YanokPrivacy Policy
Last updated: January 15, 2026
Effective Date: January 15, 2026
Introduction & Controller Information
Yanok Pte. Ltd. ("Yanok," "we," "our," or "us") is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), Personal Data Protection Act (PDPA), and other relevant privacy regulations.
Data Controller
Company: Yanok Pte. Ltd.
Address: Singapore
Email: privacy@yanok.ai
Data Protection Officer: dpo@yanok.ai
Information We Collect
Personal Data (GDPR Art. 4)
We collect personal data that you provide directly and automatically when using our services:
Identity Data
- • Full name
- • Email address
- • Phone number
- • Company information
Technical Data
- • IP address
- • Browser type & version
- • Device information
- • Operating system
Usage Data
- • Service interaction data
- • Feature usage patterns
- • Performance metrics
- • Error logs
Integration Data
- • Third-party service credentials
- • Workflow configurations
- • API access tokens
- • Integration logs
Special Categories of Data
We do not intentionally collect special categories of personal data (health, biometric, genetic data, etc.) unless specifically required for healthcare integrations with appropriate safeguards.
Legal Basis & Purpose of Processing
| Purpose | Legal Basis (GDPR) | Data Categories |
|---|---|---|
| Service provision | Contract performance (Art. 6(1)(b)) | Identity, Technical, Usage |
| Communication | Legitimate interests (Art. 6(1)(f)) | Identity, Contact |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | All relevant categories |
| Marketing (with consent) | Consent (Art. 6(1)(a)) | Identity, Contact, Usage |
Your Rights Under GDPR & PDPA
You have the following rights regarding your personal data:
Right of Access (Art. 15)
Request copies of your personal data
Right of Rectification (Art. 16)
Correct inaccurate personal data
Right of Erasure (Art. 17)
Request deletion of your data
Right to Restrict Processing (Art. 18)
Limit how we use your data
Right to Data Portability (Art. 20)
Transfer your data to another service
Right to Object (Art. 21)
Object to certain processing activities
Right to Withdraw Consent
Withdraw consent at any time
Right to Lodge a Complaint
Contact your local supervisory authority
How to Exercise Your Rights: Contact us at privacy@yanok.ai. We will respond within 30 days.
International Data Transfers
Your personal data may be transferred to and processed in countries outside the EEA/Singapore. We ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate protection levels
- Standard Contractual Clauses (SCCs): EU Commission approved contractual safeguards
- Binding Corporate Rules: Internal data transfer agreements
- Certification Schemes: Industry-standard certifications
Data Retention
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | Duration of account + 7 years | Legal/tax obligations |
| Usage logs | 12 months | Security & performance |
| Marketing data | Until consent withdrawn + 30 days | Consent-based |
| Support tickets | 3 years | Service improvement |
Security Measures & Data Breach Response
Technical & Organizational Measures
Technical Safeguards
- • End-to-end encryption (AES-256)
- • Multi-factor authentication
- • Regular security audits
- • Intrusion detection systems
- • Secure data centers (SOC 2 Type II)
Organizational Measures
- • Access controls & least privilege
- • Employee training programs
- • Data processing agreements
- • Privacy impact assessments
- • Incident response procedures
Data Breach Response
In case of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay if high risk to rights and freedoms.
Contact & Supervisory Authorities
Contact Us
Privacy Officer: privacy@yanok.ai
Data Protection Officer: dpo@yanok.ai
General Inquiries: support@yanok.ai
Address: Yanok Pte. Ltd., Singapore
Supervisory Authorities
EU: Your local Data Protection Authority
Singapore: Personal Data Protection Commission (PDPC)
Response Time: Within 30 days of request