Privacy Policy
Last Updated: January 15, 2025
At FlareBrightOn, we understand that automated compliance reporting means handling sensitive financial data. This privacy policy explains how we collect, use, and protect your information when you work with our compliance automation platform. We've written this in plain language because you deserve to know exactly what happens with your data.
Information We Collect
Running a compliance reporting system means we handle different types of information. Some you provide directly when setting up your account. Other data comes from how you use the platform.
Account and Contact Information
When you register for FlareBrightOn services, we collect basic business details:
- Company name and registration details
- Primary contact person's name and position
- Business email address and phone number
- Physical business address in Taiwan
- Tax identification numbers as required for compliance
Financial and Compliance Data
Our automated system processes financial records to generate compliance reports. This includes transaction records, accounting entries, regulatory filings, and audit trail information. We only access the specific data needed to produce accurate reports for Taiwan's regulatory requirements.
Technical Usage Information
Like most digital platforms, we collect information about how you interact with our system. This helps us improve performance and identify potential security issues. We track login times, feature usage, report generation patterns, and system access logs.
How We Use Your Information
Your data serves specific purposes related to compliance reporting and service delivery. We don't use it for unrelated marketing or sell it to third parties.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Generate compliance reports | Financial records, transaction data | Contract fulfillment |
| Maintain service security | Login credentials, access logs | Legitimate business interest |
| Send service notifications | Contact email, account status | Contract fulfillment |
| Improve platform features | Usage patterns, feature interactions | Legitimate business interest |
| Comply with regulations | All relevant business records | Legal obligation |
We process your financial data solely to create the compliance reports you need. Our automation runs scheduled analyses based on your settings, but human staff only access your records when troubleshooting technical issues or responding to your support requests.
Data Storage and Security
Financial compliance data requires serious protection. We store your information in encrypted databases hosted in Taiwan-based data centers that meet international security standards.
Security Measures We Implement
All data transmissions use TLS 1.3 encryption. Stored financial records are encrypted using AES-256 standards. We maintain separate database environments for production and testing, so your actual financial data never appears in development systems.
Access to client data is restricted to authorized personnel who need it for their specific job functions. Our staff undergo background checks and sign confidentiality agreements. We log all data access for audit purposes.
Our servers sit behind multiple security layers including firewalls, intrusion detection systems, and regular vulnerability scanning. We conduct quarterly security audits and update our protection measures as new threats emerge.
Data Sharing and Disclosure
We don't sell your data. Period. But compliance reporting sometimes requires sharing information with specific parties.
Required Regulatory Disclosure
Taiwan's financial regulations require businesses to submit certain reports to government agencies. When you use our platform to generate these reports, we may transmit them directly to the Financial Supervisory Commission or other relevant authorities as specified in your service agreement.
Service Providers
We work with a limited number of third-party services that help us operate the platform:
- Cloud hosting providers maintaining our server infrastructure
- Payment processors handling subscription billing
- Email service providers delivering system notifications
- Security monitoring services protecting against threats
These providers sign data processing agreements and can only use your information for their specific service function. They cannot access it for their own purposes.
Business Transitions
If FlareBrightOn merges with another company or gets acquired, your data would transfer to the new entity. We'd notify you at least 30 days before any such transition and explain how it affects your privacy rights.
Your Rights and Control
Taiwan's Personal Data Protection Act gives you specific rights regarding your information. We've built straightforward processes to exercise these rights.
Access Your Data
Request a complete copy of the personal and business information we hold about you. We provide this in machine-readable format within 15 business days.
Correct Inaccuracies
Update outdated contact details or fix errors in your business information directly through your account settings, or contact our support team for assistance.
Request Deletion
Ask us to delete your data after you close your account. Note that we must retain certain compliance records for seven years per Taiwan financial regulations.
Data Portability
Export your compliance reports and financial data in standard formats that you can transfer to another service provider.
Restrict Processing
Temporarily suspend automated report generation while disputing data accuracy or questioning how we use your information.
Withdraw Consent
Revoke permission for data processing activities that rely on your consent rather than legal obligation or contract requirements.
To exercise any of these rights, send a request to info@flarebrighton.com with your account details and specific request. We verify your identity before processing such requests to prevent unauthorized access.
Data Retention
We keep different types of information for varying periods based on legal requirements and business needs.
- Active Account Data: We maintain all your information while your subscription remains active and for 90 days after cancellation to facilitate potential reactivation.
- Financial Records: Taiwan's Business Accounting Act requires us to retain financial documents and compliance reports for seven years after the relevant fiscal year ends.
- Communication Records: Support tickets and email correspondence are kept for three years to maintain service continuity and resolve potential disputes.
- Security Logs: Access logs and security monitoring data are retained for two years to investigate potential breaches or unauthorized access attempts.
- Marketing Preferences: If you've opted out of communications, we keep that preference record indefinitely to respect your choice.
When retention periods expire, we securely delete the information through multi-pass overwriting that makes recovery impossible. Some data may persist in backup systems for up to 90 additional days before those backups rotate out of our retention cycle.
International Data Transfers
Your data stays primarily within Taiwan. Our primary servers and backup facilities are located in Taiwanese data centers that comply with local data protection standards.
Some of our security monitoring tools are provided by international companies, which may involve limited data transfers outside Taiwan. When this happens, we use standard contractual clauses approved by Taiwan's National Development Council to ensure your information receives equivalent protection.
If you're accessing our platform while traveling outside Taiwan, your connection to our servers involves international data transmission. We encrypt these connections to protect your information during transit.
Cookies and Tracking
Our platform uses minimal cookies focused on functionality rather than advertising tracking.
Essential Cookies
Session cookies keep you logged in as you navigate between platform features. These are necessary for the service to function and expire when you close your browser.
Authentication tokens verify your identity and maintain security. These persist for 30 days or until you log out, whichever comes first.
We use analytics cookies to understand how clients interact with different platform features. This helps us identify confusing interfaces or underused capabilities. These cookies collect anonymized usage patterns rather than personal information.
You can disable non-essential cookies through your account preferences. This won't affect core compliance reporting functions but may limit some convenience features.
Changes to This Policy
We update this privacy policy when we add new features or when regulations change. Significant changes get announced through email notification at least 30 days before taking effect.
Minor updates like clarifying existing language or fixing typos happen without notification. You can view the revision history by checking the "Last Updated" date at the top of this page.
If you disagree with material changes, you can close your account before they take effect. Continued use of the platform after the notice period constitutes acceptance of the updated terms.
Questions About Your Privacy
We're here to address concerns about how we handle your data. Reach out through any of these channels and we'll respond within two business days.