Privacy Policy

We take the protection of user privacy and personal information very seriously. When you use our products and/or services (including Google Cloud Services and ChatGPT), we may collect and use your relevant information. We hope to explain to you through the "SAYO Data Security and Privacy Policy" (this "Privacy Policy") how we collect, use, store, share, and transfer such information, as well as how we provide you with ways to access, update, delete, and protect this information. We hope that before using our products and/or services, you carefully read and confirm that you fully understand the content of this policy. If you have any questions while reading, please contact our customer service for consultation. If you do not agree to any terms in this agreement, please stop submitting information.

Before using our products and services, please be sure to carefully read and understand this policy, and ensure that you have fully understood and agreed before use. For professional terms involved in this policy, we will explain them in simple and easy-to-understand language so that you can understand.

If you have any questions or concerns about this Privacy Policy or related matters, please contact us via email at sayoteam@outlook.com.

This policy will help you understand the following:

1. How we collect and use your personal information
2. How we share, transfer, and publicly disclose your personal information
3. How we protect and store your personal information
4. How you can manage your personal information
5. How we handle children's personal information
6. How your personal information is transferred globally
7. Notices and revisions
8. How we use cookies and similar technologies
9. How to contact us

We are committed to protecting the personal information you provide when using our APP, and we follow laws and regulations and adhere to privacy protection principles to protect your information when collecting, using, storing, and transmitting personal information. Personal information refers to various kinds of information recorded by electronic or other means related to an identified or identifiable natural person, excluding information after anonymization.

The personal information covered by this privacy policy includes: basic information (including nickname, region, email number, device number); network identification information (including system account); personal internet records (including login records, page interaction events, page dwell time);

Sensitive personal information refers to personal information that, if leaked or illegally used, can easily lead to the infringement of a natural person's human dignity or endanger personal or property safety, including biometric information, religious beliefs, specific identity, medical health, financial accounts, location tracks, and other information, as well as personal information of minors under the age of 14.

The sensitive personal information covered by this privacy policy includes: personal location information (positioning information).

California Notice

Users who reside in California and provide personal information to SAYO have the right to receive: (a) information about the personal information we may have disclosed about you and your household to third parties for that party's direct marketing purposes in the preceding calendar year; (b) a description of the categories of personal information disclosed. To obtain such information, please send your request to sayoteam@outlook.com. This request may only be made once per calendar year. We reserve the right not to respond to requests submitted other than to the address specified in this paragraph.

We will only collect and use your personal information to fulfill the business functions of the APP, specifically for the following purposes:

(i) Situations where you must authorize us to collect and use your personal information

Our services include core functions necessary to enable online shopping, improve services, and ensure transaction security. To perform these functions, we may collect, store, and use the following information about you. If you do not provide such information, you will not be able to enjoy the services we provide. These functions include:

1. Functions necessary to enable after-sales services

1. User Registration: When you register, you need to provide at least the email number you intend to use, and we will verify your identity by sending an email verification code to confirm its validity. Your account name is your default nickname. You can change and add your nickname, gender, date of birth, and real-name verification related information, which belong to your "account information". The additional account information you provide will help us provide you with personalized services and a better activity experience, but if you do not provide this additional information, it will not affect your basic functions.
2. Using the Service: To facilitate your use of the service, we may collect your device information used with our products and/or services (including device name, device model, device identifier, operating system and application version, language settings, resolution, service provider network ID (PLMN)) to provide you with the best product information display method. We may also use your personal information to continuously improve and optimize the above functions.
3. Purchasing Services: When you are ready to purchase and pay for the desired service, the system will generate an order for your purchase of that service. This order will contain the service information you purchased, the amount payable, and the payment method. All this information constitutes your "order information". We will use this information to verify your identity, determine the transaction, process the payment, review your order, and provide customer service and after-sales service; we will also use your order information to determine whether there is any abnormality in your transaction to protect your transaction security.
4. Payment Function: After you place an order, you can choose payment services provided by Google Play or Apple Store. The payment function itself does not collect your personal information, but we need to share your order number and transaction amount information with these payment institutions so that they can confirm your payment instruction and complete the payment. "Affiliate" means any company or organization that controls, is controlled by, or is under common control with, and the legal representative of such company, whether now or in the future. "Control" means the ability to directly or indirectly influence the management of a company through ownership, voting rights, contracts, or other means determined by a people's court.
5. Delivery Service Function: When you place an order online and complete payment, SAYO's affiliated company will fulfill the delivery of your order. You acknowledge and agree that SAYO's affiliated company will use your order information in the above-mentioned process to ensure that your ordered service can be used normally.

2. Providing personalized services and improving service quality

To enhance your service experience and improve service quality, or to recommend better or more suitable services to you. We may collect your order information, browsing information, and your interests to conduct data analysis and form user profiles for the purpose of showing you activity or service information that may interest you. We may also obtain other information reasonably needed by you to provide services and improve service quality, including information you provide when contacting customer service, information you send to us when participating in surveys, and information we obtain when you interact with our affiliates and partners. For information collected from your various devices, we may correlate it to provide you with a consistent service across these devices. We may combine information from one service with information from other services to provide you with services, personalized content, and recommendations.

To enhance your experience using our services, we may collect and use your personal information in the following additional functions. If you do not provide this personal information, you can still use the basic functions of this application. Please note that by enabling these permissions, you authorize us to collect and use this personal information to achieve the above functions. By disabling these permissions, you revoke these authorizations, and we will no longer continue to collect and use your personal information, nor can we provide you with the functions corresponding to these authorizations. Your decision to close permissions will not affect the previous processing of personal information based on your authorization:

1. Additional functions based on camera: We need you to authorize the camera function on your device so that you can use the camera to take photos and upload custom avatars or other image files.
2. Additional functions based on image upload: We need you to authorize SAYO to access your photo album, for the purpose of helping you take and upload photos/images from your phone, making it convenient for you to change your avatar, etc. In addition, you can also provide images in SAYO's consultation window so that we can help you answer device-related questions and suggestions.

3. Functions necessary to ensure transaction security

To improve the security of our systems when you use our products and/or services, and to more accurately prevent phishing website fraud and protect account security, we may determine your account risk by understanding your browsing information, order information, commonly used software information, device information, etc., and we may record some links we consider risky ("URLs"); we will also collect your device information to analyze SAYO system issues, count traffic, and assess potential risks, and rank them when you choose to send us exception information.

(ii) You are fully aware of the following situations where we collect and use personal information without your authorized consent:

1. Related to national security and national defense security.
2. Related to public safety, public health, and major public interests.
3. Related to criminal investigation, prosecution, trial, and execution of judgments, etc.
4. To protect the life, property, and other major legitimate rights and interests of the personal information subject or other individuals, but it is difficult to obtain the consent of the person.
5. Necessary for the performance of a contract or business arrangement entered into with the personal information subject, and the personal information subject has previously consented to the collection or use of their personal information.
6. Personal information voluntarily disclosed by the personal information subject.
7. Personal information collected from legally publicly disclosed information, such as legal news reports, government information disclosure, and other channels.
8. Necessary to achieve the functions of products and services as requested by you.
9. Necessary for maintaining the safe and stable operation of the provided products and/or services, such as discovering and handling failures of products and/or services.
10. Other circumstances stipulated by laws and regulations.

(iii) Rules for using your personal information

1. We will use the collected personal information in accordance with the agreement in this Privacy Policy to achieve the functions of our products and/or services.
2. After collecting your personal information, we will use technical means to de-identify the data, and the processed information will not be able to identify the subject. Please understand and agree that in such cases, we have the right to use the processed information; without disclosing your personal information, we have the right to analyze and commercially utilize the user database.
3. Please note that all personal information you provide while using our products and/or services will be continuously authorized to us during your use of our products and/or services, unless you delete this information. When you cancel your account, we will stop using and delete your personal information within a reasonable time.
4. We may conduct statistics on the usage of our products and/or services and may share these statistics with the public or third parties to demonstrate the overall usage trends of our products and/or services. However, these statistics will not contain any identifying information about you.
5. When we wish to use your personal information for purposes other than those stated in this policy, or to use information collected for a specific purpose for other purposes, we will seek your prior consent through a checkbox initiated by you.

(i) Sharing

1. We will not share your personal information with any company, organization, or individual other than DIGITAL DAFFODIL LTD, except in the following cases:
   1. With your prior explicit consent or authorization;
   2. As required by applicable laws and regulations, legal procedures, or necessary to meet mandatory administrative or judicial requirements;
   3. To the extent permitted by law or regulations, when necessary to protect the interests, property, or safety of SAYO, SAYO's affiliates or partners, you, other SAYO users, or the public from damage;
   4. Only to achieve the core functions of our products and/or services or provide the services you need;
   5. To handle disputes or disagreements between you and others at your request;
   6. To comply with the provisions of relevant agreements signed with you (including electronically signed agreements and corresponding platform rules) or other legal documents;
   7. For academic research purposes;
   8. Used within the scope of public interests in accordance with laws and regulations.
2. We may share your personal information with our affiliates (including but not limited to subsidiaries, holding companies, affiliated companies, advertising agents, etc. of DIGITAL DAFFODIL LTD). The information shared is subject to the purposes described in this Privacy Policy. If our affiliates wish to change the purpose of processing personal information, they will seek your authorization and consent again.
3. We may share your order information, account information, device information, and location information with third parties such as partners (e.g., agencies) to ensure the smooth completion of services provided to you. However, we only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and only share personal information necessary to provide the services. Our partners have no right to use the shared personal information for any other purpose. Our partners include the following types:
   1. Suppliers of goods or technical services. We may share your personal information with third parties that support our functions. This support includes providing us with infrastructure technical services, logistics and delivery services, payment services, data processing, etc. We share this information to achieve the core shopping functions of our products and/or services, for example, when we must share your order information with logistics service providers to arrange delivery; or when we need to share your order number and order amount with third-party payment providers to confirm your payment instruction and complete the payment.
   2. Third-party merchants. We must share your order information and necessary transaction information with third-party merchants so that you can purchase goods or services from them and they can complete subsequent after-sales services.
   3. Partners who entrust us with promotion. Sometimes we may provide promotion services to user groups of our products and/or services on behalf of other businesses. We may share your personal information and indirect user profiles formed by aggregating your non-personal information with partners who entrust us with promotion ("Entrusting Parties"), but we will only provide these Entrusting Parties with information about the coverage and effectiveness of the promotion, and will not provide your personally identifying information, or we will aggregate such information so that it does not identify you personally. For example, we may tell an Entrusting Party how many people saw their promotion or purchased the Entrusting Party's goods after seeing the information, or provide them with non-personally identifiable statistical information to help them understand their audience or customers.
4. For companies, organizations, and individuals with whom we share personal information, we will enter into strict confidentiality agreements with them, requiring them to process personal information in accordance with our instructions, this Privacy Policy, and any other relevant confidentiality and security measures.

(ii) Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following cases:

1. With your prior explicit consent or authorization;
2. As required by applicable laws and regulations, legal procedures, or necessary to meet mandatory administrative or judicial requirements;
3. To comply with the provisions of relevant agreements signed with you (including electronically signed agreements and corresponding platform rules) or other legal documents;
4. In the event of a merger, division, dissolution, bankruptcy, or other circumstances requiring the transfer of your personal information, we will inform you of the name or names and contact information of the recipient(s), and require the new company or organization to continue to be bound by this Privacy Policy. Otherwise, we will require that company or organization to seek your authorization and consent again.

(iii) Public Disclosure

We will only publicly disclose your personal information in the following situations and by taking security measures that meet industry standards:

1. Based on your needs, disclose your specified personal information in the manner you explicitly consent to;
2. When laws, regulations, mandatory administrative law enforcement, or judicial requirements require the provision of your personal information, we may publicly disclose your personal information according to the type of personal information required and the method of disclosure. In accordance with laws and regulations, when we receive such disclosure requests, we will require that legal documents such as subpoenas or investigation letters must be provided. We firmly believe that within the limits permitted by law, we provide the information we are required to provide as transparently as possible. We carefully review all requests to ensure they have a legal basis and are limited to data legally obtained by law enforcement for specific investigation purposes.

(i) Our technologies and measures to protect your personal information

We attach great importance to the security of personal information and take all reasonably feasible measures to protect your personal information:

1. Technical measures for data security

   We will use industry standard security measures, including establishing reasonable system specifications and security technologies, to prevent unauthorized access to, use of, or modification of your personal information, and to avoid data damage or loss.

   SAYO's network services use Transport Layer Security protocol and other encryption technologies to ensure the security of user data during transmission.

   SAYO uses encryption technology to encrypt stored user personal information and uses isolation technology for isolation. When using personal information, such as for personal information display and personal information correlation calculation, we use various data masking technologies, including content replacement and SHA256, to enhance the security of personal information in use.

   SAYO adopts strict data access permission controls and multi-factor authentication technology to protect personal information and avoid improper data use.

   SAYO uses automated code security checks and data access log analysis technology for personal information security auditing.

   SAYO uses Google Cloud to provide infrastructure support for the security and integrity of your data.

   SAYO uses the OpenAI platform to obtain results anonymously to protect your personal privacy.

2. Other security measures taken by SAYO to protect personal information

   SAYO manages and regulates the storage and use of personal information by establishing a data classification and grading system, data security management specifications, and data security development specifications.

   SAYO conducts comprehensive security control over data through information contact person confidentiality agreements, monitoring, and audit mechanisms. We strengthen security awareness. We also hold security and privacy training courses to improve employees' awareness of the importance of protecting personal information.

3. We only allow employees and partners of DIGITAL DAFFODIL LTD and DIGITAL DAFFODIL LTD affiliates who need to know such information to access personal information, and we have set up strict access controls and monitoring mechanisms for this purpose. We also require all personnel who may have access to your personal information to fulfill confidentiality obligations. Failure to fulfill these obligations may result in legal liability or termination of our relationship with DIGITAL DAFFODIL LTD.
4. We will take all reasonably feasible measures to ensure that irrelevant personal information is not collected. We will only retain your personal information for the period necessary to achieve the purposes stated in this policy, unless the law requires or permits an extension of the retention period.
5. The internet environment is not 100% secure, and we will endeavor to ensure or guarantee the security of any information you send to us. If our physical, technical, or administrative safeguards are breached, resulting in unauthorized access, public disclosure, alteration, or destruction of information, thereby harming your legitimate rights and interests, we will bear corresponding legal liability.
6. Security incident handling

   In the event of a personal information security incident, we will, in accordance with legal requirements, promptly inform you of: the basic situation and possible impact of the security incident, the measures we have taken or will take to handle it, suggestions for you to prevent and reduce risks on your own, and remedies for you. We will also inform you of the situation related to the event in a timely manner via email, letter, phone, push notification, etc. When it is difficult to inform each personal information subject individually, we will take reasonable and effective means to issue an announcement. At the same time, we will also proactively report the handling of personal information security incidents to regulatory authorities as required.

(ii) Storage of your personal information

1. Storage location: All your personal information will be stored in the United States. If we need to transfer your personal information outside the United States to complete our business activities, we will follow relevant national regulations, obtain your separate authorization and consent, and require the recipient to process your personal information in accordance with the data protection agreement signed by both parties, this Privacy Policy, and relevant laws and regulations.
2. Retention period: Unless otherwise required by laws and regulations, we will retain your personal information for one month after you cancel your account. We promise this is the minimum time necessary to protect your consumer rights at DIGITAL DAFFODIL LTD. After exceeding our retention period, we will delete or anonymize your personal information.
3. Service termination: If we terminate services or operations, we will notify you at least thirty days in advance and delete or anonymize your personal information after the termination of service or operation.

DIGITAL DAFFODIL LTD highly values your attention to personal information and does its utmost to protect your rights to access, correct, delete, supplement, access, and withdraw consent to personal information, so that you have full capacity to protect your privacy and security. Your rights include:

1. Accessing, correcting, and supplementing your personal information
2. Deleting your personal information
3. Changing your authorization scope or withdrawing authorization
4. Canceling your account
5. Responding to your requests
6. Obtaining a copy of your personal information

Responding to Your Requests: If you cannot access, correct, or delete your personal information through the above methods, or if you need to access, correct, or delete other personal information generated by your use of our products and/or services, or if you believe that SAYO has violated any laws and regulations or agreements with you in collecting or using personal information, you can contact us through other methods at the bottom of this agreement. For security reasons, we may need you to provide a written request or otherwise prove your identity. We will respond to your request within thirty days of receiving your feedback and verifying your identity. For your reasonable requests, we will not charge a fee in principle, but for repeated requests that exceed a reasonable limit, we will charge a cost fee at our discretion. We may reject requests that are unnecessarily repetitive, require excessive technical means (e.g., requiring the development of new systems or fundamental changes to current practices), pose a risk to the legitimate rights and interests of others, or are extremely impractical (e.g., involving backup tape files).

In the following situations, if required by laws and regulations, we will be unable to respond to your request:

1. Information necessary to protect the public interest, whether for health, safety, or other reasons;
2. Information necessary for historical research, statistical, or scientific research purposes;
3. Information necessary to comply with laws and regulations;
4. Related to national security or national defense security;
5. Related to public safety, public health, or major public interests;
6. Related to criminal investigation, prosecution, and trial, etc.;
7. There is sufficient evidence that you are subjectively malicious or abusing rights;
8. Responding to your request would cause serious harm to your or other individuals' or organizations' legitimate rights and interests;
9. Involving trade secrets.

Obtaining a copy of personal information: You have the right to obtain a copy of your personal information. If you need to obtain a copy of your personal information collected by us, you can contact us via the contact methods agreed in [9. How to Contact Us]. Relevant personnel will verify your identity when necessary and provide you with a copy of your personal information. According to relevant laws, regulations, and technical feasibility, we will provide you with a copy of your personal information upon your request.

1. DIGITAL DAFFODIL LTD attaches great importance to the protection of children's personal information. Our products, websites, and services are primarily aimed at adults. Children may not create their own user accounts without the consent of their parents or guardians.
2. We will only use or publicly disclose this information when permitted by law, with the explicit consent of parents or guardians, or when necessary to protect the child.
3. Although local laws and customs may define children differently, we treat anyone under the age of 12 as a child.
4. If we find that we have collected personal information from children without prior verifiable parental consent, we will seek to delete the relevant data as soon as possible.

In principle, the personal information we collect and generate through Google Cloud services will be stored in the United States.

As we provide our products or services through resources and servers located around the world, this means that your personal information may be transferred to or accessed from jurisdictions outside the country where you use the products or services.

These jurisdictions may have different data protection laws. In such cases, we will ensure that your personal information receives adequate and equivalent protection in the United States, enter into contracts with foreign recipients stipulating the rights and obligations of both parties, inform you of the name, contact information, processing purpose, processing method, type of personal information, etc., of the foreign recipient, and obtain your separate consent. We may also implement security measures such as data de-identification before cross-border data transfer.

1. Update Notices: This Privacy Policy will be updated as we provide you with better services and as DIGITAL DAFFODIL LTD's business develops. However, we will not reduce your rights under this Privacy Policy without your explicit consent. We will notify you of updates by posting an updated version on the DIGITAL DAFFODIL LTD website and posting it on the website or through other appropriate means before the update takes effect, or you can learn about the latest privacy policy by visiting DIGITAL DAFFODIL LTD.
2. Significant Changes: For significant changes, we will also provide more prominent notices (we will explain the specific changes to the privacy policy through means including but not limited to email, SMS, or special notices on browsing pages).

Significant changes in this policy include but are not limited to:

• Significant changes in our service model. Such as the purpose of processing personal information, the type of personal information processed, the way personal information is used, etc.;
• Significant changes in our ownership structure, organizational structure, etc. Such as changes in ownership caused by business restructuring, bankruptcy, mergers, etc.;
• Changes in the main recipients with whom personal information is shared, transferred, or publicly disclosed;
• Significant changes in your rights to participate in personal information processing and how they are exercised;
• When our responsible contact information and complaint channels change;

When you visit the APP, we will use "Cookies". Cookies are small text files stored on your device's hard drive by a web server.

We may use cookies and similar technologies, such as web beacons that store user preferences and settings, to monitor website performance, prevent suspicious activity and fraudulent traffic, and other violations.