Privacy Policy

【Contents】

1. Introduction
2. Scope
3. Categories of Personal Data We Collect
4. How We Collect Personal Data
5. Purposes for Which We Use Personal Data
6. Cookies and Similar Technologies
7. When We Share Personal Data
8. Cross-Border Transfers
9. Retention
10. Security
11. Your Rights and Choices
12. Children
13. Third-Party Links and Services
14. Changes to This Policy
15. Contact Us

Welcome to YCloud. We understand the importance of personal data and value the trust you place in us. We are committed to processing personal data lawfully, responsibly, and transparently in accordance with applicable data protection laws, and to implementing appropriate technical and organisational measures to safeguard it. This Privacy Policy (this "Policy") explains how we collect, use, store, disclose, transfer, delete, and otherwise process personal data when you access or use our products and services, as well as the choices and rights that may be available to you. We are committed to processing personal data only for specific, reasonable, and business-related purposes, and to limiting such processing and retention to what is necessary to fulfil those purposes.

Please read this Policy carefully before using our products and services. By accessing or continuing to use our products and services, you acknowledge that you have read and understood this Policy. Where your consent is required under applicable law for particular processing activities, we will seek it through appropriate means. We have tried to explain the terms used in this Policy in a clear and accessible manner. If you have any questions, comments, or suggestions, you may contact us using the details provided in this Policy.

We may update this Policy from time to time to reflect changes in applicable law, our services, or our business practices. Where an update is likely to materially affect your rights or the way we process personal data, we will notify you through appropriate means and, where required by applicable law, seek your consent.

This Policy applies to our processing of personal data when you access, use, or interact with the following:

• the YCloud website and its public webpages;
• the YCloud console, account management pages, and related back-end features; and
• registration, login, recharge, notices, ticketing, business enquiries, demo requests, and support processes directly related to the foregoing.

Depending on how you use the website or console, we may collect the following categories of personal data:

• account and identity data, such as name, company name, job title, business email address, telephone number, login email, account username, authentication information, and information relating to account permissions;
• business contact and communication data, such as information submitted through website forms, demo requests, business enquiries, support communications, emails, tickets, or online communication tools;
• platform content and interaction data, such as contact details, message templates, message content, conversation records, verification requests and results, campaign settings, automation settings, and related analytics generated or managed through the console;
• billing and transaction data, such as billing contact details, invoice information, tax information, recharge records, payment records, order information, subscription information, and usage records;
• technical, device, and log data, such as IP address, browser type, device type, operating system, access time, login history, operation logs, error logs, security event logs, and identifiers generated by cookies or similar technologies; and
• information from third parties, where applicable, such as information relating to your account, subscription, payment, message routing, or service configuration received from affiliates, payment service providers, Meta, channel partners, integration partners, or other authorised third-party sources.

To help us provide the services effectively and communicate with you when necessary, please ensure that the account, contact, and billing information you provide is accurate and kept up to date.

We may collect personal data in the following ways:

• directly from you, for example when you register an account, submit a form, contact sales or support, recharge, or submit a ticket;
• automatically from activities carried out by you or your organisation in the console, including configuration, uploading, importing, sending, receiving, or managing data;
• automatically through cookies, logs, or similar technologies when you access the website or console;
• from payment service providers, channel providers, Meta, affiliates, integration partners, or other third-party sources authorised by you; and
• from public sources or lawful channels where permitted by law.

We may use personal data for the following purposes:

• registering, creating, verifying, and managing accounts;
• providing, maintaining, configuring, and improving the website, console, and related service features;
• supporting team management, permission allocation, login verification, multi-factor authentication, security alerts, and other account security features;
• processing recharge, payment, reconciliation, subscriptions, billing, and invoicing matters;
• routing, transmitting, receiving, storing, displaying, or analysing messages, conversations, verification requests, or other customer interaction data;
• providing customer support, handling requests, troubleshooting, and improving service experience;
• sending operational, service, security, billing, or legal notices;
• monitoring, preventing, investigating, and responding to fraud, abuse, security incidents, or unlawful activities;
• complying with legal, regulatory, tax, accounting, audit, or enforcement requirements; and
• other purposes notified to you or otherwise permitted under applicable law.

Except as described in this Policy or as otherwise required or permitted by applicable law, we do not use personal data for purposes unrelated to the original purposes of processing, and we do not sell personal data to third parties.

We may use cookies, local storage, or similar technologies on the website and console for the following purposes:

• maintaining login sessions and basic website functionality;
• remembering your preferences;
• improving security and identifying abnormal activity; and
• understanding usage, performance, and traffic in order to improve the website or console experience.

You may manage cookies through your browser or device settings. Please note that disabling certain cookies or similar technologies may affect the availability or functionality of some features.

Where necessary for the purposes described in this Policy, and in accordance with applicable law, we may share personal data with the following categories of recipients:

• affiliates, where reasonably necessary for service provision, internal administration, compliance, security, or support;
• service providers that support the operation, security, payment, or delivery of our services;
• payment service providers, settlement service providers, and partners involved in transaction processing;
• communications providers and partners, including Meta for WhatsApp services;
• integration partners or third-party systems that you request us to connect with or use; and
• professional advisers, auditors, legal counsel, tax advisers, regulators, courts, law enforcement agencies, or other parties where disclosure is required or permitted by law.

We share personal data only where there is a lawful basis to do so and only to the minimum extent reasonably necessary for the relevant purpose. Depending on the circumstances, this may be based on your consent, contractual arrangements with you or your organisation, compliance with legal obligations, or another lawful basis available under applicable law.

For example, personal data may be shared with Meta to support WhatsApp messaging and related functions, with SMS service providers or operators involved in routing or delivering messages, or with certain third-party tool or integration providers used in connection with the services. Where relevant, such sharing may involve cross-border transfers, and we will take reasonable steps to protect personal data in accordance with applicable law.

Our primary servers are currently located in Singapore. However, because YCloud provides global communications and customer engagement services, personal data may be transferred to, stored in, accessed from, or otherwise processed outside your jurisdiction.

In particular, information may be transferred to overseas recipients in connection with message routing, operator delivery, or cloud infrastructure support.

Where required by applicable law, we will take reasonable steps to ensure that overseas recipients provide a standard of protection that is not lower than that required under applicable law. Such steps may include contractual arrangements, internal policies, access controls, technical and organisational safeguards, or other appropriate mechanisms.

We retain personal data for as long as necessary to fulfil the purposes described in this Policy. Where a longer retention period is required or permitted for legal, regulatory, dispute handling, audit, tax, accounting, security, anti-fraud, backup, or record-keeping purposes, we may retain relevant information for such longer period to the extent necessary.

When personal data is no longer necessary for the relevant purposes, we will delete, anonymise, or otherwise handle it in an appropriate manner in accordance with applicable law and technical feasibility.

Where relevant, account closure or deletion requests may not result in the immediate removal of corresponding information from backup systems. Where this occurs, we will store such information securely, restrict further processing, and delete or anonymise it when deletion becomes practicable in accordance with applicable law and technical feasibility.

We take data protection seriously and implement reasonable technical, administrative, and organisational measures to protect personal data against unauthorised access, collection, use, disclosure, modification, loss, or similar risks. Such measures may include access controls, authentication, encrypted transmission, audit logging, least-privilege management, backup, employee training, and internal governance procedures.

However, no method of transmission over the internet or method of electronic storage is completely secure. If a personal data incident occurs that is likely to affect you or triggers obligations under applicable law, we will assess the incident and take response, notification, and remediation measures as required.

To the extent provided under applicable law, and taking into account our role and the nature of the relevant processing, you may have certain rights in relation to personal data that we process as a controller or in a similar role. Depending on the circumstances, these rights may include accessing and correcting your personal data, withdrawing consent where processing is based on consent, requesting deletion, restriction, or objection in certain circumstances, updating account information, closing your account, opting out of marketing communications, and making inquiries or complaints about our processing.

In some cases, you may also access, review, or update certain account, profile, billing, or communication preference information directly through account settings, billing pages, or other self-service tools made available in the relevant product.

If the relevant information is customer content, contact data, message data, or interaction data processed by us on behalf of a customer, we may refer your request to that customer or recommend that you contact that customer directly.

To protect account and data security, we may need to verify your identity or request additional information before processing your request. We will handle requests carefully, in accordance with applicable law, our role in relation to the relevant data, and within a reasonable period having regard to the nature and scope of the request. You may contact us at service@ycloud.com.

The YCloud website and related services are primarily intended for businesses and users with the capacity to use such services. They are not directed to children. We do not intend to knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us and we will take appropriate steps as required under applicable law.

The website or console may contain links to third-party websites, documentation, plugins, integrations, or services. Such third parties have their own privacy notices and processing practices, and we are not responsible for their independent processing activities. You should review the applicable terms and privacy notices before using third-party services.

We may update this Policy from time to time to reflect changes in law, regulation, products, technology, or business operations. The updated version will be posted on our website and, where appropriate, will indicate a new effective date. We will not materially reduce your rights under this Policy without notice. For material changes, we will provide notice in a reasonable manner where required by applicable law and, where necessary, seek your consent.

If you have any questions, requests, or complaints regarding this Policy or our processing of personal data, please contact us at service@ycloud.com. In accordance with Singapore data protection requirements, we have appointed a Data Protection Officer or designated privacy team to oversee personal data protection matters and handle privacy-related enquiries in a professional and compliant manner.

If applicable law gives you the right to lodge a complaint with a regulator, you may also contact the competent personal data protection or privacy authority in your jurisdiction.

To protect all parties and comply with applicable law, we may need to verify your identity or request additional information before acting on a request. In limited circumstances, we may not be able to fulfil a request where applicable law does not require or does not allow us to do so, for example where we cannot reasonably verify the request or where fulfilling it would adversely affect the rights of others or require the disclosure of confidential information.

This Policy should be read together with the YCloud website Terms. Matters relating to applicable law, limitation of liability, and dispute resolution are governed by the relevant Terms or other applicable contractual documents.