top of page

Privacy Policy

Privacy Policy

PRIVACY POLICY

Effective: February 15, 2026

This Privacy Policy explains how Second-Brain Brain Technology Limited (“we”, “us”, “our”) collects, uses, and shares personal data when you use the PromptYi service (the “Service”).

1. Scope; Excluded Residents / Territories

The Service is not offered to certain residents and is not accessible from certain territories, as described in the Terms of Service (the “Terms”). If you nonetheless attempt to use the Service, we may process data as necessary to enforce the Terms, comply with law, and protect our rights and the Service.

2. Data We Collect

We may collect:

  • Account data: email, authentication identifiers (e.g., Google sign-in ID), account settings.

  • Transaction data: payment status, billing country/region, purchase history, and payment/dispute status (payments are processed by payment processors; we do not store full card numbers).

  • Credits and account balance data: Purchased Credits and Promotional Credits balances, expirations, forfeiture events (e.g., forfeiture of Promotional Credits upon purchase), and purchase-limit/balance-cap enforcement events (e.g., enforcement of the Purchased Credits balance cap).

  • Service content (including saved libraries and notes): prompts/inputs you submit; notes and other materials you save within the Service (e.g., prompt library and notepad features); and the outputs returned by the Service. If you use export features, we may process the export request and related metadata (e.g., export time and file type).

  • Technical/usage data: IP address, device/browser info, timestamps, logs, feature usage, and Credits consumption.

  • Security and anti-abuse data: signals used to detect fraud/abuse and protect the Service (e.g., suspicious login/activity patterns, rate-limit events, and approximate location derived from IP address).

  • Support communications: messages you send us.

3. How We Use Data

We use data to provide, operate, secure, and maintain the Service; process transactions; prevent fraud/abuse (including enforcing eligibility, residency, sanctions/export-control, and geographic access restrictions under the Terms); troubleshoot and improve; and comply with legal obligations.

Abuse prevention and Service protection. We may use technical, usage, and security-related data to (a) enforce rate limits and anti-abuse controls, (b) detect and prevent automated or abusive usage, (c) protect the security, integrity, and availability of the Service, and (d) enforce our eligibility, residency, sanctions/export-control, and geographic access restrictions under the Terms.

Saved content and exports. We may process and store the prompts, notes, and other content you choose to save in the Service in order to provide library/notepad functionality, enable retrieval across sessions, and facilitate exports.

Outputs. As described in the Terms, as between you and the Company, Output is owned by you (if any rights exist). We process and store Output as needed to provide, maintain, secure, and improve the Service and to enforce the Terms.

Credits administration. We use transaction and usage data to administer Credits, including applying expirations, enforcing the Purchased Credits balance cap, administering Promotional Credits and forfeiture upon purchase, and preventing misuse and payment fraud.

As stated in the Terms, you remain responsible for maintaining your own backups and exports, and we do not guarantee that content will be stored or retrievable.

4. Sharing

We may share data with service providers (e.g., hosting, payment, email/support tools, and security/fraud-prevention services) under confidentiality and security obligations, and with authorities where required by law. We do not sell personal data.

We may also share limited technical, transaction, and security-related data with payment processors and fraud-prevention providers to process payments, conduct compliance screening (including sanctions/export-control screening where applicable), and handle disputes/chargebacks.

5. International Transfers

We are based in Hong Kong SAR. Data may be processed in Hong Kong and other locations where our service providers operate. We use reasonable safeguards for cross-border transfers.

6. Retention

We retain personal data as long as necessary for the purposes described in this Policy, including for security, fraud prevention, dispute resolution, and legal/tax compliance.

  • Account-related data is generally retained while your account is active.

  • Saved prompts/notes and Outputs may be retained while your account is active. If you delete content or delete your account, we may delete or de-identify content within a reasonable period, but we may retain limited copies in backups for a limited time as part of routine backup and disaster recovery processes.

  • Transaction records and Credits administration records (including purchase history, disputes/chargebacks, and balance-cap enforcement events) may be retained as necessary for accounting, compliance, fraud prevention, and dispute resolution.

Retention may vary depending on operational needs and legal requirements. As stated in the Terms, we do not guarantee retention or retrievability of any content, and you should export or otherwise back up your data.

7. Security

We implement reasonable administrative, technical, and organizational safeguards. No system is 100% secure.

8. Your Rights (Hong Kong PDPO)

You may request access to, or correction of, your personal data by contacting info@dbl-brain.com. We will respond in accordance with PDPO requirements.

9. Contact

Second-Brain Technology Limited
Email: info@dbl-brain.com
Address: Workstation 4 Fintech 2 Units 401-404 L4 Core C, 100 Cyberport Road, Hong Kong

bottom of page