Ezily Privacy Policy

Effective Date: 03 September, 2025
Last Updated: 18 November, 2025

Ezily Co., Ltd. (“Ezily,” “we,” or the “Company”) is a Taiwan-based Software-as-a-Service (“SaaS”) provider. This Privacy Policy explains how we collect, process, use, store, share, and protect personal data in accordance with the Taiwan Personal Data Protection Act (“PDPA”) and, where applicable, selected principles inspired by the EU General Data Protection Regulation (“GDPR”).

This Privacy Policy should be read together with Ezily’s Service Agreement, Data Processing Agreement (“DPA”), and Acceptable Use Policy (“AUP”), which are available at https://ezily.io/legal/ and, where applicable, form part of the contractual framework between Ezily and its Clients.

1. Our Roles

   1. Processor Role
      For personal data collected through the Client’s LINE Mini App or related integrations (“Services” as defined in the Service Agreement), Ezily acts solely as a data processor on behalf of the Client (the data controller), in accordance with the Service Agreement and the DPA. Ezily does not determine the purposes or essential means of processing such data.

   2. Controller Role
      For personal data belonging to Client-authorized users who access Ezily’s own platform (e.g., administrators who log into Ezily’s admin or billing interface), Ezily acts as the data controller, and such processing is governed by this Privacy Policy.

   3. Client Responsibilities as Controller
      As controller of Mini App end-user data, the Client is solely responsible for:

      • Providing legally required privacy notices

      • Obtaining valid consents where required

      • Determining purposes and means of processing

      • Complying with all applicable laws and LINE policies

      Ezily does not provide legal advice to Clients and does not assume the Client’s legal obligations toward its Mini App users.

   
   

2. Scope of Application
   This Policy applies to personal data processed:

   • When individuals use Ezily-provided websites, applications, APIs, and cloud-based tools; and

   • When Ezily processes personal data on behalf of Clients as a processor under the Service Agreement and DPA.

   
   

3. Categories of Personal Data
   We may collect and process the following categories of personal data:

   • General Information: Name, contact details (e.g., email, phone number), company name, job title

   • Account Information: Username, encrypted password, login records

   • Payment / Transaction Data: Invoice details, payment records, and related transaction information (not necessarily full credit card details)

   • Technical / Usage Data: IP address, device information, browser type, activity logs, usage behavior analytics

   • Optional Special Categories: Processed only when legally permitted and with explicit consent, with additional safeguards applied

   Ezily does not intentionally collect special categories of personal data (such as health, religion, political opinions) unless explicitly instructed by the Client as controller and only where legally permitted.
   
   

4. Purposes of Processing
   We process personal data for the following purposes:

   • To provide, operate, and maintain our services (including configuration, hosting, maintenance, and issue resolution)

   • Customer support and account management

   • System security, misuse prevention, and fraud monitoring

   • Service improvement, analytics, and product development

   • Marketing or promotional communications where prior consent is required and obtained

   • Compliance with legal obligations or regulatory requests

   For clarity, Ezily does not use personal data processed on behalf of Clients for Ezily’s own independent marketing, profiling, or unrelated purposes.

   
   

5. Duration, Area, Recipients, and Methods

   1. Duration
      Personal data is retained for the period necessary to fulfill the purposes described above or as required by applicable law or contractual obligations. After that, it is securely deleted or anonymized.

   2. Area
      Taiwan and other regions where Ezily or its trusted service providers host systems, applications, or backups.

   3. Recipients

      Personal data may be disclosed to the following categories of recipients:

      • Ezily personnel who are authorized and have a legitimate need to access the data

      • Third-party service providers engaged by Ezily to support service delivery (e.g., cloud hosting providers, infrastructure and maintenance partners, analytics tools, payment processors), all bound by contractual obligations

      • Government authorities or courts with lawful authority to request such information

   4. Methods
      Personal data may be processed by automated means, electronic systems, or paper, using lawful and reasonable methods consistent with industry security practices.

6. Cookies and Tracking Technologies

   Ezily uses cookies and similar technologies to：

   • Provide and maintain core website and platform functionality

   • Optimize user experience and interface performance

   • Analyze service usage to improve products and features

   You may configure your browser to block cookies; however, some features of our services may not function properly if cookies are disabled.

7. Data Subject Rights
   Under Taiwan’s PDPA, you may have the following rights regarding your personal data:

   • The right to inquire about or request access to your personal data

   • The right to request a copy of your personal data

   • The right to request correction or supplementation

   • The right to request cessation of collection, processing, or use

   • The right to request deletion

   To exercise these rights, you may contact us at: privacy@ezily.io. If your request relates to personal data that Ezily processes on behalf of a Client (for example, data collected through a Client’s LINE Mini App), Ezily will promptly forward your request to the relevant Client (as the data controller) and, where appropriate, assist the Client in responding in accordance with the Service Agreement and the Data Processing Agreement.

8. Cross-Border Data Transfer
   We may transfer personal data internationally (for example, when using international cloud hosting providers). Ezily implements safeguards consistent with PDPA and, where applicable, GDPR-inspired mechanisms such as contractual commitments to ensure adequate protection.
   
   Ezily will not transfer personal data to jurisdictions that Taiwan’s competent authorities have publicly announced as restricted or prohibited transfer destinations.

9. Data Retention & Security
   We retain personal data only for as long as necessary to fulfill the purposes described above, to comply with applicable laws, or to perform our contractual obligations. After the relevant retention period expires, data will be securely deleted or anonymized, subject to backup and legal requirements.
   
   Ezily implements technical and organizational measures including, but not limited to：

   • Access controls and the principle of least privilege

   • Encryption during transmission and storage (where applicable)

   • Regular backups and disaster recovery mechanisms

   • Internal security policies, data protection procedures, and employee training

   
   

10. Data Breach Notification
    If Ezily becomes aware of a personal data breach involving data processed as a processor on behalf of a Client, Ezily will notify the relevant Client without undue delay and in any case no later than seventy-two (72) hours after becoming aware of the breach, and will provide reasonable assistance to enable the Client to comply with its legal obligations under PDPA and, where applicable, GDPR.

11. Electronic Marketing Opt-Out
    Where Ezily sends electronic marketing communications as controller (for example, to Client administrators), such communications will only be sent in accordance with applicable law and, where required, with prior consent. Recipients may opt out at any time by following the unsubscribe instructions in the message or by contacting privacy@ezily.io.
    
    Where Ezily processes data for electronic marketing on behalf of a Client, Ezily does so solely on the Client’s instructions and the Client remains responsible for ensuring that such communications comply with applicable laws.

12. Minors
    Under Taiwan law, individuals under 20 generally require the consent of their legal guardian to use certain services or provide personal data. Ezily may take reasonable steps to confirm such consent where applicable. In other jurisdictions, the local “digital consent” age (for example, 13–16 under GDPR) will apply.
    
    Ezily does not knowingly collect personal data from children in violation of applicable law.

13. Changes to This Policy
    We may update this Privacy Policy from time to time in response to legal, technical, or business changes. When we do so, we will update the “Last Updated” date at the top of this document. For material changes, we may provide additional notice (such as via email or prominent notice on our website or platform).

14. Contact Us
    For questions about this Privacy Policy or our data practices, or to exercise your data subject rights, you may contact:

    • Privacy: privacy@ezily.io

    • General: corporate@ezily.io

    
    

15. Language
    This Privacy Policy is provided in English and Chinese. In the event of any inconsistency or conflict, the English version shall prevail, consistent with Ezily’s Service Agreement.