Legal · Last updated 2026-05-05

Privacy Policy

This Privacy Policy describes how Taiwan Telecom, Inc. ("we", "us", "the Company"), the operator of the BinaryPHP service ("the Service"), collects, uses, and protects information about you when you use binaryphp.com and the BinaryPHP encoder. For the purposes of GDPR and similar data-protection laws, the data controller is Taiwan Telecom, Inc.

1. Information we collect

1.1 Information you provide

• Account information. When you sign in with Google, we receive your email address, profile name, and Google account ID. We do not receive your Google password.
• Uploaded files. Any .php or .zip file you submit to our encoder.
• License metadata. Domains, MAC addresses, expiration dates, and plugin identifiers you specify when encoding.
• Payment information. If you subscribe to a paid tier, payment is handled by our payment processor (Stripe). We receive subscription status and last-4 of card; we do not receive or store full card numbers.
• Communications. Email correspondence you send to us.

1.2 Information we collect automatically

• Transient request logs. Standard web server access logs (IP, request line, status, timestamp) are written by nginx for operational debugging. We do not aggregate, mine, or build profiles from them, and they rotate on the OS schedule.

We do not maintain a separate analytics pipeline, encoding job database, or long-term request-log archive. We do not use third-party analytics (no Google Analytics, no pixel tracking).

1.3 Information we do not collect

• We do not use third-party advertising trackers, analytics scripts, or social media pixels.
• We do not collect biometric data, location data, or contact lists.
• We do not read your Google Drive, Gmail, Calendar, or any Google services beyond the basic profile (email, name, ID).

2. How we use information

We use the information we collect to:

• Authenticate you and maintain your session.
• Encode files you submit and deliver the result back to you.
• Bill you for paid subscriptions and provide receipts.
• Enforce rate limits and prevent abuse.
• Communicate with you about your account, security alerts, and product updates (you can opt out of non-essential email at any time).
• Comply with legal obligations.

3. How we handle uploaded files

Files you upload to the encoder are stored in Cloudflare R2 with at-rest encryption while we process them. Source code is read exactly once when the encode job runs, then deleted from R2 immediately. The encoded output is made available to you for download for a limited window so you can re-download if your initial transfer fails.

Concrete retention:

• Uploaded source code — kept up to 1 day in R2 (deleted immediately after the encode job reads it; the 1-day lifecycle rule is a backstop).
• Encoded output — kept up to 3 days in R2, then auto-deleted by lifecycle rule.
• Failed encodes may retain a sanitized error message (no source content) for 7 days for debugging.

Master encryption keys live in our infrastructure and are never exposed to you, third parties, or written into any log.

4. Sharing and disclosure

We do not sell or rent your personal information. We share it only with:

• Service providers who help us operate the Service — currently: Google (authentication), Stripe (payments). These providers are bound by their own privacy commitments.
• Law enforcement when compelled by valid legal process, and only the minimum required information.
• Acquirers in the event of a merger, acquisition, or asset sale, subject to the same privacy obligations.

5. Data retention

Data type	Retention period
Account profile (email, name)	While account is active + 30 days after deletion
Uploaded source code (in Cloudflare R2)	Up to 1 day — deleted immediately after the encode job reads it; lifecycle rule backstops at 1 day
Encoded output (in Cloudflare R2)	Up to 3 days — auto-deleted by lifecycle rule
nginx access logs (IP, URL, status)	OS-rotated only — no separate archive
Billing records	7 years (tax compliance)

6. Security

All traffic to binaryphp.com is encrypted in transit (HTTPS / TLS). Account credentials are not stored — authentication is delegated to Google. Payment data is processed by Stripe and never touches our servers. Working directories for encoding jobs are isolated per request and cleaned up after delivery.

7. Your rights

You have the right to:

• Access a copy of the personal data we hold about you.
• Correct any inaccurate information.
• Delete your account and associated data.
• Export your account data in a portable format (JSON).
• Object to certain processing or withdraw consent.
• Lodge a complaint with your local data protection authority (e.g. ICO in the UK, CNIL in France, NCC in Taiwan, FTC in the US).

To exercise any of these rights, please open a ticket via our contact form. We respond within 30 days.

8. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted personal information to us, please contact us and we will delete it.

9. International transfers

Our servers are located in Asia-Pacific. If you access the Service from outside this region, your data is transferred to and processed there. We rely on standard contractual clauses where required.

10. Cookies

We use a single first-party session cookie (binaryphp_session) to maintain your sign-in state. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. The session cookie is deleted when you sign out or close your browser.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and on the website. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

Taiwan Telecom, Inc.
All privacy and general inquiries: please open a ticket via our contact form. Replies arrive on the site, and we email you when there's a new response.