Privacy Policy

This Privacy Policy explains how ViralArc AI (the "Service") collects, processes, uses, stores, and protects users' personal data. By registering, logging in, linking third-party social accounts, purchasing plans, using AI features, downloading skills, or otherwise using any feature of the Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Chapter 1: Scope of Application

This Policy applies to all personal data processing activities involved when you use the Service, including but not limited to the Service's websites, applications, backend systems, APIs, third-party platform integrations, AI features, subscription and credit systems, and related customer support, notifications, and operational activities.

Chapter 2: Types of Data We Collect and How We Collect Them

1. Data You Voluntarily Provide

To provide account, social automation, and analytics functions, we may collect data that you actively provide, including but not limited to:

• Account and contact information: name, email address, login information, contact details, and any other information you provide when creating an account.
• Payment and plan information: subscription plans, credit purchase records, payment status, and information required for invoices or proof of payment.
• Customer support and communication records: problem descriptions, suggestions, feedback, and contact records that you provide when contacting the Service by email, forms, messages, or other methods.
• Settings and operational data: automation settings, reply content, keywords, topic-tracking conditions, account preferences, skill download settings, API key names, and related configuration data created by you within the Service.

2. Authorized Third-Party Platform Data

When you authorize the Service to connect to third-party platforms, including but not limited to Threads, Instagram, and Facebook, we may collect and process, within the scope of your authorization:

• basic account information and profile data;
• post content, comments, replies, interaction data, and conversation context;
• follower, following, reach, engagement, and insight data;
• access tokens, authorization status, and technical identifiers provided by the third-party platform; and
• operational data necessary to help you publish posts, sync data, or reply to comments.

3. Data Automatically Collected by the System

When you use the Service, the system may automatically record the following technical and usage data:

• IP address, device type, operating system, browser information, and language settings;
• login times, operation logs, error logs, request logs, and security event logs;
• cookies, session information, usage paths, page views, and feature usage behavior; and
• technical records necessary to maintain service security, performance, and abuse prevention.

Chapter 3: Purposes of Personal Data Use

The main purposes for which the Service collects and processes personal data are as follows:

1. Identity Verification and Account Management

• to create, verify, and manage user accounts;
• to maintain login security and prevent unauthorized access and abnormal logins; and
• to provide account settings, permission management, notifications, and account deletion functions.

2. Providing Social Platform Integration and Automation Services

• to help users connect and manage third-party social platform accounts;
• to sync posts, comments, replies, insight data, and other authorized information on behalf of users; and
• to provide posting, replying, keyword tracking, topic monitoring, automated interaction, and related operational functions.

3. Providing AI Generation and Analysis Features

• to generate reply suggestions, content drafts, analysis results, and other AI-assisted outputs;
• to provide results that better match user needs based on user settings, authorized data, and content context; and
• to improve the quality, safety, stability, and user experience of AI features.

4. Providing Billing, Subscription, and Credit Services

• to manage subscriptions, renewals, credit usage, payment records, and refund handling; and
• to provide payment receipts, transaction notifications, and related customer support.

5. Providing Skills, API Key, and Developer-Related Features

• to create and manage API keys;
• to generate, download, and personalize skill files; and
• to verify API key permissions, record API key usage, and maintain related security.

6. Security Maintenance, Abuse Prevention, and Service Optimization

• to detect abnormal behavior, abuse, unauthorized access, and security risks;
• to conduct debugging, performance monitoring, functional analysis, product improvement, and internal statistics; and
• to maintain service stability, data integrity, and system availability.

7. Legal Compliance and Protection of Rights

• to comply with investigations, orders, or legal procedures from courts, regulators, or other legally authorized authorities; and
• to handle disputes, assert or defend legal rights, and protect the lawful rights and interests of the Service, users, or third parties.

Chapter 4: Period, Region, Recipients, and Methods of Data Use

1. Period of Use

Personal data may be used from the time you begin using the Service until you stop using it, the Service is terminated, you lawfully request deletion, or the legally required retention period expires. Different categories of data may have different retention periods depending on the nature of the service, technical needs, contractual obligations, or legal requirements.

2. Region of Use

Your personal data will generally be processed in the Republic of China (Taiwan) or in the actual data processing environments used to operate the Service. However, due to cloud infrastructure, third-party service providers, AI model services, payment processing, or cross-border technical support, data may also be stored, transmitted, or processed in other countries or regions.

3. Recipients of Use

Within the scope necessary to achieve the purposes described above, your personal data may be provided or disclosed to:

• the Service's operating team, employees, and authorized personnel;
• cloud infrastructure, hosting, storage, monitoring, security, analytics, or technical support providers;
• partners needed for payment processing, accounting, invoicing, notifications, customer support, or other operations;
• third-party platforms that you have authorized to be linked; and
• government authorities, courts, or regulators legally entitled to request such data.

4. Methods of Use

Personal data may be processed through automated collection systems, API integrations, data synchronization, manual review, analytical processing, encrypted transmission, database storage, access controls, and other methods consistent with information security standards and legal requirements.

5. Third-Party Data Collection and Analytics Tools

To understand how the Service is used and to continuously improve the product, we may use third-party data collection, analytics, or behavioral observation tools. At present, these include but are not limited to:

• Google Analytics: used to analyze website traffic, page views, usage paths, device and browser information, and overall feature usage performance.
• Microsoft Clarity: used to understand user clicks, scrolling, dwell time, and on-site behavior in order to identify usability issues, improve interface flows, and optimize user experience.

The foregoing tools may collect or process data including page view records, dwell time, click and scroll behavior, device and browser information, IP address or derived region information, session records, and other technical data related to usage behavior. Such data is generally not used as the primary basis for identifying a specific natural person. However, the collection, processing, storage, and cross-border transfer of such data may still be governed by the privacy policies, terms of service, and data processing practices of the relevant third-party tool providers.

Chapter 5: Data Sharing, Outsourcing, and Cross-Border Transfers

1. Outsourced Processing and Partner Services

The Service may entrust certain data processing activities to third-party vendors, such as cloud services, AI model services, payment processors, analytics tools, security monitoring systems, notification systems, or customer support tools. For such outsourcing or cooperation, we will require them within a reasonable scope to comply with confidentiality obligations and data protection requirements.

2. Legal Requirements and Protection of Rights

The Service may lawfully provide or disclose your personal data in the following circumstances:

• where required by law, court order, regulator request, or legal procedure;
• where necessary to protect the life, body, freedom, property, or lawful rights and interests of the Service, other users, or third parties; or
• where necessary to detect, prevent, or address fraud, abuse, security incidents, or violations of the Service's terms.

3. Cross-Border Data Transfers

If cross-border data transfers are necessary due to the operation of the Service, third-party platform integrations, cloud deployment, AI model services, or other cooperation needs, the Service will adopt necessary protective measures within a reasonable scope to reduce the risk of improper use, disclosure, or access to data.

Chapter 6: Cookies and Similar Technologies

The Service may use cookies, session identifiers, and other similar technologies to support login state maintenance, preference recording, traffic analysis, security verification, and feature optimization. If you disable certain cookies or related technologies, some functions of the Service may not operate properly.

Chapter 7: Data Security and Protective Measures

Based on the nature and risk of the data, the Service will adopt reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, destruction, or other infringements. These measures may include account verification, access controls, encrypted transmission, access restrictions, log monitoring, security updates, and internal management procedures. However, no method of network transmission or electronic storage can guarantee absolute security, and users should still properly safeguard their own account information and authorization credentials.

Chapter 8: Your Rights

Under the Personal Data Protection Act and related laws, you may, in accordance with law, exercise the following rights:

• to inquire about or request access to personal data;
• to request a copy;
• to request supplementation or correction;
• to request cessation of collection, processing, or use; and
• to request deletion.

If you wish to exercise the foregoing rights, please contact us through the contact methods provided by the Service. However, where immediate compliance is not possible due to legal requirements or the needs of contract performance, billing processing, security maintenance, or dispute handling, the Service may refuse or delay processing to the extent permitted by law.

Chapter 9: Policy Revisions

This Privacy Policy may be revised from time to time due to changes in laws, service adjustments, technical updates, or operational needs. The latest version will be published on the Service's website or related pages. If you continue to use the Service after revisions to this Policy, such continued use constitutes acceptance of the revised content.

---

Current version: April 13, 2026 edition

If you have any questions, feel free to contact us:

Email: [email protected]