隱私權政策

本政策說明微象 SomaTrace(由蔡承恩以個人名義經營,以下稱「我們」)在提供服務時,如何蒐集、使用與保護資料。

  1. 使用者多為徒手與身體工作者。就使用者於服務中建立之個案資料,使用者為蒐集者與管理者,我們僅依其指示提供雲端儲存與處理。
  2. 我們處理之資料包含:(a) 帳號資料——電子郵件、登入時間、顯示名稱、條款同意紀錄、行銷接收選項;(b) 付款資料——訂閱與購買狀態、金流交易識別碼(不含完整信用卡號),以及(如使用者啟用線上收款)其客人線上付款之訂單編號、金額、付款狀態與交易識別碼(不含完整信用卡號);(c) 使用者建立之個案資料——個案基本資料(手機、年齡區間、性別、慣用手、職業、運動習慣、過往傷史、偏好與禁忌備註)、主訴與身體觀察(區域、症狀性質、動態測試、內臟與筋膜觀察、不適自評 0–10)、療程紀錄與復盤、AI 產出之報告;(d) 裝置與推播——裝置識別碼、推播權杖、推播偏好;(e) 系統紀錄——用量、錯誤、AI 呼叫之稽核紀錄(不含個案內容);(f) 整合資料——當使用者連接 LINE 官方帳號或自有金流時,所儲存之第三方服務連線憑證,以及(就 LINE)與使用者互動之客人的 LINE 使用者識別碼、顯示名稱、大頭貼與對話訊息內容。
  3. 部分個案資料屬健康相關之敏感性資料。我們僅於使用者主動輸入時取得,且僅在提供服務之必要範圍內處理,不作醫療診斷用途。
  4. 蒐集與處理目的為:帳號管理與身分驗證、提供雲端同步、付款處理、客服聯繫、系統穩定性監測,以及服務與功能之改善。
  5. 為改善功能與內容品質,我們可能對個案資料進行去識別化處理(移除姓名等可直接識別特定個人之欄位,且不納入自由文字備註與主訴原文),並僅就彙整後之統計與型態(例如哪些身體區域與症狀組合較常見、功能採用情形)進行分析。此類分析僅以無法還原特定個人之彙整形式進行,不會用於識別特定個案或使用者,亦不會對外販售。
  6. AI 報告由第三方模型供應商(Anthropic 或 OpenAI,依設定而定)產生。為生成報告,我們會傳送該次整理所需之內容:結構化之代碼與評分(如區域、選項、嚴重度、不適分數)、你為該次所填寫之相關自由文字(如處理筆記、方向備註、來訪前重點、個案回饋),以及必要之個案概況(如年齡區間、運動習慣、過往傷史、主訴內容);但不傳送個案姓名與聯絡方式。
  7. 為提供服務,我們委由下列受託者處理必要資料:Supabase(雲端資料庫與儲存)、Anthropic 與 OpenAI(AI 產出)、藍新金流 NewebPay(本服務訂閱收款,及使用者啟用之線上收款)、LINE(LY Corporation,預約與訊息傳遞)、Apple 與 Google(推播通知)、RevenueCat(iOS 購買驗證)、Resend(系統信件)。各受託者僅取得履行其功能所必要之資料,不得作其他用途。
  8. 付款資訊由第三方金流服務處理,本服務不另行儲存完整信用卡資料。
  9. 當使用者連接 LINE 官方帳號時,客人可透過 LINE 與使用者互動、完成預約;其 LINE 使用者識別碼、顯示名稱與對話訊息將同步至本服務,供使用者於收件匣回覆與管理。就此類客人資料,使用者為蒐集者與管理者,本服務僅依其指示處理。訊息傳遞由 LINE(LY Corporation)之 Messaging API 提供。
  10. 使用者可串接自有第三方金流,向其客人收取訂金或費用。客人之線上付款由使用者所選之金流商處理;本服務僅保存交易識別碼、金額與付款狀態,不保存完整信用卡資料。就客人之付款資料,使用者為蒐集者,本服務僅依其指示處理。
  11. 部分受託者之伺服器位於台灣境外(例如美國、日本)。使用本服務即表示您瞭解並同意為提供服務所必要之國際傳輸;我們會要求受託者採取合理之安全保護措施。
  12. 我們採傳輸層 TLS 加密、儲存層加密,並以資料列權限控管(Row Level Security)將每位使用者之個案資料彼此隔離;付款資料由金流商以加密方式處理。使用者連接之第三方服務憑證(LINE 官方帳號、自有金流)另以應用層加密儲存,不以明文保存。
  13. 個案與帳號資料於使用服務期間保存;使用者刪除個案或帳號後,將於合理期間內自運作系統移除(依法令須保存或既有備份輪替期間除外)。
  14. 使用者可於 App 內或來信客服,查詢、更正、匯出或刪除其資料。個案如欲行使權利,應向其所服務之使用者(即蒐集者)提出,我們將配合該使用者處理。
  15. 位於歐盟或其他地區之使用者,於當地法律要求範圍內,亦得行使存取、更正、刪除、限制處理或反對等權利。
  16. 本服務未使用第三方廣告或行為追蹤分析工具。
  17. 如發生可能危害權益之資料外洩,我們將依法令於合理期間內通知受影響者並採取補救措施。
  18. 本政策若有更新,將於本頁公告,並更新「最後更新」日期;重大變更將另行提示。
  19. 如有疑問或欲行使權利,請聯繫客服信箱 [email protected],負責人:蔡承恩。

Privacy Policy

This policy describes how SomaTrace (operated by Tsai Cheng En as an individual, "we") collects, uses, and protects data when providing the service.

  1. Our users are mostly manual and somatic practitioners. For the client records a user creates within the service, the user is the collector and controller, and we provide cloud storage and processing only on the user's instructions.
  2. Data we process includes: (a) account data — email, sign-in time, display name, terms-acceptance record, marketing opt-in; (b) payment data — subscription and purchase status, payment transaction identifiers (excluding full card numbers), and, where the user enables online collection, the order number, amount, payment status, and transaction identifier of their clients' online payments (excluding full card numbers); (c) client records created by the user — client basics (mobile number, age band, sex, dominant hand, occupation, exercise habits, injury history, preference and contraindication notes), chief complaints and body observations (regions, symptom qualities, dynamic tests, visceral and fascial observations, self-rated discomfort 0–10), session records and reviews, and AI-generated reports; (d) device and push — device identifier, push token, push preferences; (e) system logs — usage, errors, and AI-call audit records (excluding client content); (f) integration data — when a user connects a LINE Official Account or their own payment gateway, the stored connection credentials for those third-party services, and (for LINE) the LINE user ID, display name, profile picture, and conversation message content of clients who interact with the user.
  3. Some client records are health-related sensitive data. We obtain them only when the user actively enters them, process them only to the extent necessary to provide the service, and do not use them for medical diagnosis.
  4. Purposes of collection and processing: account management and authentication, cloud sync, payment processing, customer support, system reliability monitoring, and improvement of the service and its features.
  5. To improve features and content quality, we may de-identify client data (removing fields that directly identify a specific person, such as names, and excluding free-text notes and original chief-complaint text) and analyze only the aggregated statistics and patterns (for example, which body-region and symptom combinations are most common, or feature-adoption rates). Such analysis is performed only in an aggregated form that cannot be traced back to a specific individual, is never used to identify a specific client or user, and is never sold.
  6. AI reports are generated by third-party model providers (Anthropic or OpenAI, depending on configuration). To generate a report, we transmit the content needed for that summary: structured codes and scores (such as region, option, severity, and discomfort score), the relevant free-text you entered for that session (such as processing notes, direction notes, pre-visit notes, and client feedback), and the limited client profile required (such as age range, exercise habit, past injuries, and chief-complaint text). We do not transmit the client's name or contact details.
  7. To provide the service, we engage the following processors to handle the data necessary for their function: Supabase (cloud database and storage), Anthropic and OpenAI (AI output), NewebPay (subscription collection for this service, and online collection enabled by the user), LINE (LY Corporation, booking and message delivery), Apple and Google (push notifications), RevenueCat (iOS purchase validation), and Resend (system email). Each processor receives only the data necessary to perform its function and may not use it for other purposes.
  8. Payment information is processed by a third-party payment provider; we do not store full credit-card data.
  9. When a user connects a LINE Official Account, clients may interact with the user and complete bookings through LINE; their LINE user ID, display name, and message content are synced into the service so the user can reply and manage them in the inbox. For such client data, the user is the collector and controller, and we process it only on their instructions. Message delivery is provided by LINE (LY Corporation)'s Messaging API.
  10. A user may connect their own third-party payment gateway to collect deposits or fees from their clients. Clients' online payments are processed by the gateway chosen by the user; we store only the transaction identifier, amount, and payment status, and do not store full credit-card data. For clients' payment data, the user is the collector and we process it only on their instructions.
  11. Some processors' servers are located outside Taiwan (for example, the United States and Japan). By using the service you understand and consent to the international transfers necessary to provide it; we require processors to adopt reasonable security safeguards.
  12. We use TLS encryption in transit, encryption at rest, and Row Level Security to isolate each user's client records from one another; payment data is handled by the payment provider in encrypted form. Connection credentials for third-party services that a user connects (LINE Official Account, their own payment gateway) are additionally encrypted at the application layer and never stored in plaintext.
  13. Client and account data are retained for the duration of service use; after a user deletes a client or account, the data is removed from operational systems within a reasonable period (except where retention is required by law or during existing backup-rotation periods).
  14. Users may, within the app or by contacting support, access, correct, export, or delete their data. A client wishing to exercise their rights should contact the user (the collector) they are served by, and we will assist that user.
  15. Users located in the EU or other regions may, to the extent required by local law, exercise rights of access, correction, deletion, restriction of processing, or objection.
  16. The service does not use third-party advertising or behavioral-tracking analytics tools.
  17. In the event of a data breach that may harm rights or interests, we will, in accordance with the law, notify affected parties within a reasonable period and take remedial measures.
  18. If this policy is updated, the changes will be published on this page with an updated "last updated" date; material changes will be separately highlighted.
  19. For questions or to exercise your rights, contact support at [email protected]; operator: Tsai Cheng En.