Legal

Privacy Policy

Last updated: 13 May 2026

1. Who we are

HanMo is a brand operated by Vangatech Co., Ltd., a company registered in Taiwan (R.O.C.) (the “Controller”). This policy explains what personal data we collect when you use our website, why we collect it, and what your rights are.

2. Data we collect

  • Order data — your email address, the design intent text you write, the placement and style you choose, and the AI-generated options. Stored so we can deliver your design and provide support.
  • Payment data — handled entirely by Gumroad, Inc., our Merchant of Record. We never see or store your full card number. We receive a transaction ID, your billing country, and the amount paid.
  • Technical data — IP address, browser type, pages visited and timestamps. Used for security, fraud prevention and service analytics.
  • Cookies — strictly necessary cookies for session and checkout. We do not use advertising or cross-site tracking cookies.

3. Why we use it (legal basis)

  • Performance of contract — to deliver the design you ordered and provide support.
  • Legitimate interests — to keep the service secure, prevent fraud, and improve the product.
  • Legal obligation — to keep records required by tax and accounting law.
  • Consent — only where explicitly requested (e.g. optional marketing emails). You can withdraw consent at any time.

4. Sharing

We share data only with the following processors, each bound by a data-processing agreement:

  • Gumroad — payment processing and tax compliance.
  • Cloud infrastructure (Lovable Cloud / Supabase, Cloudflare) — hosting, database and edge delivery.
  • AI providers (Google, OpenAI via the Lovable AI Gateway) — to generate translation suggestions and calligraphy. Your intent text is sent to these providers as part of the request and is not used by them to train future models under their commercial API terms.

We do not sell your personal data.

5. International transfers

Our infrastructure and AI providers may process data in the United States, the European Union and Taiwan. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Retention

  • Order records: kept for 7 years to comply with Taiwanese accounting law.
  • Pending (unpaid) orders: deleted after 30 minutes.
  • Generated designs: kept indefinitely so you can re-download, unless you ask us to delete them.
  • Server logs: rotated within 90 days.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, Taiwan PDPA, CCPA) you have the right to access, correct, port, restrict, or delete your personal data, and to object to processing or lodge a complaint with your local supervisory authority. To exercise any right, email jqst1927@gmail.com. We respond within 30 days.

8. Security

Data is transmitted over TLS, stored in encrypted databases, and access is restricted to the minimum number of staff needed to operate the service. No system is perfectly secure; we will notify affected users and the relevant authority of any qualifying data breach within 72 hours.

9. Children

The Service is not directed to children under 18. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us and we will delete it.

10. Changes

We may update this policy. Material changes will be notified by email to your last known address.

11. Contact

Privacy questions: jqst1927@gmail.com
General support: jqst1927@gmail.com