Privacy Policy

Last updated: May 20, 2025

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service.

By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions.

The following definitions shall have the same meaning regardless of whether they appear in singular or in the plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, whereas "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
  • Application means the software program provided by the Company downloaded by You on any electronic device, named Yodayo!
  • Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to YDY AI LIMITED/Yodayo - **OFFICE 5, 8/F, MEGA CUBE, 8 WANG KWONG ROAD, KLN BAY, KOWLOON, HONG KONG.** For the purpose of the GDPR, the Company is the Data Controller.
  • Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
  • Country refers to: United States
  • Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  • For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
  • Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

Collecting and Using Your Personal Data

Data We Collect

We may collect the following categories of data:

  • Identifiers (email address, username, IP address)
  • Account data (login credentials, profile info)
  • Payment/billing info (via secure third-party processors)
  • Usage data (interactions with the app or website)
  • Device data (browser type, OS, mobile device ID)
  • Social login data (Facebook, Google, Twitter)
  • Location, media, or contacts (only with user permission)

Purposes of Collection (PDPO DPP1)

We collect personal data for specific, lawful purposes, including:

  • Account registration and authentication
  • Operating and improving our AI and community features
  • Payment processing and fraud prevention
  • Customer support and moderation
  • Compliance with legal requirements
  • Analytics and platform optimization
  • Marketing (only with opt-in consent)

You will be notified where providing data is mandatory vs optional.

Security of Your Data (PDPO DPP4)

We implement commercially reasonable security measures, including:

  • SSL/TLS encryption
  • Secure data storage and access controls
  • Data minimization and internal audit practices

Retention of Data (PDPO DPP2)

We retain personal data only as long as necessary. Data no longer required will be securely deleted or anonymized.

Use & Disclosure (PDPO DPP3)

Data will only be used for the purposes stated unless:

  • You consent to a new use
  • The new use is directly related to the original purpose
  • Required by law or to prevent unlawful activity

Data Transfers Outside Hong Kong

We ensure appropriate safeguards under PDPO (contractual protections, vendor assessments).

Your Rights (PDPO DPP6 & GDPR)

You may:

  • Access the data we hold
  • Request correction
  • Withdraw consent
  • Request erasure

Contact: [email protected]. Response time: within 40 days.

Direct Marketing (PDPO & CCPA)

We only send marketing if you have opted in. You may opt out anytime.

Children’s Data

We do not knowingly collect data from children under 13. Contact us if such data is found.

Data Breach Response

We will investigate breaches, notify affected users, and inform the Privacy Commissioner where applicable.

Your Rights Under GDPR & CCPA

Please refer to the detailed appendices or original sections for GDPR and CCPA rights.

Third-Party Services & Links

Third-party links are governed by their own policies. We encourage reviewing their terms.

Changes to This Privacy Policy

We may update this policy and notify users for material changes.

Contact Us

YDY AI LIMITED OFFICE 5, 8/F, MEGA CUBE, 8 Wang Kwong Road, Kowloon Bay, Hong Kong Email: [email protected]