Privacy Policy / 隱私權政策

Last updated: 2026-05-06

EdgeSEO ("we", "our", "the Service") is operated by Zhenhe AI LLC (a Wyoming, USA limited liability company) and 振禾有限公司 (Zhenhe Co., Ltd., Taiwan R.O.C., Business Registration No. 83446730), collectively the "Operator". This policy describes what personal data we collect, how we use, store, and delete it, and the rights you have over your data.

EdgeSEO(下稱「我們」、「本服務」)由 Zhenhe AI LLC(美國懷俄明州有限責任公司)與振禾有限公司(中華民國,統一編號 83446730)共同營運(合稱「營運方」)。本政策說明我們收集哪些個人資料、如何使用、儲存與刪除,以及您對資料享有的權利。

1. Data we collect / 收集的資料

From you directly / 由您直接提供

  • Email address — for account, transactional emails, and support
    電子郵件地址 — 用於帳號、交易通知與客服
  • Name and (if applicable) company name, taxId / Tax ID — for invoicing
    姓名與(若適用)公司名稱、統一編號 — 用於發票開立
  • Workspace and site configurations (workspace name, target site URLs, content/SEO preferences) — saved in your account
    工作區與站點設定(工作區名稱、目標網域、SEO 偏好)— 儲存於您的帳號中
  • Payment-related data (handled directly by Stripe or PayUni — we never see full card numbers)
    付款相關資料(由 Stripe 或 PayUni 直接處理 — 我們從不接觸完整卡號)

From Google via OAuth (only when you explicitly authorize) / 經由 Google OAuth(僅在您明確授權時)

When you connect a Google Search Console or Google Analytics 4 account, Google provides us with:

當您連接 Google Search Console 或 Google Analytics 4 帳號時,Google 會向我們提供:

  • An OAuth refresh token and short-lived access token, scoped to the resources you grant
    OAuth 更新令牌與短期存取令牌,範圍限於您授權的資源
  • Google Search Console data: query impressions, clicks, CTR, average position, top pages — read-only via the webmasters.readonly scope
    Google Search Console 資料:查詢曝光、點擊、CTR、平均排名、熱門頁面 — 透過 webmasters.readonly 範圍唯讀
  • Google Analytics 4 data: pageviews, sessions, engagement time, bounce rate, conversion events — read-only via the analytics.readonly scope
    Google Analytics 4 資料:瀏覽量、工作階段、互動時間、跳出率、轉換事件 — 透過 analytics.readonly 範圍唯讀
  • Your Google account email address (used to associate the OAuth grant with your EdgeSEO workspace)
    您的 Google 帳號 email(用於將 OAuth 授權綁定至您的 EdgeSEO 工作區)

We never request write or admin scopes on Google Search Console or Google Analytics. We do not modify your properties, sitemaps, audiences, or events.

我們不會請求 Google Search Console 或 Google Analytics 的寫入或管理範圍。我們不會修改您的資源、Sitemap、目標對象或事件。

Generated by using the Service / 使用服務產生的資料

  • AI-generated SEO recommendations, keyword shortlists, change checklists, and meta-tag suggestions for your authorized properties
    針對您授權站點所產生的 AI SEO 建議、關鍵字清單、修改檢核表、Meta 標籤建議
  • Operational logs of your dashboard interactions (for product analytics and error diagnostics)
    儀表板互動的操作紀錄(用於產品分析與錯誤診斷)
  • IP address, browser/device fingerprint, country (from Cloudflare CF-IPCountry header) — used for geo-routing payment gateway and abuse detection
    IP 位址、瀏覽器/裝置指紋、國家(來自 Cloudflare CF-IPCountry header)— 用於金流地理路由與濫用偵測

2. Google API Services User Data Policy — Limited Use Disclosure

EdgeSEO's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

EdgeSEO 對於透過 Google API 取得的資料,使用與轉移將遵循 Google API Services User Data Policy,包含 Limited Use 要求,具體如下:

  • Use only for user-facing features — We use Google Search Console and Google Analytics data exclusively to provide the SEO analysis, recommendations, and reports requested by the authorizing user, displayed only to that user (or designated members of the user's workspace under role-based access).
    僅用於使用者導向功能 — 我們僅將 Google Search Console 與 Google Analytics 資料用於提供授權使用者所要求的 SEO 分析、建議與報告,並僅向該使用者(或其工作區內具備權限的成員)顯示。
  • No transfer to third parties — We do not transfer Google user data to third parties except (a) as necessary to provide or improve user-facing features, (b) for security purposes such as investigating abuse, or (c) to comply with applicable law.
    不轉移給第三方 — 我們不會將 Google 使用者資料轉移給第三方,除非:(a)為提供或改善使用者導向功能所必需、(b)安全目的(如調查濫用),或(c)為遵循適用法律。
  • No advertising use — We do not use Google user data for advertising purposes, including for retargeting, personalized advertising, or interest-based advertising.
    不用於廣告 — 我們不會將 Google 使用者資料用於廣告,包括再行銷、個人化廣告或興趣定向廣告。
  • No human reading — Humans do not read Google user data unless (a) we obtain the user's affirmative agreement for specified instances, (b) it is necessary for security purposes, (c) to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations.
    不允許人工閱讀 — 我們的人員不會閱讀 Google 使用者資料,除非:(a)已取得使用者明確同意、(b)為安全目的所必需、(c)為遵循適用法律,或(d)資料已聚合並去識別化用於內部營運。
  • No AI/ML training across users — We do not use individual users' Google data to train, fine-tune, or improve any AI/ML models whose outputs are exposed to other users or customers.
    不用於跨使用者 AI/ML 訓練 — 我們不會使用個別使用者的 Google 資料來訓練、微調或改善任何 AI/ML 模型,且該模型的輸出不會曝露給其他使用者或客戶。

3. How we use data / 資料用途

  • Delivering the core service: calling Google APIs with your tokens, generating SEO analyses, weekly reports, change checklists, and AI-suggested optimizations for your authorized properties.
    提供核心服務:使用您的令牌呼叫 Google API、產生 SEO 分析、週報、修改檢核表,以及針對您授權資源的 AI 優化建議。
  • Multi-tenant isolation: data is isolated per workspace using PostgreSQL Row-Level Security (RLS); other tenants cannot access your data even via direct database access.
    多租戶隔離:資料以 PostgreSQL Row-Level Security(RLS)依工作區隔離;其他租戶即使透過直連資料庫也無法存取您的資料。
  • Transactional communication: confirmation emails, billing receipts, OAuth grant changes, account security alerts.
    交易通訊:確認信、帳單收據、OAuth 授權變更、帳號安全警示。
  • Fraud and abuse prevention: detecting unusual API usage, repeated invalid tokens, account takeover signals.
    防止詐欺與濫用:偵測異常 API 使用、重複無效令牌、帳號接管信號。
  • Aggregated, anonymized analytics: product metrics that do not identify individuals or expose Google user data.
    聚合、去識別化分析:不識別個人、不曝露 Google 使用者資料的產品指標。

4. Data retention / 資料保留

Data type / 資料類型Retention period / 保留期限
Google OAuth refresh / access tokensEncrypted at rest with AES-256-GCM; deleted on account or workspace deletion / 以 AES-256-GCM 加密儲存;帳號或工作區刪除時即刪除
GSC / GA4 query results cache7 days, then auto-purged / 7 天後自動清除
Generated SEO recommendations and reportsUntil user deletes or workspace removed / 直至使用者刪除或工作區移除
Workspace and site configurationsUntil user deletes or workspace removed / 直至使用者刪除或工作區移除
Free-tier inactive workspacesAuto-archived 90 days after last activity / 最後活動後 90 天自動封存
Operational logs30 days / 30 天
Billing records and invoices7 years (Taiwan R.O.C. tax compliance) / 7 年(依中華民國稅法)

5. Security / 資料安全

  • OAuth tokens are encrypted at rest with AES-256-GCM using per-deployment keys / OAuth 令牌以 AES-256-GCM 與部署金鑰加密儲存
  • Multi-tenant data isolation via PostgreSQL Row-Level Security policies / 透過 PostgreSQL RLS 策略進行多租戶資料隔離
  • All traffic is TLS 1.3 (via Cloudflare) / 所有流量採用 TLS 1.3(透過 Cloudflare)
  • Webhook signatures verified via HMAC for Stripe / PayUni / cf-email / Stripe / PayUni / cf-email 的 Webhook 簽章皆經 HMAC 驗證
  • Secrets stored in Cloudflare Workers Secrets, never in source code / 機密儲存於 Cloudflare Workers Secrets,從不寫入原始碼

6. Third-party services / 第三方服務

We use the following third-party services to provide our features:

我們使用以下第三方服務來提供功能:

  • Google APIs — Search Console + Analytics Data API (read-only) / Search Console + Analytics Data API(唯讀)
  • Cloudflare — Workers compute, KV, Analytics Engine, content delivery / Workers 運算、KV、Analytics Engine、內容遞送
  • Supabase — managed PostgreSQL with RLS / 託管 PostgreSQL(具備 RLS)
  • Stripe — international payment processing (USD subscriptions and one-time charges) / 國際金流(美元訂閱與一次性付款)
  • PayUni / 統一金流 — Taiwan local payment processing (TWD) / 台灣本地金流(台幣)
  • AI Engine providers — generating SEO analyses and recommendations from your authorized data / AI Engine 服務商 — 從您授權的資料產生 SEO 分析與建議
  • cf-email / Resend — transactional email delivery (Cloudflare Email Workers) / 交易郵件遞送(Cloudflare Email Workers)

AI providers process your authorized data ephemerally to produce specific user-facing outputs and do not retain it for cross-customer model training (per their respective enterprise agreements).

AI 服務商會以暫存方式處理您授權的資料以產生使用者導向的輸出,且依各自的企業合約不會保留資料用於跨客戶模型訓練。

7. International transfers / 跨境傳輸

Data may be processed in the United States (Cloudflare global network, Supabase, Stripe), Singapore / Asia-Pacific (Cloudflare regional edge), and Taiwan (PayUni, billing records). All processors offer industry-standard safeguards.

資料可能在美國(Cloudflare 全球網路、Supabase、Stripe)、新加坡/亞太(Cloudflare 區域邊緣)以及台灣(PayUni、帳單記錄)處理。所有處理者均提供產業標準的保護措施。

8. Children's privacy / 兒童隱私

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children.

本服務不針對 18 歲以下個人提供。我們不會故意收集兒童的個人資料。

9. Your rights / 您的權利

  • Access and export — view or download your data via your dashboard / 存取與匯出 — 透過儀表板檢視或下載您的資料
  • Rectify — correct inaccurate data via account settings / 更正 — 透過帳號設定修正不正確的資料
  • Delete — see our Data Deletion Instructions / 刪除 — 請參考我們的資料刪除說明
  • Revoke Google OAuth — at any time via Google Account Permissions / 撤銷 Google OAuth — 隨時可至 Google 帳號權限 撤銷
  • Object / restrict — contact us to limit specific processing / 反對/限制 — 聯絡我們以限制特定處理

10. Changes to this policy / 政策變更

We may update this policy. Material changes will be notified by email at least 30 days before they take effect.

我們可能更新本政策。重大變更將至少在生效前 30 天透過 email 通知。

11. Contact / 聯絡我們

Privacy / Data Protection: ace@zhenheai.com

Postal address (Taiwan): 振禾有限公司, Taipei, Taiwan R.O.C.

隱私權/資料保護:ace@zhenheai.com

郵寄地址(台灣):振禾有限公司,台北市,中華民國