1. Introduction

YAP Technologies Inc. ("YAP," "we," "us," "our"), a Delaware corporation, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our language learning application and related services (the "Services"). This policy applies to all users globally, with specific provisions for residents of the European Economic Area (EEA), United Kingdom, and California. By using the Services, you consent to the practices described herein. If you do not agree, please do not use the Services. We practice data minimization by collecting only information necessary for the purposes outlined below.

2. Information We Collect

We collect the minimum information necessary to provide and improve the Services, as follows:

Information You Provide Directly. 

We collect information you provide during account registration and use of the Services, including your name, email address, age or date of birth (for eligibility verification), language preferences, and learning goals. For users under eighteen, we collect parental or legal guardian contact information and verifiable consent documentation, obtained through methods such as credit card verification, government-issued ID, or signed digital forms.

Automatically Collected Information. 

We automatically collect certain information when you use the Services, including device information (type, operating system, unique identifiers), usage data (lessons completed, features accessed, time spent), performance data (quiz scores, pronunciation assessments, learning progress), and token transaction data (earnings, spending, on-chain activities). We use cookies, web beacons, and similar technologies for this purpose, with opt-out options available in your settings.

Blockchain Wallet Information. 

Your cryptocurrency wallet is created and managed by our third-party provider, Privy.io. We receive and store your public wallet address to facilitate token distribution and track on-chain transactions. We do not have access to, nor do we collect, your private keys or seed phrases. Wallet data is pseudonymous but may be publicly visible on the Sei blockchain.

Information from Third Parties. 

We may receive information about you from other users through our referral program, including the referring user's identification when you complete qualifying activities, or from service providers for verification purposes.

3. How We Use Your Information

We use collected information solely for legitimate business purposes, based on your consent, contractual necessity, or our legitimate interests:

Providing and personalizing the Services, including adaptive learning experiences tailored to your progress and preferences. Processing token rewards and managing in-app token transactions according to our token economy structure. Training and improving our artificial intelligence models to enhance language learning effectiveness, only with your explicit opt-in consent (which you may withdraw at any time). Communicating with you about your account, Services updates, and promotional offers, with your consent where required by law. Analyzing usage patterns to improve Services functionality and user experience, using aggregated or anonymized data where possible. Detecting, preventing, and addressing fraud, bot activity, and violations of our Terms of Use. Complying with legal obligations, such as tax reporting for token earnings, and protecting our legal rights, including defending against claims.

4. Information Sharing and Disclosure

We share your information only as necessary and with appropriate safeguards:

Service Providers. 

We share limited information with third-party service providers who perform services on our behalf, including Privy.io for wallet services, cloud hosting providers, and analytics services. These providers are bound by data processing agreements to protect your information, use it only for specified purposes, and delete it upon contract termination.

Blockchain Transactions. 

Token transactions and public wallet addresses are inherently visible on the Sei blockchain. While pseudonymous, they may be linked to your identity if your wallet becomes known; we advise against sharing wallet details.

Leaderboards.

If you opt in to leaderboards, your username and score may be visible to other users. You may opt out at any time in your account settings.

Legal Requirements. 

We may disclose information when required by law, subpoena, court order, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, ensure user safety, or comply with judicial processes.

Business Transfers. 

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections and prior notice to you where practicable.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Aggregated or anonymized data may be shared for research or analytics without identifying individuals.

5. Data Retention and Blockchain Permanence

We retain your personal information only for as long as necessary to provide the Services, fulfill the purposes outlined herein, or comply with legal requirements (e.g., tax or audit obligations). Upon account termination or deletion request, we delete or anonymize your personal information within ninety (90) days, except where longer retention is required by law, for dispute resolution, or legitimate business purposes such as fraud prevention.

Transaction data, learning progress, and other records on the Sei blockchain are immutable and permanent due to blockchain technology. These cannot be deleted or modified, even after account closure, and may persist indefinitely. We minimize such on-chain data to essential elements (e.g., hashed identifiers) to protect privacy.

6. Data Security

We implement reasonable technical, administrative, and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (e.g., TLS) and at rest, regular vulnerability assessments, multi-factor authentication, strict access controls, and ongoing employee training on data protection.

In the event of a data breach, we will notify affected users and relevant authorities within 72 hours of confirmation, or sooner if required by law, and take immediate steps to mitigate harm. However, no security system is impenetrable, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and private keys.

7. Your Rights and Choices

Depending on your location, you have the following rights, subject to verification and applicable exceptions (e.g., for legal compliance or blockchain data):

Access and Portability. 

You may request access to your personal information and receive a copy in a structured, machine-readable format.

Correction and Update. 

You may review and update your account information through the Services or by contacting us.

Deletion. 

You may request deletion of your personal information; we will comply within 45 days (extendable by 45 days with notice), except for immutable blockchain data or legally required retentions.

Opt-Out Rights. 

You may opt out of promotional communications, AI training usage, leaderboard participation, or analytics tracking via account settings or unsubscribe links. Withdrawals of consent do not affect prior processing.

California Residents. 

Under the CCPA (as amended by the CPRA), you have the right to know categories and specifics of collected data, request deletion, opt out of "sales" or "sharing" (we do not sell or share for cross-context behavioral advertising), correct inaccurate data, limit sensitive data use, and non-discrimination. Designate an agent for requests.

EEA and UK Residents. 

Under the GDPR/UK GDPR, you have rights to object to processing (e.g., for direct marketing), restrict processing, erase data ("right to be forgotten"), and lodge complaints with supervisory authorities (e.g., ICO in UK). Processing is based on consent, contract, or legitimate interests; you may withdraw consent anytime.

8. Children's Privacy

The Services are not directed to children under thirteen (13), and we do not knowingly collect their data. Users aged 13-17 require verifiable parental or guardian consent, with ongoing supervision. We provide parental dashboards for reviewing activity, managing consents, and requesting deletions. Parents may revoke consent anytime, triggering account suspension and data deletion (except blockchain records). If we discover unauthorized child data, we delete it promptly. These measures comply with COPPA and similar laws.

9. International Data Transfers

Your information may be transferred to, stored, and processed in countries outside your residence, including the United States, which may have different data protection standards. For EEA/UK transfers, we use safeguards like EU Standard Contractual Clauses or UK International Data Transfer Agreements, adequacy decisions, or binding corporate rules. By using the Services, you consent to such transfers.

10. Third-Party Services

The Services integrate with third parties like Privy.io for wallets. These have separate privacy policies; review them directly. We are not responsible for third-party practices but select providers with strong data protections and limit shared data.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in practices or laws. Material changes (e.g., affecting data uses or rights) will be notified via the Services, email, or in-app alerts at least thirty (30) days in advance, with a summary of changes. If you object, you may terminate your account before the effective date. Continued use constitutes acceptance. Non-material changes take effect immediately.

12. Contact Information

For privacy-related questions, requests, or complaints, please contact our Data Protection Officer at:

YAP Technologies Inc.
Email: privacy@goyap.ai 

We aim to resolve inquiries within 30 days.

Please note that this analysis is for informational purposes only and does not constitute legal advice. You should always consult a licensed attorney before acting on this information or implementing changes to your legal documents.