Kuzu Privacy Policy

Last updated: March 30, 2026

1. Overview

Kuzu (the "Service") is operated by ProSoft Engineering Co., Ltd. at kuzu.tw. This Privacy Policy explains how we collect, process, use, and protect your personal data in accordance with Taiwan's Personal Data Protection Act (PDPA) and applicable regulations.

2. Data We Collect

2.1 Business Users (You)

  • Name, email address
  • LINE User ID (obtained via LINE Login)
  • Google account information (if signing in via Google)
  • Business name, business type
  • Product information, pricing, and Brain card content you provide
  • Account usage records (login times, feature usage)

2.2 Your Customers

When customers interact with Kuzu through your LINE Official Account, we process:

  • LINE User ID (does not include real name or phone unless voluntarily provided)
  • Conversation content (messages sent by customers and Kuzu's replies)
  • Conversation timestamps

We do NOT independently collect your customers' real names, phone numbers, or email addresses. We only process conversation content transmitted through LINE's Messaging API.

3. Purpose of Collection

Specific purposes include:

  1. Providing and operating the Service (AI chatbot, inbox, Brain cards)
  2. Processing account registration and identity verification
  3. Calculating conversation usage and managing subscription plans
  4. Improving service quality and user experience
  5. Sending service-related notifications (e.g. trial expiry, usage alerts)
  6. Complying with legal obligations

4. Data Processing & Third-Party Services

We use the following third-party services to operate the Service:

ServicePurposeLocation
SupabaseDatabase, authenticationTokyo, Japan (ap-northeast-1)
Anthropic (Claude API)AI conversation generationUnited States
VercelWeb hostingGlobal CDN
LINE Messaging APIMessage deliveryJapan

About AI Processing

Customer conversation content is sent to Anthropic's Claude API to generate responses. Per Anthropic's data policy, data submitted through the API is not used to train their models. See Anthropic's usage policy for details.

5. Cross-Border Data Transfer

Some of your data is transferred outside of Taiwan for processing:

  • AI Processing: Conversation content is sent to Anthropic servers in the United States
  • Web Hosting: Some requests are processed by Vercel's global CDN nodes
  • Primary Database: Stored on Supabase in Tokyo, Japan

Taiwan is a member of the APEC Cross-Border Privacy Rules (CBPR) system. We ensure that receiving parties provide adequate security measures consistent with PDPA requirements.

6. Data Security

We implement the following measures to protect your data:

  • Encryption in transit (TLS) and at rest (AES-256)
  • Row Level Security (RLS) for data access control
  • JWT token-based authentication
  • API keys stored only in server-side environment variables
  • LINE Webhook signature verification

7. Data Retention

  • Account data: retained until you delete your account
  • Conversation records: retained until you delete your account (you may delete individual conversations at any time)
  • Brain card content: retained until you delete the card or your account
  • After account deletion, all associated personal data will be deleted within 30 days

8. Your Rights

Under the PDPA, you have the right to:

  1. Inquire and request access to your personal data
  2. Request copies of your data
  3. Request supplementation or correction
  4. Request cessation of collection, processing, or use
  5. Request deletion

To exercise these rights, contact hello@kuzu.tw. We will respond within 15 business days.

9. Your Responsibilities to Your Customers

When you use the Service to interact with customers through your LINE Official Account, you are the data collector for your customers' personal data. You are responsible for:

  1. Ensuring your LINE Official Account properly discloses the use of AI auto-replies
  2. Complying with PDPA notification obligations when collecting customer data
  3. Responding to customer requests regarding their personal data

10. Cookies and Tracking

The Service uses essential cookies to maintain login sessions and language preferences. We do not use third-party advertising trackers.

11. Minors

The Service is intended for business users aged 18 and above. We do not knowingly collect personal data from individuals under 18.

12. Changes to This Policy

If this Privacy Policy is revised, we will notify you via the website and by email or LINE message. Material changes will take effect 30 days after announcement.

13. Data Breach Notification

Under PDPA Article 12 and the 2025 amendments, in the event of a personal data breach, we will:

  1. Immediately notify affected users
  2. Report to the Personal Data Protection Commission (PDPC) as required by law
  3. Take necessary remedial measures

14. Contact

For questions about this Privacy Policy, contact:

The Chinese version of this Privacy Policy shall prevail. The English version is for reference only.

See also: Terms of Service