication required for all system access
• Regular backups stored in geographically separated, encrypted locations

Under Taiwan's Personal Data Protection Act and international privacy standards, you have clear rights:

• Request to see what personal data we hold about you
• Ask for corrections to any inaccurate information
• Request deletion of your data when legally permissible
• Withdraw consent for data processing where applicable
• Receive a copy of your data in a portable format
• File complaints with relevant data protection authorities

To exercise these rights, simply contact us using the information below. We'll respond within 30 days and guide you through the process without unnecessary bureaucracy.

We limit data sharing to what's essential for providing security services:

• Trusted subcontractors who assist with specific technical aspects
• Legal authorities when required by Taiwan law or court orders
• Business partners only with your explicit consent
• Professional advisors bound by confidentiality agreements

When data crosses borders for cloud storage or processing, we ensure adequate protection through standard contractual clauses and carefully vetted service providers.

We keep your information only as long as necessary:

• Active project data: Duration of engagement plus 12 months
• Security assessment reports: 3 years for comparison and trend analysis
• Communication records: 2 years for service quality and legal compliance
• Financial records: 7 years as required by Taiwan tax regulations
• Website analytics: 26 months maximum

After these periods, we securely delete data unless you specifically request longer retention or legal requirements mandate otherwise. You can always request earlier deletion of data not subject to legal retention requirements.

Our website uses minimal data collection to function properly:

• Essential cookies for basic website functionality and security
• Analytics cookies to understand how visitors use our site
• Session cookies to maintain your preferences during visits
• Security cookies to protect against automated attacks

You can control cookie preferences through your browser settings. Disabling non-essential cookies won't affect your ability to access our services or contact us.

We review and update this policy regularly to reflect changes in our services, technology, or legal requirements. When we make significant changes, we'll notify you through:

• Email notifications to active clients
• Prominent notices on our website
• Direct communication during ongoing projects

Minor clarifications or formatting changes won't trigger notifications, but we'll always maintain a record of versions with effective dates.