Privacy Policy

Last Updated: February 15, 2025

At WaveFlash, we take your privacy seriously. This policy explains how we collect, use, and protect your personal information when you use our educational services focused on encryption in programs.

We operate under Taiwan's Personal Data Protection Act and maintain transparency about our data practices. If something isn't clear here, reach out — we're happy to explain.

Information We Collect

When you interact with our educational platform, we gather certain information to provide and improve our services. Here's what we collect and why it matters.

Account Information

Your name, email address, and contact details when you register for our learning programs. We need this to communicate with you about course materials and updates.

Learning Progress

Data about which modules you've completed, quiz results, and project submissions. This helps us personalize your learning experience and track your advancement.

Technical Data

IP addresses, browser types, and device information collected automatically when you access our platform. We use this for security and performance optimization.

Communication Records

Messages you send through our support system or contact forms. We keep these to provide better assistance and resolve any issues you encounter.

Information You Provide Directly

  • Registration details including educational background and professional experience
  • Payment information processed through secure third-party payment processors
  • Profile preferences and learning goals you set in your account
  • Feedback and survey responses when you choose to participate
  • Code samples and projects you submit for review during courses

Automatically Collected Data

Our systems automatically log certain information when you use our platform. This includes session duration, pages visited, features accessed, and interaction patterns. We analyze this data to understand how students navigate our content and where they might need additional support.

How We Use Your Information

We're not in the business of selling your data. Everything we collect serves specific purposes related to delivering quality education.

Primary Purpose: We use your information to deliver educational content, track your progress, and help you master encryption concepts in programming. That's our core mission, and your data supports that goal.

Educational Services

Your learning data helps us customize course recommendations and adjust difficulty levels based on your performance. When you struggle with a concept, we might suggest supplementary materials. When you excel, we can offer more advanced challenges.

Communication and Support

We'll send you course updates, new module announcements, and responses to your questions. You can control which communications you receive through your account settings. Essential service messages (like security updates or changes to your enrollment) will still come through.

Platform Improvement

Aggregated usage data tells us which teaching methods work and which need refinement. We might notice that students consistently get stuck at a particular exercise, prompting us to rewrite the instructions or add video explanations.

Security and Fraud Prevention

We monitor for suspicious activity to protect your account and our platform. Unusual login patterns or access attempts trigger additional verification steps.

Data Sharing and Third Parties

We're careful about who gets access to your information. Here's the complete picture of when and why we share data.

Third Party Type Purpose Data Shared
Payment Processors Process course enrollment payments securely Payment details, transaction amounts
Cloud Service Providers Host platform infrastructure and store course materials Account data, learning progress, uploaded content
Email Service Providers Send course notifications and updates Email addresses, names, communication preferences
Analytics Services Understand platform usage and improve user experience Anonymized usage patterns, technical data

Service Providers

Third-party vendors help us run our platform, but they can't use your data for their own purposes. We have contracts in place that require them to maintain the same privacy standards we follow.

Legal Requirements

We might need to disclose information if required by Taiwan law, court orders, or government requests. We'll notify you about such requests unless legally prohibited from doing so.

Business Transfers

If WaveFlash merges with another company or gets acquired, your data would transfer as part of that transaction. You'd be notified beforehand, and the new entity would need to honor this privacy policy.

Your Privacy Rights

Under Taiwan's Personal Data Protection Act, you have specific rights regarding your information. We've made it straightforward to exercise these rights.

Access Your Data

Request a copy of all personal information we hold about you. We'll provide this in a readable format within 30 days of your request.

Correct Inaccuracies

Update or fix any incorrect information in your profile. Most details can be changed directly in your account settings.

Delete Your Account

Request complete deletion of your account and associated data. We'll remove everything except what we're legally required to retain for financial records.

Restrict Processing

Limit how we use certain information while we resolve disputes or verify data accuracy. Your account remains active but we pause specific data uses.

Data Portability

Receive your learning history and submitted work in a machine-readable format that you can transfer to another platform.

Object to Processing

Opt out of certain data uses, particularly for marketing purposes or automated decision-making that affects your learning experience.

How to Exercise Your Rights

Send requests to support@waveflash.dev with "Privacy Rights Request" in the subject line. Include your full name and account email so we can verify your identity. We'll respond within 15 business days.

For urgent matters or complaints about how we handle your data, you can also contact Taiwan's National Development Council, which oversees personal data protection enforcement.

Data Security Measures

Protecting your information isn't just good practice — it's central to what we teach. Our security approach reflects the encryption principles we cover in our courses.

Technical Safeguards

All data transfers use TLS 1.3 encryption. Stored data is encrypted at rest using AES-256. We regularly update our security protocols to address emerging threats.

Access to student data is restricted to authorized personnel who need it for their work. We use multi-factor authentication for all admin accounts and log every access to sensitive information.

Physical Security

Our servers are housed in facilities with 24/7 monitoring, biometric access controls, and redundant power systems. We work with hosting providers that maintain SOC 2 Type II compliance.

Regular Audits

We conduct quarterly security reviews and annual third-party penetration testing. Any vulnerabilities discovered get patched immediately, and we notify affected users if a breach occurs.

Incident Response: If we detect unauthorized access to your data, we'll notify you within 72 hours along with details about what information was affected and what steps we're taking. You'll never be left in the dark about security issues.

Data Retention

We don't keep your information forever. Different types of data have different retention periods based on legal requirements and practical needs.

Active Accounts

While your account is active, we maintain all your learning data, progress records, and submitted work. This gives you continuous access to your educational history and achievements.

Inactive Accounts

If you don't log in for 24 months, we'll send several reminder emails before deactivating your account. Deactivated accounts are fully deleted after an additional 90 days unless you reactivate.

Financial Records

Taiwan tax law requires us to keep payment records for seven years. Even if you delete your account, transaction history related to your enrollment stays in our financial system for this period.

Communication Logs

Support conversations are retained for three years to help us resolve recurring issues and maintain service quality. After that, they're automatically purged from our systems.

Legal Holds

In rare cases involving disputes or investigations, we might need to preserve specific data beyond normal retention periods. We'll inform you if your data is subject to such a hold.

International Data Transfers

While WaveFlash operates from Taiwan, some of our service providers have infrastructure in other countries. This means your data might be processed outside Taiwan.

Transfer Safeguards

When data leaves Taiwan, we ensure adequate protection through contractual agreements that require foreign processors to maintain Taiwan-equivalent privacy standards. We only work with providers in jurisdictions that offer reasonable data protection laws.

Data Localization

Most student data stays on servers within Taiwan. Some anonymized analytics and backup systems use international infrastructure, but we strip personally identifiable information before any cross-border transfer.

Cookies and Tracking

Our platform uses cookies and similar technologies to function properly and remember your preferences. Here's what that means in practice.

Essential Cookies

These keep you logged in, remember your language preference, and maintain session security. You can't disable these without breaking basic platform functionality.

Performance Cookies

We track which pages load slowly or cause errors so we can fix problems. This data is anonymized and helps us optimize the learning experience for everyone.

Analytics Cookies

These tell us which course sections are most popular, how long students spend on exercises, and where they tend to get stuck. You can opt out of analytics tracking in your account settings.

Managing Cookies

Your browser settings let you block or delete cookies, though some platform features won't work properly if you do. We don't use advertising cookies or sell tracking data to third parties.

Children's Privacy

Our courses are designed for adults and professionals. We don't knowingly collect information from anyone under 16 years old without parental consent.

If you're under 16 and interested in our programs, have a parent or guardian contact us. We'll need their permission before creating an account and will communicate with them about your progress and any issues.

If we discover we've accidentally collected data from someone under 16 without proper consent, we'll delete that information immediately and notify the parents if possible.

Changes to This Policy

Privacy practices evolve as technology changes and regulations update. When we modify this policy, we'll post the new version here with an updated date at the top.

For minor changes (like fixing typos or clarifying existing practices), we'll just update the document. For substantial changes that affect how we use your data, we'll send an email notification at least 30 days before the changes take effect.

Continuing to use WaveFlash after changes become effective means you accept the updated policy. If you don't agree with new terms, you can delete your account before they take effect.

Questions About Privacy?

We know privacy policies can be dense. If anything here is unclear or you have specific concerns about your data, we're here to help.

Email: support@waveflash.dev
Phone: +886 800 580 163
Address: No. 382, Section 2, Zhonghua Rd, Taitung City, Taitung County, Taiwan 950