Privacy Policy

Thank you for using TeraScan. TeraScan is provided to you by Flextech Inc. (hereinafter referred to as "Flextech", "we", or "us"). We are committed to protecting your privacy. This Privacy Policy sets out how we collect, store, process, share and use your information when you access our website, software, and services (the "Services").

We only collect and use your personal information for legal, legitimate, and necessary purposes. Specifically, we collect and process your personal information to provide you with our services and functions. If you use other people's personal information to access our services and functions, please ensure that you have been authorized to do so, and we reserve the right to verify if such personal information is legally used at any time.

We will ask for your separate consent in specific circumstances in strict accordance with laws and regulations. In addition to this Privacy Policy, we may also explain our rules for processing your personal information through notifications on pages of the product, pop-up prompts, push notifications, and so forth. The processing of personal information for each service or function is subject to specific rules, which have the same effect as this Privacy Policy.

1. What information is collected and for what purpose

Here are the types of information you submit to us when you use the Services and the purposes for which we may use that information. We collect and use the following information to deliver, optimize, protect, and promote the Services.

Type of Information and Purpose of Collection:

Account information: We collect information such as the email address and phone number that you provide to us when you perform operations such as registering for an account (if you log in with an SNS account, then we will receive your nickname and SNS profile image), and link such information with your account.

We may use this information to identify you as the account owner and to keep your account secure. We may collect this information when you log in to your account.

Device information: This refers to information about the device used to access the Services and may include IP address, browser, and device information, web pages visited prior to accessing TeraBox, identifiers tied to the device, and location information depending on the device settings.

We may use this information to optimize and protect the Services.

Cookies: Cookies are small pieces of text that are sent to your browser by the website when you visit TeraBox. You can set your browser not to accept cookies, though this may affect the functionality of the Services.

We may use cookies and similar technologies to deliver, optimize, protect, and promote the Services. Cookies allow us to remember your username between logins, to better understand how you use the Services, and to improve the Services on the basis of this information. The third-party service providers we work with may also use cookies and similar technologies.

The above information is collected for the purpose of reliably and securely providing the Services and for legitimate business purposes. We or our partners will request your consent prior to processing your information for any other purpose beyond those specifically stated.

2. Security of Your Data

We attach great importance to information security. We have a dedicated team to develop and employ a variety of security technologies and programs. We carry out security background checks on personnel in charge of security management and those in critical security positions. We have established a complete information security management system and internal mechanisms for handling security events and more. We take appropriate security measures and technical means in line with industry standards to store and protect your personal information, so as to prevent your information from being lost or accessed, disclosed, used, damaged, or revealed without authorization. All reasonable and feasible measures are being taken for protecting your personal information. In addition, we use encryption technology to ensure the confidentiality of data and apply trusted protection mechanisms to prevent malicious attacks on data.

We train and assess our employees in terms of data security awareness and security abilities to enhance their comprehension of the importance of protecting personal information. We authenticate the identity of employees who process personal information and control their access, sign nondisclosure agreements with our employees and partners who have access to your personal information, and clarify job responsibilities and code of conduct, so that only authorized personnel can access personal information. In the event of any violation of the nondisclosure agreements, the employment will be terminated immediately with the violator held accountable by law. Moreover, there are also confidentiality requirements that relevant personnel must follow when they leave their posts.

We kindly remind you that the Internet is not absolutely secure. Hence, you should carefully protect your personal information when you interact with other users through third-party social software, emails, SMS, and other services integrated into TeraScan under the condition that you are uncertain whether your information is completely encrypted during transfer.

Also, we appreciate your understanding that due to the technical restrictions, rapid development, and various latent and malicious attacks pertaining to the Internet industry, we may not be able to keep your information secure a hundred percent even though we make every effort to enhance our security measures. Hence, the system and communication network based on which you use our product and/or the Services may encounter security problems in other processes beyond our control.

Our security management system regards the disclosure, damage, or loss of personal information as the most serious security event. Once it occurs, our highest-level emergency plan will be implemented with multiple departments dealing with the event as one emergency response team.

We formulate an emergency plan for network security events to promptly respond to system vulnerabilities, computer viruses, cyber-attacks, network intrusions, and other security risks. In case of an event endangering network security, we will immediately carry out the plan, take remedial actions, and report to competent authorities as required.

The disclosure, damage, and loss of personal information are regarded as the most serious security events. Accordingly, we organize members of working groups to perform security plan drills on a regular basis to avoid such events. In the event that such events do occur, we will carry out the emergency plan as a top priority and form an emergency response team to trace the cause and mitigate losses in the shortest time possible.

In case of a personal information security event, we will, as required by laws and regulations, inform you of the basic information about the security event and its possible impact, the measures we have taken or will take, recommendations on actively preventing and mitigating risks for you, and remedial measures for you. We will inform you of event-related information in a timely manner through our notifications or the contact information you have provided to us including SMS, phone number, and email address. If it is difficult to inform our users one by one, we will make announcements in a reasonable and effective way. Meanwhile, we will report the disposal of the personal information security event in accordance with the requirements of regulatory authorities. We appreciate your understanding that according to laws and regulations, if measures taken by us can effectively avoid the harm caused by disclosure, tampering, and loss of information, we may choose not to notify you of a personal information security event unless a regulatory authority requires us to do so.

We refer to the requirements of the GDPR, select appropriate measures for technical security protection based on the nature, scope, background, and purpose of data processing, as well as the risks to individuals, and regularly test and evaluate the measures to maintain their effectiveness.

If data is accidentally disclosed, we will notify affected people as soon as possible and report to competent authorities within 72 hours. If it is impossible to report it within 72 hours, the reason for the delay will be clarified.

We take appropriate technical and organizational measures to achieve our data protection objectives, such as the principle of data minimization and the integration of necessary safeguards into data processing to protect the rights of data subjects and make sure any data processed is necessary for a specific purpose by default. 

3. Store Your Personal Data

(a) We will collect, store, and use your personal data in accordance with this Privacy Policy and applicable laws, wherever it is processed.

(b) When you use Our Services on your devices, your data may be stored locally on the devices you use to access Our Services. When you sync your Devices with our Service, such data will be replicated on our servers maintained by us for processing and storage. While providing the Services, we may store, process, and transfer your information in Japan. Data privacy laws or regulations in your country/region may differ from those in the places where you are located. We will collect, store, and use your information in accordance with this Privacy Policy and applicable laws, wherever it is processed.

(c) We retain your data for no longer than is necessary for the purposes stated in this Privacy Policy. Once the retention period expires, we will delete or anonymize your data, unless otherwise required by applicable laws and regulations.

4. Provision of personal information to third parties

We will not reveal your personal information to any third party without your prior consent, except under any of the following circumstances:

(a) We are required to cooperate with national or regional governmental organizations or their agents in the performance of their duties or obligations under applicable laws and regulations, which may preclude such performance if your consent is required;

(b) Where there is a substantial risk to a person's life or property;

(c) Where there is a particular need to improve public health or promote the healthy development of youth.

For the sharing, transfer, or disclosure of your personal information under the above exceptional circumstances, we will log the basis for processing relevant information, the scope of information being processed, the information on the recipient, and so forth as enumerated below based on the principles of minimization and necessity to protect your legitimate rights and interests.

(1) Names and contact details of the data controller and data protection officer;

(2) Purpose of data processing;

(3) Descriptions of the data subject type and the personal data type;

(4) The type of recipient to whom the personal data has been or will be disclosed (including a recipient in a third country or international organization);

(5) Records of transfer of personal data to a third country or international organization and records of appropriate safeguards;

(6) Expected time to delete different types of data;

(7) General description of technical and organizational security measures.

5. We may share your information with third parties

We may work with certain trusted third parties (such as customer support or IT service providers) that can help us better deliver, optimize, protect, and promote the Services. These third parties may have access to your information to perform tasks on our behalf, during which we remain responsible for the third parties' handling of your information in accordance with our requirements.

We may share infrastructure, systems, and technology with Flextech affiliates to deliver, optimize, protect, and promote the Services. These affiliates will use your information in conjunction with us and the information you have listed in the "What information is collected and for what purpose" section for the purposes described therein. We will be responsible for granting these companies access to your information.

We will establish an output mechanism for cross-border data transfer with reference to the requirements of the GDPR and update it as required. Our processing of personal data will depend on the fundamental principles of the GDPR, the consent of valid data subjects, or other legitimate reasons. Apart from that, additional mechanisms will be put in place to protect data and meet the substantive requirements of the GDPR for data processing.

6. Rights and Obligations of The User

In accordance with the laws, regulations, standards, and established practices of the relevant country and region, we guarantee that you can exercise the following rights for your personal information. If you have any questions or claims about the exercise of rights, you may contact us at terascan@outlook.com. You can view, change, download, delete, or share your information from your TeraScan account.

(1)The right of access

If you wish to know the extent to which your personal information is collected, saved, and shared by TeraScan or the purpose of processing such information, you can contact us for details.

(2)The right of rectification and supplementation

If you find any error in your personal information processed by us, you have the right to rectify the error or add the missing information. After your identity has been verified, you can submit your rectification or supplementation application to us by means of feedback and error reporting or through the aforementioned contact information. We will reply to you as soon as possible after receiving your application.

(3)The right of erasure

You may request us to delete your personal information in the following circumstances:

（a）Our processing of your personal information is in violation of laws and regulations or the agreement with you;

（b）Our processing purpose has been met, cannot be met, or is no longer necessary;

（c）We have stopped providing the product or the Services, or the retention period has expired;

（d）You have decided to withdraw your consent;

（e）Other circumstances required by laws and administrative regulations.

When you delete information from the Services, we may not immediately delete the corresponding information from our backup system, but will delete it after the backup has been updated. We appreciate your acknowledgment and understanding that if the retention period has not yet expired as required by laws and administrative regulations or set forth in this Privacy Policy, or it is technically difficult to delete your personal information, we will stop processing the information other than storing it and taking necessary security protection measures for it.

(4)The right of withdrawal of consent

The implementation of each service or function requires some basic personal information. For any additional collection and use of your personal information, you may give or withdraw your consent at any time.

You can directly disable access to the contacts, photos, camera, and so on in the system of your device, change the scope of consent, or withdraw your authorization.

Following your withdrawal of consent, we cannot continue to provide you with the service involved, and will no longer use the relevant personal information. However, your decision to withdraw your consent will not affect our processing of your personal information previously conducted on the basis of your consent.

(5)The right of account deletion

You may delete the account that you have created. You can delete your account in TeraBox at:

[Account Avatar] - [Menu] - [Settings] - [Security Center] - [Account Deletion].

Once you have deleted your account, you will not be able to use the Services of TearBox, so please think it through before deletion. For the sake of protecting the legitimate rights and interests of you or other users, we will determine whether to accept your deletion request based on your usage. For example, if you have unused Premium benefits or any data in your account, we will not accept your request immediately. Unless otherwise required by laws and regulations, we will stop providing you with the product and the Services, and delete your personal information according to your requirements after your account has been deleted.

(6)The right of copy and data portability

You have the right to copy your personal information collected by us. On the premise that it is required by laws and regulations, in compliance with the instructions and conditions stipulated by competent authorities, and technically feasible, you may request us to transfer your personal information to another designated subject.

In your exercise of the said rights of personal information subjects, we will update third parties on the relevant information in a timely manner to ensure that the above-mentioned rights are exercised in accordance with laws and regulations, regulatory requirements, and technical feasibility.

If your request is manifestly unjustified or beyond necessity, especially when such request is repetitive, we may:

(a) charge a reasonable fee based on the administrative costs of information provision, communication, or corresponding actions; or

(b) refuse to act on the request.

7. Children's Personal Data

Our services are not intended for anyone under 16. And that’s why we do not knowingly collect personal information from anyone under 16. We understand the importance of safeguarding the personal information of children, which we consider to be an individual under the age of 16 or the equivalent age as specified by law in your jurisdiction. Please contact our Data Protection Officer via email at terascan@outlook.com. if you believe we have any personal information from any Child without such parental/guardian consent and acknowledgment so that we can promptly investigate and remove such personal information.

8. Change to This Privacy Policy

We may change this Privacy Policy from time to time. Under certain circumstances (for example with certain material changes or where it is required by applicable privacy laws) we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. If we change this Privacy Policy, we will change the "last updated" date at the top of this Privacy Policy and the revised policy will be posted to this page so that you can review it. Sometimes, we’ll let you know by revising the date at the top of the Privacy Policy that’s available in TeraScan. Other times, we may provide you with additional notice (such as providing you with an in-app notification).

9. How to Contact Us

If you have any questions or complaints regarding this Privacy Policy or the use of your data, please contact our Data Protection Officer via email at terascan@outlook.com.