Last updated: April 20, 2026
1. Introduction
This Privacy Policy describes how LaplaceAI Co., Ltd. ("LaplaceAI," "we," "us," or "the Company") collects, uses, shares, and protects your personal information through digital assets or services that link to this Policy. The scope includes our website, web application, mobile application, API, social media pages, marketing campaigns, offline events, and any other activities described in this Policy (collectively, the "Service").
The platform primarily offers two product lines:
- AI Report Generation: Create various professional reports (including ESG, sustainability, CBAM, and others) through questionnaires, templates, blank documents, AI generation, or file imports, with support for interactive reports, multi-user collaborative sharing, and the collaborative discussion and final output of multiple AI experts.
- Agent Workforce: Create, manage, and schedule AI virtual employees from internal, external, and OpenClaw sources, equipped with Skills, Tools, Knowledge Base, Compliance, and Governance mechanisms to assist organizations in automating their daily workflows.
Please read this Policy carefully to understand how we handle your information.
2. Personal Information We Collect
2.1 Information You Actively Provide
- Contact Information: Name, email address, phone number, billing and mailing address, job title, company name
- Account Information: Username, password (stored as a hash), avatar, language and time zone preferences
- Identity Information: Identifiers and basic profile information obtained through third-party login (Google, Microsoft, and other SSO providers)
- Payment Information: Subscription plan, payment token, invoice information (complete credit card information is held by third-party payment processors and is not directly stored by the Company)
- User Content:
- Documents uploaded, questionnaire responses, report content, images, and citation sources within Report Generation
- Roles, skills, prompts, and external connection settings configured within Agent Workforce
- Files, folders, tags, and descriptions uploaded to the Knowledge Base
- Messages, attachments, and records of conversations with AI
- Communication Records: Customer service correspondence, survey responses, feedback
2.2 Information Collected Automatically
- Device Information: Device type, operating system, browser, unique device identifier, IP address
- Usage Records: Login times, page views, feature invocation frequency, API call counts, credit consumption records
- Location Information: Approximate location (country/city level) inferred from IP address
- Cookies and Similar Technologies: See Section 10 for details
2.3 Information from Third Parties
- Single Sign-On (SSO) Providers: Identifiers, name, and email address obtained when you sign in using a Google, Microsoft, or similar account
- Google Workspace (Drive Integration): See Section 4 for details
- Business Partners: Referral relationship information provided by referral program partners
- Public Sources: Corporate registration data, publicly available industry databases
3. How We Use Your Personal Information
3.1 Service Delivery and Operations
- Create and manage your account and workspace
- Process subscriptions, billing, and credit allocations
- Provide Report Generation services: Produce reports based on your questionnaires and files, retain versions, and process collaborative sharing
- Provide Agent Workforce services: Execute the agents you configure, store conversation records, run scheduled tasks, and execute the tool invocations you authorize (including external APIs, file reads, and Knowledge Base queries)
- Notify you of task progress and system status by email, in-app notification, or webhook
3.2 Product and Service Improvement
- Analyze anonymized usage patterns to improve features
- Diagnose and resolve technical issues and errors
- Develop new features and integrations
3.3 AI Model Training (Important)
- We may use the content you input and generate on the platform to improve AI models specific to this platform; however, you may disable this option at any time under "Account Settings → Privacy."
- We will not use data obtained through Google Workspace APIs (including Google Drive) to train, develop, or improve any general-purpose or third-party AI/ML models. This restriction reflects our commitment to the Google API Services User Data Policy.
3.4 Personalized Experience
- Recommend templates, skills, and Knowledge Base items based on usage records
- Remember your interface preferences and workflow settings
3.5 Marketing and Communications
- Send product updates, promotions, and event information within the scope of your consent
- Conduct user surveys and interviews (by prior invitation only)
3.6 Security and Compliance
- Detect and prevent fraud, abuse, and unauthorized access
- Enforce the Terms of Service and quota policies
- Comply with legal obligations and respond to lawful government requests
4. Use of Google User Data (Google API Services Disclosure)
When you connect a Google account on the platform (for example, via "Settings → Connections → Google Drive"):
4.1 OAuth Scopes We Request
openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile: Obtain your Google identifier, email address, and basic profile in order to verify your identity and display the connection status in the interface.
https://www.googleapis.com/auth/drive.file: Limited to accessing files you actively select through Google Picker, or files created by this application. We cannot see other unselected files in your Drive.
4.2 How We Use Google User Data
- File Import: Read the contents of files you select through the Picker into Report Generation or the Knowledge Base, to use as material for producing reports or answering questions.
- File Export: When you direct us to do so, export reports produced on the platform as Google Docs/Sheets and save them to a folder created by this application within your Drive.
- Connection Status Display: Display the email address of the connected Google account within the interface for ease of identification.
4.3 What We Will NOT Do
- We will NOT sell Google user data to any third party.
- We will NOT transfer Google user data to third parties for advertising purposes.
- We will NOT use Google user data to train, develop, or improve any general-purpose AI/ML models.
- We will NOT read files that you have not selected through the Picker or that this application did not create.
- We will NOT allow human employees to read your Google user data, except: (a) with your explicit consent; (b) where necessary for security, abuse prevention, or compliance; (c) where required by law; or (d) where the data has been fully anonymized/aggregated for internal system operations.
4.4 Storage and Protection
- Google access tokens and refresh tokens are stored in our database encrypted with AES-256-GCM.
- The OAuth flow uses PKCE (S256) with one-time state nonce protection (10-minute TTL).
- File contents read from Drive are retained only within the report or Knowledge Base item you explicitly designate; when you delete that report or knowledge item, the corresponding contents are likewise deleted.
4.5 Revoking Authorization
You may revoke this application's access to your Google account at any time through either of the following:
Once authorization is revoked, we will immediately cease access and will delete the stored tokens and related metadata within 30 days.
This application's handling of user data obtained through Google API Services complies with the Google API Services User Data Policy, including the Limited Use requirements set forth therein.
5. How We Share Your Personal Information
5.1 Service Providers
Under contractual obligations, we share necessary information with the following types of service providers:
- Cloud Hosting: Amazon Web Services, Google Cloud Platform, Microsoft Azure
- Large Language Model Providers: OpenAI, Anthropic, Google (Gemini), Mistral, Cohere, Meta, Amazon Bedrock, and others (your prompts and the necessary context will be transmitted to the model provider you have selected in order to complete generation)
- Payment Processing: ECPay
- Email and Notifications: Transactional email and push notification service providers
- Analytics Tools: Google Analytics, Mixpanel, Hotjar (within the scope of cookie consent)
5.2 Sharing within Workspaces
- Content you create within an enterprise or team workspace may, by default, be accessed by other members of the same workspace according to their role-based permissions.
- Report sharing links determine the audience based on the permissions you configure (view/edit/public).
5.3 Business Partners
- Referral program partners (limited to referral relationship information)
- Third-party applications integrated with the Service (only after you have actively installed or authorized them)
5.4 Legal and Security Purposes
- To comply with legal obligations or legal processes
- To respond to lawful requests from government authorities
- To protect the rights, safety, and property of the Company, its users, or the public
- To detect, prevent, or address fraud, security, or technical issues
5.5 Business Transfers
In the event of a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of the assets. We will notify you before or at the time of such an event.
5.6 With Your Consent
In circumstances other than those described above, we will share information only after obtaining your consent.
6. Your Rights and Choices
6.1 Access and Correction
- Access your personal information through "Account Settings"
- Correct inaccurate or incomplete information
6.2 Deletion (Right to Be Forgotten)
- Request deletion of your account and related information through "Account Settings → Account Deletion"
- Certain information (such as transaction records and compliance logs) may be retained as required by legal obligations
6.3 Communication Preferences
- Opt out of marketing emails via the "unsubscribe" link at the bottom of the email
- Manage push and in-app notifications under "Settings → Notifications"
6.4 Cookie Preferences
- Manage cookies through your browser settings or this website's cookie preference tool (see Section 10 for details)
6.5 Right to Data Portability
- Request export of your information in a commonly used, structured format (JSON/CSV)
6.6 Objection and Restriction of Processing
- Where applicable law permits, you may object to or restrict our specific processing of your information
6.7 Withdrawal of Consent
- You may withdraw any previously granted consent at any time, although processing that occurred prior to such withdrawal remains lawful
6.8 How to Exercise Your Rights
Please write to service@laplaceai.co. We will respond within 30 days.
7. Data Security
7.1 Technical Measures
- TLS 1.3 encryption for the transport layer
- Sensitive fields (OAuth tokens, API keys) are encrypted at rest using AES-256-GCM
- Passwords are stored as bcrypt/argon2 hashes
- Multi-factor authentication (MFA) supported
- Periodic security vulnerability scans and penetration testing
7.2 Organizational Measures
- Access controls based on the principle of least privilege
- Mandatory security and privacy training for employees
- Comprehensive audit logging and anomaly alerting
7.3 Incident Response
- Activate the incident response process within 24 hours
- Notify supervisory authorities within 72 hours of confirmation of a data breach (as required by GDPR), and notify affected users where appropriate
8. International Data Transfers
Your information may be stored or processed in:
- Taiwan (primary)
- Japan
- Singapore
- United States
- European Union (for certain European users)
For cross-border transfers, we adopt safeguards in accordance with applicable law, including Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and compliance certifications.
9. Data Retention
| Category | Retention Period |
|---|
| Account information | For the duration of the account; up to 30 days after closure to facilitate recovery |
| Report and Knowledge Base content | Until you actively delete it or close your account |
| Agent Workforce conversation records | 12 months by default; adjustable in workspace settings |
| Transaction records | At least 7 years per tax regulations |
| System logs | 12 months |
| Security/audit logs | 24 months |
| Google OAuth tokens | For the duration of the connection; deleted within 30 days of revocation |
10. Cookies and Tracking Technologies
10.1 Types of Cookies We Use
- Essential Cookies: Login session, CSRF protection
- Functional Cookies: Language, theme, user interface preferences
- Analytics Cookies: Google Analytics, Mixpanel, Hotjar
- Marketing Cookies: Activated only with your consent
10.2 How to Manage Cookies
Please see this website's "Cookie Policy" page or the "Cookie Preferences" tool.
11. Children's Privacy
The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we may have collected such information, please contact service@laplaceai.co, and we will promptly delete it.
12. Changes to This Privacy Policy
We may update this Policy from time to time. For material changes, we will:
- Post the updated version on the website
- Update the "Last updated" date
- Notify you by email or in-app notification
- For material changes, we may require you to consent again
13. Region-Specific Rights
13.1 European Union/European Economic Area (GDPR)
The right to object to processing, the right to restrict processing, the right to data portability, the right to lodge a complaint with a supervisory authority, and others.
13.2 California (CCPA/CPRA)
The right to know, the right to delete, the right to opt out of "sale" and "sharing," the right to non-discrimination, and the right to limit the use of sensitive personal information.
13.3 Taiwan (Personal Data Protection Act)
The rights to inquiry, review, copy, supplementation or correction, cessation of processing, and deletion.
14. How to Contact Us
- Email: service@laplaceai.co
- Data Protection Contact (DPO): privacy@laplaceai.co
- Company Address: 5F, No. 25, Section 2, Ren'ai Road, Zhongzheng District, Taipei City 100, Taiwan
- Full Company Name: LaplaceAI Co., Ltd.
We will respond to your request within 30 days of receipt.
© 2026 LaplaceAI Co., Ltd. All rights reserved.