Privacy Policy

Effective Date: 2026-02-21
Last Updated: 2026-02-21

1. Introduction

Welcome to the services provided by Seriauth Limited ("Airygen," "we," "us," or "our"). We place high importance on your privacy and data security. This Privacy Policy explains how we collect, use, protect, and process your personal information when you visit our website or use our SaaS services.

This Policy applies to users worldwide (excluding Mainland China, Africa, and Russia). By continuing to use our services, you agree to the terms of this Policy.

2. Information We Collect

We only collect the minimum data necessary to provide services, process transactions, and maintain system security.

2.1 Information You Provide

When you register an account or use our services, we may collect:

  • Account Information: name and email address.
  • Transaction Information: billing address and payment records (note: full credit card numbers are processed by third-party payment processors; we retain only transaction identifier records).

2.2 Information Collected Automatically

When you interact with our services, we automatically collect the following technical data:

  • Device and Connection Information: IP address, browser type, operating system.
  • Cookies and Tracking Technologies: necessary cookies used to maintain login session status and language preferences.
  • Usage Data: service operation logs, error reports, and performance monitoring data.

3. Purposes of Processing and Legal Basis

Under the General Data Protection Regulation (GDPR), we process your data based on legitimate interests and compliance with legal obligations. Specific purposes include:

  • Service Security and Risk Control: prevention of fraud, penetration attempts, abnormal behavior detection, and account security protection.
  • System Operations and Maintenance: logging, error tracking, and performance monitoring to ensure service stability.
  • Service Optimization: basic internal analytics (e.g., usage statistics) to improve user experience (this does not involve intrusive tracking).
  • Regulatory Compliance: retention of transaction records to satisfy tax and accounting requirements.

4. Data Sharing and Third-Party Services

We do not sell your personal data to third parties. We share data only when necessary with the following categories of third-party service providers:

  • Traffic Analytics: we use Google Analytics to analyze website traffic and usage.
  • Cloud Infrastructure: our website and database are hosted by U.S.-based cloud service providers (e.g., AWS or equivalent providers), and your data is stored on secure servers operated by those providers.

5. International Data Transfers

Seriauth Limited is located in Taiwan, and our servers are located in the United States. This means your personal data will be transferred to Taiwan and the United States for processing and storage. We commit that data will not be transferred to regions other than those stated above. We have implemented appropriate technical and organizational measures to ensure cross-border data transfers meet international security standards.

6. Data Retention Periods

We maintain strict data retention rules and keep your information only for the time needed to fulfill the purposes of collection:

  • Accounts without payment history: after a user requests account deletion, related data will be permanently deleted within 30 days.
  • Accounts with payment history: after a user requests account deletion, account data is marked as "soft deleted" in the database and retained for 5 years for legal and tax purposes; after that period, it is deleted together with transaction records.
  • Service and operation logs: retained for 1 year for debugging, security audit, and anti-fraud analysis.
  • Customer support records: retained for 1 year after case closure, then deleted.
  • System backups: retained for 90 days and naturally rotated out by backup cycles.
  • Marketing lists: retained until you unsubscribe or withdraw consent (proof of consent is retained for 5 years for regulatory evidentiary requirements).

7. Data Security Measures

We adopt industry-leading technical measures to protect your data, including:

  • Encryption in transit: site-wide HTTPS (TLS 1.2+), enforced HSTS secure connections, and encrypted API communications.
  • Password protection: passwords are stored using one-way hashing algorithms (bcrypt/Argon2); we never store plaintext passwords.
  • Access control: device fingerprinting with secondary email verification for anomalies; internal keys are managed via Secrets Manager with strict access controls.
  • Network protection: firewall and security-group controls with only required ports open; WAF and DDoS protection enabled as needed.
  • Environment isolation: development, testing, and production environments are fully isolated so production data is not exposed to non-production environments.

8. Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Right of access: request a copy of personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure (right to be forgotten): under specific conditions (e.g., when data is no longer necessary for service provision), request deletion of your personal data.
  • Right to restriction of processing: request temporary suspension of processing of your data.
  • Right to data portability: request your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests (including marketing analytics).
  • Right to withdraw consent: where processing is based on your consent, you may withdraw consent at any time.

8.1 How to Exercise Your Rights

  • Submission method: you may submit a request through the in-product "Delete Account" feature, or by sending an email from your registered email address to [email protected].
  • Identity verification: to prevent unauthorized requests, we may require additional identity verification.
  • Processing timeline: we will process and respond within 30 days after receiving your request.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal or service changes. Material changes will be notified by email or by a prominent notice on our website. The updated policy will indicate the latest "Effective Date."

10. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us via: