Privacy Policy

This Policy explains how Pikas collects, uses, shares, and protects information when you use the Service. Pikas is the data controller under the Taiwan PDPA.

Account data: email, nickname, password hash (if applicable), SSO IDs (Google/Apple), interests, language, settings.

Usage/device data: IP address, device identifiers, OS/browser, app version, time zone, approximate location (IP-derived), pages/screens, taps/clicks, session duration, referral source, crash logs.

Content/interactions: topics, votes (stored internally), comments, likes, flags/reports, follows, timestamps.

Points/purchases: balances, accrual/spend history, store receipts/tokens (we do not store full payment card details).

Communications: support messages, feedback, survey responses, notification preferences.

Cookies/SDKs: for authentication, analytics, messaging, and preferences.

Provide, maintain, personalize, and improve the Service; authenticate and secure; prevent fraud, spam, and abuse (including anti-brigading/duplicate-account controls); operate Points and purchases; analytics and A/B testing; AI + human moderation and policy enforcement; product updates and security messages; (if permitted) marketing; compliance with law; and development of AI-assisted features (e.g., ranking, recommendations, safety). Where legally required, we will offer an opt-out from using your public content to improve models (safety uses may be excluded).

The platform is public by design; topics, comments, nicknames, and related metadata may be public.

Votes are shown in aggregate; we do not publicly link your individual vote to your identity unless you choose to disclose.

We do not sell or license private user data (e.g., emails, IPs, private messages).

We may offer developer/API access to public content under contracts that require deletion-honor, ban sensitive-category profiling or surveillance, and enforce rate limits and audit.

Contract necessity (operate the Service).

Consent (marketing communications, certain analytics, cross-border transfers where required).

Legitimate interests (security, anti-abuse, product improvement).

Legal obligations (compliance and lawful requests).

Users 13-17 represent they have guardian consent where required.

Service providers/processors (e.g., Google Cloud/Firebase and similar services for hosting, analytics, crash reporting, messaging, support) under confidentiality and data-processing terms.

Payment platforms – Apple, Google, or other processors for purchases/refunds under platform rules.

Partners – For opt-in promotions/redemptions; we do not share private data without consent.

Legal/safety – To comply with law, protect rights and safety, and enforce policies (we may publish transparency summaries).

Business transfers – In M&A, financing, or asset sale, data may transfer subject to this Policy.

Although based in Taipei, we use global infrastructure (e.g., Google Cloud). We apply reasonable safeguards and require recipients to protect data consistent with this Policy and applicable law.

We retain personal data as needed to provide the Service and for legal/compliance purposes.

Examples: account/profile (while active and a reasonable period after deletion), topics/comments/votes (for integrity/audit; aggregated stats may persist), logs/security data (operational windows or longer for security/legal reasons). Backups may delay full deletion.

Subject to law, you may access/inspect, copy, supplement/correct, cease processing, or delete your personal data. Exercising some rights may limit functionality (e.g., hiding votes may affect results). Contact admin@pikas.app; we will respond within statutory deadlines and may charge reasonable fees where permitted.

Not directed to children under 13. If we learn we collected data from a child under 13 without verifiable consent, we will delete it. Users 13-17 should use the Service with guardian consent where required.

We implement reasonable technical and organizational measures (e.g., HTTPS, Firebase Auth, access controls, encryption in transit, monitoring). No method is 100% secure.

We use cookies/local storage/SDKs for login, preferences, analytics, and messaging. You can control cookies via browser/device settings, but some features may not work without them. The Service currently does not respond to Do Not Track signals.

Taiwan: marketing is opt-out by default (users are subscribed by default with clear unsubscribe options).

EU/California and similar jurisdictions: marketing is opt-in only (we send marketing messages only if you explicitly consent).

Transactional/service messages (e.g., security alerts) may still be sent.

We use automated systems (including AI models) for moderation, spam detection, ranking, and personalization. These may affect visibility or enforcement. You may request manual review where feasible.

EU/UK GDPR – You may have additional rights (portability, objection, restriction, withdrawal of consent). Contact us for EU/UK representative details if applicable.

California CPRA – We do not "sell" personal information as defined by CPRA. If we "share" for cross-context behavioral advertising in the future, we will provide a Right-to-Opt-Out mechanism.

Others: Local rights may apply. Contact admin@pikas.app.

We may update this Policy. Material changes will be notified in-app, on our site, or via email. Continued use after changes take effect constitutes acceptance.

Privacy questions/requests: admin@pikas.app

Operator / Controller: Internact Co., Ltd., 3F., No. 335, Ruiguang Rd., Neihu Dist., Taipei City, Taiwan