繁體中文
APX.AI 安全傳送 — 隱私權原則
生效日期:2026 年 7 月 3 日 | 最後更新:2026 年 7 月
本隱私權原則適用於 APX.AI 安全傳送(Gmail Chrome
擴充功能),說明本服務如何蒐集、使用及保護您的個人資訊。本政策針對此擴充功能本身,而非公司整體網站。
1. 適用範圍
本隱私權原則適用於您透過 Gmail 使用
APX.AI 安全傳送
Chrome 擴充功能(以下簡稱「本服務」)時所發生的所有個人資料處理活動。
2. 蒐集的資料類型
本服務在提供加密附件傳送功能時,可能蒐集以下資料:
-
帳號資料:電子郵件地址、顯示名稱(於登入及身份驗證時取得);登入後核發的驗證權杖(bearer
token)僅用於建立私鑰時的單次身份驗證,於本機暫存 8
小時後自動失效;經伺服器加密的私鑰資料(vault)則保存於本機,效期 7 天,逾期須重新驗證
-
傳送內容:檔案名稱、大小、雜湊值及收件人資訊(檔案內容經 TLS
安全傳輸至本服務伺服器,加密由伺服器端執行)
-
郵件用戶端環境:僅限與 APX.AI 服務互動所需的必要資訊;不蒐集一般 Gmail
郵件內容或瀏覽記錄
本服務不蒐集遙測資料、使用分析、崩潰日誌或裝置識別資訊;錯誤訊息僅於您的瀏覽器本機顯示,不會傳輸至本服務或第三方。
3. 資料使用目的
- 提供加密傳送服務的核心功能(加密、解密、安全儲存)
- 身份驗證及帳號管理
- 安全措施,包含詐欺偵測與預防
- 遵守適用法規及解決爭議
4. 資料分享
我們不會將您的個人資料出售給第三方。資料僅在以下情況分享:
- 服務供應商:雲端主機等處理器,均簽有保密協議
- 法律要求:依法律規定或主管機關要求揭露時
5. 安全措施
- 附件內容經 TLS 安全傳輸後,由伺服器端完成加密
- 資料傳輸採用 TLS 加密
- 存取控制遵循最小權限原則
- 伺服器端僅儲存加密後的資料
-
驗證權杖(bearer token)僅本機短期暫存(8
小時),逾期自動失效;私鑰資料(vault)於伺服器端加密後保存於本機,效期 7 天
6. 使用者權利
依適用法規,您有權:
- 查閱、更正或刪除您的個人資料
- 要求資料可攜性
- 限制或反對特定資料處理
- 撤回已給予的同意
如需行使上述權利,請透過下方聯絡方式與我們聯繫。
7. 資料保留
我們僅在提供服務所需的期間內保留您的個人資料,或依法規要求保留。帳號刪除後,個人資料將於
90 天內完成刪除。
8. 兒童隱私
本服務不針對 13 歲以下兒童,我們不會有意蒐集兒童個人資料。
9. 隱私權原則更新
本政策如有重大變更,我們將透過服務內通知或電子郵件告知。繼續使用本服務即表示您接受更新後的條款。
10. 聯絡我們
如有任何隱私權相關問題,請聯繫:
English
APX.AI Secure Transmission — Privacy Policy
Effective Date: July 3, 2026 | Last Updated: July 2026
This Privacy Policy applies specifically to
APX.AI Secure Transmission (Gmail Chrome extension) and describes how this
extension collects, uses, and protects your personal information. This policy covers the
extension itself, not the company's general website.
1. Scope
This Privacy Policy applies to all personal data processing activities that occur when you
use the APX.AI Secure Transmission Chrome extension ("the Service")
within Gmail.
2. Data We Collect
The following data may be collected when providing the encrypted file transfer service:
-
Account Data: Email address and display name (collected during login
and authentication). Upon login, the bearer token issued by our backend is used solely
to authenticate the one-time private-key creation request and is cached locally for 8
hours before expiring automatically. The server-encrypted private key data (vault) is
stored locally for 7 days and requires re-verification after expiry.
-
Transmitted Content: File names, sizes, hash values, and recipient
information (file content is transmitted to our servers over TLS, and encryption is
performed server-side)
-
Mail Client Environment: Only data necessary for interaction with
APX.AI services; general Gmail contents and browsing history are never collected
The Service does not collect telemetry, usage analytics, crash logs, or
device-identifying information; error messages are shown only locally in your browser and
are never transmitted to the Service or any third party.
3. How We Use Data
-
Delivering core encrypted file transfer functionality (encryption, decryption, secure
storage)
- Authentication and account management
- Security measures including fraud detection and prevention
- Compliance with applicable laws and dispute resolution
4. Data Sharing
We do not sell your personal data. Data is shared only in the following circumstances:
-
Service Providers: Cloud hosting processors under confidentiality
agreements
-
Legal Requirements: When required by law or competent authorities
5. Security Measures
- File content is encrypted server-side after secure transmission over TLS
- Data in transit is protected by TLS encryption
- Access controls follow the principle of least privilege
- Only encrypted data is stored on our servers
-
The bearer token is cached locally for 8 hours only and expires automatically; the
server-encrypted private key data (vault) is stored locally for 7 days
6. Your Rights
Under applicable law, you have the right to:
- Access, correct, or delete your personal data
- Request data portability
- Restrict or object to specific data processing
- Withdraw previously given consent
To exercise these rights, please contact us using the information below.
7. Data Retention
We retain personal data only as long as necessary to provide the Service or as required by
law. Personal data will be deleted within 90 days of account deletion.
8. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal
data from children.
9. Policy Updates
We will notify users of material changes via in-app notifications or email. Continued use
of the Service constitutes acceptance of the updated policy.
10. Contact Us
For any privacy-related inquiries, please contact: