Proofly

Proofly 隱私政策 / Privacy Policy

生效日期 Effective date:2026 年 6 月 1 日 / 1 June 2026 最近更新 Last updated:2026 年 5 月 11 日 / 11 May 2026

繁體中文版

1. 關於本政策

Proofly(「我們」、「本服務」)是一款讓您拍攝紙本及電子收據、由 AI 自動分類並產出可寄交會計師之審計報告的應用程式。本政策說明我們收集、使用、儲存及保護您個人資料的方式,依據香港《個人資料(私隱)條例》(PDPO,第 486 章)及適用法律制訂。

服務營運者:Proofly(個人開發者,營運地:香港特別行政區) 聯絡方式:privacy@proofly.app(或於 App「設定 → 聯絡我們」內傳訊)

2. 我們收集的個人資料

資料類別 具體內容 必要性
帳戶識別 Apple Sign In 提供的 userIdentifier(穩定但匿名)、電子郵件、姓名(可選擇隱藏) 必要:用於建立及驗證您的帳號
收據資料 您拍攝的收據照片(PDF/JPEG)、OCR 抽取的文字、商家、日期、金額、付款方式、備註 必要:本服務之核心功能
公司資料 您主動填寫的公司中英文名稱、IRD File No、課稅年度、業務類型、會計師樓名稱 視乎使用:產出 BIR51 等報告時必要
使用紀錄 App 版本、裝置型號、iOS 版本、操作時間戳、API 呼叫紀錄 服務改善與除錯
訂閱資料 App Store 訂閱狀態、Apple Transaction ID 收費用戶必要

我們不收集:精確 GPS 位置、聯絡人、相片庫除您主動上傳的之外、健康資料、生物特徵(Face ID/Touch ID 由 iOS 在本機處理,不傳至本服務)。

3. 我們如何使用您的資料

僅用於下列目的,並依據 PDPO 第 3 條原則:

  1. 提供核心功能:辨識收據、自動分類、產出可下載的 PDF/CSV 報告
  2. 帳戶管理:登入驗證、訂閱狀態同步、帳號刪除
  3. 服務改善:分析使用模式以改善 OCR 準確度與分類規則(匿名化後處理
  4. 法律遵從:依香港或您所在地區法律要求保留必要紀錄

我們不會將您的資料用於: - 廣告投放或行為追蹤 - 出售予第三方 - 訓練第三方 AI 模型(您的收據圖片與內容不會被 POE / OpenAI 用於模型訓練;詳見第 5 節)

4. 資料儲存位置與期限

資料 儲存位置 加密 保留期限
帳戶、收據結構化資料 Cloudflare D1(亞太區域 APAC) TLS 傳輸 + AES-256 靜態 帳號有效期間
收據原始圖片 Cloudflare R2(亞太區域) 同上 帳號有效期間
Session token iOS Keychain(裝置本機) iOS Secure Enclave 至您登出或刪除 App
公司資料 iOS UserDefaults + 雲端備份 同上 您主動清除為止
操作日誌 Cloudflare Workers logs 同上 不超過 30 天

香港稅務局可能要求:依據香港《稅務條例》第 51C 條,營業紀錄至少保留 7 年。若您使用 Proofly 報稅,您本人有義務保留必要憑證;我們不會因為法律要求而擅自延長您資料的保留期限。

5. 第三方服務揭露

為提供本服務,我們會將部分資料傳送至下列第三方。我們已審核其私隱政策並選擇符合企業級安全標準之供應商。

第三方 用途 收到的資料 私隱政策
Apple Inc. Sign in with Apple、Vision OCR、IAP 訂閱 您的 Apple ID(僅 userIdentifier)、收據圖片在裝置內處理 apple.com/legal/privacy
Cloudflare, Inc. Workers 後端、D1 資料庫、R2 圖片儲存 全部本服務資料(已加密) cloudflare.com/privacypolicy
POE (Quora, Inc.) GPT-4o-mini 處理 OCR 文字 → 結構化欄位 僅 OCR 抽取的純文字,不含原圖、不含您的姓名 / 帳戶 ID poe.com/privacy
Apple App Store Connect 訂閱付款、Crash report Apple Transaction ID、匿名 crash trace 同 Apple

重要: POE/OpenAI 已書面承諾 不會 使用透過 API 傳輸的內容訓練其模型(OpenAI API 預設政策;POE 沿用此政策)。我們僅以 anonymous user_id(apple_xxx)形式呼叫第三方 API,不傳遞您的姓名或 email

6. 您的權利(PDPO 第 18 條)

您隨時擁有下列權利,且我們不會收取查閱費用

  1. 查閱權:要求列明我們持有的關於您的個人資料
  2. 更正權:要求更正不準確的資料(在 App 內可直接編輯)
  3. 資料可攜權:以 CSV / PDF 匯出全部收據與報告(功能已內建於「報告」分頁)
  4. 刪除權:於 App「設定 → 帳號 → 刪除帳號」即可一鍵永久刪除所有資料(包括 R2 上的圖片、D1 上的所有記錄)
  5. 撤回同意權:登出即可,重新登入時資料保留;如要徹底撤回請選擇刪除帳號

刪除帳號為不可逆動作。完成後我們無法復原任何資料。

7. 安全措施

我們採用業界標準的安全措施:

儘管如此,沒有任何網路傳輸或電子儲存方式是 100% 安全的。我們承諾合理努力,但無法保證絕對安全。

8. 兒童私隱

本服務面向會計、財務及商業用途,不適合 13 歲以下兒童使用。我們不會故意收集 13 歲以下兒童的個人資料。若您發現我們不慎收集了此類資料,請聯絡 privacy@proofly.app,我們將立即刪除。

9. 跨境傳輸

您的資料儲存於 Cloudflare 亞太區(主要為香港、新加坡、東京資料中心)。第三方服務(Apple、POE)可能將請求路由至美國或其他地區。透過使用本服務,您同意此跨境傳輸。

對 PDPO 第 33 條的跨境傳輸要求,我們確保接收地具有相當水平的資料保護法律(如 Apple、Cloudflare 之 SCC 標準合約條款)。

10. 報告為「草擬版本」之免責聲明

Proofly 產出之 BIR51 利得稅計算表、Detailed Income Statement、Working Paper 均標示為 「UNAUDITED ・ 草擬」。本服務不取代註冊會計師或核數師的專業意見。任何稅務申報前,必須由合資格會計師覆檢及簽署。對因依賴本服務輸出而導致之稅務後果,本服務概不負責。

11. 政策變更

如本政策有實質變更,我們將於: - App 內彈出通知至少 7 天 - 透過您註冊的 email 寄發通知(如有) - 更新本頁「最近更新」日期

繼續使用本服務即視為接受新版政策。

12. 聯絡我們

如對本政策有疑問、要求行使您的權利、或舉報違規:

我們會於收到請求後 30 天內回覆

English Version

1. About This Policy

Proofly ("we", "our service") is an iOS application that lets you photograph paper and electronic receipts, classify them automatically using AI, and generate accountant-ready audit reports. This policy describes how we collect, use, store, and protect your personal data, in accordance with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong (Cap. 486) and applicable laws.

Operator: Proofly (sole developer; operating in the Hong Kong SAR) Contact: privacy@proofly.app (or in-app: Settings → Contact Us)

2. What We Collect

Category Details Necessity
Account identity Apple Sign In userIdentifier (stable but anonymous), email, name (optional) Required: account creation and verification
Receipt data Photos (PDF/JPEG), OCR-extracted text, merchant, date, amount, payment method, notes Required: core service functionality
Company info Chinese & English company name, IRD File No, assessment year, business type Optional: required only when generating BIR51 reports
Usage logs App version, device model, iOS version, timestamps, API call records Service improvement and debugging
Subscription App Store subscription status, Apple Transaction ID Required for paid users

We do NOT collect: precise GPS location, contacts, photo library beyond what you actively upload, health data, biometrics (Face ID / Touch ID are processed locally by iOS and never sent to us).

3. How We Use Your Data

Only for the following purposes, in line with PDPO Principle 3:

  1. Provide the core service: receipt OCR, auto-classification, downloadable PDF/CSV reports
  2. Account management: sign-in, subscription sync, account deletion
  3. Service improvement: analyze usage patterns to improve OCR accuracy and classification rules (after anonymization)
  4. Legal compliance: retain records as required by Hong Kong or your jurisdiction's laws

We do NOT: - Use your data for advertising or behavioral tracking - Sell your data to third parties - Train third-party AI models on your data (your receipt images and content are not used by POE / OpenAI for training — see §5)

4. Data Storage Location and Retention

Data Where Encryption Retention
Account & structured receipt data Cloudflare D1 (APAC region) TLS in transit + AES-256 at rest While account is active
Receipt original images Cloudflare R2 (APAC) Same While account is active
Session token iOS Keychain (on-device) iOS Secure Enclave Until you sign out or delete the app
Company info iOS UserDefaults + iCloud backup Same Until you clear it
Operational logs Cloudflare Workers logs Same No more than 30 days

Hong Kong IRD requirement: Under §51C of the Inland Revenue Ordinance, business records must be retained for at least 7 years. If you use Proofly for tax filing, you are responsible for retaining necessary records; we will not extend your data retention period unilaterally due to legal requirements.

5. Third-Party Services

To deliver the service, we transmit certain data to the following third parties. We have reviewed their privacy practices and selected vendors meeting enterprise-grade security standards.

Vendor Purpose Data shared Privacy Policy
Apple Inc. Sign in with Apple, Vision OCR, IAP subscriptions Apple ID (userIdentifier only); receipt images processed locally apple.com/legal/privacy
Cloudflare, Inc. Workers backend, D1 database, R2 image storage All service data (encrypted) cloudflare.com/privacypolicy
POE (Quora, Inc.) GPT-4o-mini, structures OCR text into receipt fields OCR-extracted plain text only; no images, no name, no account ID poe.com/privacy
Apple App Store Connect Subscription billing, crash reports Apple Transaction ID, anonymous crash traces Same as Apple

Important: POE/OpenAI contractually commit to not using API-transmitted content to train their models (default OpenAI API policy; POE inherits this). We call third-party APIs with only an anonymous user ID (apple_xxx) and never pass your name or email.

6. Your Rights (PDPO §18)

You have the following rights at any time, free of charge:

  1. Access: request a copy of the personal data we hold about you
  2. Rectification: correct inaccurate data (directly editable in-app)
  3. Portability: export all receipts and reports as CSV / PDF (built into the "Reports" tab)
  4. Erasure: one-tap permanent deletion via Settings → Account → Delete Account (removes all R2 images, all D1 records)
  5. Withdraw consent: sign out (data retained for re-login); for full withdrawal, choose Delete Account

Account deletion is irreversible. We cannot recover any data once deletion completes.

7. Security Measures

We implement industry-standard security:

However, no method of internet transmission or electronic storage is 100% secure. We commit to reasonable efforts but cannot guarantee absolute security.

8. Children's Privacy

This service is intended for accounting, financial, and business use, and is not suitable for users under 13. We do not knowingly collect personal data from children under 13. If you become aware that we have inadvertently collected such data, please contact privacy@proofly.app and we will delete it immediately.

9. Cross-Border Transfers

Your data is stored in Cloudflare's APAC region (primarily Hong Kong, Singapore, Tokyo data centres). Third-party services (Apple, POE) may route requests to the United States or other regions. By using this service, you consent to such cross-border transfers.

For PDPO §33 cross-border transfer requirements, we ensure receiving jurisdictions have comparable data protection laws (e.g. via Apple's and Cloudflare's SCC clauses).

10. "Draft" Disclaimer for Reports

Reports generated by Proofly — BIR51 Profits Tax Computation, Detailed Income Statement, Working Paper — are marked as "UNAUDITED · DRAFT". This service does not replace a certified public accountant or auditor. Any tax filing must be reviewed and signed by a qualified accountant. Proofly is not liable for tax consequences arising from reliance on its output.

11. Changes to This Policy

We will notify you of material changes via: - In-app banner at least 7 days in advance - Email to your registered address (if available) - Updated "Last updated" date on this page

Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions, to exercise your rights, or to report a violation:

We respond to all requests within 30 days.

End of Policy / 政策完