隱私權政策
最後更新日期:2026年5月5日
本隱私權政策說明 Quocia AI Private Limited(以「Quocia」、「我們」或「我們的」之名義營業)在您使用我們的網站 www.quocia.com、我們的應用程式 app.quocia.com 以及任何相關產品和服務(統稱「服務」(Services))時,如何收集、使用、分享和保護個人資訊。
本政策是我們服務條款的一部分並併入其中。關於我們對 Cookie 及類似技術的使用,已在我們的 Cookie 政策中另行說明。
如果您有任何問題,或希望行使本政策下的任何權利,請透過 privacy@quocia.com 聯絡我們。
1. 摘要一覽
- 我們是誰
- Quocia AI Private Limited,註冊於新加坡。我們為個人和企業提供人工智慧輔助的社群媒體管理平台。
- 我們收集什麼
- 帳戶詳細資訊(電子郵件、姓名、密碼)、您提供給我們的品牌和內容資訊、由我們的付款供應商處理的付款中繼資料,以及標準日誌和裝置資訊。
- 我們不收集什麼
- 敏感個人資訊(如健康、生物辨識或精確的政府身分證資料)。我們不會向資料經紀商 (data brokers) 購買個人資訊。
- 我們如何使用它
- 為了提供及改善「服務」、交付您所要求的人工智慧生成輸出、與您通訊、向您收取付費方案費用、保持平台安全,以及遵守法律。
- 我們與誰分享
- 根據我們的指示行事的少數經過審核之服務供應商:主機託管和資料庫 (Google Cloud / Firebase)、付款 (Stripe)、不使用客戶資料進行訓練之付費 API 層級的人工智慧模型供應商 (Google、OpenAI、Anthropic),以及用於電子郵件發送、社群媒體發文和聯盟追蹤的供應商。我們絕不出售您的個人資訊。
- 人工智慧訓練
- 我們未授權我們的人工智慧供應商使用您的內容來訓練其通用模型。我們不會將您的內容出售或授權給任何第三方用於人工智慧訓練。
- 您的權利
- 根據您的居住地,您可能有權存取、更正、刪除、轉移、或限制我們使用您的個人資訊,以及反對某些處理活動。請發送電子郵件至 privacy@quocia.com。
當您建立帳戶、設定品牌工作區、使用我們的功能、聯絡我們或訂閱付費方案時,您會直接向我們提供資訊。這可能包括:
- 帳戶資訊:姓名、電子郵件地址、密碼(以單向雜湊形式儲存)、個人資料相片、語言及聯絡偏好;
- 品牌及專案資訊:品牌名稱、產業、受眾、語氣和風格偏好、目標地點與語言、網站和社群帳戶參考、自訂指令、提示詞 (prompts),以及您上傳的資產(文字、影像、影片、音訊、標誌);
- 內容:社群媒體貼文、部落格草稿、留言、排程,以及您使用「服務」建立或匯入的其他內容;
- 通訊:您透過支援管道、聯絡表單或問卷傳送給我們的訊息;
- 帳單資訊:帳單名稱、帳單地址、國家/地區、所需之稅務編號 (Tax ID),以及您的信用卡末幾碼和到期日。完整的信用卡詳細資訊由我們的付款供應商收集並儲存,而非由我們收集。
當您造訪網站或使用應用程式時,我們與我們的服務供應商會收集有關您的裝置及「服務」使用情況的技術資訊,包括:
- 日誌資料:IP 位址、源自 IP 的大約位置、瀏覽器類型和版本、作業系統、裝置識別碼、參照和離開頁面、時間戳記,以及您在「服務」中採取的動作;
- Cookie 及類似技術:詳情請參閱我們的 Cookie 政策。
如果您使用第三方身分提供者(如 Google、Apple 或 Facebook)登入,我們會收到該提供者發布給我們的基本個人資料資訊 — 通常是您的姓名、電子郵件和個人資料相片。如果您將社群平台連接到品牌工作區(如 Facebook、Instagram、LinkedIn 或 X),我們僅會收到該平台為提供所需功能(例如「發布貼文」或「讀取洞察報告」)而要求的存取權限。您與各第三方供應商的關係受該供應商自身的條款管轄。
我們不會要求,亦不會在知情的情況下處理敏感個人資訊,例如健康資料、生物辨識碼、政府身分證字號或詳細的財務帳號(除了上述有限的信用卡中繼資料之外)。
3. 我們如何使用您的資訊
我們基於以下目的處理個人資訊:
- 提供服務:建立及驗證您的帳戶、交付人工智慧生成輸出、將您的內容排程並發布到「已連結平台」(Connected Platforms)、管理品牌工作區和團隊協作;
- 處理付款:向您收取付費方案費用、管理訂閱和 Q-Credits 購買、防止詐欺;
- 與您通訊:回應支援請求、發送服務公告(如政策變更或停機通知),並在取得您的同意或法律允許的情況下發送行銷電子郵件;
- 改善服務:了解功能的使用方式、除錯、衡量效能,並開發新功能。在合理的情況下,我們會出於此等目的使用匯總或去識別化資料;
- 保持服務安全:偵測和防止詐欺、濫用、帳戶盜用以及違反我們服務條款的行為;
- 遵守法律:回應主管機關的合法要求、執行我們的條款,並保護我們、使用者及公眾的權利。
3.1 我們不使用您的內容訓練人工智慧
為產生您要求的輸出,我們會將相關輸入(例如您的簡報、提示詞和資產)傳送給擔任我們處理者 (processors) 的第三方人工智慧供應商。我們僅在他們付費的 API 層級上獨佔性地使用這些供應商,並遵循不允許他們使用您的輸入或我們的輸出來訓練其通用模型的條款。我們絕不會為訓練人工智慧模型之目的,將您的內容出售、授權或以其他方式轉移給任何第三方,且 Quocia 本身也不會使用您的內容訓練人工智慧模型。
4. 處理的法律基礎 (EEA / UK)
如果您位於歐洲經濟區 (EEA)、英國或瑞士,我們根據《一般資料保護規則》(GDPR) 或《英國一般資料保護規則》(UK GDPR) 依賴以下一或多個法律基礎:
- 履行合約 (Performance of a contract):為了向您提供「服務」所必須的處理;
- 合法利益 (Legitimate interests):為了保持「服務」安全、除錯、改善功能及發送與服務相關的通訊,且這些利益未被您的基本權利所凌駕;
- 同意 (Consent):用於行銷電子郵件、可選的 Cookie 以及我們徵求您同意的任何其他處理。您可以隨時撤回同意;
- 法定義務 (Legal obligation):法律要求我們保留或揭露資訊的情況;
- 重要利益 (Vital interests):在極少數情況下,為保護個人生命或安全而必須進行的處理。
5. 與第三方分享
5.1 服務供應商
我們會與經審核的服務供應商分享個人資訊,這些供應商根據我們的指示行事,並受合約約束被要求保護資料。我們與以下類別的供應商合作。隨著我們調整技術堆疊,此清單可能會隨時間而變更。
- 主機託管、資料庫、儲存空間及驗證
- Google Cloud / Firebase (Google LLC),我們的主要基礎設施供應商。
- 付款
- Stripe, Inc.,處理訂閱帳單及一次性購買。
- 人工智慧模型供應商
- Google(Gemini 及相關模型)、OpenAI 和 Anthropic。這些供應商代表我們在企業版/付費 API 層級上處理我們傳送給他們的輸入,該條款禁止使用您的輸入或我們的輸出來進行通用模型訓練。
- 社群媒體平台整合
- 專門的供應商,負責連接您授權的社群平台帳戶,並在您的指示下代表您發布內容。
- 電子郵件發送與驗證
- 用於發送交易和行銷電子郵件(如帳戶、帳單及支援電子郵件)的供應商,並用於在註冊前驗證電子郵件地址是否可送達。
- 聯盟和推薦追蹤
- 如果您是透過我們合作夥伴的推薦連結存取,我們將使用聯盟追蹤供應商來記錄該合作夥伴,以便我們為其發放佣金。
- 分析和營運工具
- (若啟用)協助我們了解並改善使用情況的網站及產品分析供應商。有關目前使用的工具,請參閱 Cookie 政策。
當您將社群媒體平台連接到品牌工作區時,即表示您指示我們代表您將您選擇的內容傳送到該平台。內容發布後,該「已連結平台」將根據其自身的隱私權政策處理內容。
5.3 法律與安全揭露
當我們真誠地相信揭露資訊對於以下情況是必要的,我們可能會分享資訊:(a) 遵守法律、法規、法院命令或有效的法律請求;(b) 保護 Quocia、我們的使用者或他人的權利、財產或安全;(c) 偵測、防止或解決詐欺、安全或技術問題;或 (d) 執行我們的協議。
5.4 業務轉移
如果 Quocia 涉及合併、收購、融資、重組或資產出售,個人資訊可能會轉移給繼受實體。如果個人資訊的所有權或使用情況發生實質影響其權利的任何變更,我們將通知受影響的使用者。
5.5 我們不出售個人資訊
我們不會為金錢報酬出售個人資訊,也不會為跨情境行為廣告 (cross-context behavioural advertising)「分享」個人資訊(依據美國州隱私權法的定義)。如果此情況發生變更,我們將更新本政策,並為您提供法律要求的選擇退出 (opt out) 權利。
6. Cookie 及類似技術
我們使用 Cookie 及類似技術來保持您的登入狀態、記住您的偏好(如您的語言)、保持「服務」的安全,並在您同意的情況下,衡量「服務」的使用方式。完整的 Cookie 清單、其目的及如何控制它們,均載於我們的 Cookie 政策中。
7. 社群登入
如果您使用第三方身分提供者登入,我們會收到該提供者選擇發布的基本個人資料資訊(通常是您的姓名、電子郵件和個人資料相片)。我們僅依據本政策中的說明使用此資訊。我們無法控制身分提供者端如何處理資料;請詳閱他們的隱私權政策,並在他們那裡調整您的設定。
8. 國際資料傳輸
Quocia 總部位於新加坡。「服務」採用由 Google Cloud / Firebase 和 Amazon Web Services 提供的雲端基礎設施營運,主要處理地點位於美國及這些供應商營運的其他地區。我們的一些服務供應商和人工智慧處理者亦位於美國或其他國家。
在我們跨境傳輸個人資訊時,我們仰賴適用法律要求的適當保護措施。對於來自歐洲經濟區 (EEA)、英國或瑞士的傳輸,我們依賴我們與處理者簽訂之歐盟執委會的《標準合約條款》 (Standard Contractual Clauses)(以及適用時的《英國附加條款》 (UK Addendum))。我們可依要求提供這些保護措施的副本。
9. 資料保留
我們僅在達成本政策中所述目的需要或法律要求的期限內保留個人資訊:
- 帳戶資訊在您的帳戶有效期間及關閉後的合理期間內保留;
- 品牌及內容資料在相關品牌工作區存在期間保留,並於工作區刪除後的合理期間內(取決於我們的備份週期)被刪除(或去識別化);
- 帳單紀錄保留期間依我們管轄範圍的稅務和會計法律要求(通常最長 7 年);
- 日誌與安全紀錄根據我們的安全需求保留有限的期間。
當我們不再需要您的個人資訊時,我們會將其刪除或進行不可逆的去識別化處理;但若保存在例行備份中則不在此限,在這種情況下,資訊將與主動處理隔離,直到備份過期為止。
10. 我們如何保護您的資訊安全
我們結合組織和技術保護措施來保護個人資訊,包括加密傳輸 (HTTPS/TLS)、於雲端供應商處的靜態儲存加密、基於角色的存取控制、稽核日誌記錄,以及定期審查存取權限。付款資料由我們的付款供應商處理,絕不會將完整的資料儲存在我們的伺服器上。
沒有任何系統是完全安全的。儘管我們努力保護您的資訊,我們仍無法保證絕對的安全。請使用強度高的獨特密碼,在可能的情況下啟用雙重驗證,如果懷疑您的帳戶已被入侵,請透過 privacy@quocia.com 通知我們。
11. 兒童隱私
「服務」並非為未滿 18 歲之人設計,我們亦不會在知情情況下收集未滿 18 歲之人的個人資訊。如果您發現未滿 18 歲之人向我們提供了個人資訊,請透過 privacy@quocia.com 聯絡我們,我們將停用該帳戶,並採取合理步驟刪除該資訊。
12. 您的隱私權利
根據您所在的位置,您可能對您的個人資訊擁有特定權利,包括:
- 存取我們持有關於您的個人資訊;
- 更正不正確或不完整的資訊;
- 刪除您的個人資訊(「刪除權 (right to erasure)」);
- 限制或反對特定處理;
- 以可攜式格式接收您的資訊副本(「資料可攜性 (data portability)」);
- 在我們依賴同意的情況下,隨時撤回同意;
- 向您的資料保護主管機關提出申訴。
您可以從您的帳戶設定中自行行使大部分權利(查看您的資料、更新個人資料、變更密碼、刪除帳戶)。對於任何其他請求,請發送電子郵件至 privacy@quocia.com。我們將在適用法律規定的時間內回應,且在採取行動前可能需要驗證您的身分。
13. 歐洲經濟區 (EEA)、英國和瑞士
如果您位於歐洲經濟區 (EEA)、英國或瑞士,則《一般資料保護規則》(GDPR)、《英國一般資料保護規則》(UK GDPR) 或《瑞士聯邦資料保護法》(Swiss Federal Act on Data Protection) 將適用於您的資訊。針對與您的帳戶及「服務」使用相關所處理之個人資訊,Quocia 擔任資料控管者 (controller)。我們依賴的法律基礎列於第 4 節中。您可以向當地資料保護主管機關提出申訴;在瑞士,則為聯邦資料保護和資訊專員 (Federal Data Protection and Information Commissioner)。
14. 加州居民 (CCPA / CPRA)
如果您是加州居民,根據《加州消費者隱私法》(CCPA) 及《加州隱私權法》(CPRA) 的修訂,您擁有特定權利,包括了解我們收集哪些個人資訊及如何使用它的權利、刪除個人資訊的權利、更正不正確資訊的權利、選擇退出 (opt out) 出售或「分享」個人資訊的權利,以及不受歧視地行使您的權利的權利。
我們在過去 12 個月內收集的個人資訊類別在第 2 節中說明。我們不會為金錢報酬出售個人資訊,亦不會為跨情境行為廣告分享個人資訊。欲行使您的權利,請發送電子郵件至 privacy@quocia.com。您可以使用授權代理人;我們可能會要求該代理人驗證其權限。
15. 維吉尼亞州及其他美國州隱私權法
如果您是維吉尼亞州、科羅拉多州、康乃狄克州、猶他州或具有綜合隱私權法的其他美國州的居民,您可能擁有與上述類似的權利,包括確認處理、存取、更正、刪除、取得可攜式格式副本的權利,以及選擇退出 (opt out) 定向廣告 (targeted advertising)、出售個人資料、或產生法律或類似重大影響之剖析 (profiling) 的權利。我們目前不從事上述任何活動。欲行使您的權利,請發送電子郵件至 privacy@quocia.com。如果我們拒絕某項請求,您可以透過回覆我們的回應提出上訴;我們將在您所在州法律規定的時間內回應上訴。
16. 新加坡居民 (PDPA)
如果您位於新加坡,則《2012年個人資料保護法》(PDPA) 適用於我們對您個人資料的處理。您可以撤回對我們處理的同意,請求存取和更正我們持有關於您的個人資料,並透過 privacy@quocia.com 就任何疑慮與我們的資料保護長 (Data Protection Officer) 聯絡。您也可以向新加坡個人資料保護委員會 (Personal Data Protection Commission Singapore) 提出申訴。
17. 加拿大居民
如果您位於加拿大,聯邦《個人資訊保護及電子文件法》(PIPEDA) 及適用的省級法律將適用。您可以隨時撤回同意,但須受法律或合約限制並給予合理通知。欲行使您的權利,請聯絡 privacy@quocia.com。
18. 「請勿追蹤 (Do-Not-Track)」訊號
某些瀏覽器會傳送「請勿追蹤 (Do Not Track)」訊號。目前針對網站應如何回應尚未有業界共識。我們目前根據使用者在同意橫幅中設定的 Cookie 偏好一致地對待所有使用者;我們不會另行回應「請勿追蹤」訊號。
19. 本政策之變更
我們可能會不時更新本隱私權政策。目前版本可隨時於 www.quocia.com/privacy 查閱,並於頂部標示「最後更新」日期。重大變更將透過電子郵件或應用程式內的顯眼通知進行傳達。在變更生效後,您繼續使用「服務」即表示您接受修訂後的政策。
針對隱私權相關問題、請求或申訴,請聯絡我們的資料保護長 (Data Protection Officer):
Quocia AI Private Limited
收件人:資料保護長 (Data Protection Officer)
60 Paya Lebar Road, #07-54 Paya Lebar Square
Singapore 409051
電子郵件:privacy@quocia.com
Privacy Policy
Last updated: May 5, 2026
This Privacy Policy explains how Quocia AI Private Limited (doing business as "Quocia", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our website at www.quocia.com, our application at app.quocia.com, and any related products and services (together, the "Services").
This policy is part of, and incorporated into, our Terms of Service. Our use of cookies and similar technologies is described separately in our Cookies Policy.
If you have questions or wish to exercise any of your rights under this policy, contact us at privacy@quocia.com.
1. Summary at a glance
- Who we are
- Quocia AI Private Limited, registered in Singapore. We provide an AI-assisted social media management platform for individuals and businesses.
- What we collect
- Account details (email, name, password), the brand and content information you give us, payment metadata processed by our payment provider, and standard log and device information.
- What we don't collect
- Sensitive personal information (such as health, biometric, or precise government-ID data). We do not buy personal information from data brokers.
- How we use it
- To provide and improve the Services, to deliver AI-generated output you request, to communicate with you, to bill you for paid plans, to keep the platform secure, and to comply with the law.
- Who we share with
- A small list of vetted service providers acting on our instructions: hosting and database (Google Cloud / Firebase), payments (Stripe), AI model providers (Google, OpenAI, Anthropic) on paid API tiers that do not train on customer data, plus providers for email delivery, social media posting, and affiliate tracking. We do not sell your personal information.
- AI training
- We do not authorise our AI providers to use your content to train their general-purpose models. We do not sell or license your content to any third party for AI training.
- Your rights
- Depending on where you live, you may have rights to access, correct, delete, port, or restrict our use of your personal information, and to object to certain processing. Email privacy@quocia.com.
You give us information directly when you create an account, set up a brand workspace, use our features, contact us, or subscribe to a paid plan. This may include:
- Account information: name, email address, password (stored as a one-way hash), profile picture, language and contact preferences;
- Brand and project information: brand name, industry, audience, voice and style preferences, target locations and languages, website and social-account references, custom instructions, prompts, and assets you upload (text, images, video, audio, logos);
- Content: social media posts, blog drafts, comments, schedules, and other content you create or import using the Services;
- Communications: messages you send us through support channels, contact forms, or surveys;
- Billing information: billing name, billing address, country, tax ID where required, and the last digits and expiry of your card. Full card details are collected and stored by our payment provider, not by us.
When you visit the website or use the application, we and our service providers collect technical information about your device and use of the Services, including:
- Log data: IP address, approximate location derived from IP, browser type and version, operating system, device identifiers, referring and exit pages, timestamps, and the actions you take in the Services;
- Cookies and similar technologies: see our Cookies Policy for details.
If you sign in using a third-party identity provider (such as Google, Apple, or Facebook), we receive the basic profile information that provider releases to us — typically your name, email, and profile picture. If you connect a social platform to a brand workspace (such as Facebook, Instagram, LinkedIn, or X), we receive only the access permissions that platform requires for the requested feature (for example, "publish posts" or "read insights"). Your relationship with each third-party provider is governed by that provider's own terms.
We do not ask for, and we do not knowingly process, sensitive personal information such as health data, biometric identifiers, government identification numbers, or detailed financial account numbers (other than the limited card metadata described above).
3. How We Use Your Information
We process personal information for the following purposes:
- To provide the Services: create and authenticate your account, deliver AI-generated output, schedule and post your content to Connected Platforms, manage brand workspaces and team collaboration;
- To process payments: bill you for paid plans, manage subscriptions and Q-Credits purchases, prevent fraud;
- To communicate with you: respond to support requests, send service announcements (such as policy changes or outage notices), and, with your consent or where lawfully permitted, send marketing emails;
- To improve the Services: understand how features are used, debug, measure performance, and develop new features. Where reasonable, we use aggregated or de-identified data for these purposes;
- To keep the Services secure: detect and prevent fraud, abuse, account takeover, and violations of our Terms of Service;
- To comply with the law: respond to lawful requests from authorities, enforce our terms, and protect our rights and the rights of users and the public.
3.1 We do not train AI on your content
To generate the output you ask for, we send the relevant inputs (such as your brief, prompts, and assets) to third-party AI providers acting as our processors. We use these providers exclusively on their paid API tiers, under terms that do not allow them to use your inputs or our outputs to train their general-purpose models. We do not sell, license, or otherwise transfer your content to any third party for the purpose of training AI models, and Quocia itself does not train AI models on your content.
4. Legal Bases for Processing (EEA / UK)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases under the GDPR or UK GDPR:
- Performance of a contract: where processing is necessary to provide the Services to you;
- Legitimate interests: to keep the Services secure, to debug, to improve features, and to send service-related communications, where these interests are not overridden by your fundamental rights;
- Consent: for marketing emails, optional cookies, and any other processing for which we ask your consent. You can withdraw consent at any time;
- Legal obligation: where we are required by law to retain or disclose information;
- Vital interests: in rare cases where processing is necessary to protect the life or safety of a person.
5. Sharing With Third Parties
5.1 Service providers
We share personal information with vetted service providers that act on our instructions and that are bound by contracts requiring them to safeguard the data. We work with the following categories of providers. The list may change over time as we adjust our stack.
- Hosting, database, storage, and authentication
- Google Cloud / Firebase (Google LLC), our primary infrastructure provider.
- Payments
- Stripe, Inc., to process subscription billing and one-off purchases.
- AI model providers
- Google (Gemini and related models), OpenAI, and Anthropic. These providers process the inputs we send them on our behalf, on enterprise / paid API tiers under terms that prevent the use of your inputs or our outputs for general-purpose model training.
- Social media platform integrations
- A specialised provider that connects your authorised social platform accounts and publishes content on your behalf when you direct us to.
- Email delivery and validation
- Providers used to send transactional and marketing emails (such as account, billing, and support emails) and to verify, before signup, that an email address is deliverable.
- Affiliate and referral tracking
- If you arrived through a referral link from one of our partners, we use an affiliate-tracking provider to record the partner so we can credit them.
- Analytics and operational tooling
- Where active, web and product analytics providers that help us understand and improve usage. See the Cookies Policy for what is currently in use.
When you connect a social media platform to a brand workspace, you direct us to send the content you choose to that platform on your behalf. Once content is posted, the Connected Platform processes it under its own privacy policy.
5.3 Legal and safety disclosures
We may share information when we believe in good faith that disclosure is necessary to: (a) comply with a law, regulation, court order, or valid legal request; (b) protect the rights, property, or safety of Quocia, our users, or others; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our agreements.
5.4 Business transfers
If Quocia is involved in a merger, acquisition, financing, reorganisation, or sale of assets, personal information may be transferred to the successor entity. We will notify affected users of any change in ownership or use of personal information that materially affects their rights.
5.5 We do not sell personal information
We do not sell personal information for monetary consideration, and we do not "share" personal information for cross-context behavioural advertising as those terms are defined under U.S. state privacy laws. If this changes, we will update this policy and offer you the opt-out rights required by law.
6. Cookies and Similar Technologies
We use cookies and similar technologies to keep you signed in, remember your preferences (such as your language), keep the Services secure, and — where you consent — to measure how the Services are used. The full list of cookies, their purpose, and how to control them is in our Cookies Policy.
7. Social Logins
If you sign in with a third-party identity provider, we receive the basic profile information that provider chooses to release (typically your name, email, and profile picture). We use this only as described in this policy. We do not control how the identity provider processes data on its side; review their privacy policy and adjust your settings with them.
8. International Data Transfers
Quocia is based in Singapore. The Services are operated using cloud infrastructure provided by Google Cloud / Firebase and Amazon Web Services, with primary processing in the United States and other regions where those providers operate. Some of our service providers and AI processors are also based in the United States or other countries.
Where we transfer personal information across borders, we rely on appropriate safeguards as required by applicable law. For transfers from the EEA, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) with our processors. Copies of these safeguards are available on request.
9. Data Retention
We retain personal information only for as long as we need it for the purposes described in this policy or as required by law:
- Account information is retained while your account is active and for a reasonable period after closure;
- Brand and content data is retained while the relevant brand workspace exists and is deleted (or anonymised) within a reasonable period after deletion of the workspace, subject to our backup cycles;
- Billing records are retained for as long as required by tax and accounting law in our jurisdiction (typically up to 7 years);
- Logs and security records are retained for limited periods consistent with our security needs.
When we no longer need your personal information, we delete it or render it irreversibly de-identified, except where it is held in routine backups, in which case it is isolated from active processing until the backup expires.
10. How We Keep Your Information Safe
We use a combination of organisational and technical safeguards to protect personal information, including encrypted transport (HTTPS/TLS), encrypted storage at rest with our cloud providers, role-based access controls, audit logging, and regular review of access privileges. Payment data is handled by our payment provider and never stored on our servers in full.
No system is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. Please use a strong, unique password, enable two-factor authentication where available, and notify us at privacy@quocia.com if you suspect that your account has been compromised.
11. Children's Privacy
The Services are not intended for, and we do not knowingly collect personal information from, anyone under 18. If you become aware that a person under 18 has given us personal information, contact us at privacy@quocia.com and we will deactivate the account and take reasonable steps to delete the information.
12. Your Privacy Rights
Depending on your location, you may have rights regarding your personal information, including the right to:
- Access the personal information we hold about you;
- Correct inaccurate or incomplete information;
- Delete your personal information ("right to erasure");
- Restrict or object to certain processing;
- Receive a copy of your information in a portable format ("data portability");
- Withdraw consent at any time, where we rely on consent;
- Lodge a complaint with your data protection authority.
You can exercise most of these rights yourself from your account settings (review your data, update your profile, change your password, delete your account). For any other request, email privacy@quocia.com. We will respond within the time required by applicable law and may need to verify your identity before acting.
13. EEA, United Kingdom, and Switzerland
If you are in the EEA, the United Kingdom, or Switzerland, the General Data Protection Regulation, the UK GDPR, or the Swiss Federal Act on Data Protection apply to your information. Quocia acts as the controller of personal information processed in connection with your account and use of the Services. The legal bases on which we rely are set out in Section 4. You may lodge a complaint with your local data protection authority; in Switzerland, the Federal Data Protection and Information Commissioner.
14. California Residents (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know what personal information we collect and how we use it, the right to delete personal information, the right to correct inaccurate information, the right to opt out of the sale or "sharing" of personal information, and the right not to be discriminated against for exercising your rights.
The categories of personal information we have collected in the past 12 months are described in Section 2. We do not sell personal information for monetary consideration and do not share personal information for cross-context behavioural advertising. To exercise your rights, email privacy@quocia.com. You may use an authorised agent; we may ask the agent to verify their authority.
15. Virginia and Other U.S. State Privacy Laws
If you are a resident of Virginia, Colorado, Connecticut, Utah, or another U.S. state with a comprehensive privacy law, you may have rights similar to those described above, including the right to confirm processing, access, correct, delete, obtain a copy in a portable format, and opt out of targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects. We do not engage in any of those activities at this time. To exercise your rights, email privacy@quocia.com. If we decline a request, you may appeal by replying to our response; we will respond to appeals within the time required by your state's law.
16. Singapore Residents (PDPA)
If you are in Singapore, the Personal Data Protection Act 2012 (PDPA) applies to our handling of your personal data. You may withdraw your consent to our processing, request access to and correction of personal data we hold about you, and contact our Data Protection Officer at privacy@quocia.com with any concern. You may also lodge a complaint with the Personal Data Protection Commission Singapore.
17. Canadian Residents
If you are in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws apply. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To exercise your rights, contact privacy@quocia.com.
18. Do-Not-Track Signals
Some browsers transmit a "Do Not Track" signal. There is no industry consensus on how websites should respond. We currently treat all users consistently with the cookie preferences set in our consent banner; we do not separately respond to Do-Not-Track signals.
19. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available at www.quocia.com/privacy with the "Last updated" date at the top. Material changes will be communicated by email or by a prominent in-app notice. Your continued use of the Services after a change becomes effective indicates your acceptance of the revised policy.
For privacy questions, requests, or complaints, contact our Data Protection Officer at:
Quocia AI Private Limited
Attn: Data Protection Officer
60 Paya Lebar Road, #07-54 Paya Lebar Square
Singapore 409051
Email: privacy@quocia.com