Privacy Policy
Effective date: July 16, 2026
This Privacy Policy (the “Policy”) is established by 就位科技 LLC (Jiuwei Tech LLC,美國 Wyoming 州, the “Company”) in respect of the “Jiuwei” appointment management service (the “Service”) that it operates, in accordance with the Personal Data Protection Act of the Republic of China (Taiwan) and related laws and regulations. It explains the categories, purposes and methods of the Company’s collection, processing and use of personal data, together with the rights that data subjects may exercise under the law. Data subjects should read this Policy carefully before using the Service; by using the Service, a data subject is deemed to have understood and agreed to the entirety of this Policy.
For ease of understanding, the following terms are used in this Policy: “Merchant” means a business or individual that opens an account under the Terms of Service and uses the Service to operate its business; “Customer” means a natural person who transacts with a Merchant and whose personal data is processed by the Service through that Merchant; and “user” or “data subject” means a natural person whose personal data is collected, processed or used by the Company, including both Merchants and Customers.
1. Data Controller and Contact Information
With respect to the collection, processing and use of personal data, the Company acts as the data controller. The operating entity of the Company is 就位科技 LLC (Jiuwei Tech LLC,美國 Wyoming 州). Should a data subject have any question, comment or request concerning this Policy or the protection of personal data, they may contact the Company by email:support@jiuwei.app
2. Categories of Personal Data Collected
Within the scope necessary to provide the Service, the Company collects the following categories of personal data:
- Account data: email address, password (stored in hashed form) and name.
- Business data: Merchant name, industry category, service items and staff data.
- Customer data: appointment records, transaction history, LINE user identifiers, and the contact information a Customer provides in a form.
- Social platform data (collected only after a Merchant actively connects its accounts): messages, comments, post content and engagement analytics from the Facebook Pages, Instagram business accounts and Threads that the Merchant is authorized to manage; and the public account name or identifier of a user who interacts with the Merchant (used so that the Company may reply to that comment or message on the Merchant’s behalf).
- Google account data (collected only after a Merchant actively connects Google Calendar): the busy / free time-slot information of the Merchant’s Google Calendar.
- Technical data: IP address, browser type and access logs.
- Payment data: processed by third-party payment service providers within their own environments; the Company does not store full credit card numbers.
3. Purposes of Collection and Methods of Use
The Company collects, processes and uses a data subject’s personal data for the following specified purposes and within the scope necessary for those purposes:
- To provide online appointment management and customer relationship management (CRM) services.
- To provide the AI customer-service feature; every message undergoes personal data (PII) masking and crisis detection before it is processed by the AI.
- To reply to comments and messages, publish content and compile social performance reports on the Merchant’s social platform accounts on its behalf, as authorized by the Merchant.
- To read the busy time slots of an external calendar in order to exclude occupied times from the available appointment slots and prevent double-booking.
- To process payments and issue receipts.
- To send service notifications and marketing messages, where the data subject has consented.
- To maintain the information security of the Service and prevent abuse and fraud.
- To fulfill legal obligations.
The period, region, recipients and methods of the Company’s use of a data subject’s personal data are limited to what is necessary to achieve the specified purposes above. A data subject may object to any use beyond the specified purposes (such as marketing) in the manner set out in Section 8 of this Policy.
4. Disclosure Concerning the Use of Google User Data (Google API Limited Use)
When a Merchant chooses to connect Google Calendar, the Company accesses the following scope and data through the Google API:
- Scope:
https://www.googleapis.com/auth/calendar.events. - Data accessed: the busy / free time slots of the Merchant’s Google Calendar.
- Method of use: solely to exclude occupied times from the Merchant’s available appointment slots (a one-way read of busy times, not a two-way write synchronization), so that Customers do not book times the Merchant has already committed.
- Method of storage: used only transiently for the comparison described above; the Company does not create a long-term copy of the content of the Merchant’s Google Calendar events.
The Company will not sell data obtained through the Google API, use it to serve advertising (including retargeting, personalized or interest-based advertising), use it for creditworthiness or lending purposes, use it to build a commercial database, or use it to develop, improve or train any generalized artificial intelligence or machine learning model; nor will it provide such data to any third party unrelated to the Service.
Jiuwei’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
A Merchant may disconnect Google Calendar at any time within the Service’s back-office, or remove the Company’s access on the Google account permissions page.
5. Disclosure Concerning the Use of Meta (Facebook / Instagram / Threads) Platform Data
When a Merchant chooses to connect its Facebook Page, Instagram business account or Threads account, the Company accesses the following data through the Meta platform APIs, within the scope of the permissions granted by the Merchant, in order to provide social customer service and operational features:
- Messages and comments: reading and, on the Merchant’s behalf, replying to the messages and comments received by its Page or account (including the social inbox, comment-to-DM automation and story replies).
- Content publishing: publishing posts, stories and Reels in accordance with the Merchant’s instructions.
- Engagement analytics: reading reach, engagement and other performance metrics of posts and accounts, used to produce social performance reports.
- Basic account information: the name and identifier of the Facebook Page or Instagram business account, used to identify and display the connected account.
The foregoing data is used to provide the above features solely within the scope of the Merchant’s own account. The Company will not sell such data, use it for cross-platform advertising, or use it to train generalized artificial intelligence models. A Merchant may disconnect its social accounts at any time within the back-office; users may also remove the authorization in the “Apps and Websites” settings of Facebook or Instagram. For an item-by-item explanation of each Meta permission, please see the Company’s Integrations & Permissions page. For the complete data-deletion procedure, please refer to the Company’s Data Deletion Instructions.
6. LINE Platform Data
The Service uses LINE as its primary service channel. When a Customer interacts through a Merchant’s LINE Official Account, or books online via LINE (LIFF), the Company processes their LINE user identifier, display name and conversation messages for identity verification, appointments and customer service. Every message undergoes personal data (PII) masking and crisis detection before it reaches the AI customer-service feature.
7. Retention Period of Personal Data
The Company retains personal data for the period necessary to achieve the purpose of collection, or the retention period prescribed by law or agreed by contract; upon expiration, the data is deleted, its processing or use is discontinued, or it is anonymized. The specific retention periods are as follows:
- Account data: deleted within 30 days after the account is deleted.
- Transaction, invoice and accounting records: retained for 5 years in accordance with tax law and related regulations, and processed in a de-identified manner during the retention period.
- AI conversation records: automatically deleted or anonymized after 90 days.
8. International Transfer of Personal Data
The Company’s operating entity is a limited liability company in the State of Wyoming, USA, and the servers or operating locations of certain data processors used by the Service (such as cloud storage, payment and AI model routing providers) may be located outside the Republic of China (Taiwan). Accordingly, a data subject’s personal data may be transferred to a region outside the Republic of China (Taiwan) in the course of its collection, processing and use. In respect of such international transfers, the Company will adopt appropriate safeguards consistent with the Personal Data Protection Act, and will require its data processors to protect personal data in accordance with the Company’s instructions and to a standard no lower than that of this Policy.
9. Rights of Data Subjects
With respect to a data subject’s personal data held by the Company, the data subject may exercise the following rights in accordance with Article 3 of the Personal Data Protection Act and related laws and regulations:
- To inquire about or request to review the data.
- To request a copy of the data.
- To request supplementation or correction.
- To request that collection, processing or use be discontinued.
- To request deletion.
A data subject may exercise the foregoing rights through “Account Settings” in the Service back-office, or by email to support@jiuwei.app. When a data subject exercises a right, the Company may verify their identity as permitted by law; where a request to discontinue processing or use, or to delete, renders the Company unable to continue providing all or part of the Service, the Company may terminate the relevant services. For the complete deletion procedure, please refer to the Data Deletion Instructions.
10. Data Security Measures
The Company adopts reasonable technical and organizational measures to protect a data subject’s personal data, including but not limited to:
- All connections are encrypted in transit using TLS 1.2 or higher.
- Sensitive fields (such as LINE Channel Secrets, payment keys and social access tokens) are stored encrypted with AES-256.
- Personal data undergoes PII masking before it is processed by the AI.
- Multi-tenant data isolation is applied, and the administrative interface is subject to an IP allowlist restriction.
- Regular security audits are performed.
11. Third-Party Services (Data Processors)
Within the scope necessary to provide the Service, the Company engages the following third-party services to process personal data; each such service is subject to its own privacy policy, and the Company requires them to provide services in accordance with the Company’s instructions:
- LINE — instant messaging and login services.
- Meta Platforms — Facebook / Instagram / Threads social integration.
- Google — reading calendar busy time slots.
- Stripe, ECPay and LINE Pay — payment processing.
- OpenRouter — AI model routing.
- Amazon Web Services (S3) — file storage.
12. Protection of Minors
The Service is designed for business operators and is not directed at minors. The Company does not knowingly collect the personal data of persons below the legal age of capacity. Should the Company become aware of any such situation, it will delete the relevant data within a reasonable period.
13. Cookies
For an explanation of the Service’s use of cookies and related technologies, please refer to the Cookie Policy.
14. Amendments to this Policy
The Company may amend this Policy in response to changes in law or adjustments to the Service. In the event of a material amendment, the Company will provide notice by appropriate means 30 days before the amendment takes effect. A data subject who continues to use the Service after such notice is deemed to have agreed to the amended Policy.
15. Contacting the Company
For matters concerning this Policy or the protection of personal data, please contact:support@jiuwei.app