top of page

Privacy Policy

Privacy Policy

PRIVACY POLICY (Simplified; PDPO-Oriented) — Updated for Anti‑Abuse / Rate Limits

Last Updated: February 2026

This Privacy Policy explains how 2nd Brain Technology Limited (“we”, “us”, “our”) collects, uses, and shares personal data when you use the PromptYi service (the “Service”).

1. Scope; Excluded Residents / Territories

The Service is not offered to certain residents and is not accessible from certain territories, as described in the Terms of Service (the “Terms”). If you nonetheless attempt to use the Service, we may process data as necessary to enforce the Terms, comply with law, and protect our rights and the Service.

2. Data We Collect

We may collect:

  • Account data: email, authentication identifiers (e.g., Google sign-in ID), account settings.

  • Transaction data: payment status, billing country/region, and purchase history (payments are processed by payment processors; we do not store full card numbers).

  • Service content: prompts/inputs you submit and the outputs returned by the Service.

  • Technical/usage data: IP address, device/browser info, timestamps, logs, feature usage, and Credits consumption.

  • Security and anti-abuse data: signals used to detect fraud/abuse and protect the Service (e.g., suspicious login/activity patterns, rate-limit events, and approximate location derived from IP address).

  • Support communications: messages you send us.

3. How We Use Data

We use data to provide, operate, secure, and maintain the Service; process transactions; prevent fraud/abuse (including enforcing eligibility, residency, and geographic access restrictions under the Terms); troubleshoot and improve; and comply with legal obligations.

Abuse prevention and Service protection. We may use technical, usage, and security-related data to (a) enforce rate limits and anti-abuse controls, (b) detect and prevent automated or abusive usage, (c) protect the security, integrity, and availability of the Service, and (d) enforce our eligibility, residency, and geographic access restrictions under the Terms.

4. Sharing

We may share data with service providers (e.g., hosting, payment, email/support tools) under confidentiality and security obligations, and with authorities where required by law. We do not sell personal data.

We may also share limited technical and security-related data with security and fraud-prevention service providers to help protect the Service.

5. International Transfers

We are based in Hong Kong SAR. Data may be processed in Hong Kong and other locations where our service providers operate. We use reasonable safeguards for cross-border transfers.

6. Retention

We retain personal data as long as necessary for the purposes above, including legal/tax compliance and dispute resolution, then delete or de-identify it when no longer needed.

7. Security

We implement reasonable safeguards. No system is 100% secure.

8. Your Rights (Hong Kong PDPO)

You may request access to, or correction of, your personal data by contacting info@dbl-brain.com. We will respond in accordance with PDPO requirements.

9. Contact

Second-Brain Technology Limited
Email: info@dbl-brain.com
Address: Workstation 4 Fintech 2 Units 401-404 L4 Core C, 100 Cyberport Road, Hong Kong

bottom of page