Privacy Policy
Effective date: 2026-02-01
1. Information We Collect
We collect your email address when you register an account, a display name (if provided), payment information (processed by third-party providers; we do not store full card numbers), and usage data including API request logs (model, token count, timestamp) for billing and analytics purposes. We also automatically collect technical information including browser language settings, session tokens, and request timestamps for service operation. We do not log your IP address. Providing your email address is required to create and use an account; if you choose not to provide it, you will be unable to register or access the service.
2. Prompt & Message Privacy
BazaarLink does not log, store, or inspect the content of your API prompts or model responses. We record only the metadata needed for billing: model name, token count, and timestamp. Your conversations with AI models are never stored on BazaarLink servers, never used to train any model, and never shared with third parties except as strictly necessary to route your request to the upstream AI provider. Note: upstream AI providers (OpenAI, Anthropic, Google, etc.) process your requests under their own privacy policies; please review them before use.
3. How We Use Your Information
We use your information to: provide and improve the BazaarLink service; process payments and generate invoices (統一發票); communicate service updates and billing notifications; enforce our Terms of Service; comply with applicable laws, including Taiwan's Personal Data Protection Act (個人資料保護法, PDPA).
4. Data Retention
Account information and API request metadata (model, tokens, timestamp) are retained for the duration of your account for billing reconciliation. BazaarLink does not store the content of your messages. You may request deletion of your personal data at any time by contacting [email protected].
5. Data Sharing
We do not sell your personal data. We share data with: (a) upstream AI providers (OpenAI, Anthropic, Google, etc.) solely to fulfill your API requests — cross-border transfers to upstream AI providers are made on the basis of contractual necessity under Taiwan's Personal Data Protection Act (PDPA §21) and are limited to the minimum data required; please review each provider's privacy policy; (b) payment processors for billing; (c) cloud infrastructure providers (data hosted in Taiwan/Asia-Pacific regions as a priority); (d) law enforcement when required by law.
6. Cookies
We use essential session cookies for authentication and preference cookies for UI settings (e.g., theme). We do not use third-party tracking or advertising cookies.
7. Security
User API keys are stored as one-way hashes (SHA-256) — even in the event of a database breach, the original keys cannot be recovered. BYOK upstream provider keys are encrypted with AES-256-GCM. All data is transmitted over TLS 1.2+. We undergo periodic security reviews. If you discover a security vulnerability, please disclose it responsibly to [email protected]. In the event of a personal data breach that poses a risk to your rights and interests, we will notify affected users within 96 hours of becoming aware of the breach, as required by the Personal Data Protection Act.
8. Your Rights (Taiwan PDPA)
Under Taiwan's Personal Data Protection Act, you have the right to: inquire about or request a copy of your personal data; request correction of inaccurate data; request deletion of your data; restrict or object to processing; withdraw consent. To exercise these rights, contact [email protected] with your account email. If you believe we have not adequately addressed your request, you may lodge a complaint with Taiwan's Personal Data Protection Commission (個人資料保護委員會).
9. Children's Privacy
BazaarLink is not directed to children under 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will promptly delete their account and associated personal data.
10. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or a prominent notice on our website at least 14 days before taking effect.
11. Business Transactions
If BazaarLink is involved in a merger, acquisition, asset sale, or other business reorganization, your personal data may be transferred to the acquiring party as part of the transaction. We will notify you by email or a prominent notice on our website before such a transfer takes effect, and explain your options, including opt-out mechanisms to the extent permitted by applicable law.
12. Contact
集聯科技有限公司 | Toufen City, Miaoli County, Taiwan | [email protected]