Skip to main content
Yanok Yanok

Terms of Service

Last updated: January 15, 2026

GDPR, PDPA & HIPAA Compliant

Acceptance of Terms & Definitions

By accessing or using Yanok's AI-powered integration platform ("Service"), you ("Customer," "User," or "you") agree to be bound by these Terms of Service. If you disagree with any part of these terms, you may not access the Service.

Key Definitions

"Service": Yanok's integration platform and related services

"Customer Data": All data provided by you through the Service

"Personal Data": Data relating to identified/identifiable individuals

"PHI": Protected Health Information under HIPAA

"Processing": Any operation on personal data

"Controller/Processor": As defined under GDPR

Data Processing & Privacy Framework

Data Controller/Processor Relationship

You act as the Data Controller; Yanok acts as the Data Processor under GDPR Article 28. We process personal data only on your documented instructions.

Data Processing Principles

GDPR Compliance
  • • Lawfulness, fairness, transparency
  • • Purpose limitation
  • • Data minimization
  • • Accuracy requirements
  • • Storage limitation
  • • Security and confidentiality
PDPA Compliance
  • • Consent and notification
  • • Purpose limitation
  • • Access and correction rights
  • • Data protection measures
  • • Data breach notification
  • • Cross-border transfer controls

Your Obligations as Data Controller

  • Ensure lawful basis for all data processing activities
  • Provide clear privacy notices to your data subjects
  • Obtain necessary consents where required
  • Conduct Data Protection Impact Assessments (DPIAs) when required
  • Respond to data subject requests and complaints
  • Maintain records of processing activities

HIPAA Compliance & Healthcare Data Protection

Business Associate Agreement (BAA)

For healthcare customers processing PHI, a separate Business Associate Agreement must be executed. Contact legal@yanok.ai to establish BAA terms.

HIPAA Safeguards Implementation

Administrative
  • • Security officer designation
  • • Workforce training
  • • Access management
  • • Incident response procedures
  • • Contingency planning
Physical
  • • Facility access controls
  • • Workstation security
  • • Device and media controls
  • • Environmental protections
  • • Secure disposal
Technical
  • • Access controls
  • • Audit logs
  • • Data integrity
  • • Transmission security
  • • Encryption (AES-256)

Permitted Use & Prohibited Activities

Permitted Use

You may use our Service for legitimate business purposes in accordance with these Terms. You agree to:

  • Provide accurate and complete information
  • Maintain the security of your account credentials
  • Use the Service in compliance with applicable laws and regulations
  • Respect intellectual property rights of all parties
  • Implement appropriate data protection measures

Prohibited Activities

You agree not to:

  • Use the Service for any unlawful purpose or illegal activity
  • Attempt to gain unauthorized access to our systems or networks
  • Interfere with or disrupt the Service or servers
  • Reverse engineer, decompile, or copy our proprietary technology
  • Process personal data without proper legal basis
  • Transmit malware, viruses, or malicious code

Security Measures & Incident Response

Technical & Organizational Measures (TOMs)

Technical Measures
  • • AES-256 encryption at rest and in transit
  • • Multi-factor authentication (MFA)
  • • Network security and firewalls
  • • Intrusion detection and prevention
  • • Regular vulnerability assessments
Organizational Measures
  • • Role-based access controls
  • • Employee background checks
  • • Regular security training
  • • Confidentiality agreements
  • • Incident response procedures

Security Incident Response

In the event of a security incident affecting your data:

  • • GDPR: Notification within 72 hours to supervisory authority
  • • HIPAA: Notification within 60 days for PHI breaches
  • • PDPA: Notification as soon as practicable, within 72 hours
  • • Customer notification: Immediate with incident details and remediation steps

Service Availability & Data Retention

Availability Targets
  • • 99.9% uptime commitment
  • • Planned maintenance windows
  • • Real-time status monitoring
  • • Incident communication via status page
Data Recovery
  • • Recovery Time Objective (RTO): 4 hours
  • • Recovery Point Objective (RPO): 1 hour
  • • Automated daily backups
  • • Geographic backup distribution

Governing Law & Contact Information

These Terms shall be governed by and construed in accordance with the laws of Singapore, without regard to conflict of law principles.

General Contact

Legal Team: legal@yanok.ai

Privacy Officer: privacy@yanok.ai

DPO: dpo@yanok.ai

Address: Yanok Pte. Ltd., Singapore

Compliance Contacts

HIPAA: hipaa@yanok.ai

GDPR: gdpr@yanok.ai

Security: security@yanok.ai

Incidents: incident@yanok.ai

Terms Updates: We may update these Terms to reflect changes in law or our practices. Material changes will be communicated 30 days in advance via email and website notice.