What Information We Collect

We can't provide budget analysis without some data. Here's what we gather and why each piece matters.

Account Information

When you create an account, we ask for basic details:

• Your name and email address (so we can identify you and send important updates)
• A password you create (we encrypt this immediately and never store it in readable form)
• Phone number if you choose to provide it (optional, used for account recovery)
• Time zone and currency preferences (helps us display information correctly)

Financial Data

This is the core of what we do. To analyze spending trends, we need to see your transactions:

• Transaction amounts, dates, and merchant names
• Account balances and spending categories
• Budget goals and limits you set
• Historical spending patterns from connected accounts

We never see your full banking credentials. When you connect a bank account, we use secure third-party services that handle authentication separately.

Usage Information

Like most websites, we track how people use our service:

• Pages you visit and features you use most often
• Device type, browser, and operating system
• IP address and general location (city level, not precise coordinates)
• Time spent on different sections of the platform

This helps us spot bugs, improve popular features, and understand which tools actually help people.

How We Use Your Information

We're not here to sell your data or bombard you with ads. Every piece of information serves a specific purpose in delivering the service you signed up for.

Who Can Access Your Data

We keep your information locked down tight, but running a financial service requires working with some trusted partners.

Service Providers

These companies help us operate but only get access to what they absolutely need:

• Cloud hosting providers who store encrypted data on secure servers
• Banking API services that connect your accounts (they handle authentication separately)
• Email delivery services that send notifications and reports
• Payment processors if you're on a paid plan

All service providers sign contracts requiring them to protect your data and use it only for the specific tasks we've hired them for.

Legal Requirements

Under Taiwanese law, we may need to disclose information if:

1. We receive a valid court order or subpoena
2. We're required to respond to government agencies conducting legitimate investigations
3. We need to protect the rights, property, or safety of Reflectiversn, our users, or the public
4. We detect fraudulent activity or violations of our terms of service

We review every legal request carefully and push back on overly broad demands. When legally permitted, we'll notify you before disclosing your information.

Business Transfers

If Reflectiversn is acquired or merges with another company, your data would transfer to the new entity. We'd notify you beforehand and ensure the new owner commits to protecting your information according to this policy.

Your Privacy Rights

This is your data. Taiwan's Personal Data Protection Act gives you significant control over how we handle it.

How to Exercise These Rights

Send requests to support@reflectiversn.com with "Privacy Rights Request" in the subject line. We'll verify your identity (to prevent someone else from accessing your data) and respond within 30 days.

If you're not satisfied with our response, you have the right to file a complaint with Taiwan's National Development Council, which oversees data protection enforcement.

How We Protect Your Information

Financial data is a prime target for criminals. We've built multiple layers of protection to keep your information secure.

Technical Safeguards

• Encryption everywhere: All data is encrypted both in transit (using TLS 1.3) and at rest (using AES-256). Even if someone intercepts data, they can't read it.
• Secure infrastructure: We host on servers with advanced physical security, firewalls, and intrusion detection systems.
• Access controls: Employees can only access data they need for their specific role. Every access is logged and monitored.
• Regular testing: We conduct security audits and penetration testing to find vulnerabilities before attackers do.
• Automatic logout: Sessions expire after periods of inactivity to prevent unauthorized access if you step away from your device.

Organizational Measures

• All employees sign confidentiality agreements and receive data protection training
• We maintain an incident response plan for potential security breaches
• Background checks are conducted on staff with access to sensitive systems
• We review and update security practices as new threats emerge

What Happens If There's a Breach

Despite our best efforts, no system is 100% impenetrable. If we discover a security incident that affects your data, we'll notify you within 72 hours via email. The notification will explain what happened, what information was involved, and what steps we're taking to address it.

We'll also report the incident to Taiwan's relevant authorities as required by law.

Data Retention and Deletion

We don't keep your information forever. Different types of data have different retention periods based on usefulness and legal requirements.

Active Accounts

While your account is active, we maintain all your financial data, analysis history, and settings. This lets you track long-term trends and review historical spending patterns.

Inactive Accounts

If you haven't logged in for 24 months, we'll send reminders before eventually closing your account. After closure, we delete most data within 90 days. Some information may be retained longer for specific reasons:

• Transaction records required for tax compliance (retained for 7 years per Taiwanese law)
• Information related to disputes or legal matters (kept until resolved)
• Aggregated, anonymized usage statistics (no longer tied to your identity)

When You Delete Your Account

If you actively delete your account, here's what happens:

1. Your profile and personal information are immediately marked for deletion
2. You lose access to all analysis reports and historical data
3. We disconnect all linked bank accounts and stop syncing transactions
4. Within 30 days, we complete deletion of most data from active systems
5. Backup systems are purged within 90 days
6. Only legally required records remain beyond that point

Deletion is permanent. We can't restore accounts or data once this process completes.

Cookies and Tracking

Our website uses cookies and similar technologies. Here's what that actually means for you.

Essential Cookies

These are necessary for the site to function. They remember that you're logged in as you navigate between pages, maintain security settings, and preserve preferences during your session. You can't disable these without breaking the service.

Analytics Cookies

We use these to understand how people use Reflectiversn. They track which features are popular, where people get stuck, and what device types access the site. This information is aggregated and anonymized – we're looking at patterns, not individuals.

You can disable analytics cookies in your browser settings if you prefer not to be tracked this way.

Third-Party Cookies

We don't use advertising cookies or social media tracking pixels. The only third-party cookies come from service providers essential to running the platform (like our hosting infrastructure).

Managing Cookies

Most browsers let you control cookies through settings. You can block all cookies, delete existing ones, or get notified before new ones are set. Just be aware that blocking essential cookies will prevent you from logging in or using key features.

International Data Transfers

Reflectiversn operates primarily in Taiwan, and that's where we store your data. However, some of our service providers have infrastructure in other countries.

When data leaves Taiwan, we ensure it receives equivalent protection through:

• Contractual clauses requiring service providers to maintain Taiwanese data protection standards
• Encryption during transfer and storage regardless of location
• Regular audits of international partners' security practices
• Careful selection of countries with adequate data protection frameworks

If you have concerns about where your data is stored or processed, contact us for more detailed information about our current infrastructure setup.

Children's Privacy

Reflectiversn is designed for adults managing their finances. We don't knowingly collect information from anyone under 18 years old.

If we discover that someone under 18 has created an account, we'll delete it immediately. If you're a parent and believe your child has provided us with personal information, contact us right away at support@reflectiversn.com.

Changes to This Policy

Privacy practices evolve as technology changes and regulations update. When we modify this policy, we'll notify you in several ways:

• Email notification to your registered address at least 30 days before changes take effect
• Prominent banner on the website highlighting the update
• Updated "effective date" at the top of this document

If changes significantly affect your rights or how we handle your data, we'll ask for your explicit consent before applying them to existing users.

You can always review previous versions by contacting our support team. We maintain an archive of all policy iterations.