Introduction and Scope
This Privacy Policy ("Policy") describes how AskToya Inc. ("Company," "we," "us," or "our") collects, uses, stores, processes, discloses, and protects personal information obtained from users ("you" or "your") of the AskToya AI Platform (the "Service"), including through our mobile applications, website, and console integrations.
This Policy applies to all personal data collected through your use of the Service, regardless of the device or platform used to access it. By using the Service, you consent to the data practices described in this Policy. If you do not agree with any part of this Policy, you must immediately cease using the Service.
For the purposes of this Policy, "Personal Information" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Information We Collect
We collect several categories of information in connection with your use of the Service:
A. Information You Provide Directly
- Account Information: When you create an account, we collect your name, email address, password, and any other information you choose to provide.
- Profile Information: Information you add to your profile, including profile picture, biographical information, and preferences.
- Communication Data: Information you provide when contacting our support team or communicating with us through any channel.
- Payment Information: When making purchases, we collect payment card information, billing address, and transaction history. Note: We use third-party payment processors and do not store complete payment card information on our servers.
B. Information Collected Automatically
- Usage Data: Information about how you interact with the Service, including features used, time spent, queries made, and preferences selected.
- Device Information: Information about the device you use to access the Service, including hardware model, operating system, unique device identifiers, mobile network information, and IP address.
- Log Data: Server logs that include your IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
- Location Data: Approximate location information derived from your IP address or, if you grant permission, precise location data from your device.
C. Information from Third Parties
- Social Media Information: If you connect your social media accounts, we may collect information from those platforms in accordance with your privacy settings.
- Service Providers: Information from third-party services that integrate with our platform.
- Publicly Available Information: Information from publicly available sources for verification or security purposes.
| Data Category | Purpose of Collection | Legal Basis (GDPR) |
|---|---|---|
| Account Information | Service provision, account management, communication | Performance of contract, Legitimate interest |
| Usage Data | Service improvement, personalization, analytics | Legitimate interest, Consent |
| Device Information | Security, compatibility, fraud prevention | Legitimate interest, Legal obligation |
| Payment Information | Transaction processing, subscription management | Performance of contract, Legal obligation |
How We Use Your Information
We use the information we collect for the following business purposes:
- Service Provision: To provide, maintain, and improve the Service, including processing transactions, authenticating users, and delivering requested features.
- Personalization: To personalize your experience, including providing tailored content, recommendations, and AI responses based on your usage patterns.
- Communication: To communicate with you about the Service, including sending service-related announcements, updates, security alerts, and support messages.
- Research and Development: To conduct research, analysis, and development activities to improve our Service and develop new features, products, or services.
- Security and Fraud Prevention: To detect, prevent, and address technical issues, security vulnerabilities, fraud, or other malicious activity.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
- Business Operations: To operate our business, including for accounting, auditing, and other internal functions.
AI Training Notice: We may use anonymized and aggregated data from user interactions to train and improve our AI models. Personal information is never used in a way that identifies you in our AI training datasets. You may opt out of this use through your account settings.
Information Sharing and Disclosure
We do not sell your personal information to third parties. We may disclose your information in the following circumstances:
A. Service Providers
We may share information with third-party vendors, service providers, contractors, or agents who perform services on our behalf and require access to such information to carry out their work. These services include:
- Payment processing
- Cloud hosting and infrastructure
- Data analytics
- Customer support
- Marketing and advertising (with appropriate consent)
B. Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
C. Business Transfers
In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred as a business asset.
D. With Your Consent
We may share your information with third parties when we have your explicit consent to do so.
Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.
Data Security and Retention
Security Measures
We implement appropriate technical and organizational security measures designed to protect the security of your personal information. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Secure development practices and employee training
Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Our retention periods are determined by:
- The length of time we have an ongoing relationship with you
- Legal obligations to retain data for certain periods
- Whether retention is necessary for our legitimate business interests
- The existence of relevant legal proceedings
When we no longer need to retain your information, we will securely delete or anonymize it.
Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request access to the personal information we hold about you | Submit request through account settings or email |
| Correction | Request correction of inaccurate or incomplete information | Update in account settings or submit correction request |
| Deletion | Request deletion of your personal information | Submit deletion request through account closure process |
| Restriction | Request restriction of processing of your information | Submit request to privacy@asktoya.com |
| Portability | Receive your information in a structured, machine-readable format | Submit request through account settings |
| Objection | Object to processing of your personal information | Adjust preferences in account settings or submit request |
| Opt-Out (CCPA) | Opt out of the sale of personal information (we do not sell data) | Not applicable - we do not sell personal information |
Verification Requirement: For security purposes, we may need to verify your identity before processing certain requests. We will respond to all legitimate requests within 30 days, or as required by applicable law.
Children's Privacy
The Service is not intended for individuals under the age of 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
If we learn we have collected personal information from a child under 16 without verification of parental consent, we will delete that information promptly.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Types of Cookies We Use
- Essential Cookies: Required for the operation of our Service
- Functionality Cookies: Recognize you when you return and personalize content
- Analytics Cookies: Track usage and performance of our Service
- Advertising Cookies: Deliver relevant advertisements (with consent)
For more information about our use of cookies and how to manage your preferences, please see our Cookie Policy.
Contact Information
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
AskToya Data Protection Office
Email: privacy@asktoya.com
Legal Address: AskToya Inc., 123 Privacy Lane, Data Protection District, Tech City, TC 10101, United States
Data Protection Officer: dpo@asktoya.com
EU Representative: For users in the European Economic Area, you may contact our EU representative at eurep@asktoya.com
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Policy.
We will provide additional notice (such as adding a statement to our homepage or sending you a notification) if changes are material. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the terms.
Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law provisions.
Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Santa Clara County, California.
For users in the European Economic Area, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.