This policy explains how Spotime collects, uses, and protects your personal data. / 本政策說明 Spotime 如何蒐集、使用及保護您的個人資料。
Last Updated / 最後更新日期:March 12, 2026 / 2026 年 3 月 12 日
This Privacy Policy applies to all services provided by Spotime (the "Platform"), including our mobile application (App) and website. The Platform is operated and maintained by the Spotime team ("we", "us", or "our"). By using the Platform, you consent to the data collection and usage practices described in this Policy.
To provide and improve our services, we may collect the following types of data:
• Account Data: Display name, email address, phone number, and other information you provide during registration or profile editing.
• Booking Data: Booking history and preferences that help merchants manage their own schedules and communication with you.
• Location Data: With your permission, we may collect approximate geolocation data (only while using the App) to suggest suitable time slots or nearby options offered by the merchant you are booking with.
• Device Data: Device model, operating system version, App version, and push notification identifiers.
• Usage Data: Browsing, searching, and click behavior on the Platform.
• Transaction Data: Billing information, purchase history, subscription status, and payment-related records for payments you make to Spotime for merchant subscription plans. Spotime does not collect or store your full payment card numbers. All such payment processing is handled by Paddle.com, our Merchant of Record, which is PCI-DSS compliant.
We use the collected data for the following purposes:
• Providing, maintaining, and improving the Platform's services.
• Processing and managing your bookings, your merchant subscriptions, and your account.
• Helping merchants you book with provide suitable time slots and service options based on your preferences.
• Sending necessary communications such as booking confirmations, reminders, and system notifications.
• Processing subscription payments and applicable refunds through our payment processor Paddle.com.
• Conducting data analysis to improve user experience and service quality.
• Preventing fraud and ensuring platform security.
For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
• Contract Performance: Processing necessary to fulfill our contract with you (e.g., managing your account, processing bookings and payments).
• Consent: Processing based on your explicit consent (e.g., location data collection, marketing communications). You may withdraw consent at any time.
• Legitimate Interest: Processing necessary for our legitimate interests (e.g., fraud prevention, service improvement, platform security), provided these interests are not overridden by your rights.
We do not sell your personal data to third parties. We may share your data in the following circumstances:
• Merchants: When you book a service, we share necessary booking information (such as your name and appointment time) with the merchant to facilitate service delivery.
• Paddle.com (Payment Processor): As our Merchant of Record, Paddle processes your payment data, issues invoices, and handles refunds. Paddle's privacy practices are governed by their own privacy policy.
• Service Providers: We may engage third-party providers to assist with operations (such as cloud hosting and push notification services). These providers may only use your data within the scope of services they provide to us.
• Legal Requirements: We may disclose data when required by law or to protect the rights of the Platform, users, or the public.
The Platform uses the following third-party services that may collect and process some of your data:
• Paddle.com: Payment processing, invoicing, tax collection, and refund handling as our Merchant of Record.
• Firebase Analytics: Used to analyze user behavior and improve service experience.
• Firebase Cloud Messaging: Used to send push notifications.
• Firebase Crashlytics: Used to detect and fix application errors.
• Google Sign-In: Used to provide third-party account login functionality.
• LINE Login: Used to provide third-party account login functionality.
Each of these third-party services has its own privacy policy. We recommend reviewing their respective privacy documentation.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, use, or disclosure. Payment card data is never stored on our servers — all payment processing is handled by Paddle.com under PCI-DSS compliance. However, no method of internet transmission or electronic storage is completely secure, and we continuously work to enhance data protection.
We retain your personal data for as long as reasonably necessary to provide our services. After you request account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
Your data may be transferred to and stored on servers located outside your country of residence (e.g., Google Cloud Platform data centers in the United States, Paddle's infrastructure). We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your data.
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:
• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: You may request a machine-readable copy of your data to transfer to another service.
• Right to Restrict Processing: You may request that we limit the processing of your data in certain circumstances.
• Right to Object: You may object to the processing of your data based on legitimate interests or for direct marketing purposes.
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority.
To exercise any of these rights, please contact us at support@spotime.ai.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out: You may opt out of the sale of your personal information. Note: We do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise any of these rights, please contact us at support@spotime.ai.
You have the following rights regarding your personal data:
• Access & Correction: You may view and modify your personal data at any time via "Settings" in the App.
• Account Deletion: You may request account deletion via "Settings" > "Account Management" in the App. We will process the request within 30 days. After deletion, your personal data will be deleted or anonymized.
• Withdraw Consent: You may disable location or notification permissions at any time in your device settings.
For questions or to exercise your rights, please contact us at support@spotime.ai.
Our website may use cookies and similar technologies to improve browsing experience and analyze usage patterns. You may manage or disable cookies through your browser settings.
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will promptly delete the information.
We reserve the right to modify this Privacy Policy at any time. Updated policies will be published on this page with a revised "Last Updated" date. For significant changes, we will notify you through the App or by email.
If you have any questions or suggestions regarding this Privacy Policy, please contact us at:
• Email: support@spotime.ai
本隱私權政策適用於 Spotime(以下簡稱「本平台」)所提供的所有服務,包含行動應用程式(App)及網站。本平台由 Spotime 團隊(以下簡稱「我們」)營運與維護。當你使用本平台的服務時,即表示你同意本政策所述之資料蒐集與使用方式。
為了提供及改善服務,本平台可能蒐集以下類型的資料:
• 帳號資料:包括顯示名稱、電子郵件地址、電話號碼等你在註冊或編輯個人資料時提供的資訊。
• 預約資料:包括你的預約紀錄與偏好,用於協助商家管理自己的時段安排與與你之間的溝通紀錄。
• 位置資料:經你授權後,我們可能蒐集你的概略地理位置資訊(僅在使用 App 期間),用於協助顯示合適的時段或你預約之商家提供的位置資訊。
• 裝置資料:包括裝置型號、作業系統版本、App 版本、推播通知相關技術識別碼等技術資訊。
• 使用紀錄:包括你在平台上的瀏覽、搜尋、點擊等操作行為。
• 交易資料:你向 Spotime 支付「商家訂閱方案」時所產生的帳單資訊、購買紀錄、訂閱狀態及付款相關紀錄。注意:Spotime 不會蒐集或儲存你的完整付款卡號。上述付款處理皆由本平台的交易代理商 Paddle.com 負責,其符合 PCI-DSS 標準。
我們蒐集的資料將用於以下目的:
• 提供、維護及改善本平台的各項服務。
• 處理及管理你的預約、商家訂閱與帳號。
• 協助你所預約的商家,根據你的偏好與位置提供合適的時段與服務選項。
• 發送預約確認、提醒、系統通知等必要訊息。
• 透過付款處理商 Paddle.com 處理你向 Spotime 支付的訂閱費用與相關退款。
• 進行數據分析以改善使用者體驗與服務品質。
• 預防詐欺及確保平台安全。
對於歐洲經濟區(EEA)的使用者,我們基於以下法律依據處理你的個人資料:
• 合約履行:為履行我們與你之間的合約所必要的處理(例如:管理你的帳號、處理預約與付款)。
• 同意:基於你明確同意的處理(例如:位置資料蒐集、行銷通訊)。你可隨時撤回同意。
• 正當利益:為我們的正當利益所必要的處理(例如:詐欺防範、服務改善、平台安全),前提是這些利益不凌駕於你的權利之上。
本平台不會將你的個人資料出售予第三方。在以下情況下,我們可能分享你的資料:
• 商家:當你向商家預約服務時,我們會將必要的預約資訊(如姓名、預約時段)分享給該商家,以便其提供服務。
• Paddle.com(付款處理商):作為本平台的交易代理商,Paddle 處理你的付款資料、開立發票及處理退款。Paddle 的隱私慣例受其自身隱私政策規範。
• 服務提供商:我們可能委託第三方服務提供商協助營運(如雲端主機、推播通知服務),這些提供商僅能在為我們提供服務的範圍內使用你的資料。
• 法律要求:當法律要求或為保護本平台、使用者或公眾的權益時,我們可能揭露相關資料。
本平台使用以下第三方服務來提供及改善我們的服務,這些服務可能蒐集與處理你的部分資料:
• Paddle.com:作為本平台的交易代理商,負責付款處理、發票開立、稅務收取及退款處理。
• Firebase Analytics:用於分析使用者行為與改善服務體驗。
• Firebase Cloud Messaging:用於發送推播通知。
• Firebase Crashlytics:用於偵測與修復應用程式錯誤。
• Google 登入:用於提供第三方帳號登入功能。
• LINE 登入:用於提供第三方帳號登入功能。
上述第三方服務各有其隱私權政策,建議你參閱各服務提供商的相關說明。
我們採取適當的技術與管理措施來保護你的個人資料,防止未經授權的存取、使用或揭露。付款卡片資料絕不會儲存在我們的伺服器上——所有付款處理均由符合 PCI-DSS 標準的 Paddle.com 負責。然而,任何網路傳輸與電子儲存都無法保證絕對安全,我們將持續努力提升資料保護水準。
我們將在提供服務所需的合理期間內保存你的個人資料。當你申請刪除帳號後,我們將於 30 日內刪除或去識別化你的個人資料,惟法律要求保留者不在此限。
你的資料可能傳輸至並儲存於你居住國境外的伺服器(例如位於美國的 Google Cloud Platform 資料中心、Paddle 的基礎設施),我們將確保該等傳輸符合適用的資料保護法規,並採取適當的安全措施保護你的資料。
如果你位於歐洲經濟區(EEA),你對你的個人資料享有以下權利:
• 存取權:你可以要求取得我們所持有的你的個人資料副本。
• 更正權:你可以要求更正不正確或不完整的個人資料。
• 刪除權:你可以要求刪除你的個人資料(「被遺忘權」)。
• 資料可攜權:你可以要求取得機器可讀格式的資料副本,以便轉移至其他服務。
• 限制處理權:你可以在特定情況下要求我們限制對你資料的處理。
• 反對權:你可以反對基於正當利益或直接行銷目的的資料處理。
• 投訴權:你可以向你所在地的資料保護機關提出投訴。
如需行使上述權利,請透過 support@spotime.ai 與我們聯繫。
如果你是加州居民,根據加州消費者隱私法(CCPA),你享有以下權利:
• 知情權:你可以要求揭露我們蒐集的個人資料類別與具體內容、蒐集來源、商業目的,以及我們共享資料的第三方類別。
• 刪除權:你可以要求刪除我們從你處蒐集的個人資料,但須受特定例外條件限制。
• 退出權:你可以選擇退出個人資料的出售。注意:我們不會出售你的個人資料。
• 不歧視原則:我們不會因你行使 CCPA 權利而對你進行歧視。
如需行使上述權利,請透過 support@spotime.ai 與我們聯繫。
你對你的個人資料享有以下權利:
• 查閱與更正:你可以隨時在 App 的「設定」中查看並修改你的個人資料。
• 刪除帳號:你可以在 App 的「設定」>「帳號管理」中直接申請刪除帳號,我們將於 30 日內完成處理。帳號刪除後,你的個人資料將被刪除或去識別化。
• 撤回同意:你可以隨時在裝置設定中關閉位置或通知等權限。
如需行使上述權利或有任何疑問,請透過 support@spotime.ai 與我們聯繫。
本平台的網站可能使用 Cookie 及類似技術來改善瀏覽體驗與分析使用狀況。你可以透過瀏覽器設定管理或停用 Cookie。
本平台的服務不針對未滿 16 歲的兒童。我們不會在知情的情況下蒐集未滿 16 歲兒童的個人資料。如果你發現有未滿 16 歲的兒童提供了個人資料,請聯絡我們,我們將立即刪除相關資料。
本平台保留隨時修訂本隱私權政策的權利。修訂後的政策將公布於本頁面,並更新「最後更新日期」。重大變更時,我們會透過 App 通知或 Email 通知你。
如果你對本隱私權政策有任何疑問或建議,歡迎透過以下方式聯繫我們:
• 電子郵件:support@spotime.ai
