隱私政策與個人資料保護

最後更新日期:2026年5月26日

Designora | 曜象(以下簡稱「我們」、「本公司」)於 https://designora.co.uk 營運基於人工智能(AI)技術的設計平台(以下簡稱「本服務」)。本隱私政策旨在說明當您使用我們的商家後台與 AI 設計服務時,我們如何收集、使用、存儲及保護您的個人資料,本政策符合英國通用數據保護條例(UK GDPR)及《2018年數據保護法》(Data Protection Act 2018)之規定。

1. 我們是誰

我們是處理本服務相關個人資料的數據控制者。
如對隱私政策有任何查詢,請隨時聯絡我們:privacy@designora.co.uk(或透過我們網站上的聯絡表格)。
(備註:一旦完成設置,我們建議將此電子郵件地址替換為您的官方支援郵箱。)

2. 我們收集哪些個人資料

為了向您提供 AI 設計服務,我們會收集以下類別的數據:

  • a. 帳戶及聯絡人資料:姓名、電子郵件地址、WhatsApp / 聯絡電話、品牌或公司名稱、行業分類。
  • b. 用戶內容與創意資產:您所上傳的產品照片、品牌商標(LOGO)、參考圖像以及其他資產;為您設計與生成的 AI 圖像、海報、橫幅(Banner)及行銷素材(存儲在您的專屬商家安全工作空間內)。
  • c. 付費及交易數據:購買套餐的歷史與付費記錄(全部由 Stripe 安全網關處理;我們不會存儲您信用卡或借記卡的任何明細資訊)。
  • d. 使用情況及技術數據:您與平台的互動方式(例如使用了哪些功能、生成了哪些設計等);IP 地址、瀏覽器類型、設備資訊及使用日誌(透過 Vercel 託管與分析工具自動收集)。
  • e. 聯絡溝通數據:您與我們團隊的支援請求及來往信件記錄。

3. 我們如何使用您的數據及法律依據

我們基於以下目的處理您的數據:

  • 運行並提供 AI 設計服務(包括透過我們的 Aura Glow 引擎Vision 引擎 處理您上傳的圖片以生成視覺內容)
  • 創建並管理您的商家帳戶及個人工作空間
  • 處理付款並交付您購買的設計套餐
  • 就您的帳戶、訂單及技術支援與您進行聯絡溝通
  • 改善我們的服務及 AI 質量(在可行情況下會使用聚合/匿名數據)
  • 偵測欺詐行為、確保平台安全,並履行法律義務

UK GDPR 下的處理法律依據:

  • 履行合約之必要性 – 旨在向您提供設計服務並管理您的帳戶
  • 合法利益 – 旨在進行服務改進、安全性維護以及確保平台功能運作
  • 用戶同意 – 旨在向您發送自願性的行銷資訊(您可隨時撤回同意)
  • 法律義務 – 旨在履行會計、稅務及法規合規之義務

關於 AI 數據處理的重要說明:
您上傳的品牌資產與產品圖片僅用於生成您所請求的設計。未經您事前明確同意,我們絕不會將您的專屬品牌資產、LOGO 或生成的作品用於訓練我們或任何第三方的 AI 模型。所有 AI 處理過程均在我們與受信任的基礎設施供應商簽訂的嚴格數據處理協議下安全進行。

4. 數據共享與第三方處理者

我們絕不銷售您的個人資料。我們僅在正式的《數據處理協議》下,與以下受信任的第三方處理者共享數據,以確保數據安全:

  • Vercel – 網站託管與基礎設施
  • Supabase – 加密數據庫、身份驗證及檔案存儲
  • Stripe – 安全支付處理解決方案(符合 PCI DSS Level 1 頂級合規標準)
  • 受信任的第三方 AI 圖像生成及處理服務(僅用於完成您的設計請求)
  • 必要的運營服務商(例如發送交易郵件的系統)

國際數據傳輸:
部分處理者(包括 Vercel、Supabase 與 Stripe)的總部設於英國境外(主要在美國)。我們已確保採取了適當的安全防禦措施,例如採用《英國國際數據傳輸附件》(UK International Data Transfer Addendum)及《歐盟標準契約條款》(EU Standard Contractual Clauses),以確保其數據保護水平等同於英國標準。

5. 數據保留期限

我們僅在必要期間內保留個人資料:

  • 活躍帳戶數據及創意資產:在您的帳戶保持活躍期間予以保留。
  • 帳戶刪除或長期處於非活躍狀態後:我們可能會因法律、稅務及會計審計目的,將極少量的必要數據保留最長 7 年。
  • 使用情況及技術日誌:通常保留 12 至 24 個月以用於安全分析。

您有權隨時要求提早刪除您的數據(在法律保留義務允許的前提下)。

6. 您的數據保護權利

在 UK GDPR 條例下,您享有以下權利:

  • 存取您個人資料的權利
  • 更正不準確數據的權利
  • 刪除權(「被遺忘權」)
  • 限制處理的權利
  • 數據可攜權
  • 反對處理的權利(包括反對直接促銷)
  • 與自動化決策和特徵分析(Profiling)相關的權利

如欲行使上述任何權利,請發送電郵至上述地址。我們致力於在一個曆月內回覆。在處理某些請求前,我們可能需要核實您的身份。

如果您對我們處理您數據的方式不滿,您亦有權向英國資訊專員辦公室(ICO,網址:https://ico.org.uk)提出申訴。

7. 數據安全

我們使用行業標準的防禦措施來保護您的數據,包括:

  • 傳輸過程中採用 256 位 SSL/TLS 加密技術
  • 在 Supabase 數據庫及檔案存儲中進行加密存儲
  • 嚴格的訪問權限控制與身份驗證
  • 透過 Stripe 進行安全支付處理

儘管我們採取了嚴格的保護措施,但沒有任何系統是百分之百免疫於風險的。我們強烈建議您為帳戶設置強大且唯一的密碼。

8. Cookies 與追蹤技術

我們將 Cookies 及類似技術用於:

  • 絕對必要的 Cookies – 用於登錄會話、安全性維護以及核心平台功能運作(此類無需徵得事前同意)
  • 分析與性能 Cookies – 用於了解平台使用情況並持續改進服務(我們在可行情況下會使用對隱私友好的工具,如 Vercel Analytics)

我們目前不會將 Cookies 用於定向廣告投放。您隨時可以透過瀏覽器設置管理您的 Cookies 偏好。

9. 兒童隱私保護

我們的服務不面向 16 歲以下的兒童。我們不會蓄意收集兒童的個人資料。如果您發現我們在不知情下收集了此類資料,請立即與我們聯絡。

10. 本政策的修改

我們可能會不時更新本隱私政策。若有重大變更,我們將透過電子郵件(針對註冊商家)或在網站上發布顯眼公告進行通知,並更新「最後更新日期」。變更生效後,您繼續使用本服務即代表您接受修改後的條款。

11. 聯絡我們

如果您對本隱私政策有任何疑問,或希望行使您的數據保護權利,請聯絡:
電子郵件:privacy@designora.co.uk
官方網站https://designora.co.uk/

Privacy Policy & Personal Data Protection

Last updated: 26 May 2026

Designora | 曜象 ("we", "us", "our") operates the AI-powered design platform at https://designora.co.uk (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our merchant portal and AI design services, in compliance with the UK GDPR and Data Protection Act 2018.

1. Who We Are

We are the data controller for the personal data processed through this Service.
For any privacy-related enquiries, please contact us at: privacy@designora.co.uk (or via the contact form on our website).
We recommend replacing the email with your official support address once set up.

2. What Personal Data We Collect

To deliver our AI design services, we collect the following categories of data:

  • a. Account & Contact Data: Name, email address, WhatsApp / phone number, brand or company name, industry sector.
  • b. User Content & Creative Assets: Product photographs, brand logos, reference images and other assets you upload; AI-generated designs, posters, banners and marketing materials created for you (stored in your secure personal workspace).
  • c. Payment & Transaction Data: Package purchases and payment history (processed securely via Stripe; we do not store raw credit/debit card details).
  • d. Usage & Technical Data: How you interact with the platform (features used, designs generated, etc.); IP address, browser type, device information, and usage logs (collected automatically via Vercel hosting and analytics tools).
  • e. Communications Data: Records of support requests and correspondence with our team.

3. How We Use Your Data & Legal Basis

We process your data for the following purposes:

  • Provide and operate the AI design Service (including processing your uploads via our Aura Glow Engine and Vision Engine to generate visuals)
  • Create and manage your merchant account and personal workspace
  • Process payments and deliver purchased design packages
  • Communicate with you regarding your account, orders, and support
  • Improve our Service and AI quality (using aggregated/anonymised data where possible)
  • Detect fraud, ensure platform security, and comply with legal obligations

Legal bases under UK GDPR:

  • Contractual necessity – to deliver the design services and manage your account
  • Legitimate interests – service improvement, security, and platform functionality
  • Consent – for optional marketing communications (you may withdraw consent at any time)
  • Legal obligation – for accounting, tax, and regulatory compliance

Important Note on AI Processing:
Your uploaded brand assets and product images are processed solely to generate the designs you request. We do not use your proprietary brand assets, logos, or generated outputs to train our AI models or any third-party models without your explicit prior consent. All AI processing occurs under strict data processing agreements with our trusted infrastructure providers.

4. Data Sharing & Third-Party Processors

We do not sell your personal data. We only share it with the following categories of trusted processors under formal Data Processing Agreements:

  • Vercel – website hosting and infrastructure
  • Supabase – encrypted database, authentication, and file storage
  • Stripe – secure payment processing (PCI DSS Level 1 compliant)
  • Reputable third-party AI image generation and processing services (used only to fulfil your design requests)
  • Essential operational service providers (e.g. transactional email)

International Transfers:
Some processors (including Vercel, Supabase and Stripe) are based outside the UK (primarily in the United States). We ensure appropriate safeguards are in place, such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, to maintain a level of protection equivalent to UK standards.

5. Data Retention

We retain personal data only for as long as necessary:

  • Active account data and creative assets: retained while your account remains active.
  • After account deletion or extended inactivity: we may retain minimal data for up to 7 years for legal, tax, and accounting purposes.
  • Usage and technical logs: typically retained for 12–24 months for security and analytics.

You may request earlier deletion of your data at any time (subject to legal retention requirements).

6. Your Data Protection Rights

Under UK GDPR you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing (including direct marketing)
  • Rights in relation to automated decision-making and profiling

To exercise any of these rights, please email us at the address above. We aim to respond within one calendar month. We may need to verify your identity before actioning certain requests.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk if you are dissatisfied with how we handle your data.

7. Security

We protect your data using industry-standard measures, including:

  • 256-bit SSL/TLS encryption in transit
  • Encrypted storage in Supabase databases and file storage
  • Strict access controls and authentication
  • Secure payment handling via Stripe

While we take these measures seriously, no system is completely immune to risk. We recommend using a strong, unique password for your account.

8. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Strictly necessary cookies – login sessions, security, and core platform functionality (no consent required)
  • Analytics & performance cookies – to understand usage and improve the Service (we use privacy-friendly tools such as Vercel Analytics where possible)

We currently do not use cookies for targeted advertising. You can manage preferences through your browser settings.

9. Children's Privacy

Our Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have done so, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email (for account holders) or prominent notice on the website, with the updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact:
Email: privacy@designora.co.uk
Website: https://designora.co.uk/

← Back to Home