← Back to Home

Privacy Policy

Last updated: March 2026

繁體中文版

Welcome to Biwowen (hereinafter referred to as "the Service" or "we"). This Privacy Policy explains how we collect, process, and protect your personal data. By using the Service, you acknowledge that you have read and agreed to this Policy.

1. Data We Collect

We collect the following types of data:

  • Account Information: Email address, username, and profile picture (obtained via Google / GitHub OAuth)
  • Social Media Account Information: Basic profile data from linked social accounts, including usernames and account IDs (covering Meta, TikTok, and other platforms)
  • Access Tokens: Authorization tokens used to operate social media platforms on your behalf, stored with AES-256-GCM encryption — we cannot read the raw content
  • Post Content and Media: Text, images, and videos you create through the Service (temporarily stored on Cloudflare R2 cloud storage)
  • Payment Information: Subscription plan type, payment timestamp, and transaction reference numbers (processed by ECPay; we do not store complete credit card information)
  • Technical Data: IP address, browser type, access timestamps, and operation logs (used for security monitoring and troubleshooting)

2. Legal Basis for Processing

  • Contract Performance: Necessary to provide the service you subscribed to (account information, access tokens, post content)
  • Your Consent: When linking social accounts, you explicitly consent through the OAuth authorization flow
  • Legitimate Interests: Maintaining system security, preventing fraud, and improving service quality (technical data)
  • Legal Obligation: Retaining necessary transaction records as required by applicable law (payment information)

3. How We Use Your Data

  • Providing social media content management, scheduling, and publishing services
  • Publishing content to authorized platforms (Instagram, Threads, TikTok, etc.) on your behalf
  • Processing subscription payments and managing plan permissions
  • Maintaining account security and preventing unauthorized access
  • Sending service-related notifications (e.g., token expiration alerts, publish failure notices)
  • Improving service quality and user experience

4. Data Sharing and Third Parties

We do not sell or rent your personal data to third parties. We only share necessary information with the following parties:

  • Meta (Facebook / Instagram / Threads): To publish content on your behalf under your authorization, in compliance with Meta's Data Use Policy
  • TikTok: To publish content on your behalf under your authorization, in compliance with TikTok's Developer Terms of Service
  • Cloudflare R2: For temporary storage of media files you upload; data is stored on Cloudflare's global infrastructure
  • ECPay: For processing subscription payments in compliance with their privacy policy; we only receive transaction results and do not hold your complete payment information
  • Legal Requirements: When required by law or in response to lawful requests from competent authorities

5. International Data Transfers

Some third-party service providers we use (including Meta, TikTok, and Cloudflare) may process your data outside of Taiwan. We have confirmed that these service providers have appropriate data protection measures in place, consistent with the privacy standards applicable to this Service.

6. Data Security

We implement the following measures to protect your data:

  • Access tokens stored with AES-256-GCM encryption
  • All data transmissions encrypted via HTTPS / TLS
  • Regular review of access permissions and security configurations
  • Operation logs maintained to support security incident investigation

7. Data Retention

  • Account data and post records: Retained for the duration of the active account; deleted within 30 days of account deletion
  • Media files: Retained according to your settings; deleted upon account deletion
  • Payment records: Retained for 5 years as required by applicable accounting regulations
  • Access logs: Automatically deleted after 90 days

8. Cookies

The Service uses only session cookies necessary to maintain your login state. We do not use tracking, advertising, or behavioral analytics third-party cookies.

9. Your Rights

You have the following rights regarding your personal data:

  • Right of Access: Request access to the personal data we hold about you
  • Right of Rectification: Request correction of inaccurate or incomplete data
  • Right of Erasure: Request deletion of your account and personal data
  • Right to Restrict Processing: Request that we stop collecting, processing, or using your personal data
  • Right to Withdraw Consent: Revoke social account authorization at any time in your account settings

To exercise any of the above rights, please contact us at [email protected]. We will respond within 15 business days.

10. Contact Us

For any privacy-related questions, data deletion requests, or other inquiries, please contact us at:
[email protected]

11. Policy Updates

We reserve the right to update this Privacy Policy. For material changes, we will notify you at least 7 days in advance via email or in-service notification. Continued use of the Service constitutes acceptance of the updated Policy.

Privacy PolicyTerms of Service繁體中文Home