OctoDockLast updated / 最後更新:2026-06-25

隱私政策 / Privacy Policy

OctoDock 說明我們如何處理帳號資料、連接 App 的 OAuth token、操作記憶、瀏覽器擷取資料,以及你可以如何撤銷與刪除資料。

中文版本

隱私政策

1. OctoDock 的角色

OctoDock 是讓 AI agent 連接第三方 App 與工具的執行層。當你授權 App 或 AI client 時, OctoDock 會依你的授權範圍代為執行工具呼叫。我們不會販售你的個人資料,也不會把你的第三方 App 內容拿去建立公開資料集。

2. 我們會收集哪些資料

  • 帳號資料:Google 登入提供的姓名、Email、頭像與帳號識別資訊。
  • 連接 App 憑證:你授權的 OAuth access token、refresh token、API key 或必要連線設定。
  • 操作紀錄與記憶:agent 呼叫過哪些工具、任務摘要、常用參數、偏好與可重用的操作背景。
  • 瀏覽器擷取資料:你明確啟動 OctoDock Capture 時,才會擷取該分頁的請求中繼資料與已遮罩樣本。
  • 訂閱與客服資料:付款狀態、方案、客服聯絡紀錄與必要的交易識別資訊。

3. 我們如何使用資料

  • 讓 AI agent 可以依你的指令操作已連接 App。
  • 維持 OAuth 連線、更新 token、顯示連線狀態與用量。
  • 整理操作歷史、活動統計、常用參數與 agent 可查詢的記憶。
  • 審查瀏覽器擷取出的 adapter 證據,判斷是否能安全轉成可用工具。
  • 處理帳號安全、客服、付款、濫用防護與法令要求。

4. 安全與分享

儲存的 token 與敏感連線資料會加密保存。OctoDock 只會在你或你授權的 AI agent 發出請求時, 為完成該操作而向第三方服務送出必要資料。我們不會出售個人資料,也不會把你的資料分享給其他使用者。

5. AI agent 與第三方 App

使用 OctoDock 代表你允許已授權的 AI client 在你的授權範圍內呼叫工具。你仍需確認 agent 的指令與第三方 App 的使用條款相容。 你可以隨時在 dashboard 中斷 App 連線、撤銷 AI client 授權或刪除帳號資料。

6. 瀏覽器擷取與匯入

OctoDock Capture 預設不擷取資料。只有當你在有權檢查的網站上手動開始擷取時,擴充功能才會記錄請求方法、URL、狀態碼、 content type、JSON 結構與已遮罩的樣本。常見的 authorization、cookie、API key、CSRF token 會先遮罩再匯出。 若你選擇匯入登入狀態,這些資料會以使用者為單位加密保存,並只用於你授權的 adapter 執行。

7. 保留、撤銷與刪除

你可以在 dashboard 斷開任何 App。斷開後,OctoDock 會撤銷並刪除該 App 的 token。你也可以依 資料刪除頁 申請刪除帳號與相關資料;我們會在確認身份後於 30 天內完成刪除。

8. Meta 平台資料

若你連接 Threads、Facebook 或 Instagram,OctoDock 只會在你授權的權限範圍內讀取或發布內容。 Meta token 會加密保存;貼文、留言、洞察等內容原則上按需讀取,不作為公開資料集保存。

Meta deauthorization webhook:https://octo-dock.com/api/webhooks/threads/deauthorize
Meta data deletion webhook:https://octo-dock.com/api/webhooks/threads/delete

9. 聯絡方式

若你對隱私政策或資料處理有疑問,請聯絡 support@octo-dock.com

English version

Privacy Policy

1. OctoDock's role

OctoDock is an execution layer that lets AI agents connect to third-party apps and tools. When you authorize an app or AI client, OctoDock performs tool calls within the permission scope you grant. We do not sell your personal data or use your third-party app content to build public datasets.

2. Information we collect

  • Account data: name, email address, profile image, and account identifiers from Google sign-in.
  • Connected app credentials: OAuth access tokens, refresh tokens, API keys, and required connection settings you provide.
  • Operation records and memory: tool calls, task summaries, common parameters, preferences, and reusable operation context.
  • Browser capture data: request metadata and redacted samples only when you explicitly start OctoDock Capture on an active tab.
  • Billing and support data: plan status, support messages, and transaction identifiers required for subscription handling.

3. How we use information

  • To let AI agents operate connected apps according to your instructions.
  • To maintain OAuth connections, refresh tokens, show connection status, and calculate usage.
  • To organize operation history, activity analytics, common parameters, and agent-readable memory.
  • To review browser-captured adapter evidence and decide whether it can become a safe tool.
  • To handle account security, support, billing, abuse prevention, and legal requirements.

4. Security and sharing

Stored tokens and sensitive connection data are encrypted. OctoDock sends necessary data to third-party services only when you, or an AI agent you authorized, requests an action. We do not sell personal data or share your data with other users.

5. AI agents and third-party apps

Using OctoDock means you allow authorized AI clients to call tools within your granted permission scope. You remain responsible for making sure agent instructions comply with the terms of each third-party app. You can disconnect apps, revoke AI client authorization, or delete account data at any time.

6. Browser Extension Captures

OctoDock Capture is off by default. It records request method, URL, status code, content type, JSON shape, and redacted samples only when you manually choose Start capture on a website you are authorized to inspect. Authorization headers, cookies, API keys, and CSRF tokens are masked before export. If you import a login session, by choosing Open Review + Session, it is stored as an encrypted per-user browser session and used only for adapter execution you authorize.

7. Retention, revocation, and deletion

You can disconnect any app from the dashboard. OctoDock then revokes and deletes that app's token. You can also request account and data deletion through the Data Deletion page; after identity confirmation, we complete deletion within 30 days.

8. Meta platform data

If you connect Threads, Facebook, or Instagram, OctoDock reads or publishes content only within the permission scope you grant. Meta tokens are encrypted. Posts, replies, comments, and insights are generally fetched on demand and are not stored as a public dataset.

Meta deauthorization webhook: https://octo-dock.com/api/webhooks/threads/deauthorize
Meta data deletion webhook: https://octo-dock.com/api/webhooks/threads/delete

9. Contact

Questions about this policy or data handling can be sent to support@octo-dock.com.

Privacy Policy / 隱私政策 - OctoDock | OctoDock