Runly AI · 合創股份有限公司
隱私權政策 · Privacy Policy
1. 前言 · Introduction
Runly AI(「我們」、「本服務」)由在台灣註冊之 合創股份有限公司(Hé-Chuàng Co., Ltd.)營運,提供食品廠使用之食品安全品管自動化軟體。本政策說明我們收集哪些資料、如何使用,以及您對資料的權利。適用範圍:所有本服務的使用者,包含由僱主(食品廠)開通帳號之員工、以及以 Google OAuth 連結 Google Drive 的管理員。
Runly AI ("we", "our", "the service") is operated by 合創股份有限公司 (Hé-Chuàng Co., Ltd.), a Taiwan-registered company providing food safety quality control (QC) automation software to food manufacturers. This policy explains what data we collect, how we use it, and your rights over it.
2. 收集的資料 · What data we collect
2.1 帳號資料 / Account data
Email、姓名、食品廠內職務(主管 / 品管主任 / 操作員)、帳號建立時間、上次登入時間。來源:由食品廠管理員於員工開通時提供。
2.2 Google OAuth data (for administrators who connect Drive)
Collected:
- Your Google account email (identifies which account authorized the connection)
- A long-lived
refresh_token(stored encrypted at rest in Supabase Vault; used to mint short-lived access tokens for reading sheets) - The Google file IDs of Sheets you explicitly selected via Google Picker
NOT collected:
- Your Google password
- The contents of your broader Google Drive (we only have access to the specific files you Picker-selected)
- Your Google account profile picture, friends, or any other Google services data
2.3 同步 Sheet 資料 / Synced Sheet data
Once you Picker-select QC sheets, our backend syncs the contents of those specific Sheets (by default, once per hour) using the drive.file scope via the Google Sheets API spreadsheets.values.get endpoint. We read cell values in the A1:Z range of each selected Sheet.
We transform these values into structured records and store them in our own PostgreSQL database (Supabase Cloud, region ap-southeast-1). The stored fields include: form code (e.g. F-001 for raw material receiving log), record date + time, structured field values (temperature, supplier name, lot number), metadata (sheet file ID, row number, sync timestamp).
We do NOT store: Sheet comments, revision history, formula source (only evaluated cell values), protected range metadata, named ranges.
2.4 Usage logs
Pages visited on the admin portal, OAuth connection events, manual sync triggers, report generation events. Technical logs for debugging and abuse detection. Retention: 90 days.
2.5 我們不做的事 / What we DON'T collect
- We do not use Google Analytics, Facebook Pixel, or any third-party web analytics
- We do not sell data to advertisers or data brokers
- We do not collect device fingerprints beyond standard HTTP access logs (IP, user agent, timestamp)
- We do not track you across other websites
3. 如何使用資料 · How we use the data
| Purpose | Data used | Legal basis |
|---|---|---|
| Detect missing HACCP records (缺漏偵測) | §2.3 Synced Sheet data | Legitimate interest (food safety compliance) + contract performance |
| Generate compliance audit reports (稽核報表) | §2.3 | Contract performance |
| Flag anomalous values (異常偵測) | §2.3 | Legitimate interest |
| Authenticate + access control | §2.1, §2.2 | Contract performance |
| Debug and improve the service | §2.4 Usage logs | Legitimate interest |
| Comply with Taiwan food safety law (5-year retention) | §2.3 | Legal obligation (食品安全管制系統準則 Article 11) |
我們明確不做的事 · What we explicitly DON'T do:
- ❌ 不用您的 Google OAuth token 讀取您明確選取的 Sheet 以外的任何檔案
- ❌ 不將客戶 Sheet 內容分享給其他食品廠客戶
- ❌ 不用 AI 訓練 — 客戶 Sheet 資料不拿來訓練我們的模型
- ❌ 不將 Sheet 內容匯出給任何第三方,除非法院命令
4. 資料分享 · Data sharing
| Recipient | Data shared | Purpose | Under contract? |
|---|---|---|---|
| Supabase Cloud (AWS ap-southeast-1) | All data in §2.1-2.4 | Primary hosting | Yes — DPA signed |
| Cloudflare Pages | Page access logs only | Static asset serving + frontend hosting | Yes — Cloudflare Terms |
| Google Cloud (OAuth + Sheets API) | refresh_token exchange + scoped Sheet reads | Enable the integration | Google API Terms |
| Sentry (error monitoring) | Stack traces + anonymized user id on crashes, never PII or Sheet content | Debugging | Yes — DPA signed |
We do NOT share with: advertisers, data brokers, other food factories (strict tenant isolation via PostgreSQL Row Level Security), any party outside those listed above unless required by law.
5. 保留期限 · Data retention
| Data type | Retention | Reason |
|---|---|---|
| Synced Sheet records (HACCP) | 5 years after record date | Taiwan 食品安全管制系統準則 Article 11 |
| Account data | Duration of service + 1 year | Dispute resolution window |
| OAuth refresh_token | Until customer disconnects or service ends | Required for ongoing sync |
| Usage logs | 90 days | Debug / abuse detection |
| Backup snapshots | 30 days | Disaster recovery |
| Cancelled customer's data | Exported + deleted within 30 days (HACCP retained 5yr per law) | Legal + contract obligation |
6. 您的權利 · Your rights
Under Taiwan's 個人資料保護法 and GDPR (where applicable):
- Access / 查閱 — request a copy of your data
- Rectify / 更正 — correct inaccurate data
- Erase / 刪除 — request deletion (subject to legal retention above)
- Portability / 可攜性 — export in machine-readable format (CSV / JSON)
- Object / 反對 — object to specific processing
- Withdraw consent / 撤回同意 — disconnect Google OAuth any time via
/admin/integrations/google-drive→ "Disconnect". Immediately:- Revokes our access via Google's revocation endpoint
- Destroys the
refresh_tokenfrom our Vault - Halts future syncs
To exercise rights, contact: ted622ip@gmail.com. Response SLA: 30 days.
7. 安全性 · Security
- All data in transit: TLS 1.2+ (Cloudflare + Supabase enforced)
- All data at rest: AES-256 (Supabase default)
- OAuth
refresh_token: additionally encrypted in Supabase Vault (pgsodium-backed), keyed separately from database-level encryption - Access to production data: strict service_role + JWT + Row Level Security; no human has SSH to the database
- Incident response: any suspected breach notified to affected tenants within 72 hours per GDPR Article 33 (applied globally)
8. 未成年人 · Minors
Runly AI is a business-to-business service. We do not knowingly collect data from anyone under 18. If a food factory staff member is under 18, the food factory (as employer and account administrator) is responsible for ensuring parental consent under local law.
9. 跨境傳輸 · International transfers
Data is stored in AWS ap-southeast-1 (Singapore) region via Supabase. For customers in Taiwan this is a transfer outside Taiwan. We rely on Supabase's Standard Contractual Clauses and Taiwan PDPA Article 21 (cross-border transfer permitted where receiving jurisdiction has equivalent protection — Singapore's PDPA qualifies).
10. 政策變更 · Changes
Material changes: email all active customers at least 30 days before effective date + require acceptance on next login. Non-material clarifications (typos, reformatting) may be made without notice.
11. 聯絡 · Contact
- Operator: 合創股份有限公司 (Hé-Chuàng Co., Ltd.)
- Primary contact / CEO: Ted — ted622ip@gmail.com
- Website: https://app.runly-ai.com/
12. Google OAuth / Limited Use disclosure
This section satisfies the Google OAuth verification requirement that third-party apps disclose how they use Google user data.
Runly AI's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request the minimum scope:
drive.fileONLY (non-sensitive, Picker-bound per-file access). The Google Sheets APIspreadsheets.values.getendpoint supportsdrive.fileas an authorization scope, so this single scope is sufficient to read cell content of customer-selected Sheets. We do NOT request the broaderspreadsheets.readonlyor any Drive scope. - We do not use Google user data for serving advertisements
- We do not transfer Google user data to others unless necessary to provide or improve user-facing features, comply with law, or in the course of a merger / acquisition (with customer notice)
-
We do not allow humans to read Google user data except:
- With the user's explicit consent (e.g. customer support debugging a specific user's sync issue)
- For security purposes (investigating a suspected breach)
- To comply with law
- For operational data that is aggregated and anonymized
Customers can disconnect at any time via the in-app "Disconnect" button (see §6).