SaleCraft — Privacy Policy

Last Updated: April 23, 2026

Effective Date: April 23, 2026

> SaleCraft is operated by Connact Co., Ltd. and shares the same account system and data processing with Landing AI. This policy applies equally to personal data you submit through salecraft.ai.

1. Introduction

This Privacy Policy ("Policy") describes how Connade Co., Ltd. (康耐德股份有限公司), a company incorporated under the laws of the Republic of China (Taiwan) (hereinafter "Company," "we," "us," or "our"), collects, uses, stores, shares, and protects your personal information when you access or use the Landing AI platform and all related services, websites, applications, and tools (collectively, the "Service").

We collect all data to optimize our system and provide you with a better experience. By creating an account or using the Service, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service.

This Policy should be read together with our Terms of Service.

2. Legal Bases for Processing

We process your personal data on the following legal bases:

Under Taiwan's Personal Data Protection Act (個人資料保護法, "PDPA")

  • Your consent: Provided when you create an account and agree to this Policy (PDPA Articles 7, 19, 20);
  • Performance of contract: Necessary for providing the Service pursuant to our Terms of Service (PDPA Article 19, Paragraph 1, Subparagraph 2);
  • Legitimate interests: For system optimization, fraud prevention, service improvement, and analytics, where such interests are not overridden by your data protection rights (PDPA Article 19, Paragraph 1, Subparagraph 5);
  • Legal obligation: Where processing is required to comply with applicable laws or regulations.

Under the EU General Data Protection Regulation (GDPR), if applicable

  • Consent (Article 6(1)(a)): For marketing communications and non-essential analytics;
  • Performance of contract (Article 6(1)(b)): For providing the Service;
  • Legitimate interests (Article 6(1)(f)): For system improvement, security, and fraud prevention;
  • Legal obligation (Article 6(1)(c)): Where required by law.

Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), if applicable

We process personal information for the business and commercial purposes described in this Policy, as permitted under the CCPA/CPRA.

3. Data We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, password (encrypted and hashed)
  • Profile Data: Display name, profile avatar
  • Product & Brand Content: Product descriptions, brand assets, logos, images, packaging photos, ingredient lists, spokesperson photos, brand identity materials
  • Marketing Preferences: Target audience information, campaign settings, creative style preferences
  • Payment Information: Credit purchase records, transaction history (credit card details are processed and stored exclusively by Stripe, Inc.; we do not store your card numbers)
  • Communications: Support inquiries, feedback, and correspondence with us

3.2 Information Generated Through the Service

  • Generated Content: AI-generated landing pages, images, copy, reels, and related creative materials. Please note that generated landing pages are published on the Internet and become publicly accessible immediately upon generation; they may be indexed by search engines and discovered by third parties.
  • Deployed Content: Landing pages and associated content deployed to the public internet through the Service, including deployment URLs and deployment status
  • Crawled Data: Content retrieved from third-party websites through the web crawling/scraping feature, as directed by you, including source URLs and extracted content
  • Project Data: Edit history, regeneration records, version history, annotation data
  • Credit Usage: Points deduction records, refund records, generation cost details

3.3 Information Collected Automatically

  • Device Information: Device type, operating system, browser type and version, screen resolution
  • Usage Data: Pages visited, features used, click patterns, session duration, interaction logs
  • Log Data: IP address, access timestamps, referring URLs, error logs
  • Cookies & Local Storage: Session tokens, language preferences, application settings

3.4 Information from Third Parties

  • Google OAuth: Name, email address, and profile picture (if you sign in via Google)
  • Stripe: Payment confirmation, transaction status (no card details)

4. How We Use Your Data

We collect all data to optimize our system and provide you with a better experience. Specifically:

  • Provide the Service — Generate landing pages, process your content, manage your account, and deliver results
  • Optimize AI performance — Analyze generation results, usage patterns, and user feedback to improve our AI models, algorithms, and output quality
  • Personalize your experience — Remember your preferences, brand settings, language choices, and frequently used features
  • Process payments — Handle credit purchases, track transactions, process refunds, and manage billing
  • Ensure security — Detect and prevent fraud, unauthorized access, abuse, and security threats
  • Maintain service quality — Monitor system performance, identify and fix bugs, ensure reliability and uptime
  • Communicate with you — Respond to support requests, send service updates, account notifications, and (with your consent) marketing communications
  • Comply with legal obligations — Meet regulatory requirements, respond to lawful requests, enforce our Terms, and protect our legal rights
  • Deploy and host content — Make Generated Content (including landing pages) publicly accessible on the internet as part of the Service's core functionality
  • Demonstrate the Service — Use deployed landing pages and Generated Content for demonstration, showcase, and promotional purposes, including in marketing materials, presentations, case studies, and portfolio displays, as described in our Terms of Service
  • Conduct analytics — Analyze aggregate and anonymized usage patterns to understand how the Service is used and identify areas for improvement
  • Train and improve AI models — Use anonymized and aggregated data derived from user interactions and generated content to train, refine, and improve our AI models and systems
  • Sales demonstrations and promotional purposes — Retain, display, and use generated landing pages and related Generated Content (in original, modified, excerpted, or anonymized form) to showcase the Service's capabilities for the Company's sales demonstrations, marketing, business development, and promotional activities, as further described in our Terms of Service

5. Data Sharing and Disclosure

We do not sell your personal data. We may share or disclose data in the following circumstances:

5.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf, subject to contractual obligations to protect your data:

  • Google Cloud Platform (GCP) — Cloud infrastructure and hosting; data shared: all Service data (encrypted at rest and in transit)
  • Stripe, Inc. — Payment processing; data shared: payment-related data only
  • AI Model Providers — Content generation (image, text, video); data shared: product information and prompts (no personal identifiers)
  • Email Service Providers — Transactional and service emails; data shared: email address and name

5.2 Legal Requirements

We may disclose your data when required or permitted by law, including:

  • In response to valid legal process (subpoenas, court orders, government requests);
  • To comply with applicable laws, regulations, or governmental directives;
  • To protect the rights, property, or safety of the Company, our users, or the public;
  • To enforce our Terms of Service or investigate potential violations.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar transaction, your data may be transferred as part of the business assets. We will notify you of any such transfer and any changes to this Policy.

5.4 Publicly Deployed Content

Landing pages and content deployed through the Service are made publicly accessible on the internet and can be viewed by anyone with the URL. Additionally, the Company may use deployed landing pages for demonstration and showcase purposes as described in our Terms of Service, including displaying them in marketing materials, presentations, case studies, and on the Company's website and social media channels. By deploying content through the Service, you acknowledge and consent to such public accessibility and demonstration use. The Company is not responsible for any third-party access to, copying of, or use of your publicly deployed content.

5.5 With Your Consent

We may share your data with third parties when you have given explicit consent to do so.

6. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside of your country of residence, including but not limited to the United States (for cloud infrastructure and AI processing) and other jurisdictions where our service providers operate.

For Taiwan Users

Cross-border transfers are conducted in compliance with Articles 20 and 21 of the PDPA and applicable regulations of the National Development Council (國家發展委員會).

For EU/EEA Users

Where data is transferred outside the EU/EEA, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions, where applicable;
  • Other appropriate safeguards as required by the GDPR.

For California Users

We do not sell personal information as defined by the CCPA/CPRA.

7. Data Security

We implement industry-standard technical and organizational security measures, including but not limited to:

  • Encryption in transit: All data transmitted between your device and our servers uses TLS/SSL encryption;
  • Encryption at rest: Sensitive data is encrypted using AES-256 or equivalent;
  • Password security: Passwords are hashed using industry-standard algorithms and are never stored in plaintext;
  • Access controls: Role-based access controls, principle of least privilege, and multi-factor authentication for administrative access;
  • Secure payment processing: All payment data is handled by Stripe, which is PCI DSS Level 1 certified;
  • Infrastructure security: Hosted on Google Cloud Platform with enterprise-grade security features;
  • Regular monitoring: Continuous security monitoring, logging, and alerting for suspicious activities;
  • Incident response: Established procedures for detecting, responding to, and recovering from security incidents.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Data Retention

  • Account data — Duration of your active account, plus up to 30 days after account deletion for backup purposes
  • Generated content — Duration of your active account; deleted within 90 days after account termination, except that the Company may retain generated landing pages and related content indefinitely for sales demonstration and promotional purposes as described in our Terms of Service
  • Payment records — 7 years after the transaction, as required by tax and commercial laws
  • Usage logs and analytics — Up to 24 months in identifiable form; indefinitely in anonymized/aggregated form
  • Support correspondence — 3 years after the last communication
  • Legal hold data — As long as required by applicable legal proceedings or regulatory requirements

Upon account deletion, we will delete or anonymize your personal data within the timeframes above, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

9. Your Rights

9.1 Rights Under Taiwan's PDPA

In accordance with Articles 3 and 4 of the PDPA, you have the right to:

  • Inquire or request access to your personal data;
  • Request a copy of your personal data;
  • Supplement or correct your personal data;
  • Request cessation of collection, processing, or use of your personal data;
  • Request deletion of your personal data.

9.2 Rights Under the GDPR (EU/EEA Users)

If you are located in the EU/EEA, you additionally have the right to:

  • Data portability: Receive your data in a structured, commonly used, machine-readable format;
  • Object to processing: Object to processing based on legitimate interests;
  • Restrict processing: Request restriction of processing under certain circumstances;
  • Withdraw consent: Withdraw consent at any time, without affecting the lawfulness of prior processing;
  • Lodge a complaint: File a complaint with your local data protection authority.

9.3 Rights Under CCPA/CPRA (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell;
  • Delete your personal information, subject to certain exceptions;
  • Opt-out of sale: We do not sell personal information; no opt-out is necessary;
  • Non-discrimination: Exercise your rights without discriminatory treatment;
  • Correct inaccurate personal information;
  • Limit use of sensitive personal information, if applicable.

9.4 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

  • Email: support@landing-ai.com
  • Subject line: "Privacy Rights Request — [Your Request Type]"

We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

10. Cookies and Similar Technologies

10.1 Types of Cookies We Use

  • Essential cookies — Authentication, session management, security (session / persistent)
  • Preference cookies — Language settings, theme preferences, UI settings (persistent, up to 1 year)
  • Analytics cookies — Understanding usage patterns and improving the Service (persistent, up to 24 months)

10.2 We Do NOT Use

  • Third-party advertising or tracking cookies;
  • Cross-site tracking technologies;
  • Browser fingerprinting for advertising purposes.

10.3 Managing Cookies

You can manage cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

11. Do Not Track Signals

The Service does not currently respond to "Do Not Track" (DNT) browser signals. However, we do not engage in cross-site tracking of our users.

12. Children's Privacy

The Service is not intended for, directed at, or designed to attract individuals under the age of 18 (or the age of majority in the applicable jurisdiction). We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor, we will take steps to delete such data promptly. If you believe a minor has provided us with personal data, please contact us at support@landing-ai.com.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • Taiwan: We will notify the relevant authorities and affected individuals in accordance with the PDPA and applicable regulations;
  • EU/EEA: We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (per GDPR Article 33) and affected individuals without undue delay where the breach poses a high risk (per GDPR Article 34);
  • California: We will provide notification in accordance with California Civil Code § 1798.82.

14. Automated Decision-Making

The Service uses AI and automated systems to generate content based on your inputs. These automated processes:

  • Generate marketing content, images, and layouts based on the data you provide;
  • Do not make legally binding decisions about you;
  • Do not engage in profiling that produces legal or similarly significant effects on you.

You always retain full control over whether to publish, modify, or discard any Generated Content.

15. Marketing Communications

We may send you service-related communications (e.g., account notifications, security alerts, transaction confirmations) which are necessary for the operation of the Service.

For marketing communications (e.g., promotional offers, feature announcements):

  • We will only send marketing communications with your prior consent;
  • You may opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at support@landing-ai.com;
  • Opting out of marketing communications does not affect service-related communications.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date at the top of this Policy;
  • We will notify you through the Service interface, via email, or by other reasonable means;
  • Material changes will take effect 30 days after notification, unless a longer period is required by applicable law;
  • Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should discontinue use of the Service and request account deletion.

17. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of China (Taiwan). For disputes related to this Policy, the provisions in our Terms of Service regarding dispute resolution shall apply.

18. Language

This Policy is provided in English and Traditional Chinese. In the event of any conflict or discrepancy between the English and Chinese versions, the Chinese (Traditional Chinese / zh-TW) version shall prevail for matters governed by Taiwan law.

19. Contact Us

For any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Connade Co., Ltd. (康耐德股份有限公司) Data Protection Contact Email: support@landing-ai.com

For EU/EEA users who wish to lodge a complaint, you also have the right to contact your local data protection supervisory authority.

By creating an account, you acknowledge that you have read, understood, and consent to the collection, use, and processing of your personal data as described in this Privacy Policy.