隱私權政策

Kith&Kin（以下簡稱「本應用程式」或「本服務」）由禾軒有限公司（以下簡稱「我們」）開發與營運。我們重視您的隱私，並致力於保護您及您於本服務中建立、提供或管理之相關個人資料。本隱私權政策說明我們如何蒐集、處理、利用、儲存、保護及刪除您的資訊，以及您得行使之相關權利。依台灣《個人資料保護法》，非公務機關蒐集個人資料應有特定目的，並於蒐集時明確告知法定事項。

1. 我們蒐集的資訊

在您使用本應用程式時，我們可能蒐集下列資訊：

1. 帳號資訊：例如電子郵件地址、顯示名稱、登入方式（Email、Google、Apple）及與帳號驗證、安全登入相關之必要資訊。
2. 家族與朋友資料：例如您建立之家族樹、朋友圈或成員資料，包括姓名、暱稱、性別、生日、關係、個人簡介及其他由您主動提供之資訊。
3. 未成年人資料：若您於本服務中建立嬰幼兒、兒童或其他未成年人之資料，我們可能蒐集您所提供之姓名、暱稱、出生日期、家庭關係、照片、影片及生活紀錄等資訊。
4. 頭像與上傳內容：例如成員頭像、相片及其他您主動上傳之內容。
5. 聊天與互動內容：例如群組聊天、私人訊息、公告、投票、活動、家族動態及互動紀錄。
6. 裝置與服務使用資訊：例如裝置推播 Token、應用程式版本、登入紀錄、錯誤紀錄及與資訊安全、服務維運有關之技術資料。
7. 相機存取：僅於您使用 QR Code 掃描功能時存取相機；除該功能所需外，我們不會因該功能而持續儲存或傳輸相機影像。

我們僅在提供本服務功能、履行契約關係、取得您同意、或其他適用法令允許之範圍內蒐集個人資料，且不逾越特定目的之必要範圍。

2. 資訊的使用方式

我們蒐集並使用您的資訊，主要用於下列目的：

1. 提供家族樹、朋友圈、成員管理、內容瀏覽與互動等服務功能。
2. 實現即時聊天、私人訊息、公告、活動、投票及通知功能。
3. 發送推播通知，例如新訊息、互動提醒、系統通知及服務更新。
4. 進行帳號驗證、安全管理、登入保護、異常偵測及防止濫用。
5. 透過 QR Code 或其他邀請機制，協助您邀請家人或朋友加入。
6. 提供跨裝置同步、資料備份、問題排除、客服支援及服務維運。
7. 依法律規定、主管機關要求或為主張、行使或防禦法律權利所必要之處理。

您的個人資料之利用期間，原則上為達成前述蒐集目的所必要之期間、您使用本服務期間、契約關係存續期間，或法律另有保存要求之期間。利用地區包括您使用本服務之地區，以及提供本服務、資料備援、雲端處理或技術支援所必要之地區。利用對象包括本公司、受我們委託處理資料之服務供應商，以及依您設定而得見相關內容之受邀成員。利用方式包括自動化與非自動化之蒐集、處理、儲存、讀取、傳輸、分析與刪除。

3. 資訊的儲存與保護

我們採取合理且適當之技術與組織措施保護您的資料，包括但不限於：

1. 於傳輸過程使用 HTTPS 或其他適當加密措施。
2. 密碼以單向雜湊方式儲存，例如 BCrypt，我們無法直接讀取您的原始密碼。
3. 使用身分驗證與授權機制（例如 Token）管理登入狀態與服務存取。
4. 於必要範圍內在您的裝置上進行快取，以支援服務功能或改善使用體驗。
5. 限制員工及受託服務商僅在業務需要範圍內接觸個人資料。
6. 端對端加密（E2EE）：一對一私訊及家族樹群組聊天訊息使用 AES-256-GCM 進行端對端加密；解密金鑰僅存於您已登入的裝置上，並透過 ECDH 於裝置之間安全交換。我們的伺服器僅儲存密文，無法讀取訊息內容、語音或已加密附件的明文。

我們會在達成蒐集目的所合理必要之期間內保存資料；當保存期間屆滿、蒐集目的消失、您依法請求刪除，或我們判斷已無保留必要時，將依適用法令及內部程序刪除、匿名化、停止處理或停止利用該等資料。但法律另有規定、為履行法定義務或處理爭議所必要者，不在此限。

若發生個人資料遭竊取、洩漏、竄改、毀損或其他侵害之情事，我們將依適用法令採取必要應變與通知措施。

4. 第三方服務

本應用程式可能使用下列第三方服務，以協助提供登入、推播或其他技術功能：

• Google Sign-In：用於 Google 帳號登入驗證
• Apple Sign-In：用於 Apple 帳號登入驗證
• Firebase Cloud Messaging（FCM）：用於推播通知
• Apple Push Notification Service（APNs）：用於推播通知

前述第三方可能依其服務設計處理必要的技術資料，例如登入識別資訊、裝置識別資訊、推播 Token 或服務傳輸紀錄。我們將盡合理努力要求第三方於受託處理或提供服務範圍內採取適當安全措施，但其實際資料處理仍可能受其各自條款與隱私政策規範。若您使用這些功能，即表示您理解相關資料可能因此傳輸至相應服務供應商。

5. 資訊的分享

我們不會出售您的個人資料給第三方。除下列情況外，我們不會將您的個人資料揭露予第三人：

1. 依您在本服務中的設定，將家族、朋友圈或互動內容分享給您邀請或授權之成員。
2. 為提供本服務功能所必要，而揭露予受我們委託處理資料之技術服務供應商。
3. 依法律規定、司法機關或主管機關之合法要求。
4. 為保護您、其他使用者、本公司或第三人之權利、財產或安全所必要。
5. 在公司重整、併購、資產讓與或其他組織調整情境下，於必要範圍內移轉，但仍受本政策或等同保護標準拘束。

對於未成年人資料，我們不會預設對不特定人公開，也不會在未取得適用法令要求之同意前，將兒童個人資料揭露予第三方作為定向廣告、受眾建模或其他非提供本服務所必要之用途。

6. 您的權利

依台灣《個人資料保護法》，您就您的個人資料得行使下列權利：

1. 查詢或請求閱覽。
2. 請求製給複製本。
3. 請求補充或更正。
4. 請求停止蒐集、處理或利用。
5. 請求刪除。

此外，依本服務設計，您可能也可：

• 查看、修改或刪除帳號資訊。
• 匯出您建立之家族樹或相關資料。
• 刪除您建立的家族樹、朋友圈或上傳內容。
• 登出並停止使用本服務。
• 聯繫我們要求刪除您的資料或關閉帳號。

若您是未成年人之父母、法定代理人或其他依法有權之人，就該未成年人資料，亦得依適用法令及本服務流程請求查詢、閱覽、更正、停止利用或刪除。我們得要求您提供足以證明身分、代理權限或授權關係之資料，以保障未成年人與帳戶安全。

7. 未成年人與兒童隱私

本服務原則上由具完全行為能力之使用者註冊及使用。本服務不以 13 歲以下兒童自行註冊或自行提供資料為主要設計對象；但考量本服務之性質，使用者可能基於家庭管理、族譜建立、生活紀錄或受邀分享之目的，建立或提供嬰幼兒、兒童或其他未成年人之資料。於此情況下，提供資料者應確認其為該未成年人之父母、法定代理人，或已依法取得適當授權，有權提供該資料並設定其使用與分享範圍。

我們對未成年人資料採取資料最小化原則，僅蒐集提供本服務功能所必要之資訊。除有明確必要性與合法依據外，我們不建議提供身分證字號、精確住址、健康或醫療資料、即時定位、政府核發識別資料、生物辨識資料或其他高度敏感資訊。

若本服務適用美國《兒童線上隱私保護規則》（COPPA），亦即本服務屬於面向 13 歲以下兒童之線上服務，或我們實際知悉正在蒐集 13 歲以下兒童之個人資料時，我們將採取額外措施，包括：向家長提供直接通知、在蒐集、使用或揭露兒童個人資料前取得可驗證之家長同意、提供家長檢視與刪除其子女資料之機制、允許家長拒絕進一步蒐集或使用、並僅於達成蒐集目的所合理必要之期間內保留兒童資料。

若我們發現有人未依前述規則而不當提供兒童資料，或發現資料蒐集、使用或揭露不符合本政策或適用法令，我們得限制處理、要求補充驗證、刪除相關資料或採取其他必要措施。

為保護包括未成年人在內的所有使用者，本應用程式內建以下安全機制：

• 封閉式社交環境：所有社交功能（聊天、動態、私訊）僅限受邀的生活圈成員使用，無公開探索或陌生人接觸管道。
• 檢舉機制：使用者可針對不當內容（騷擾、垃圾訊息、不適當內容等）進行檢舉，由我們的團隊審查處理。
• 封鎖功能：使用者可封鎖特定成員（限單一生活圈）或封鎖帳號（全域生效），防止不當互動。
• 欄位級隱私控制：使用者可針對每個個人資訊欄位（如生日、電話、Email、地址等）獨立設定可見範圍，包括僅自己可見、限特定親等或所有成員可見。
• 無廣告與無資料販售：本服務不投放廣告、不進行行為分析、不販售使用者資料。
• 帳號刪除：使用者可隨時在 App 內永久刪除帳號及所有關聯資料。

8. 隱私權政策的變更

我們可能因法令變更、主管機關要求、服務內容調整、風險控管或營運需要，不定期更新本隱私權政策。更新後版本將發布於本應用程式內、官方網站或其他適當位置。若更新內容依法須另行取得您的同意，我們將依適用法令另行通知並辦理。

Kith&Kin (hereinafter referred to as "the App" or "the Service") is developed and operated by Hershan Co., Ltd. (hereinafter referred to as "we" or "us"). We value your privacy and are committed to protecting the personal data you create, provide, or manage within the Service. This Privacy Policy explains how we collect, process, use, store, protect, and delete your information, as well as the rights you may exercise. In accordance with Taiwan's Personal Data Protection Act, non-governmental agencies collecting personal data must have a specific purpose and clearly inform data subjects of the legally required matters at the time of collection.

1. Information We Collect

When you use the App, we may collect the following information:

1. Account Information: Such as email address, display name, login method (Email, Google, Apple), and information necessary for account verification and secure login.
2. Family & Friend Data: Such as the family trees, friend circles, or member profiles you create, including names, nicknames, gender, birthdays, relationships, personal bios, and other information you voluntarily provide.
3. Minor Data: If you create profiles for infants, children, or other minors within the Service, we may collect information you provide such as names, nicknames, birth dates, family relationships, photos, videos, and life records.
4. Avatars & Uploaded Content: Such as member avatars, photos, and other content you voluntarily upload.
5. Chat & Interaction Content: Such as group chats, direct messages, announcements, polls, events, family feed posts, and interaction records.
6. Device & Usage Information: Such as device push tokens, app version, login records, error logs, and technical data related to information security and service maintenance.
7. Camera Access: The camera is accessed only when you use the QR code scanning feature; we do not continuously store or transmit camera images beyond what is required for that feature.

We only collect personal data within the scope necessary for providing the Service, fulfilling contractual obligations, obtaining your consent, or as otherwise permitted by applicable laws, and we do not exceed what is necessary for the specified purpose.

2. How We Use Your Information

We collect and use your information primarily for the following purposes:

1. Providing service features such as family trees, friend circles, member management, content browsing, and interaction.
2. Enabling real-time chat, direct messages, announcements, events, polls, and notifications.
3. Sending push notifications, such as new messages, interaction reminders, system notifications, and service updates.
4. Performing account verification, security management, login protection, anomaly detection, and abuse prevention.
5. Assisting you in inviting family or friends to join via QR codes or other invitation mechanisms.
6. Providing cross-device sync, data backup, troubleshooting, customer support, and service maintenance.
7. Processing required by law, regulatory authorities, or necessary for asserting, exercising, or defending legal rights.

The period of use of your personal data is, in principle, the period necessary to achieve the aforementioned collection purposes, the period during which you use the Service, the period of the contractual relationship, or any period required by law for retention. The regions of use include the regions where you use the Service, as well as regions necessary for providing the Service, data backup, cloud processing, or technical support. The parties who may use the data include our company, service providers entrusted by us to process data, and invited members who can view relevant content based on your settings. Methods of use include automated and non-automated collection, processing, storage, retrieval, transmission, analysis, and deletion.

3. Data Storage & Protection

We take reasonable and appropriate technical and organizational measures to protect your data, including but not limited to:

1. Using HTTPS or other appropriate encryption during transmission.
2. Storing passwords using one-way hashing (e.g., BCrypt); we cannot directly read your original password.
3. Using authentication and authorization mechanisms (e.g., tokens) to manage login status and service access.
4. Caching data on your device to the extent necessary to support service functionality or improve user experience.
5. Restricting employee and service provider access to personal data to only what is needed for business purposes.
6. End-to-End Encryption (E2EE): Direct messages and family-tree group chat messages are end-to-end encrypted with AES-256-GCM. Decryption keys are kept only on your signed-in devices and exchanged between devices via ECDH. Our servers store only ciphertext and cannot read the plaintext of message content, voice, or encrypted attachments.

We retain data for a period reasonably necessary to achieve the collection purpose. When the retention period expires, the collection purpose ceases to exist, you request deletion in accordance with the law, or we determine retention is no longer necessary, we will delete, anonymize, cease processing, or cease using such data in accordance with applicable laws and internal procedures. However, this does not apply where laws require otherwise, where retention is necessary to fulfill legal obligations, or where retention is necessary to handle disputes.

In the event of personal data being stolen, leaked, altered, damaged, or otherwise compromised, we will take necessary response and notification measures in accordance with applicable laws.

4. Third-Party Services

The App may use the following third-party services to assist with login, push notifications, or other technical features:

• Google Sign-In: For Google account login verification
• Apple Sign-In: For Apple account login verification
• Firebase Cloud Messaging (FCM): For push notifications
• Apple Push Notification Service (APNs): For push notifications

The aforementioned third parties may process necessary technical data as part of their service design, such as login identification, device identification, push tokens, or service transmission records. We will make reasonable efforts to require third parties to adopt appropriate security measures within the scope of entrusted processing or service provision, but their actual data processing may still be governed by their respective terms and privacy policies. By using these features, you acknowledge that related data may be transmitted to the corresponding service providers.

5. Information Sharing

We will not sell your personal data to third parties. We will not disclose your personal data to third parties except in the following circumstances:

1. Sharing family, friend circle, or interaction content with members you have invited or authorized based on your settings in the Service.
2. Disclosing to technical service providers entrusted by us to process data, to the extent necessary for providing the Service's features.
3. As required by law, judicial authorities, or lawful requests from competent authorities.
4. Where necessary to protect the rights, property, or safety of you, other users, our company, or third parties.
5. In the context of corporate restructuring, mergers, asset transfers, or other organizational changes, to the extent necessary, subject to this Policy or equivalent protection standards.

For minor data, we do not disclose it to the general public by default, nor do we disclose children's personal data to third parties for targeted advertising, audience modeling, or other purposes not necessary for providing the Service without obtaining consent as required by applicable laws.

6. Your Rights

Under Taiwan's Personal Data Protection Act, you may exercise the following rights regarding your personal data:

1. Inquire or request access.
2. Request copies.
3. Request supplementation or correction.
4. Request cessation of collection, processing, or use.
5. Request deletion.

Additionally, based on the Service's design, you may also:

• View, modify, or delete account information.
• Export the family trees or related data you created.
• Delete family trees, friend circles, or uploaded content you created.
• Log out and stop using the Service.
• Contact us to request deletion of your data or account closure.

If you are a parent, legal guardian, or other person legally authorized regarding a minor's data, you may also request inquiry, access, correction, cessation of use, or deletion in accordance with applicable laws and the Service's processes. We may require you to provide information sufficient to verify your identity, agency authority, or authorization relationship to protect the safety of minors and accounts.

7. Children's Privacy

The Service is in principle registered and used by users with full legal capacity. The Service is not primarily designed for children under 13 to independently register or provide data; however, given the nature of the Service, users may create or provide data for infants, children, or other minors for purposes such as family management, genealogy building, life records, or invited sharing. In such cases, the person providing data should confirm that they are the minor's parent, legal guardian, or have obtained appropriate legal authorization to provide the data and configure its use and sharing scope.

We apply data minimization principles to minor data, collecting only information necessary for providing the Service's features. Unless there is clear necessity and legal basis, we do not recommend providing national ID numbers, precise addresses, health or medical data, real-time location, government-issued identification, biometric data, or other highly sensitive information.

If the U.S. Children's Online Privacy Protection Rule (COPPA) applies to the Service -- that is, if the Service is an online service directed at children under 13, or we have actual knowledge that we are collecting personal data from children under 13 -- we will take additional measures, including: providing direct notice to parents, obtaining verifiable parental consent before collecting, using, or disclosing children's personal data, providing parents with mechanisms to review and delete their children's data, allowing parents to refuse further collection or use, and retaining children's data only for the period reasonably necessary to achieve the collection purpose.

If we discover that someone has improperly provided children's data without following the above rules, or that data collection, use, or disclosure does not comply with this Policy or applicable laws, we may restrict processing, require additional verification, delete the relevant data, or take other necessary measures.

To protect all users, including minors, the App includes the following built-in safety mechanisms:

• Closed Social Environment: All social features (chat, feed, direct messages) are limited to invited circle members only, with no public discovery or stranger contact channels.
• Reporting Mechanism: Users can report inappropriate content (harassment, spam, inappropriate content, etc.), which will be reviewed by our team.
• Blocking Feature: Users can block specific members (within a single circle) or block accounts (globally) to prevent inappropriate interactions.
• Field-Level Privacy Control: Users can independently set the visibility of each personal information field (such as birthday, phone, email, address), including visible only to self, limited to specific degrees of kinship, or visible to all members.
• No Ads & No Data Sales: The Service does not serve ads, does not perform behavioral analytics, and does not sell user data.
• Account Deletion: Users can permanently delete their account and all associated data at any time within the App.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time due to changes in laws, regulatory requirements, service adjustments, risk management, or operational needs. Updated versions will be published within the App, on the official website, or in other appropriate locations. If updated content requires additional consent from you under applicable laws, we will notify you and handle the matter in accordance with applicable laws.