Last Updated: March 15, 2025 | Effective
Date: January 1, 2025
toolcloudsys operates in Taiwan and provides budget approval workflow
solutions to organizations. This privacy policy explains what data we
gather, why we need it, and what we do to keep it safe. We follow Taiwan's
Personal Data Protection Act and maintain transparent practices about
information handling.
If you're using our platform, this applies to you. Simple as that.
Information We Collect
Account and Business Information
When you create an account with toolcloudsys, we ask for basic details that
help us set up your workspace. This includes your name, work email address,
company name, and phone number. If you're setting up approval workflows, we
also collect information about your organization's structure and the users
you invite to your workspace.
Financial Data and Workflow Information
Our platform handles budget approval data. That means we process
information about budget requests, approval chains, spending categories,
and related financial workflows. We don't store actual bank account details
or payment card information on our servers—those go through certified
payment processors if you're using premium features.
|
Data Category
|
Examples
|
Purpose
|
|
User Credentials
|
Email, password, name
|
Account access and authentication
|
|
Workflow Data
|
Budget requests, approval status, comments
|
Core platform functionality
|
|
Usage Analytics
|
Login times, feature usage, click patterns
|
Service improvement and optimization
|
|
Device Information
|
Browser type, IP address, device ID
|
Security and technical support
|
Automatically Collected Technical Data
Like most web platforms, we automatically collect certain technical
information when you use toolcloudsys. This includes your IP address,
browser type, operating system, and how you interact with our platform. We
use this data to fix bugs, prevent security issues, and make the platform
work better.
How We Use Your Information
We're not in the business of selling your data. Everything we collect
serves a specific purpose related to running and improving toolcloudsys.
- Operating your budget approval workflows and maintaining your account
access
- Sending notifications about approval requests, system updates, and
account activity
- Analyzing usage patterns to fix problems and add features people
actually need
- Preventing fraud, unauthorized access, and other security threats
- Responding to your support requests and technical questions
- Meeting legal obligations under Taiwan regulations and financial
record-keeping laws
Marketing Communications: We occasionally send emails
about new features or product updates. You can opt out anytime using
the unsubscribe link in these emails. We'll still send essential
account-related messages though—those aren't optional.
Data Sharing and Third Parties
We work with a limited number of service providers to keep toolcloudsys
running. These companies only get access to the specific data they need to
do their job, and they're bound by strict confidentiality agreements.
Service Providers We Work With
Cloud hosting providers store your data on secure servers. Email service
providers help us send notifications and password resets. Analytics tools
give us insights into how people use the platform—but we configure these
tools to anonymize personal information wherever possible.
If your organization uses single sign-on or integrates toolcloudsys with
other business software, we'll share limited data with those systems based
on your configuration. You control these integrations through your admin
settings.
Legal Requirements
We'll disclose information if required by Taiwan law, court orders, or
regulatory authorities. This might happen during legal proceedings, tax
audits, or investigations by government agencies. We review each request
carefully and only share what's legally required.
No Data Selling: We don't sell, rent, or trade your
personal information to third parties for their marketing purposes.
That's not our business model and never will be.
Your Rights and Control
Under Taiwan's Personal Data Protection Act, you have specific rights
regarding your personal information. Here's what you can do and how to do
it.
Access Your Data
Request a copy of all personal information we hold about you. We'll
provide this in a readable format within 15 business days.
Correct Information
Update inaccurate or incomplete data through your account settings
or by contacting our support team directly.
Delete Your Account
Request complete account deletion. We'll remove your data within 30
days, subject to legal retention requirements.
Data Portability
Export your workflow data in common formats like CSV or JSON for
use with other systems.
Restrict Processing
Limit how we use your information in certain situations while
maintaining essential account functions.
Object to Processing
Challenge specific uses of your data, particularly for analytics or
optional features you don't want.
How to Exercise Your Rights
Email us at [email protected] with your request. Include your account
email and specify what you'd like us to do. We'll verify your identity and
respond within 15 business days. For complex requests, we might need up to
30 days—we'll let you know if that's the case.
There's no fee for most requests, but we reserve the right to charge for
excessive or clearly unfounded demands.
Data Security and Protection
Protecting your financial workflow data is fundamental to what we do. We
use industry-standard security measures, but let's be honest—no system is
completely invulnerable. Here's what we implement to minimize risks.
Technical Security Measures
All data transmission uses TLS encryption. Passwords are hashed using
bcrypt with individual salts. We maintain separate database environments
for production and testing. Regular security audits happen quarterly, with
immediate patches for critical vulnerabilities.
Access to production systems requires multi-factor authentication. Our
engineering team follows the principle of least privilege—people only
access what they need for their specific role. We log all administrative
actions for audit purposes.
Organizational Security
Employees with data access sign confidentiality agreements and complete
security training annually. We conduct background checks on personnel
handling sensitive systems. Departing employees lose system access
immediately upon termination.
Data Breach Protocol: If we detect unauthorized access
to your data, we'll notify you within 72 hours via email and through
in-app notifications. We'll explain what happened, what data was
affected, and what steps we're taking to prevent recurrence.
Data Retention and Deletion
We keep your data only as long as necessary for the purposes outlined in
this policy or as required by Taiwan regulations.
Active Account Data
While your account remains active, we retain all workflow data and user
information. You control this data through your account settings and can
delete specific records anytime. Deleted items move to a recovery folder
for 30 days before permanent removal.
Account Closure
When you close your account, we initiate a 30-day grace period during which
you can reverse the decision. After that, we permanently delete your
personal information and workflow data. Some information might persist in
backup systems for up to 90 days due to our backup rotation schedule.
Legal Retention Requirements
Taiwan tax and business regulations require us to retain certain financial
records for seven years. If your workflow data falls under these
requirements, we'll keep the minimum necessary information in secure,
isolated storage even after account closure. This data won't be used for
any other purpose.
- Transaction logs and approval records: 7 years per Taiwan tax law
- User account information: Deleted 30 days after account closure
- Marketing communication data: Deleted immediately upon unsubscribe
- Support correspondence: Retained for 3 years for quality purposes
- Security logs: Retained for 2 years for incident investigation
International Data Transfers
toolcloudsys primarily operates within Taiwan, but some of our service
providers maintain servers in other countries. When we transfer data
internationally, we ensure adequate protection through approved mechanisms.
Our primary cloud infrastructure resides in Taiwan data centers. However,
backup systems and certain analytics services may process data in Japan and
Singapore. These locations were chosen for their strong data protection
laws and geographic proximity.
We don't transfer data to jurisdictions with inadequate privacy
protections. All international processors sign data processing agreements
that meet Taiwan's standards for cross-border data transfers.
Cookies and Tracking Technologies
toolcloudsys uses cookies and similar technologies to maintain your login
session and remember your preferences. We're transparent about what we
track and why.
Essential Cookies
These are necessary for the platform to function. They remember your login
status, language preferences, and security tokens. You can't disable these
without breaking core functionality, but they don't track you across other
websites.
Analytics Cookies
We use analytics tools to understand how people use toolcloudsys. This
helps us identify confusing workflows and prioritize feature improvements.
These cookies are configured to anonymize IP addresses and don't identify
you personally. You can opt out through your account privacy settings.
Managing Cookie Preferences
Your browser settings control cookie acceptance. Blocking all cookies will
prevent you from logging in or using toolcloudsys properly. Most browsers
allow you to block third-party cookies while keeping functional ones—that's
usually a good middle ground.
Children's Privacy
toolcloudsys is a business platform not intended for children under 16. We
don't knowingly collect information from children. If we discover that
someone under 16 has created an account, we'll delete it immediately.
If you're a parent or guardian and believe your child has provided us with
personal information, contact us at [email protected] so we can remove
it.
Changes to This Policy
We update this privacy policy occasionally to reflect new features, legal
requirements, or operational changes. When we make significant changes,
we'll notify you via email and display a prominent notice when you log in.
Minor clarifications or formatting changes won't trigger notifications, but
we'll always update the "Last Updated" date at the top of this page. We
recommend checking back periodically if you're curious about our practices.
Continuing to use toolcloudsys after policy updates means you accept the
changes. If you disagree with modifications, you can close your account
before they take effect.
Taiwan-Specific Provisions
As a Taiwan-based company, we comply with the Personal Data Protection Act
and related regulations enforced by the National Development Council.
You have the right to file complaints with Taiwan authorities if you
believe we've mishandled your personal information. The Ministry of Justice
Investigation Bureau handles privacy-related complaints. We cooperate fully
with regulatory investigations and respond to official inquiries promptly.
For government agencies and public sector organizations using toolcloudsys,
additional data handling provisions may apply based on sector-specific
regulations. Contact us for information about specialized compliance
requirements.
