개인정보 처리방침
시행일 2026-07-03
본 방침은 홍콩 「개인자료(私隱)조례」(第486章, Personal Data (Privacy) Ordinance, PDPO) 및 그 6개 자료보호원칙(DPP1–6)에 따라 작성되었습니다. 여러 언어본이 제공되나, 해석상 차이가 있을 경우 영문본이 우선합니다. 데이터 이용자(운영 주체)는 XUANYE TECH LIMITED입니다.
1. 수집 항목 · 목적 · 보유 기간 (DPP1·DPP2)
| 항목 | 수집 시점 | 목적 | 보유 기간 |
|---|---|---|---|
| 이메일 주소 | 이메일 로그인 | 본인 확인·로그인·결제 알림 | 탈퇴 시까지 |
| 휴대전화번호 / Google 계정 식별자 | 소셜·휴대폰 로그인(Firebase) | 본인 확인·로그인 | 탈퇴 시까지 |
| 결제 기록(주문번호·금액·결제수단) | 유료 결제 | 결제 처리·환불·부정 방지 | 법령상 보존 의무 기간(회계·세무 목적, 최대 7년) |
| 이용자가 입력한 질문 텍스트·생성 콘텐츠 | 콘텐츠 생성 | AI 콘텐츠 생성·구매 콘텐츠 복원 | 이용자 삭제 또는 탈퇴 시까지 |
| IP 주소·요청 횟수 | 서비스 이용 | 부정 이용·과도한 요청 방지 | 최대 2일 |
수집되는 개인자료는 위 목적 달성에 필요한 범위로 한정되며(DPP1), 목적과 양립하지 않는 용도로는 이용되지 않습니다(DPP3). 비밀번호는 수집하지 않으며, 이메일 인증코드는 해시로만 저장되고 10분 후 파기됩니다.
2. 처리 위탁 및 제3자 이전 (DPP2·DPP4)
| 수탁자 | 위탁 업무 | 이전 정보 |
|---|---|---|
| Loy-Pay 및 제휴 결제사(payment partners) | 결제 처리(카드 정보 등은 결제사가 직접 수집) | 주문번호·결제 금액 |
| Google (Firebase Authentication) | 소셜·휴대폰 로그인 인증 | 계정 식별자·휴대폰번호 |
| Google (Gmail SMTP) | 인증코드·주문/알림 이메일 발송 | 이메일 주소 |
| AI 콘텐츠 제공자 (Anthropic / OpenAI / DeepSeek 중 설정된 제공자) | AI 콘텐츠 생성 | 이용자가 입력한 질문 텍스트 |
국외 이전 안내: 위 수탁자 중 일부는 홍콩 외(예: 미국 등)에 소재할 수 있으며, 개인자료는 서비스 제공에 필요한 범위에서만 이전됩니다. 회사는 계약상·기술적 보호조치를 통해 수탁자가 적절한 보안 수준을 유지하도록 합니다(DPP4).
3. 자료 접근·정정 권리 (DPP6 · 조례 제18·22·38조)
- 이용자는 PDPO 제18·22·38조 및 DPP6에 따라 자신의 개인자료에 대한 자료 접근 요청(DAR) 및 자료 정정 요청을 할 수 있습니다. 요청: info@imluck.io
- 회사는 접근 요청을 접수한 날로부터 40일 이내에 응답합니다.
- 보유 기간 경과 또는 목적 달성 시 개인자료는 지체 없이 삭제·익명화됩니다(DPP2). 회원탈퇴(내 계정 > 계정 삭제) 시 개인자료를 익명 처리하며, 결제 기록은 법령상 보존 의무에 따라 익명화된 상태로 보존될 수 있습니다.
- 만 13세 미만 아동의 개인자료는 수집하지 않습니다.
4. 안전성 확보 조치 (DPP4)
전송 구간 암호화(HTTPS), 인증코드 해시 저장, 결제 서명 검증, 접근 권한 최소화, 접근 기록 관리를 적용합니다.
5. 개인자료 보호책임자 및 권익 침해 구제
연락처: info@imluck.io
개인자료 처리에 관한 문의·불만 또는 권익 침해 신고는 아래 감독기관에 하실 수 있습니다.
- 홍콩 개인자료사생활전서(公署) — Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) · www.pcpd.org.hk
6. 방침의 변경
본 방침이 변경되는 경우 시행일 및 변경 내용을 서비스 내 공지합니다.
Privacy Policy
Effective 2026-07-03
This policy is prepared under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and its six Data Protection Principles (DPP1–6). It is provided in several languages; in the event of any discrepancy, the English version prevails. The data user (operator) is XUANYE TECH LIMITED.
1. Data Collected · Purpose · Retention (DPP1 · DPP2)
| Item | When collected | Purpose | Retention |
|---|---|---|---|
| Email address | Email login | Identity verification · login · payment notices | Until account deletion |
| Phone number / Google account identifier | Social / phone login (Firebase) | Identity verification · login | Until account deletion |
| Payment records (order no., amount, method) | Paid transactions | Payment processing · refunds · fraud prevention | As required by law for accounting/tax purposes (up to 7 years) |
| Question text entered · generated content | Content generation | AI content generation · restoring purchased content | Until deleted by user or account deletion |
| IP address · request count | Service use | Preventing abuse and excessive requests | Up to 2 days |
Personal data is collected only to the extent necessary for the above purposes (DPP1) and is not used for any purpose incompatible with them (DPP3). Passwords are not collected. Email verification codes are stored only as hashes and destroyed after 10 minutes.
2. Processing Delegation and Transfers (DPP2 · DPP4)
| Processor | Delegated task | Data transferred |
|---|---|---|
| Loy-Pay and payment partners | Payment processing (card details, etc. collected directly by the payment partner) | Order no. · amount |
| Google (Firebase Authentication) | Social / phone login authentication | Account identifier · phone number |
| Google (Gmail SMTP) | Verification codes · order/notice emails | Email address |
| AI content provider (the configured one among Anthropic / OpenAI / DeepSeek) | AI content generation | Question text entered by the user |
Overseas transfer notice: Some of the above processors may be located outside Hong Kong (e.g., in the United States); personal data is transferred only to the extent necessary to provide the service. The Company uses contractual and technical safeguards to ensure processors maintain an appropriate level of security (DPP4).
3. Data Access & Correction Rights (DPP6 · sections 18, 22 & 38 PDPO)
- Under sections 18, 22 and 38 of the PDPO and DPP6, you may make a data access request (DAR) and a data correction request in respect of your personal data. Requests: info@imluck.io
- The Company will respond to a data access request within 40 days of receipt.
- Personal data is erased or anonymised without undue delay once the retention period expires or the purpose is achieved (DPP2). Upon account deletion (My Account > Delete Account), personal data is anonymised; payment records may be retained in anonymised form as required by law.
- Personal data of children under 13 is not collected.
4. Security Measures (DPP4)
Transport encryption (HTTPS), hashed verification codes, payment signature verification, least-privilege access, and access-log management are applied.
5. Data Protection Officer and Remedies
Contact: info@imluck.io
For enquiries, complaints, or reports concerning the handling of your personal data, you may contact the supervisory authority:
- Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) · www.pcpd.org.hk
6. Changes to This Policy
If this policy changes, the effective date and details will be announced within the service.
隱私政策
生效日 2026-07-03
本政策依香港《個人資料(私隱)條例》(第486章,PDPO)及其六項保障資料原則(DPP1–6)制定。本政策提供多種語言版本,如有歧異,概以英文版為準。資料使用者(營運主體)為 XUANYE TECH LIMITED。
1. 蒐集項目・目的・保存期間(DPP1・DPP2)
| 項目 | 蒐集時點 | 目的 | 保存期間 |
|---|---|---|---|
| 電子郵件地址 | 信箱登入 | 身分驗證・登入・付款通知 | 至退會為止 |
| 手機號碼 / Google 帳號識別碼 | 社群・手機登入(Firebase) | 身分驗證・登入 | 至退會為止 |
| 付款紀錄(訂單號・金額・付款方式) | 付費交易 | 付款處理・退款・防弊 | 依法律規定之保存義務(會計/稅務用途,最長 7 年) |
| 使用者輸入之問題文字・生成內容 | 內容生成 | AI 內容生成・回復已購內容 | 至使用者刪除或退會 |
| IP 位址・請求次數 | 服務使用 | 防止濫用與過量請求 | 最多 2 日 |
所蒐集之個人資料以達成上述目的所必要之範圍為限(DPP1),且不作與目的不相容之使用(DPP3)。不蒐集密碼;電子郵件驗證碼僅以雜湊儲存,10 分鐘後銷毀。
2. 處理委託與資料移轉(DPP2・DPP4)
| 受託者 | 委託業務 | 移轉資訊 |
|---|---|---|
| Loy-Pay 及付款合作夥伴(payment partners) | 付款處理(卡片資訊等由付款商直接蒐集) | 訂單號・金額 |
| Google(Firebase Authentication) | 社群・手機登入驗證 | 帳號識別碼・手機號碼 |
| Google(Gmail SMTP) | 驗證碼・訂單/通知信寄送 | 電子郵件地址 |
| AI 內容供應商(Anthropic / OpenAI / DeepSeek 中所設定者) | AI 內容生成 | 使用者輸入之問題文字 |
境外移轉說明:上述受託者部分可能位於香港以外地區(例如美國等),個人資料僅於提供服務所需範圍內移轉。公司透過契約及技術保護措施,確保受託者維持適當之安全水準(DPP4)。
3. 查閱及改正權(DPP6・條例第18、22及38條)
- 依 PDPO 第18、22及38條與 DPP6,使用者得就其個人資料提出查閱資料要求(DAR)及改正資料要求。請洽:info@imluck.io
- 公司將於收到查閱要求之日起40 日內回覆。
- 保存期間屆滿或目的達成時,個人資料即時刪除或匿名化(DPP2)。退會(我的帳戶 > 刪除帳號)時將個資匿名化;付款紀錄得依法律保存義務以匿名狀態保存。
- 不蒐集未滿 13 歲兒童之個人資料。
4. 安全維護措施(DPP4)
採傳輸加密(HTTPS)、驗證碼雜湊儲存、付款簽章驗證、最小權限存取、存取紀錄管理。
5. 個人資料保護主任與權益救濟
聯絡:info@imluck.io
如就個人資料之處理有查詢、投訴或權益侵害之申報,可洽下列監管機構:
- 香港個人資料私隱專員公署(PCPD) · www.pcpd.org.hk
6. 政策之變更
本政策如有變更,將於服務內公告生效日與變更內容。
นโยบายความเป็นส่วนตัว
มีผลบังคับใช้ 2026-07-03
นโยบายนี้จัดทำตามกฎหมายว่าด้วยข้อมูลส่วนบุคคล (ความเป็นส่วนตัว) ของฮ่องกง (Cap. 486, "PDPO") และหลักการคุ้มครองข้อมูลทั้งหกข้อ (DPP1–6) มีให้บริการหลายภาษา หากมีข้อความขัดแย้งกัน ให้ยึดฉบับภาษาอังกฤษเป็นสำคัญ ผู้ใช้ข้อมูล (ผู้ดำเนินการ) คือ XUANYE TECH LIMITED
1. รายการที่เก็บ · วัตถุประสงค์ · ระยะเวลาจัดเก็บ (DPP1 · DPP2)
| รายการ | เก็บเมื่อ | วัตถุประสงค์ | ระยะเวลา |
|---|---|---|---|
| อีเมล | เข้าสู่ระบบด้วยอีเมล | ยืนยันตัวตน · เข้าระบบ · แจ้งการชำระเงิน | จนกว่าจะลบบัญชี |
| เบอร์โทร / รหัสบัญชี Google | เข้าระบบโซเชียล/มือถือ (Firebase) | ยืนยันตัวตน · เข้าระบบ | จนกว่าจะลบบัญชี |
| บันทึกการชำระเงิน (เลขคำสั่งซื้อ ยอด วิธีชำระ) | ธุรกรรมแบบชำระเงิน | ประมวลผลการชำระ · คืนเงิน · ป้องกันทุจริต | ตามที่กฎหมายกำหนด (เพื่อการบัญชี/ภาษี สูงสุด 7 ปี) |
| ข้อความคำถามที่ผู้ใช้ป้อน · เนื้อหาที่สร้าง | การสร้างเนื้อหา | สร้างเนื้อหา AI · กู้คืนเนื้อหาที่ซื้อ | จนกว่าผู้ใช้ลบหรือลบบัญชี |
| ที่อยู่ IP · จำนวนคำขอ | การใช้บริการ | ป้องกันการใช้ในทางมิชอบและคำขอมากเกิน | สูงสุด 2 วัน |
ข้อมูลส่วนบุคคลถูกเก็บเท่าที่จำเป็นต่อวัตถุประสงค์ข้างต้น (DPP1) และไม่ถูกใช้เพื่อวัตถุประสงค์ที่ไม่สอดคล้องกัน (DPP3) ไม่เก็บรหัสผ่าน รหัสยืนยันอีเมลจัดเก็บเป็นค่าแฮชเท่านั้นและลบทิ้งหลัง 10 นาที
2. การมอบหมายประมวลผลและการโอนข้อมูล (DPP2 · DPP4)
| ผู้รับมอบหมาย | งานที่มอบหมาย | ข้อมูลที่โอน |
|---|---|---|
| Loy-Pay และพันธมิตรการชำระเงิน (payment partners) | ประมวลผลการชำระเงิน (ข้อมูลบัตร ฯลฯ ผู้ให้บริการเก็บโดยตรง) | เลขคำสั่งซื้อ · ยอดเงิน |
| Google (Firebase Authentication) | ยืนยันการเข้าสู่ระบบโซเชียล/มือถือ | รหัสบัญชี · เบอร์โทร |
| Google (Gmail SMTP) | ส่งรหัสยืนยัน · อีเมลคำสั่งซื้อ/แจ้งเตือน | อีเมล |
| ผู้ให้บริการเนื้อหา AI (Anthropic / OpenAI / DeepSeek ที่ตั้งค่าไว้) | สร้างเนื้อหา AI | ข้อความคำถามที่ผู้ใช้ป้อน |
หมายเหตุการโอนไปต่างประเทศ: ผู้รับมอบหมายบางรายอาจอยู่นอกฮ่องกง (เช่น สหรัฐอเมริกา) ข้อมูลจะโอนเท่าที่จำเป็นต่อการให้บริการเท่านั้น บริษัทใช้มาตรการคุ้มครองทางสัญญาและทางเทคนิคเพื่อให้ผู้รับมอบหมายรักษาระดับความปลอดภัยที่เหมาะสม (DPP4)
3. สิทธิเข้าถึงและแก้ไขข้อมูล (DPP6 · มาตรา 18, 22 และ 38 ของ PDPO)
- ตามมาตรา 18, 22 และ 38 ของ PDPO และ DPP6 ผู้ใช้สามารถยื่นคำขอเข้าถึงข้อมูล (DAR) และคำขอแก้ไขข้อมูลเกี่ยวกับข้อมูลส่วนบุคคลของตน ติดต่อ: info@imluck.io
- บริษัทจะตอบคำขอเข้าถึงข้อมูลภายใน 40 วันนับจากวันที่ได้รับ
- เมื่อครบระยะเวลาหรือบรรลุวัตถุประสงค์ ข้อมูลส่วนบุคคลจะถูกลบหรือทำให้ไม่ระบุตัวตนโดยไม่ชักช้า (DPP2) เมื่อลบบัญชี (บัญชีของฉัน > ลบบัญชี) ข้อมูลส่วนบุคคลจะถูกทำให้ไม่ระบุตัวตน บันทึกการชำระเงินอาจเก็บแบบไม่ระบุตัวตนตามที่กฎหมายกำหนด
- ไม่เก็บข้อมูลส่วนบุคคลของเด็กอายุต่ำกว่า 13 ปี
4. มาตรการรักษาความปลอดภัย (DPP4)
ใช้การเข้ารหัสระหว่างส่ง (HTTPS) จัดเก็บรหัสยืนยันแบบแฮช ตรวจสอบลายเซ็นการชำระเงิน จำกัดสิทธิ์เข้าถึงขั้นต่ำ และจัดการบันทึกการเข้าถึง
5. เจ้าหน้าที่คุ้มครองข้อมูลและการเยียวยา
ติดต่อ: info@imluck.io
หากมีข้อสงสัย ข้อร้องเรียน หรือการแจ้งการละเมิดเกี่ยวกับการจัดการข้อมูลส่วนบุคคล ติดต่อหน่วยงานกำกับดูแลได้ที่:
- สำนักงานคณะกรรมการคุ้มครองข้อมูลส่วนบุคคลแห่งฮ่องกง (PCPD) · www.pcpd.org.hk
6. การเปลี่ยนแปลงนโยบาย
หากมีการเปลี่ยนแปลง จะประกาศวันมีผลและรายละเอียดภายในบริการ
Chính sách Quyền riêng tư
Hiệu lực từ 2026-07-03
Chính sách này được lập theo Pháp lệnh Dữ liệu Cá nhân (Quyền riêng tư) của Hồng Kông (Cap. 486, "PDPO") và sáu Nguyên tắc Bảo vệ Dữ liệu (DPP1–6). Được cung cấp bằng nhiều ngôn ngữ; nếu có khác biệt, bản tiếng Anh được ưu tiên áp dụng. Người sử dụng dữ liệu (đơn vị vận hành) là XUANYE TECH LIMITED.
1. Dữ liệu thu thập · Mục đích · Thời hạn lưu (DPP1 · DPP2)
| Mục | Khi thu thập | Mục đích | Thời hạn |
|---|---|---|---|
| Địa chỉ email | Đăng nhập email | Xác minh · đăng nhập · thông báo thanh toán | Đến khi xóa tài khoản |
| Số điện thoại / định danh tài khoản Google | Đăng nhập social/điện thoại (Firebase) | Xác minh · đăng nhập | Đến khi xóa tài khoản |
| Bản ghi thanh toán (mã đơn, số tiền, phương thức) | Giao dịch trả phí | Xử lý thanh toán · hoàn tiền · chống gian lận | Theo quy định pháp luật (mục đích kế toán/thuế, tối đa 7 năm) |
| Văn bản câu hỏi người dùng nhập · nội dung tạo ra | Tạo nội dung | Tạo nội dung AI · khôi phục nội dung đã mua | Đến khi người dùng xóa hoặc xóa tài khoản |
| Địa chỉ IP · số lượt yêu cầu | Sử dụng dịch vụ | Ngăn lạm dụng và yêu cầu quá mức | Tối đa 2 ngày |
Dữ liệu cá nhân chỉ được thu thập trong phạm vi cần thiết cho các mục đích trên (DPP1) và không được dùng cho mục đích không tương thích (DPP3). Không thu thập mật khẩu. Mã xác minh email chỉ lưu dưới dạng băm (hash) và bị xóa sau 10 phút.
2. Ủy thác xử lý và chuyển giao dữ liệu (DPP2 · DPP4)
| Bên xử lý | Công việc ủy thác | Dữ liệu chuyển giao |
|---|---|---|
| Loy-Pay và các đối tác thanh toán (payment partners) | Xử lý thanh toán (thông tin thẻ, v.v. do đối tác thanh toán tự thu thập) | Mã đơn · số tiền |
| Google (Firebase Authentication) | Xác thực đăng nhập social/điện thoại | Định danh tài khoản · số điện thoại |
| Google (Gmail SMTP) | Gửi mã xác minh · email đơn hàng/thông báo | Địa chỉ email |
| Nhà cung cấp nội dung AI (Anthropic / OpenAI / DeepSeek được cấu hình) | Tạo nội dung AI | Văn bản câu hỏi người dùng nhập |
Lưu ý chuyển giao ra nước ngoài: Một số bên xử lý nêu trên có thể đặt ngoài Hồng Kông (ví dụ tại Hoa Kỳ); dữ liệu chỉ được chuyển trong phạm vi cần thiết để cung cấp dịch vụ. Công ty áp dụng các biện pháp bảo vệ theo hợp đồng và kỹ thuật để bảo đảm bên xử lý duy trì mức bảo mật phù hợp (DPP4).
3. Quyền truy cập & chỉnh sửa dữ liệu (DPP6 · các mục 18, 22 & 38 PDPO)
- Theo các mục 18, 22 và 38 của PDPO và DPP6, bạn có thể gửi yêu cầu truy cập dữ liệu (DAR) và yêu cầu chỉnh sửa dữ liệu đối với dữ liệu cá nhân của mình. Liên hệ: info@imluck.io
- Công ty sẽ phản hồi yêu cầu truy cập dữ liệu trong vòng 40 ngày kể từ khi nhận.
- Khi hết thời hạn lưu hoặc đạt mục đích, dữ liệu cá nhân được xóa hoặc ẩn danh không chậm trễ (DPP2). Khi xóa tài khoản (Tài khoản của tôi > Xóa tài khoản), thông tin cá nhân được ẩn danh; bản ghi thanh toán có thể được lưu ở dạng ẩn danh theo quy định pháp luật.
- Không thu thập dữ liệu cá nhân của trẻ dưới 13 tuổi.
4. Biện pháp bảo mật (DPP4)
Áp dụng mã hóa đường truyền (HTTPS), lưu mã xác minh dạng băm, xác minh chữ ký thanh toán, quyền truy cập tối thiểu và quản lý nhật ký truy cập.
5. Cán bộ bảo vệ dữ liệu và cơ chế khiếu nại
Liên hệ: info@imluck.io
Để hỏi đáp, khiếu nại hoặc báo cáo về việc xử lý dữ liệu cá nhân, bạn có thể liên hệ cơ quan giám sát:
- Văn phòng Ủy viên Quyền riêng tư về Dữ liệu Cá nhân, Hồng Kông (PCPD) · www.pcpd.org.hk
6. Thay đổi chính sách
Khi chính sách thay đổi, ngày hiệu lực và nội dung thay đổi sẽ được thông báo trong dịch vụ.