Privacy Policy

When you use Niiice Turbo (the "Service"), we collect the following types of data to provide the Service:

• Account data: name, email, avatar obtained via Google OAuth.
• WordPress site data: site URL, application username, and Application Password (stored encrypted). Required to read and write JetEngine Options on your site.
• AI generation records: generation requests, brand form submissions, outputs, and before/after history.
• Backup and snapshot data: WordPress content backups, page snapshots, restore logs.
• Uploaded files: Logos, hero images and other brand assets (stored on Supabase Storage).
• Technical data: IP address, browser type, device info, API call logs (for debugging, performance, and security).
• Payment data: processed by TapPay (PCI DSS Level 1 compliant). We do not directly store full card numbers.
• AI Omnichannel Customer Service data (when the module is subscribed): conversation messages, usernames, platform identifiers, and interaction logs between your end users and the AI customer service, from the LINE, Facebook, Instagram, WhatsApp, Telegram accounts and the WordPress chatbox you have authorized and connected. Such data is processed and stored on our behalf by an affiliated company’s backend service in order to perform the AI customer service function.

We use your data solely for the following purposes:

• Provide AI copy generation, WordPress content read/write, and SEO / GEO / AISEO analysis.
• Authentication and access control.
• Manage subscriptions and process payments.
• Store and manage your WordPress backups and snapshot history.
• Analyze usage to improve AI output quality and system performance.
• Send service notifications (billing, maintenance, feature updates).
• Provide AI automated replies and omnichannel message integration for the AI Omnichannel Customer Service.
• Comply with legal obligations.

Under the Personal Data Protection Act of the Republic of China (Taiwan) and other applicable data protection laws, we rely on the following bases to process your data:

• Contract performance: processing necessary data (account data, WordPress site data, AI records) to deliver the Service.
• Legitimate interests: processing technical data to maintain security, improve service quality, and prevent abuse.
• Legal obligations: retaining accounting data to comply with tax laws and other legal requirements.
• Consent: sending marketing or non-essential notifications only when you explicitly consent (you may withdraw at any time).

To deliver the Service, your data may be transmitted to the following trusted partners:

We never sell your data to third parties for advertising. Each third-party service has its own privacy policy — we recommend reviewing them.

Your data is stored in Supabase cloud (PostgreSQL), protected with industry-standard encryption.

WordPress Application Passwords are stored encrypted and transmitted via TLS.

Uploaded brand assets (logos, hero images) are stored on Supabase Storage with access control.

We take commercially reasonable security measures (TLS encryption, access control, periodic security reviews) to protect your data.

• During account lifetime: we retain data necessary to operate the Service, including AI history, backup snapshots, and brand assets.
• After termination: when you cancel subscription or terminate your account, we delete all personal data and uploaded files within 30 days.
• Legal retention: invoices and accounting data are retained as required by tax law.
• WordPress site data: on account deletion, we remove all WordPress site connection info and backups stored in the Service. Your WordPress site itself is not affected.
• AI Omnichannel Customer Service conversation logs: processed and retained on our behalf by an affiliated company’s backend service, in accordance with that service’s retention policy. If your end users exercise their personal data rights, you (as the data controller) handle such requests and may request our assistance to relay and process them.

Under the Personal Data Protection Act of the Republic of China, you have the following rights:

• Right of access: view or request to review your personal data.
• Right to copy: request a copy of your personal data.
• Right to rectification: request correction or completion of your personal data.
• Right to restrict processing: request to stop collecting, processing, or using your personal data.
• Right to erasure: request deletion of your personal data.
• Data export: export your AI generation history and backups from the Dashboard at any time.

To exercise these rights, contact [email protected] — we will respond within 30 days.

The Service uses essential cookies to maintain login state (Supabase Auth session) and user preferences.

We do not use third-party advertising trackers.

You may disable cookies in your browser, but the Service may not work correctly.

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If we learn we have done so, we will delete it immediately.

We may update this policy from time to time. Material changes will be announced via email or in-product notice.

Continued use of the Service constitutes acceptance of the updated policy.

This appendix governs how the Company (Niiice Design Ltd., the "Service Provider") processes personal data on your behalf (the "Client"), and applies when you use features such as the AI Omnichannel Customer Service that process end-user data on your behalf.

Under applicable laws, with respect to end-user personal data, the Client acts as the "Data Controller" and the Service Provider acts as the "Data Processor"; the affiliated company’s backend service and necessary third-party platforms engaged by the Service Provider act as "Sub-processors".

• The Client guarantees that the source of all data provided to the Service (including imported lists, content of linked social / messaging accounts, and end-user conversations) is lawful.
• The Client is solely responsible for ensuring that its collection and processing of end-user data using the Service complies with applicable laws (e.g., the Personal Data Protection Act, GDPR), and for fulfilling notification and consent obligations toward end users.
• When end users exercise rights such as access, rectification, or erasure, the Client handles such requests and may request the Service Provider’s assistance.

• We process data only according to the Client’s instructions (i.e., settings, operations, and automation logic within the system) and for no other purpose.
• We and the engaged affiliated backend service implement commercially reasonable security measures (e.g., TLS encryption, access controls) to protect data security.
• In the event of a data breach, we will notify the Client within a reasonable time so the Client can fulfill its notification obligations toward end users.
• We engage the affiliated backend service and necessary third-party platforms as sub-processors; such sub-processors are bound by equivalent data protection obligations.

The Client agrees that the Service and the AI Omnichannel Customer Service rely on third-party platforms such as LINE, Meta, WhatsApp, and Telegram. Data processing abnormalities caused by third-party API failures, policy changes, or denial of authorization do not constitute a breach by the Service Provider.

The Client agrees to indemnify and hold the Service Provider harmless from any third-party claims arising from illegal data provided by the Client or unauthorized collection activities.

For any questions regarding this policy, please contact us:

Email: [email protected]

Phone: +886 908 519 837

Address: No. 248, Sec. 1, Dihua St., Datong Dist., Taipei City, Taiwan

Niiice Design Ltd. (Tax ID: 83736436)