Last updated: May 14, 2025
[Quick Summary (Not Part of the Formal Agreement)]
- What data do we collect? Login information, files you upload, reading records, cookies/analytics data (via PostHog).
- Why do we collect it? To provide core services, improve features and user experience, and comply with legal requirements.
- Where is data stored? Primarily in AWS data centers in Japan.
- Your rights? You may query, copy, correct, delete, or request to stop the use of your personal data.
- How to contact us? Email team@redia.ai.
Article 1 — Scope of This Policy
This Privacy Policy (hereinafter referred to as "this Policy") applies to all your interactions with Redia (hereinafter referred to as "the Service"). Unless otherwise stated in this Policy, we will handle all matters in accordance with the Republic of China (Taiwan) Personal Data Protection Act (hereinafter "PDPA") and related regulations.
Article 2 — Types of Personal Data Collected
| Data Type | Description | Primary Source |
|---|---|---|
| Identification Data | Name and email provided via Google OAuth login | Upon your login |
| Content Data | PDFs, text files, and information contained therein that you upload | Uploaded by you |
| Usage Records | Feature clicks, browsing paths, IP address, device and browser information | Automatically generated |
| Tracking Data | Cookies, PostHog events, and device fingerprints (anonymized/pseudonymized) | Automatically generated |
| Contact Data | Feedback and survey content you voluntarily provide | Submitted by you |
Special Notice
Files you upload may contain third-party personal data; please obtain lawful authorization and ensure its legitimacy beforehand.
Article 3 — Purposes of Collection and Processing
In accordance with the PDPA "Specific Purpose" classification codes:
- 118 — Information and database management
- 136 — Information (internet) services
- 177 — Market research, statistics, and research
- 198 — Customer management and service
- 063 — Non-public agency obligations under law
Article 4 — Use of Personal Data
- Core Services: Identity verification, book conversion, AI summaries, translation, and interaction.
- Operational Analytics: Pseudonymized/aggregated data analysis using PostHog (EU-hosted, paid plan) to evaluate feature effectiveness.
- Marketing and Communication: With your consent, sending new feature announcements, educational resources, or promotional information.
- Compliance and Rights Protection: Detecting, preventing, or responding to unlawful activities; resolving disputes; cooperating with lawful requests from competent authorities or judicial bodies.
Unless otherwise required by law or with your prior consent, we will not use your data for purposes other than those stated above.
Article 5 — Third-Party Processing and Cross-Border Transfers
- Cloud and Backup: All original files and associated databases are stored on Amazon Web Services Tokyo Region (ap-northeast-1), with encrypted backups in Taiwan.
- Analytics Service: PostHog servers are located in the EU Frankfurt region; only pseudonymized event data is transmitted, without content that can directly identify you.
- Confidentiality Obligations: We have signed data processing agreements with all entrusted vendors, requiring them to comply with ISO 27001 or equivalent security standards and not to use data beyond the scope of the entrustment.
Article 6 — Data Retention Period and Deletion Mechanism
| Data Item | Retention Period | Deletion Mechanism |
|---|---|---|
| Account Data | Duration of your account plus up to 5 years after termination | Automatically deleted or de-identified after periodic audit |
| Uploaded Files (including vector indexes) | Upon your manual deletion or 30 days after account termination | Completely deleted and overwritten |
| Usage Records / Analytics Data | 2 years after collection | Anonymized statistical values retained; original events deleted |
Article 7 — Data Security Measures
- Transmission Security: Site-wide HTTPS/TLS 1.3 encryption.
- Access Control: Principle of Least Privilege (PoLP) with IAM role-based hierarchical authorization.
- Encryption and Backup: Data at rest encrypted with AES-256; daily snapshot backups with cross-region multi-redundancy.
- Incident Reporting: In the event of an incident that may affect your rights, we will notify you and report to the competent authority within 72 hours at the latest.
Article 8 — Your Rights and How to Exercise Them
Under Article 3 of the PDPA, you are entitled to the following rights regarding your personal data:
(1) Request to query or inspect; (2) Request a copy; (3) Request supplementation or correction;
(4) Request cessation of collection, processing, or use; (5) Request deletion.
- Application Channel: Send an email to team@redia.ai with reasonable identification documents.
- Processing Timeline: We will respond within 15 business days of receiving a complete application; extensions may be granted once with explanation for special circumstances.
Article 9 — Cookies and Similar Technologies
- We use First-Party Cookies on the frontend to store login status, and generate pseudonymized Event IDs via the PostHog SDK.
- You may disable or clear cookies in your browser; however, logging out may affect certain features (such as library sync).
Article 10 — Changes to the Privacy Policy
- Material revisions will be announced on the official website homepage at least 7 days in advance and communicated via email.
- Non-material revisions will take effect immediately. The latest version will always be publicly available at https://redia.ai/en/privacy.
Article 11 — Contact Information
- Email: team@redia.ai
If any provision of this Policy is found to be invalid, the validity of the remaining provisions shall not be affected.
By reading and agreeing to this Policy, you consent to our processing, use, and storage of your personal data as described above.