Privacy Policy

一、簡介

Foodfy（「本公司」、「我們」、「我們的」）致力於保護您個人資訊的隱私和安全。本隱私權政策解釋了當您與 Foodfy 平台互動時，我們如何收集、使用、揭露、儲存和保護您的數據，包括我們的網站 foodfy.ai、行動應用程式、API、商家儀表板、人工智慧服務、無人機送貨網路以及所有相關服務和功能（統稱為「平台」）。

This Privacy Policy applies to all users of the Platform worldwide, including Customers, Business Partners, Delivery Partners, Territory Partners, Corporate Account administrators and employees, Investors, Influencers, NutriLife users, and visitors. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Foodfy 在 250 多個國家/地區開展業務。適用於您的特定資料保護法可能會因您所在的位置而異。如果當地法律提供的保護大於本隱私權政策，則以當地法律為準。補充區域規定詳見第 16 條。

2. 資料控制者

除非另有說明，Foodfy 是資料控制者，負責透過平台處理您的個人資料。對於 Foodfy for Work（公司帳戶），註冊組織充當員工個人資料的資料控制者，Foodfy 代表他們充當資料處理者。

對於資料保護問題，您可以透過以下方式聯絡我們的資料保護官：

電子郵件: [email protected]
Postal Address: Foodfy，資料保護官，可透過 [email protected] 聯繫

3. 我們收集的資訊

We collect different categories of personal data depending on how you interact with the Platform and which services you use.

3.1 所有用戶

帳號資訊: 全名、電子郵件地址、電話號碼、出生日期、個人資料照片和加密密碼。
認證數據: Login credentials, two-factor authentication secrets and recovery codes, API tokens, and session identifiers.
設備和技術數據: 裝置類型、作業系統和版本、瀏覽器類型和版本、螢幕解析度、唯一裝置識別碼、行動網路資訊、IP 位址和推播通知令牌（Expo 令牌）。
Usage Data: Pages visited, features used, search queries, click patterns, navigation paths, session duration, timestamps, referring URLs, and interaction events.
Location Data: 根據 IP 位址得出的大致位置。在您明確同意的情況下，提供精確的 GPS 送貨位置、附近的企業發現和基於位置的功能。
通訊數據: Messages sent through the Platform, customer support interactions, feedback, and survey responses.

3.2 客戶

Order Data: Items ordered, order history, delivery addresses (including building name, street, apartment, floor, entry code, and delivery instructions), order preferences, special dietary requirements, and order source (web, app, kiosk, QR, WhatsApp, meal plan).
Payment Data: Payment method type, billing address, transaction amounts, and transaction history. Full payment card numbers are processed by our PCI DSS-compliant payment processor (Stripe) and are never stored on Foodfy servers.
地址簿: Saved delivery addresses including structured address components, GPS coordinates, Google Place IDs, and formatted addresses.
偏好設定: 最喜歡的企業、保存的項目、飲食偏好、語言和貨幣設定。
Reviews and Ratings: Product reviews, business ratings, delivery ratings, photos, and comments.

3.3 商業夥伴

商業資訊: 企業法定名稱、商號、子網域、公共商店識別碼、企業類型（餐廳、雜貨店、藥局、鮮花、零售、供應商、品牌）、實際地址、電話號碼、電子郵件和網站 URL。
Legal and Financial Data: Tax identification name and number, legal entity type, banking details for payouts, and business registration documents.
Operational Data: Menu items, product catalog, pricing, inventory levels, operating hours, preparation times, delivery zones, and service configurations.
客戶關係數據: CRM 設定檔包括客戶訂單頻率、總支出、RFM（新近度、頻率、貨幣）評分、生命週期階段、忠誠度等級、行銷選擇狀態、首選語言、標籤和註釋。
員工資料: Staff member names, roles, employee codes, departments, designations, employment type, contact information, emergency contacts, banking details, identity documents, and HR records when using the People and HR feature.
Third-Party Integrations: Google Place ID、Google 評分、社群媒體資料（WhatsApp、Facebook）以及與整合服務（會計軟體、交付平台）交換的資料。
特許經營數據: 特許經營品牌關聯、奧特萊斯代碼、多地點配置和品牌級分析。

3.4 交付合作夥伴

身份驗證: 政府核發的身份證明、駕駛執照、車輛登記證和保險證明。
Real-Time Location: GPS 座標在主動交付期間更新，用於訂單追蹤、路線最佳化和安全目的。
Performance Data: Number of completed orders, rejected orders, delivery times, ratings received, and earnings history.
無人機交付數據: 對於支援無人機的送貨合作夥伴：無人機能力狀態、運行者類型、送貨統計資料、DronePort 分配和無人機操作日誌。

3.5 地域合作夥伴

Managed Territories: 分配的領土層級（地區、國家、州、城市、地區）、領土識別碼和地理範圍。
績效指標: 業務入職率、產生的收入、合作夥伴滿意度評分和區域成長指標。
應用資料: Territory applicant profile information submitted during the application and onboarding process.

3.6 企業帳戶使用者（Foodfy for Work）

Organization Data: 公司法定名稱、法人實體類型、貿易許可證號、稅號、註冊地址、帳單聯絡資訊和標誌。
員工資料: 員工姓名、電子郵件、角色（管理員/經理/員工）、部門、成本中心、員工參考號碼、錢包餘額、錢包交易歷史記錄和就業狀態。

3.7 投資者

投資者簡介: 認證狀態、投資偏好、身分驗證文件和通訊歷史記錄。
Investment Activity: Investment interests, deal participation, investment amounts, and related correspondence.

3.8 NutriLife 用戶

NutriLife collects sensitive health and biometric data. See Section 9 for detailed information.

3.9 來自第三方的信息

Social media platforms when you sign in using social login (Google, Facebook, Apple).
Payment processors and financial institutions for transaction verification and fraud prevention.
Public business directories and government registries for business verification and directory building.
Open Food Facts and other nutritional databases for product nutritional data.
Third-party delivery platforms (Uber Eats, Deliveroo, Talabat, Keeta, Careem) for integrated order management.
用於位置、地圖和地址資料的 Google Maps and Places API。
用於網站流量分析和活動衡量的分析和廣告合作夥伴。

4. 處理的法律依據

We process your personal data on the following legal bases, as applicable under the General Data Protection Regulation (GDPR) and similar frameworks:

Performance of Contract: Processing necessary to fulfill our contractual obligations to you, including account creation, order processing, payment handling, delivery coordination, and provision of Platform features you have subscribed to or requested.
同意: Processing based on your freely given, specific, informed, and unambiguous consent. This applies to: precise GPS location tracking, NutriLife health and biometric data collection (special category data), marketing communications and promotional emails, non-essential cookies and tracking technologies, and AI-powered photo analysis of meals.
Legitimate Interest: Processing necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms. This includes: Platform security and fraud prevention, analytics and service improvement, personalized search results and recommendations (non-AI profiling), customer support and communication, and enforcement of our Terms of Service.
Legal Obligation: Processing necessary to comply with applicable legal requirements, including tax and accounting regulations, anti-money laundering (AML) and know-your-customer (KYC) requirements, food safety and public health regulations, data retention mandated by law, and responses to lawful government or regulatory requests.
Vital Interest: 在特殊情況下，為保護某人的切身利益而必要的處理，例如涉及食物過敏的緊急情況、安全事件或突發公共衛生事件。

5. 我們如何使用您的訊息

We use the personal data we collect for the following purposes:

5.1 核心平台運營

Provide, maintain, operate, and improve the Platform and all its features and services.
Process and fulfill orders, payments, refunds, and deliveries.
建立、驗證和管理所有使用者類型的使用者帳戶。
實現即時訂單追蹤、交付協調和司機/無人機調度。
Process Business Partner payouts and financial reconciliation.
Manage Foodfy Gold subscriptions, benefits, and billing.
Operate Foodfy for Work corporate wallets, allocations, and expense tracking.

5.2 通訊

Send transactional communications including order confirmations, delivery updates, payment receipts, and account notifications.
Provide customer support and respond to inquiries through all channels (email, in-app, WhatsApp, SMS).
With your consent, send promotional communications, marketing offers, and personalized recommendations.

5.3 個人化和人工智慧

Personalize your experience through AI-powered search results, business recommendations, and product suggestions.
Provide Business Partners with AI-powered tools including menu optimization, demand forecasting, automated marketing content generation, and customer analytics.
Power NutriLife features including AI meal photo analysis, nutritional calculation, and personalized dietary guidance.
啟用人工智慧聊天機器人和自動化客戶支援。

5.4 安全、安保和合規性

偵測、調查並防止詐欺、濫用、未經授權的存取以及其他非法或有害活動。
Verify the identity of Business Partners, Delivery Partners, Territory Partners, and Investors.
遵守適用的法律義務、稅務要求和監管要求。
執行我們的服務條款和其他協議。

5.5 分析與改進

進行總結和匿名分析，以了解使用模式並改善平台功能。
Perform A/B testing and user experience research.
Train and improve AI and machine learning models using anonymized and aggregated data.
產生商業智慧報告和市場洞察。

6. 我們如何分享您的訊息

We share your personal data only as necessary to operate the Platform and provide our services. We do not sell your personal data to third parties.

6.1 與其他平台用戶

商業夥伴: When you place an order, we share your name, delivery address, phone number, and order details with the relevant Business Partner to fulfill your order. Business Partners on Foodfy retain full ownership of their customer data and can export it at any time.
交付合作夥伴: We share your delivery address, order pickup location, and necessary contact information with Delivery Partners to complete deliveries. Delivery Partner access to your data is limited to what is necessary for the current delivery.
顧客: 業務合作夥伴資訊（名稱、地址、評級、選單、營業時間）在平台上公開顯示，以便於發現和訂購。

6.2 與服務提供者

We engage trusted third-party service providers who process data on our behalf under strict data processing agreements:

Stripe: Payment processing, subscription billing, and fraud detection.
雲耀: 內容交付、DDoS 防護和 Web 應用程式防火牆。
人擇與 OpenAI: 針對 Platform AI 功能的 AI 和機器學習模型推理。發送給人工智慧提供者的資料根據其企業資料處理條款進行處理，並不用於訓練其通用模型。
深度圖譜: Speech-to-text processing for voice-enabled features.
Twilio: SMS delivery and voice communication services.
Google: Maps, Places API, analytics, and advertising services.
Meta: 廣告活動管理和轉換追蹤。
雲端基礎設施供應商: Server hosting, data storage, and computing services.

6.3 借助第三方交付平台

When Business Partners use delivery platform integrations (Uber Eats, Deliveroo, Talabat, Keeta, Careem, and others), order data and necessary operational information is exchanged between the Platform and these third-party services to enable cross-platform order management. This sharing is initiated by the Business Partner and governed by the terms of each delivery platform.

6.4 會計集成

When Business Partners connect accounting software (Xero, QuickBooks), financial transaction data, invoices, and business records are synchronized as configured by the Business Partner.

6.5 出於法律和監管目的

When required by applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request.
To enforce our Terms of Service and other agreements.
To protect the rights, property, safety, or security of Foodfy, our Users, or the public.
To detect, prevent, or address fraud, security, or technical issues.

6.6 業務轉讓

在合併、收購、重組、破產、資產出售或類似的公司交易中，您的個人資料可能會轉移到收購實體。在您的個人資料受到不同隱私權政策的約束之前，我們將發出通知。

6.7 經您同意

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

7. 資料保留

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, provide our services, and comply with legal obligations. Specific retention periods include:

活躍帳戶數據: Retained for the duration of your account plus 30 days after account deletion request to allow for recovery.
Order and Transaction Records: Retained for a minimum of 7 years to comply with tax, accounting, and financial regulations in applicable jurisdictions.
Payment Records: Retained as required by PCI DSS standards and financial regulations, typically 7 years.
業務夥伴數據: Retained for the duration of the business relationship plus the legally required retention period for business records.
NutriLife Health Data: Retained while your NutriLife profile is active. Upon deletion request, health data is permanently deleted within 30 days, except where retention is required by law.
Foodfy Gold 訂閱數據: Retained for the duration of the subscription plus 3 years for billing dispute resolution.
公司帳戶員工數據: Retained for the duration of the employee enrollment plus 1 year after removal from the Corporate Account.
通訊日誌: 客戶支援互動保留 3 年，以確保品質和解決爭議。
分析數據: 聚合和匿名分析資料可能會無限期保留，因為它無法識別個人身份。

When personal data is no longer needed and no legal obligation requires its retention, we securely delete or irreversibly anonymize it using industry-standard methods.

8. 人工智慧與自動決策

Foodfy 使用人工智慧和跨多個平台功能的自動化處理。我們致力於確保這些技術如何處理您的資料的透明度。

8.1 人工智慧如何處理您的數據

Personalized Recommendations: 人工智慧模型分析您的訂單歷史記錄、瀏覽行為、位置和偏好，以推薦企業、產品和優惠。此處理基於合法利益。
Search Ranking: Search results are ranked using algorithms that consider relevance, distance, popularity, ratings, and personalization signals.
需求預測: 對於業務合作夥伴，人工智慧分析歷史訂單資料、季節性模式、當地事件和天氣資料來預測需求。這使用聚合的業務數據。
Menu Optimization: 人工智慧根據銷售數據、競爭對手分析和客戶偏好建議定價調整和菜單修改。最終決定始終由業務夥伴做出。
詐欺偵測: 自動化系統分析交易模式、裝置資訊和行為訊號，以識別潛在的詐欺活動。標記的交易可能會由人類分析師進行審查。
NutriLife AI: 人工智慧分析膳食照片來估計營養成分，並根據您的健康狀況產生個人化的飲食建議。詳細資訊請參閱第 9 節。
自動化行銷: 人工智慧根據客戶細分和行為數據為業務合作夥伴產生行銷內容、電子郵件活動和促銷優惠。

8.2 您關於自動決策的權利

Under applicable law (including GDPR Article 22), you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where such automated decisions are made:

You have the right to obtain human intervention and review of the decision.
You have the right to express your point of view and contest the decision.
You may request an explanation of the logic involved in the automated decision.

To exercise these rights, contact us at [email protected].

8.3 人工智慧資料保障

發送給第三方人工智慧提供者（Anthropic、OpenAI）的資料根據企業資料處理協議進行處理。您的資料不會用於訓練他們的通用人工智慧模型。
Foodfy 的 AI 模型訓練使用匿名和聚合數據，無法識別個人使用者。
人工智慧的輸出是機率性的，以建議或估計的形式呈現，而不是明確的決定。

9. 健康與生物辨識資料（NutriLife）

NutriLife processes sensitive health-related and biometric data that requires special protection under applicable privacy laws. This section provides detailed information about how we handle this data.

9.1 收集的健康資料的類別

With your explicit consent, NutriLife may collect and process the following categories of health data:

Physical Measurements: 體重、身高、體脂肪百分比、腰圍、臀圍和體重指數 (BMI)。
Vital Signs: 血糖水平、血壓讀數和心率。
Lifestyle Indicators: Sleep duration, hydration levels, daily step count, energy levels, stress levels, mood, and digestive health indicators.
飲食資訊: 食物日記條目、飲食照片、卡路里和常量營養素攝取量（蛋白質、碳水化合物、脂肪、纖維、糖、鈉）、微量營養素攝取量（維生素 A 至 B12、鈣、鐵、鉀等）、飲食類型和食物過敏。
健康檔案: 出生日期、性別、活動量、健康目標（減重、增重、維持）、目標體重、醫療狀況、補充品使用、懷孕或哺乳狀況。
人工智慧分析數據: Meal photographs analyzed by AI, confidence scores, and AI-generated nutritional estimates.

9.2 法律依據與同意

根據 GDPR（第 9 條）和全球同等法律，健康和生物辨識資料被歸類為特殊類別資料。我們僅在您在 NutriLife 入職期間提供的明確同意的基礎上處理這些資料。您可以隨時透過在帳戶設定中停用 NutriLife 來撤回您的同意，這將導致您的健康資料在 30 天內被刪除。

9.3 目的限制

Your NutriLife health data is used strictly for the following purposes:

計算您的基礎代謝率 (BMR)、每日總能量消耗 (TDEE) 以及個人化卡路里和大量營養素目標。
Tracking your food diary entries and nutritional intake over time.
Providing AI-powered dietary suggestions and meal plan recommendations.
顯示健康趨勢和實現您既定目標的進展。

9.4 嚴格的資料保護

NutriLife health data is encrypted at rest and in transit using AES-256 and TLS 1.3 encryption.
健康數據與一般平台數據分開存儲，並具有額外的訪問控制。
NutriLife health data is NEVER shared with insurance companies, employers, advertisers, or any third party for purposes unrelated to providing the NutriLife service.
健康數據絕不會用於廣告定位或出售給第三方。
Foodfy 內的健康資料存取權限僅限於必要人員和系統，嚴格遵循「需要知道」的原則。

10. Foodfy Gold 訂閱數據

When you subscribe to Foodfy Gold, we process additional data related to your membership:

Subscription Data: Plan type, subscription status (active, trial, paused, cancelled, expired), start and end dates, trial period dates, and renewal dates.
Payment Data: Stripe customer ID, Stripe subscription ID, payment method (last four digits and card type only), and billing history. Full card details are stored exclusively by Stripe.
福利使用: Total orders placed with Gold benefits, delivery savings, discount savings, total calculated savings, and benefit redemption logs.

This data is processed to manage your subscription, apply benefits to eligible orders, calculate your savings, and provide you with subscription management features. Legal basis: performance of contract.

11. 公司帳戶和員工數據

對於 Foodfy for Work（公司帳戶），資料處理責任是共同承擔的：

11.1 資料控制者關係

The enrolling organization (employer) acts as the data controller for employee personal data provided through the Corporate Account. Foodfy acts as a data processor, processing employee data solely as instructed by the employer and in accordance with the Foodfy for Work Data Processing Agreement.

11.2 收集的數據

員工姓名、電子郵件地址以及公司帳戶中的角色（管理員、經理、員工）。
雇主提供的部門、成本中心和員工參考號碼。
Wallet balance, credit history, spending history, and refund records.
Order history made using the corporate wallet, including items ordered and amounts.

11.3 雇主的責任

雇主有責任： (a) 有合法依據與 Foodfy 共享員工資料； (b) 告知員工有關透過平台進行資料處理的資訊； (c) 回應與雇主控制資料相關的員工資料權利請求； (d) 確保遵守適用的就業和資料保護法律。

12. 無人機交付營運數據

When drone delivery services are used, the following additional data is processed:

Route and GPS Data: 無人機飛行路徑、通過 DronePort 位置的中繼點、交付 GPS 座標以及預計到達時間。
交付合作夥伴數據: 對於支援無人機的送貨合作夥伴：主動送貨期間的即時位置、送貨統計資料和操作日誌。
無人機連接埠數據: DronePort 利用率指標、維護計畫和運作狀態。
客戶交付數據: Precise delivery coordinates required for safe and accurate drone landing, which may be more precise than standard address-based delivery.

無人機交付資料的處理是基於合約履行的法律依據，以及在適用的情況下維護安全高效交付操作的合法利益。交付合作夥伴的即時位置資料僅在主動交付期間處理。

13. 資料安全

Foodfy 實施全面、領先業界的技術和組織措施來保護您的個人資料：

13.1 技術保障

使用 TLS 1.2+ 對傳輸中的所有資料進行加密（在所有平台端點上強制執行 HTTPS）。
使用 AES-256 加密對靜態敏感資料進行加密。
Web application firewall (WAF) and DDoS protection powered by Cloudflare.
具有邊緣快取的內容交付網路 (CDN)，以提高效能和安全性。
PCI DSS-compliant payment processing through Stripe, with no storage of full card numbers on Foodfy servers.
Two-factor authentication (2FA) available for all accounts and mandatory for privileged accounts.
使用具有速率限制和濫用偵測功能的安全性令牌進行 API 驗證。
Regular automated vulnerability scanning and penetration testing.

13.2 組織保障

Role-based access controls ensuring employees can only access data necessary for their function.
Multi-tenant data architecture with country-specific database sharding, ensuring data from different jurisdictions is logically separated.
與所有第三方服務提供者的資料處理協議。
Regular security awareness training for all personnel with access to personal data.
事件回應程序和專門的安全團隊。
資料最小化實踐：我們只收集特定目的所需的資料。

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage all users to take steps to protect their own accounts, including using strong, unique passwords and enabling two-factor authentication.

14. 國際資料傳輸

Foodfy 透過其全球基礎設施和地區合作夥伴網路在 250 多個國家/地區開展業務。您的個人資料可能會傳輸到您居住國以外的國家並在其中處理。當我們在國際範圍內傳輸個人資料時，我們會實施適當的保護措施，以確保您的資料受到保護：

Standard Contractual Clauses (SCCs): 對於從歐洲經濟區/英國轉移到沒有充分性決定的國家/地區，我們使用歐盟委員會批准的標準合約條款。
資料處理協議: 所有代表我們處理個人資料的第三方服務提供者均受到全面的資料處理協議的約束，其中包括資料保護義務、安全要求和跨境傳輸保障措施。
特定國家/地區的資料分片: Our multi-tenant architecture uses country-specific database shards, which means operational data is stored and processed within or near the geographic region of the relevant Territory, minimizing cross-border transfers for day-to-day operations.
充分性決策: Where available, we rely on adequacy decisions issued by relevant regulatory authorities.
Transfer Impact Assessments: We conduct transfer impact assessments for data transfers to countries without adequate data protection frameworks.

15. 您的隱私權

根據您所在的位置，您對您的個人資料擁有各種權利。 Foodfy 致力於尊重全球所有使用者的這些權利：

15.1 普遍權利

Regardless of your location, all Foodfy users may:

使用權: Request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.
更正: Request correction of inaccurate, incomplete, or outdated personal data. You can update most information directly through your account settings.
刪除: Request deletion of your personal data, subject to legitimate retention requirements (legal obligations, dispute resolution, fraud prevention).
Restriction: Request that we restrict the processing of your personal data in certain circumstances.
Objection: Object to the processing of your personal data for direct marketing purposes. We will comply with all opt-out requests promptly.
Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
帳戶刪除: Request complete deletion of your account and associated personal data. Account deletion requests are processed within 30 days.

15.2 如何行使您的權利

You may exercise your rights by:

存取您的帳戶設定以進行自助資料管理、首選項變更和帳戶刪除。
請透過電子郵件向我們的資料保護官發送您的請求：[email protected]。
發送電子郵件至[email protected] 進行一般隱私查詢。

We will verify your identity before processing requests and respond within the timeframe required by applicable law (typically 30 days, extendable by an additional 60 days for complex requests with prior notification to you).

16. 區域隱私權

The following supplemental provisions apply based on your location and the applicable data protection law:

16.1 歐洲經濟區與英國 (GDPR/UK GDPR)

如果您位於歐洲經濟區或英國，則根據《一般資料保護規範》，您擁有以下附加權利：

數據可攜性: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
自動決策: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (GDPR Article 22). See Section 8.2.
資料保護官: Our DPO can be reached at [email protected] for any GDPR-related inquiries.

16.2 美國加州（CCPA/CPRA）

如果您是加州居民，根據《加州消費者隱私權法》（經《加州隱私權法》修訂），您享有以下權利：

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose for collecting, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to statutory exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: Foodfy 不會出售您的個人資訊。未經您的同意，我們不會為了跨情境行為廣告而分享個人資訊。
Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of sensitive personal information to what is necessary for the purposes specified.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

在過去 12 個月內，我們沒有出售 CCPA/CPRA 定義的個人資訊。

16.3 巴西（LGPD）

如果您位於巴西，您享有 Lei Geral de Protecao de Dados (LGPD) 規定的權利，包括：確認處理、存取、更正、匿名化、可移植性、刪除經同意處理的資料、有關共享的信息，以及向 Autoridade Nacional de Protecao de Dados (ANPD) 請願的權利。

16.4 亞太地區（PDPA 和同等法律）

如果您位於具有個人資料保護法或同等立法的司法管轄區（包括新加坡、泰國和其他亞太國家/地區），您有權根據適用的當地法律的規定存取、更正、刪除、限制和移植您的個人資料。我們按照適用的 PDPA 要求處理您的數據，包括在需要時獲得同意並提供數據處理活動的透明通知。

16.5 中東和北非

對於阿聯酋、沙烏地阿拉伯和其他中東和北非司法管轄區的用戶，我們遵守適用的資料保護法規，包括阿聯酋個人資料保護聯邦法令、沙烏地阿拉伯個人資料保護法和同等區域框架。這包括適用的資料本地化要求。

16.6 其他司法管轄區

Foodfy 致力於遵守我們經營所在的所有司法管轄區的資料保護法。如果您所在的司法管轄區有上面未列出的特定資料保護要求，請聯絡 [email protected]，以了解我們如何根據當地法律保護您的權利。

17. 資料外洩通知

如果個人資料外洩對您的權利和自由構成風險，Foodfy 將：

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and equivalent provisions in other jurisdictions.
Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34 and equivalent provisions.
Provide details of the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.
根據我們的內部違規登記冊，記錄所有個人資料外洩事件，包括事實、影響和採取的補救措施。

如果您認為您的資料已洩露，請立即聯絡 [email protected]。

18. 兒童和未成年人

The Platform is not intended for use by individuals under the age of 18, or the age of digital consent in their jurisdiction (which may be lower, such as 16 in most EEA countries or 13 in the United States under COPPA). We do not knowingly collect personal information from children below the applicable age threshold.

如果我們發現我們在未經父母或監護人同意的情況下無意中收集了低於適用年齡閾值的兒童的個人數據，我們將立即採取措施從我們的系統中刪除該資訊。如果您認為我們收集了兒童的信息，請立即聯繫我們：[email protected]。

19. 第三方連結和服務

The Platform may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to any third-party services, and Foodfy is not responsible for the privacy practices, content, or security of any third party. This includes Business Partner websites built using the Foodfy Website Builder, which may contain additional third-party integrations selected by the Business Partner.

We encourage you to review the privacy policy of every third-party service you interact with.

20. 本隱私權政策的變更

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

We will update the "Last updated" date at the top of this page.
We will provide prominent notice on the Platform.
對於對我們處理您的資料方式產生重大影響的重大變更，我們將在變更生效前至少 30 天透過電子郵件通知您。
Where required by law, we will obtain your consent to material changes in data processing practices.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

21. 聯絡我們

如果您對本隱私權政策、您的個人資料或我們的資料保護實務有任何問題、疑慮或請求，請透過以下管道與我們聯絡：

資料保護官: [email protected]
Privacy Inquiries: [email protected]
Security Issues: [email protected]
一般支持: [email protected]
網站: foodfy.ai

We are committed to resolving any complaints about our collection or use of your personal data. If you have a complaint, please contact us first. If we are unable to resolve your concern, you have the right to lodge a complaint with your local data protection supervisory authority.