VibrantPulse operates under Taiwan's Personal Data Protection Act and international privacy standards. We believe transparency builds trust — that's why we've written this policy in plain English, not legal jargon.

Information We Collect

Business Information You Provide

When you contact us or use our system management services, we collect:

• Contact details (name, email, phone number, company name)
• Business address and operational information
• Technical requirements and system specifications
• Communication preferences and service needs

Technical Data We Automatically Collect

Service-Related Information

During our system management work, we may access or process data necessary for service delivery. This includes system configurations, performance metrics, and operational logs. We treat all client system data with the highest level of confidentiality.

How We Use Your Data

We use collected information for specific, legitimate business purposes aligned with our system management services:

Legal Basis for Processing (Taiwan PDPA Compliance)

Under Taiwan's Personal Data Protection Act, we process personal data based on:

• Consent for marketing communications and optional services
• Contract performance for service delivery and technical support
• Legitimate business interests for security monitoring and service improvement
• Legal compliance for record-keeping and regulatory requirements

We never use your data for purposes beyond what's necessary for our system management services or what you've explicitly agreed to.

Data Sharing and Third Parties

We maintain strict control over your data and share it only when necessary for service delivery or legal compliance.

When We Share Data

• Service Providers: Cloud hosting, security monitoring, and technical infrastructure partners operating under strict data processing agreements
• Legal Requirements: Government authorities when required by Taiwan law or valid legal process
• Business Transfers: In unlikely event of merger or acquisition, with advance notice to clients
• Security Incidents: Law enforcement for investigating cyberattacks or data breaches affecting our clients

Third-Party Service Providers

Our carefully selected partners include cloud infrastructure providers, security monitoring services, and communication platforms. All partners sign comprehensive data processing agreements and undergo regular security audits. We maintain full accountability for their handling of your data.

Data Protection and Security

System security isn't just our business — it's our expertise. We apply enterprise-grade protection to all client data.

Technical Safeguards

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-factor authentication and role-based access controls
• Regular security audits, penetration testing, and vulnerability assessments
• Automated backup systems with geographic redundancy
• Real-time monitoring and incident response protocols

Organizational Measures

Our team follows strict data handling procedures, including background checks for staff with data access, regular privacy training, and clear protocols for data processing activities. We maintain detailed logs of all data access and processing activities.

Your Privacy Rights

Taiwan's Personal Data Protection Act grants you specific rights regarding your personal information. We've made exercising these rights straightforward.

How to Exercise Your Rights

Contact us at contact@vibrantpulse.dev with your request. We'll respond within 30 days and may need to verify your identity for security purposes. There's no charge for reasonable requests, though we may charge a fee for excessive or repetitive requests.

Data Retention and Deletion

We keep your data only as long as necessary for service delivery, legal compliance, or legitimate business purposes.

Retention Periods

• Active Client Data: Maintained during service relationship plus 12 months for transition support
• Communication Records: 3 years for service history and support continuity
• System Logs: 12-36 months depending on security and performance requirements
• Financial Records: 5 years per Taiwan tax and accounting regulations
• Marketing Contacts: Until you unsubscribe or request deletion

When retention periods expire, we securely delete data using industry-standard methods that make recovery impossible. We can provide certificates of deletion upon request.

International Data Transfers

While VibrantPulse operates primarily in Taiwan, some data processing occurs internationally through our service providers.

Cross-Border Data Protection

When we transfer data outside Taiwan, we ensure adequate protection through:

• Standard contractual clauses approved by Taiwan authorities
• Adequacy decisions recognizing equivalent privacy protection
• Certification schemes and binding corporate rules
• Explicit consent for transfers to countries without adequate protection

Policy Updates and Changes

We review and update this privacy policy annually or when significant changes occur to our data practices.

When we make material changes, we'll notify active clients by email at least 30 days in advance. We'll also post updates on our website with clear explanations of what changed and why.

Continued use of our services after policy updates indicates acceptance of the changes. If you disagree with updates, you can exercise your data deletion rights or discontinue services.