Privacy Policy

Information We Collect

Running a payment processing system means we work with different types of data. Some you give us directly, some we collect automatically, and some comes from your use of our services.

Business Information You Provide

When you set up an account or request our services, we collect:

• Company name, registration details, and tax identification numbers
• Business contact information including addresses and phone numbers
• Names and email addresses of authorized representatives
• Bank account details for payment settlements
• Business verification documents required by Taiwan financial regulations

Transaction and System Data

Our automation platform collects operational data to function properly:

• Transaction details including amounts, timestamps, and payment methods
• System usage logs and API interaction records
• Device information and IP addresses for security monitoring
• Performance metrics and error reports for system optimization
• Customer payment data processed through our platform (handled according to PCI DSS standards)

Communications and Support

When you contact us for support or business inquiries, we keep records of those conversations, emails, and any documents you share with us. This helps us provide better service and resolve issues more effectively.

How We Use Your Information

We're not in the business of selling data or creating advertising profiles. Here's what we actually do with the information we collect:

Data Sharing and Disclosure

We don't hand your information to random third parties. But payment processing doesn't happen in a vacuum, so here's when we share data:

Essential Service Partners

• Banking institutions for payment settlements and financial transfers
• Payment networks that process credit card and digital wallet transactions
• Security providers who help us detect fraud and protect system integrity
• Cloud infrastructure services where our systems operate

Legal Requirements

We'll share information when Taiwan law requires it, which includes:

• Responses to valid legal processes like court orders or government requests
• Compliance with Financial Supervisory Commission regulations
• Cooperation with law enforcement in fraud investigations
• Protection of our legal rights or defense against legal claims

Data Security Measures

Protecting financial data isn't optional. Here's what we actually do beyond the standard security buzzwords:

• Encryption everywhere: All data transmissions use TLS 1.3 protocol, and sensitive information is encrypted at rest using AES-256 standards
• Access controls: Our staff can only access data they need for their specific roles, with all access logged and monitored
• Network security: Firewalls, intrusion detection systems, and regular security audits protect our infrastructure
• PCI DSS compliance: We maintain Level 1 PCI DSS certification for handling credit card data
• Regular testing: Quarterly penetration testing and annual third-party security assessments
• Incident response: We have documented procedures for responding to security breaches, including notification within 72 hours as required by Taiwan's Personal Data Protection Act

No security system is perfect, but we take this seriously because your business depends on it.

Your Rights Under Taiwan Law

The Personal Data Protection Act gives you specific rights regarding your information. Here's what you can actually do:

Access and Review

You can request a copy of the personal data we hold about your business. We'll provide this within 30 days, though we might charge a reasonable fee for extensive requests.

Correction and Updates

Found something wrong in your data? Tell us, and we'll fix it. You can update most business information directly through your account dashboard.

Data Deletion

You can request deletion of your data, but there are practical limits. We need to keep certain financial records for seven years under Taiwan tax law. Transaction data tied to ongoing disputes or legal requirements also stays in our system until those issues resolve.

Processing Restrictions

You can ask us to stop processing your data in specific ways, though this might affect our ability to provide certain services. We'll explain any limitations before implementing restrictions.

Data Portability

Want to move your data elsewhere? We'll provide your transaction records and business information in a structured, commonly used format. Just keep in mind some data formats are dictated by banking standards.

Data Retention

We don't keep information forever, but financial services have specific retention requirements:

• Transaction records: Seven years from transaction date, as required by Taiwan tax regulations
• Business account information: Duration of your service agreement plus seven years
• System logs and security data: Two years for operational logs, five years for security incident records
• Support communications: Three years from last interaction
• Marketing communications: Until you opt out or close your account

After these periods, we securely delete or anonymize the data so it can't identify your business.

Cookies and Tracking

Our platform uses cookies and similar technologies, but we're not tracking you across the internet. Here's what we actually use:

Essential Cookies

These make the platform function. They handle your login session, remember your preferences, and keep the system secure. You can't opt out of these because the platform won't work without them.

Analytics Cookies

We track how businesses use our platform to identify bugs and improve features. This data is aggregated and doesn't track individual behavior across websites.

What We Don't Use

No advertising cookies, no social media tracking pixels, no cross-site behavioral profiling. We're a payment processor, not an ad platform.

International Data Transfers

MaxonOnward operates primarily in Taiwan, and we store data in Taiwan-based data centers. However, some of our service providers operate internationally:

• Cloud infrastructure services with servers in Taiwan and backup facilities in Singapore
• Security monitoring tools that process data in regional data centers
• Email services and communication platforms with international operations

When data leaves Taiwan, we ensure adequate protection through:

• Contractual agreements requiring equivalent data protection standards
• Service providers certified under recognized international security frameworks
• Encryption during transmission and storage in foreign systems
• Regular audits of international service provider security practices

Third-Party Links and Services

Our platform might link to external services or integrate with third-party business tools. We're not responsible for their privacy practices. When you click through to another service, you're subject to their privacy policies, not ours.

If you integrate our payment system with your e-commerce platform, accounting software, or other business tools, data sharing happens according to the permissions you grant. Review those integration settings carefully.

Changes to This Policy

We update this policy when our practices change or regulations require it. When we make significant changes, we'll notify you through:

• Email to your registered business contact address
• Notice in your account dashboard when you log in
• Update notification on our website

Continued use of our services after changes take effect means you accept the updated policy. If you don't agree with changes, you can close your account, though some data retention requirements still apply.

Children's Privacy

MaxonOnward provides business services only. We don't knowingly collect information from individuals under 18 years old. Our platform is designed for business use, and account holders must be legally authorized to represent their companies.