隱私權政策

Privacy Policy

最後更新日期:2026 年 4 月 12 日

1. 前言

一日軟體有限公司(統一編號:60759468,以下簡稱「本公司」)經營 QMesh 全球眾測媒合平台(以下簡稱「本平台」)。本公司深知個人資料保護之重要性,特制定本隱私權政策(以下簡稱「本政策」),說明我們如何收集、使用、儲存及保護您的個人資料。使用本平台即表示您同意本政策之內容。

2. 個人資料之收集

我們可能收集以下類型的個人資料:

2.1 您主動提供的資料

  • 註冊資訊:姓名、電子郵件、公司名稱、國家/地區
  • 個人檔案:顯示名稱、LinkedIn 連結(QA 認證申請時)
  • 付款資訊:信用卡資料(由第三方金流服務商 ECPay 綠界科技處理,本平台不直接儲存卡號)
  • 測試回報:缺陷描述、截圖、錄影、裝置資訊
  • QA 認證資料:履歷、專業證照

2.2 自動收集的資料

  • 裝置資訊:瀏覽器類型、作業系統、裝置型號
  • 使用記錄:登入時間、頁面瀏覽、功能使用頻率
  • IP 位址與地理位置(用於安全驗證與服務區域限制)
  • Cookie 與類似技術(詳見第 7 條)

3. 個人資料之使用目的

我們收集的個人資料用於以下目的:

  • 提供、維護及改善本平台的服務功能
  • 處理帳號註冊、身份驗證及登入管理
  • 媒合企業與測試員,管理測試任務的生命週期
  • 處理付款、退款及積分兌換交易
  • 計算 QIS 評分、會員等級及品質貢獻排行
  • 發送系統通知(任務狀態更新、缺陷審核結果、帳號安全通知)
  • 審核 QA 專業認證申請
  • 防範詐欺、濫用及維護平台安全
  • 遵循法律義務及回應司法機關要求
  • 進行匿名化的數據分析以改善服務品質

4. 個人資料之分享與揭露

我們不會出售您的個人資料。在以下情況下,我們可能與第三方分享您的資料:

  • 服務提供者:如金流服務商(綠界 ECPay)、雲端服務(Supabase)、電子郵件服務(Resend),僅限於為本平台提供服務所必要的範圍。
  • 企業與測試員之間:測試員的顯示名稱、會員等級、QA 認證狀態等公開資訊可被任務發布企業查看。企業的公司名稱可被申請任務的測試員查看。
  • 法律要求:依法律規定或司法機關、主管機關之合法要求。
  • 權益保護:為保護本公司、使用者或公眾的權益、財產或安全。
  • 公開排行榜:品質貢獻榜上的顯示名稱、會員等級、QIS 分數等為公開資訊。

5. 資料安全

我們採取合理的技術與組織措施保護您的個人資料,包括但不限於:

  • 傳輸加密:所有資料傳輸均使用 SSL/TLS(HTTPS)加密
  • 存取控制:基於角色的存取權限(RLS),確保使用者僅能存取授權範圍內的資料
  • 密碼安全:密碼經由 bcrypt 雜湊處理,本平台無法讀取您的明文密碼
  • 第三方安全:金流資料由 PCI DSS 合規的支付服務商處理
  • 定期審查:定期檢視與更新安全措施

儘管我們盡力保護您的資料,但網路傳輸無法保證百分之百安全。若發生資料外洩事件,我們將依法通知受影響的使用者及主管機關。

6. 資料保留期間

  • 帳號資料:於帳號存續期間保留;帳號刪除後,個人識別資料將於 30 日內刪除。
  • 交易記錄:依稅務法規保留至少 5 年。
  • 測試回報與缺陷資料:於任務結束後保留至少 1 年,供爭議處理使用。
  • 系統日誌:保留 90 天,用於安全監控與問題排查。
  • 匿名化的統計數據:可無限期保留。

7. Cookie 政策

本平台使用 Cookie 及類似技術以提供更好的使用體驗:

  • 必要性 Cookie:用於維持登入狀態與安全驗證,無法關閉。
  • 功能性 Cookie:記住您的偏好設定(如語言、角色選擇)。
  • 分析性 Cookie:幫助我們了解平台使用情況並改善服務(可選擇退出)。

您可透過瀏覽器設定管理或刪除 Cookie,但關閉必要性 Cookie 可能導致部分功能無法正常使用。

8. 您的權利

依據《個人資料保護法》,您享有以下權利:

  • 查閱權:您可查詢本平台所持有之您的個人資料。
  • 更正權:您可要求更正不正確或不完整的個人資料。
  • 刪除權:您可要求刪除您的個人資料(受法律保留義務限制)。
  • 停止處理權:您可要求停止收集、處理或利用您的個人資料。
  • 可攜權:您可要求以結構化、機器可讀的格式匯出您的個人資料。

如需行使上述權利,請透過 support@oneday.software 聯繫我們,我們將於 30 日內回覆。

9. 未成年人保護

本平台不對未滿 18 歲的個人提供服務。如果我們發現不慎收集了未成年人的個人資料,將立即刪除相關資料。若您是家長或監護人,發現未成年人使用本平台,請聯繫我們。

10. 跨境資料傳輸

本平台使用的雲端服務(Supabase)可能將資料儲存於台灣以外的伺服器。我們確保此類跨境傳輸符合適用的資料保護法規,並與服務提供者簽訂適當的資料處理協議。

11. 政策修改

本公司保留隨時修改本政策的權利。修改後的政策將於本頁面公告並更新「最後更新日期」。重大變更將透過電子郵件或平台通知方式告知。繼續使用本平台即視為同意修改後的政策。

12. 聯絡方式

若您對本隱私權政策有任何疑問或需行使您的資料權利,請聯繫:

Privacy Policy

English Version

Last Updated: April 12, 2026

1. Introduction

OnedaySoftware Co., Ltd. (Tax ID: 60759468, hereinafter "the Company") operates the QMesh global crowdtesting platform (hereinafter "the Platform"). We are committed to protecting your personal data and have established this Privacy Policy to explain how we collect, use, store, and protect your information. By using the Platform, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Registration information: name, email address, company name, country/region
  • Profile information: display name, LinkedIn URL (for QA certification)
  • Payment information: credit card details (processed by ECPay; we do not directly store card numbers)
  • Bug reports: descriptions, screenshots, recordings, device information
  • QA certification materials: resume, professional certifications

2.2 Information Collected Automatically

  • Device information: browser type, operating system, device model
  • Usage data: login times, page views, feature usage frequency
  • IP address and geolocation (for security verification and regional restrictions)
  • Cookies and similar technologies (see Section 7)

3. How We Use Your Information

  • Providing, maintaining, and improving Platform services
  • Processing account registration, identity verification, and login management
  • Matching businesses with testers and managing task lifecycles
  • Processing payments, refunds, and point redemptions
  • Calculating QIS scores, membership levels, and quality contribution rankings
  • Sending system notifications (task updates, bug review results, security alerts)
  • Reviewing QA professional certification applications
  • Preventing fraud, abuse, and maintaining platform security
  • Complying with legal obligations and responding to lawful requests
  • Conducting anonymized data analysis to improve service quality

4. Information Sharing and Disclosure

We do not sell your personal data. We may share your information with third parties in the following circumstances:

  • Service Providers: Payment processors (ECPay), cloud services (Supabase), email services (Resend), strictly limited to what is necessary to provide Platform services.
  • Between Businesses and Testers: Testers' display names, membership levels, and QA certification status are visible to task-publishing businesses. Business company names are visible to applying testers.
  • Legal Requirements: As required by law or by lawful requests from judicial or regulatory authorities.
  • Rights Protection: To protect the rights, property, or safety of the Company, users, or the public.
  • Public Leaderboard: Display names, membership levels, and QIS scores on the quality contribution leaderboard are public information.

5. Data Security

We implement reasonable technical and organizational measures to protect your personal data, including but not limited to:

  • Encryption in transit: all data transmitted via SSL/TLS (HTTPS)
  • Access controls: role-based access (RLS) ensuring users can only access authorized data
  • Password security: passwords are hashed using bcrypt; we cannot access your plaintext password
  • Third-party security: payment data processed by PCI DSS-compliant providers
  • Regular reviews: periodic review and updating of security measures

Despite our efforts, no internet transmission can be guaranteed to be 100% secure. In the event of a data breach, we will notify affected users and relevant authorities as required by law.

6. Data Retention

  • Account data: retained during the account's active period; personal identifiers deleted within 30 days of account deletion.
  • Transaction records: retained for at least 5 years per tax regulations.
  • Bug reports and defect data: retained for at least 1 year after task completion for dispute resolution.
  • System logs: retained for 90 days for security monitoring and troubleshooting.
  • Anonymized statistical data: may be retained indefinitely.

7. Cookie Policy

The Platform uses cookies and similar technologies to provide a better user experience:

  • Essential Cookies: Required for login sessions and security verification; cannot be disabled.
  • Functional Cookies: Remember your preferences (e.g., language, role selection).
  • Analytics Cookies: Help us understand Platform usage and improve services (opt-out available).

You may manage or delete cookies through your browser settings, but disabling essential cookies may impair Platform functionality.

8. Your Rights

Under the Personal Data Protection Act, you have the following rights:

  • Right of Access: You may request access to the personal data we hold about you.
  • Right of Rectification: You may request correction of inaccurate or incomplete data.
  • Right of Deletion: You may request deletion of your personal data (subject to legal retention requirements).
  • Right to Restrict Processing: You may request that we stop collecting, processing, or using your data.
  • Right to Data Portability: You may request your data in a structured, machine-readable format.

To exercise these rights, please contact us at support@oneday.software. We will respond within 30 days.

9. Protection of Minors

The Platform does not provide services to individuals under 18 years of age. If we discover that we have inadvertently collected personal data from a minor, we will promptly delete it. If you are a parent or guardian and believe a minor has used the Platform, please contact us.

10. Cross-Border Data Transfers

Cloud services used by the Platform (Supabase) may store data on servers outside of Taiwan. We ensure that such cross-border transfers comply with applicable data protection regulations and that appropriate data processing agreements are in place with service providers.

11. Policy Changes

The Company reserves the right to modify this Policy at any time. Updated policies will be posted on this page with the "Last Updated" date revised. Significant changes will be communicated via email or Platform notifications. Continued use of the Platform constitutes acceptance of the updated Policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact: