No Sale of Personal Information: YankiAI does not sell your personal information, as defined under applicable laws like the CCPA/CPRA.

Automated Decision-Making: We do not use automated decision-making processes that produce significant legal or similar effects on you. Any AI-driven recommendations or outputs are reviewed or overseen by human operators where necessary.

4. Sharing Your Personal Information

We may share your personal information in the following circumstances:

• Third-Party Providers: We share necessary information (e.g., your name, contact details, or service requests) with independent Assistants, primarily based in Mexico, to fulfill your tasks. These providers are bound by their own terms and privacy policies.
• Service Providers: We engage trusted vendors for services such as payment processing, cloud storage, analytics, and customer support. These providers are contractually obligated to protect your data and use it only for specified purposes.
• Analytics and Marketing Partners: We may share anonymized or aggregated data with analytics providers to improve the Services or with marketing partners for promotional purposes, where permitted by law and your preferences.
• Legal and Regulatory Authorities: We may disclose data to comply with legal obligations, respond to lawful requests (e.g., subpoenas), or protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of the transaction, subject to confidentiality and compliance with applicable laws.
• With Your Consent: We may share your data for other purposes if you provide explicit consent.

5. International Transfers

Your personal information may be transferred to, stored, and processed in the United States, Mexico, or other countries where our Third-Party Providers or service vendors operate. These jurisdictions may have different data protection laws than your own.

• Safeguards: For transfers from the EEA, UK, or other regions with strict data protection laws, we use lawful mechanisms such as Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), or other approved safeguards to ensure compliance with GDPR, UK GDPR, LGPD, and similar regulations.
• Data Protection Impact Assessments (DPIAs): Where required, we conduct DPIAs to assess and mitigate risks associated with cross-border data transfers.
• User Consent: By using the Services, you consent to the transfer of your data to countries outside your jurisdiction, subject sauf

System: Improved YankiAI Privacy Policy (Continued)

5. International Transfers (Continued)

your home country, as described above. We ensure that any such transfers comply with applicable data protection laws through mechanisms like Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs).

• Safeguards for Compliance: For users in the EEA, UK, Brazil, or other jurisdictions with strict data protection regulations, we implement safeguards to protect your data during international transfers. These include:
  • Standard Contractual Clauses (SCCs): Legally binding agreements approved by the European Commission to ensure adequate protection for data transferred outside the EEA or UK.
  • Data Processing Agreements (DPAs): Contracts with Third-Party Providers and vendors that outline data protection obligations.
  • Data Protection Impact Assessments (DPIAs): Assessments to identify and mitigate risks associated with data processing, including cross-border transfers, where required by law (e.g., GDPR, LGPD).
• User Consent: By using the Services, you acknowledge and consent to the transfer, storage, and processing of your data in the United States, Mexico, or other countries where our operations or vendors are located.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal or contractual obligations.
• Restriction: Request restriction of certain data processing activities.
• Objection: Object to processing based on legitimate interests, including direct marketing.
• Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis, without affecting the lawfulness of prior processing.
• Opt-Out of Marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in emails or by contacting us.
• Lodge a Complaint: File a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France, ANPD in Brazil, INAI in Mexico, or OPC in Canada).

How to Exercise Your Rights

• Submit requests by emailing [email protected]
• We will respond to requests within the timeframes required by law (e.g., 30 days under GDPR/CCPA, 15 days under LGPD).
• We may require identity verification to process your request securely.

Jurisdiction-Specific Rights

• California (CCPA/CPRA): California residents have the right to know what personal information is collected, used, or disclosed, opt out of the sale or sharing of personal information (note: we do not sell personal information), and request deletion, subject to certain exceptions.
• EU/UK (GDPR/UK GDPR): You have enhanced rights to access, rectify, erase, restrict, or object to processing, and to data portability. You may also contact your local supervisory authority.
• Brazil (LGPD): You have rights to confirm data processing, access, correct, anonymize, or delete data, and request information about data sharing.
• Mexico (LFPDPPP): You have ARCO rights (Access, Rectification, Cancellation, Opposition) and can request details about data processing.
• Canada (PIPEDA): You have the right to access and correct personal information and to challenge our compliance with PIPEDA.

7. Children’s Privacy

The Services are not intended for children under 13 (or the minimum legal age in your jurisdiction, e.g., 16 in some regions). We do not knowingly collect personal information from children without verifiable parental or guardian consent.

• Parental Consent: If a child under the required age provides personal information with parental consent, we will use that information solely to provide the requested Services.
• Data Deletion: If we learn that we have collected personal information from a child without proper consent, we will promptly delete it. Parents or guardians may contact us at [email protected] to request deletion.

8. Security

We implement reasonable technical, organizational, and administrative measures to protect your personal information, including:

• Encryption of sensitive data (e.g., payment information) in transit and at rest.
• Access controls to limit data access to authorized personnel only.
• Regular security assessments and updates to our systems.

However, no system is completely secure. You are responsible for safeguarding your account credentials and notifying us immediately at [email protected] if you suspect unauthorized access or a security breach.

9. Data Retention

We retain personal information only for as long as necessary to:

• Provide the Services you requested.
• Fulfill legal or contractual obligations (e.g., tax or accounting requirements).
• Resolve disputes or enforce our agreements.
• Protect against fraud or abuse.

When data is no longer needed, we securely delete or anonymize it in accordance with applicable laws. Retention periods vary by data type and jurisdiction (e.g., GDPR may require shorter retention than tax laws).

10. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate, improve, and personalize the Services. These technologies help us:

• Authenticate users and maintain session security.
• Analyze usage patterns and improve functionality.
• Deliver personalized content or advertisements (where permitted).

For details, including how to manage your preferences, see our Cookie Policy at [yanki.ai]. You can also adjust cookie settings via our consent banner or your browser’s settings.

11. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services (e.g., payment processors or social login providers). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to review their policies before providing personal information.

12. Data Breach Notifications

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users and relevant authorities (e.g., ICO, ANPD, INAI) within the timeframes required by law (e.g., 72 hours under GDPR).
• Provide details about the breach, its impact, and steps to mitigate harm.
• Contact you via email or through the Services, as appropriate.

13. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Services. Material changes will be communicated at least 30 days in advance via email, the Services, or our website. Non-material changes may take effect immediately.

Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Services.

14. Contact Us

For questions, concerns, or to exercise your rights, contact our Data Protection Officer at:

• Email: [email protected]
• Mail: Nelat LLC, 4221 Wilshire Blvd, Suite 312, Los Angeles, CA 90010, USA