Privacy Policy
Updated: January 26, 2026
Effective : January 26, 2026
Yaay-Game&Party ("we," "us," or "our") is committed to protecting your privacy and personal information. Operated by Hong Kong Said Technology Co., Limited, we implement robust security measures in compliance with applicable laws and regulations to ensure the safety of your data. This Privacy Policy ("Policy") outlines how we collect, use, store, protect, and share your information, as well as your associated rights.
This Policy applies to software and internet products developed and operated by Hong Kong Said Technology Co., Limited and its affiliates. However, if a specific product maintains its own independent privacy policy, that specific policy shall prevail. Please note that this Policy does not apply to services provided by independent third parties, nor does it cover information you provide to third parties through our platform.
Before using our products or services, please read and thoroughly understand this Policy--particularly the terms highlighted in bold, which may affect your legal rights. By using our products or services, you acknowledge that you have read, understood, and agreed to the practices described herein.
Table of Contents
Article 1: How We Collect and Use Your Personal Information
Article 2: Use of Cookies and Similar Technologies
Article 3: Data Sharing, Transfer, and Public Disclosure
Article 4: Data Security Measures
Article 5: Protection of Minors
Article 6: Global Data Transfers
Article 7: Your Rights
Article 8: Policy Updates
Article 9: Contact Information
Article 1: How We Collect and Use Your Personal Information
We collect and use your personal information following the principles of lawfulness, legitimacy, and necessity. To help you identify sensitive data, we will highlight such information through bolding and underlining.
1.1 Definitions
Personal Private Information: Information that can identify a specific individual, either alone or in combination with other data, including real names, ID numbers, gender, mobile numbers, device identifiers (IMEI/Android ID), IP addresses, chat history, and bank card numbers.
1.2 Core Purposes of Data Collection
We collect data to:
·Enable core application features.
·Optimize performance and user experience.
·Ensure the security of the application, services, and users.
·Comply with legal and regulatory obligations.
1.3 Detailed Collection Scenarios
(i) Online Application Services
· Account Registration: To create an account, you must provide your mobile number, nickname, and gender. Refusal to provide this mandatory information will prevent account creation. Optional details like avatars, personal statements, and region help improve your profile but are not required for basic functionality.
· Third-Party Login: If you log in via Facebook or Google, we collect your public profile (avatar, nickname, gender) to bind your account.
· Guild Features: Access to "Guilds" requires approval from the guild leader. While optional, this is necessary to access community-specific features.
(ii) In-App Purchases and Transactions
When you use top-up or consumption features, we collect your recharge and transaction records. This sensitive information is essential for processing payments, protecting your virtual assets, and allowing you to track your history.
(iii) User-Generated Content (UGC)
When you upload text, images, or audio/video, these are stored on our servers to enable sharing and display. You may delete this content at any time.
Note: Publicly posted content may contain your (or others') sensitive information; please exercise caution when sharing.
(iv) Personalized Recommendations and Display
We may analyze your browsing preferences, search history, and interactions (likes/shares) to personalize your experience. With your express consent, we collect precise location information to provide localized services.
(v) Third-Party Services and SDKs
Certain features are powered by third-party providers. They may access your data via APIs/SDKs only after your authorization.
·Legal Exceptions: We may process information without consent if it relates to national security, public health, criminal investigations, or to protect life/property in emergencies.
·Key SDKs: Agora (Voice/Video), CommsEase (IM), Google Billing, Facebook, and Firebase.
1.4 Operating System Permissions
(a) Permissions Requiring Your Explicit Consent
Permission | Purpose | Specific Scenarios |
1. READ_MEDIA_IMAGES | To access image files on your device for profile and content personalization. | Customizing your avatar, uploading photos to your personal album, or setting chat room backgrounds. |
2. READ_MEDIA_VIDEO | To access video files on your device for interactive content. | Uploading and sharing customized video gifts in chat rooms. |
3. READ_MEDIA_AUDIO | To access audio files on your device for media sharing. | Uploading or playing music within chat rooms. |
4. STORAGE (READ/WRITE) | To read from or write to your device's external storage. | For Android 12 and below: General file access for media. For all versions: Data caching to optimize app performance and save data. |
5. RECORD_AUDIO | To enable microphone access for real-time communication. | Participating in voice rooms, sending voice messages in private chats, and recording personal voice signatures. |
6. CAMERA | To enable camera access for real-time capturing. | Taking photos for your avatar, capturing room background images, and uploading live shots to your album. |
7. POST_NOTIFICATIONS | To deliver timely alerts and message reminders to your device. | Receiving system announcements and new message notifications. |
(b) General Permissions
These permissions are required for the basic functionality and stable operation of the application. They are typically granted by default by the system or do not involve highly sensitive personal privacy.
No. | Permission | Purpose & Scenario |
9 | CHANGE_BADGE (Huawei) | To display the unread message count on the application icon on your home screen. |
10 | INTERNET | To allow the app to access network services via Wi-Fi or cellular data. |
11 | MODIFY_AUDIO_SETTINGS | To adjust audio parameters for optimal quality during voice room interactions and background music playback. |
12 | ACCESS_NETWORK_STATE | To monitor network connectivity status and optimize user experience based on the connection type (e.g., 4G vs. 5G). |
13 | ACCESS_WIFI_STATE | To identify Wi-Fi connectivity and automatically prioritize the download of high-definition resources under Wi-Fi conditions. |
14 | BLUETOOTH | Required by the Agora SDK to support audio output/input via Bluetooth devices (headsets, speakers). |
15 | BLUETOOTH_CONNECT | Required for Android 12 and above to manage connections with nearby Bluetooth peripherals. |
16 | VIBRATE | To enable haptic feedback for notifications, home tab interactions, and other high-engagement scenarios. |
17 | WAKE_LOCK | To prevent the device from entering sleep mode or auto-locking while users are active in voice rooms or during video gift animations. |
18 | RECIEVE_MCS_MESSAGE (ColorOS/Heytap) | To support push notification services for OPPO, Realme, and related devices. |
19 | C2DM.RECEIVE (Google) | To enable Firebase Cloud Messaging (FCM) for real-time push notifications. |
20 | BILLING (Google Play) | To facilitate secure transactions through the Google Play In-App Billing system. |
21 | BIND_GET_INSTALL_REFERRER_SERVICE | To track installation sources and optimize our recommendation services via the Google Play Store. |
1.5 Device Identification and Security
To prevent fraud and ensure account security, we collect device identifiers such as Android ID . This helps us identify unique users, distribute new-user benefits fairly, and implement anti-cheating measures. We use advanced encryption for all device data and solemnly commit never to share these identifiers with unauthorized third parties.
Article 2: How We Use Cookies and Similar Technologies
To enhance your experience and provide more personalized services, we may use various technologies to collect and store data during your interaction with Yaay. These technologies allow us to recognize you during subsequent visits, analyze usage patterns, and ensure account security.
2.1 Use of Cookies and Local Storage
We may use small data files----including Cookies, Flash Cookies, or other Local Storage provided by your browser or associated applications (collectively referred to as "Cookies")--to:
· Identify Your Identity: Recognize you as a returning user so you do not have to re-enter account information repeatedly.
· Analyze Habits: Understand your preferences and usage behavior to improve our service offerings.
· Ensure Security: Help detect and prevent account-related fraud or security risks.
2.2 Managing Your Cookies
Please be aware that certain features of Yaay are only available through the use of Cookies. Most browsers and add-ons allow you to modify your Cookie preferences or refuse them entirely. However, if you choose to disable Cookies, your experience may be limited, and you may be unable to access certain functionalities that rely on these technologies.
2.3 Web Beacons and Pixel Tags
Our web pages and services may contain electronic images known as "Single-pixel GIFs" or "Web Beacons." We use these tools to:
· Monitor Usage: Count the number of users who have visited specific pages.
· Track Browsing Activity: Collect data on your browsing behavior, including the URL of the page visited, the referring URL (the page you visited previously), the duration of your stay, and your browsing environment or display settings.
· Access Cookies: Facilitate the interaction between the website and your stored Cookies.
Article 3: How We Share, Transfer, and Publicly Disclose Your Personal Information
3.1 Data Sharing
We do not share your personal information with any companies, organizations, or individuals outside of Hong Kong Said Technology Co., Limited and its affiliates, except in the following circumstances:
· With Explicit Consent: We will share your information with third parties only after obtaining your express, informed consent.
· Legal Compliance: We may share your information as required by applicable laws, regulations, or mandatory requests from government authorities.
3.2 Data Transfer
We will not transfer your personal information to any third party, except in the following cases:
· With Explicit Consent: Transfers will only occur with your prior authorized consent.
· Business Changes: In the event of a merger, acquisition, or bankruptcy liquidation that involves the transfer of personal data, we will require the successor entity to remain bound by this Privacy Policy. Should the new entity intend to use your information for purposes not covered by this policy, they will be required to obtain your consent anew.
3.3 Public Disclosure
We will only publicly disclose your personal information under the following conditions:
· Authorized Disclosure: With your explicit, written, or recorded consent.
· Legal and Judicial Requirements: When required by national laws, regulations, or formal requests from judicial and relevant administrative authorities.
· Protection of Rights: To protect your or the public锟斤拷s legal rights, interests, or assets from significant harm.
· Emergency Situations: To protect the life or personal safety of users or third parties in urgent circumstances.
· Guardianship Requests: When providing information to a legal guardian based on a legitimate and verified request.
· Security Incident Disclosure: While we strive to prevent them, we may disclose information related to security breaches (such as hacker attacks or force majeure events) to the extent required for public notification or regulatory reporting.
Article 4: How We Protect Your Personal Information
4.1 Security Measures and Commitment
We prioritize the security of your personal information. We implement all reasonable and practicable security measures--including both technical and administrative safeguards--to protect your data from unauthorized access, public disclosure, improper use, modification, damage, or loss.
4.2 Technical Safeguards
We employ industry-leading encryption technologies and anonymization techniques to ensure data confidentiality. Our security protection mechanisms are designed to defend against malicious attacks and ensure that your personal information is processed in a secure environment.
4.3 Data Governance and Access Control
We have established a dedicated data security department and rigorous management systems to oversee data safety.
· Strict Access Control: We enforce a "need-to-know" access policy, ensuring that only authorized personnel can access your personal information.
· Security Audits: Regular technical and data security audits are conducted to identify and mitigate potential vulnerabilities.
4.4 Emergency Response and Notification
In the event of a data security incident (such as leakage or loss), we will activate our emergency response plan to minimize any potential impact. In accordance with legal requirements, we will promptly inform you of:
· The nature of the incident and its potential impact.
· The remedial measures we have taken or plan to take.
· Recommendations on how you can proactively mitigate risks.
· Our contact information for further inquiries.
Notifications will be delivered via push notifications, emails, SMS, or in-app announcements. If individual notification is not feasible, we will issue a public notice in a reasonable and effective manner and report the incident to the relevant regulatory authorities as required by law.
4.5 User Responsibility
While we implement robust security measures, we strongly recommend that you enhance your personal privacy awareness. Please avoid sharing your account credentials or sensitive information with others through the internet and refrain from clicking on suspicious links from unknown sources.
4.6 Data Retention
In compliance with applicable laws and for the purposes of maintaining platform safety, your personal information (including user behavior and communication records) will be retained for a minimum of 180 days, or as required by specific regulatory requirements.
Article 5: Protection of Minors and Child Safety Standards
5.1 Handling of Minors' Personal Information
We place the highest priority on the protection of minors. We determine a user锟斤拷s age based on the information provided during registration.
·Consent Requirement: Any individual under the age of 18 (or the legal age of majority in your jurisdiction) must obtain prior consent from a parent or legal guardian ("Guardian") before registering an account or using our services.
·Guardian Oversight: If you are a Guardian and have questions regarding the personal information of a minor under your care, please contact us via the methods outlined in Article 9.
·Mandatory Deletion: If we discover that we have inadvertently collected the personal information of a minor without verifiable parental consent, we will take immediate steps to delete such data as quickly as possible.
·Confidentiality: We will not use or disclose a minor's chat records or private information to any third party without Guardian consent, except where required by law or requested by authorized governmental bodies.
5.2 Child Safety and CSAE Policy
We maintain a zero-tolerance policy toward any form of child sexual abuse, exploitation, or related harmful behavior. We comply with all applicable global child protection laws and internal Child Safety Standards.
5.2.1 Scope of Application
These standards apply to all aspects of our platform, including User-Generated Content (UGC), interactive behaviors, reporting mechanisms, and moderation processes. Our objective is to maintain a safe, inclusive environment with enhanced safeguards for younger users.
5.2.2 Rigorous Content Moderation
To ensure a safe environment, all UGC undergoes a dual-layered review process combining advanced AI algorithms with human moderation. This ensures the proactive detection and removal of materials involving the exploitation or abuse of minors.
5.2.3 Prohibition of Child Sexual Abuse and Exploitation (CSAE)
We strictly prohibit any use of our platform that endangers children. This includes, but is not limited to:
·Predatory Behavior: Any inappropriate physical or verbal interactions targeting minors.
·Online Grooming: Befriending a child for the purpose of sexual contact or soliciting sexually explicit materials (online or offline).
·Sexualization of Minors: Distributing or promoting imagery that depicts children in a sexualized manner or encourages exploitation.
· Sextortion: Threatening or blackmailing a minor using real or alleged intimate images.
·Child Trafficking: Promoting, luring, or exploiting a child for commercial sexual purposes.
5.2.4 Reporting and Enforcement
If we identify content or behavior involving child sexual abuse material, we will take immediate action, including terminating the offender锟斤拷s account and reporting the incident to NCMEC (National Center for Missing & Exploited Children) and relevant law enforcement agencies.
If you believe a child is in immediate danger or is being abused, exploited, or trafficked, please contact your local law enforcement immediately. You may also report any suspicious behavior or content to us via the contact details in Article 9.
Article 6: Global Data Transfers
Generally, personal information collected and generated during our operations is stored on servers located in Hong Kong. However, your personal information may be transferred to, or accessed from, jurisdictions outside of your country/region of residence in the following circumstances:
1.Legal Requirements: Where such transfers are expressly required or permitted by applicable laws and regulations.
2.Explicit Consent: Where we have obtained your express authorized consent to transfer your data across borders.
3.User-Initiated Actions: Where you engage in cross-border activities through our platform (e.g., cross-border transactions, international social interactions) or other voluntary behaviors that necessitate data transfer.
In all such cases, we will take necessary measures to ensure that your personal information receives a level of protection equivalent to that required under this Privacy Policy and applicable local data protection laws.
Article 7: Your Rights
In accordance with the laws and regulations of Hong Kong and applicable international data protection standards, we respect and safeguard your rights regarding your personal information.
7.1 Access, Correction, and Supplementation
You have the right to access, correct, or supplement your personal information at any time.
·Self-Service: You may manage your profile directly within the app settings.
·Support-Assisted: To update sensitive identity information, please contact our support team: [Me] > [ Customer Service]
·Verification: To protect your account, you must provide valid supporting documents (e.g., Name, ID Number, and clear photos of your ID--front, back, and held by you) to verify your identity before changes are processed.
7.2 Deletion of Information
You may request the deletion of your personal information if:
·Our processing violates applicable laws or regulations.
·We collected or used your information without your explicit consent.
·Our processing significantly breaches this Privacy Policy.
·You have voluntarily deactivated/canceled your account.
Note: Due to technical limitations or legal retention requirements, we may not be able to immediately remove information from backup systems. In such cases, we will securely store and isolate your information from further processing until it can be permanently deleted or anonymized.
7.3 Withdrawal of Consent
You may withdraw your consent for specific features or data collection at any time. Once withdrawn, we will cease processing the corresponding information. Please note that withdrawing consent does not affect the lawfulness of any processing based on consent before its withdrawal.
7.4 Account Cancellation (Logout/Deactivation)
You may permanently cancel your Yaay account through the following path: [Me] > [Account Settings] > [Account & Security] > [Delete Account / Logout]
·Cooldown Period: Upon confirming cancellation, your account will enter a 7-day grace period. Logging back in during this time will be considered a withdrawal of the cancellation request.
·Finality: After 7 days, all associated data will be permanently deleted and cannot be recovered.
7.5 Automated Decision-Making
In certain features, we may use algorithms or automated systems to make decisions. If these decisions significantly affect your legal rights, you have the right to request an explanation. We will provide reasonable clarification, provided it does not compromise Yaay's trade secrets, public interest, or the rights of others.
7.6 Response Mechanism
·Security Verification: For security reasons, we may require identity verification before processing your request.
·Timeframe: We strive to respond to all valid requests within 72 hours.
·Exceptions: We may be unable to fulfill your request if it relates to:
· National security, defense, or major public interests.
· Criminal investigations, prosecutions, or judicial enforcement.
· Evidence of "subjective malice" or intent to infringe upon the rights of others.
· Confidential trade secrets.
Article 8: Policy Updates and Amendments
To provide you with better services and to keep pace with our business development and legal requirements, we may update this Privacy Policy from time to time.
8.1 Consent for Updates
We will not diminish your rights under this Privacy Policy without your explicit consent. For any updates, we will notify you through prominent and accessible channels. Continued use of our services after such notifications shall be deemed as your acknowledgment of the updated Policy.
8.2 Methods of Notification
We will inform you of any changes through reasonable and visible means, including but not limited to:
·In-App Announcements: System-wide notices or homepage pop-ups.
·Direct Communication: Emails, SMS, or private system messages.
·Official Website: Posting the revised version on our official site.
8.3 Material Changes
For significant or "material" changes, we will provide more prominent notifications (such as special alerts on the login or browsing page). Material changes include, but are not limited to:
·Service Model Shifts: Significant changes in the purpose of data processing, the types of personal information collected, or how data is utilized.
·Corporate Structure Changes: Changes in ownership due to business restructuring, mergers, acquisitions, or bankruptcy.
·Data Sharing/Transfer: Changes in the primary parties or categories of recipients with whom we share, transfer, or disclose personal information.
·User Rights: Substantial modifications to your rights regarding personal information processing or the methods to exercise those rights.
·Governance & Contact: Changes to our internal data security department, contact information, or official complaint channels.
·Risk Assessments: When a data protection impact assessment indicates a high-risk scenario that requires user notification.
Article 9: How to Contact Us
9.1 General Inquiries and Requests
If you have any questions, comments, or suggestions regarding this Privacy Policy, or if you wish to exercise your rights (such as accessing, correcting, or deleting your personal information and withdrawing consent), please reach out to us through the following channels:
·In-App Support: Navigate to [Me] > [Customer Service]
·Email: [email protected]
9.2 Complaints and Security Reports
For concerns regarding data security or complaints about how your personal information is handled, you may contact our data protection team via the email provided above. We are committed to reviewing and responding to all legitimate complaints in a timely manner.
9.3 Specialized Child Safety Reporting
We maintain a zero-tolerance policy for Child Sexual Abuse Material (CSAM/CSAE). For any inquiries, notifications, or reports related to child safety or exploitative content found on our platform, please contact our Designated Child Safety Representative immediately:
·Dedicated Child Safety Email: [email protected]
Article 10: Governing Law and Dispute Resolution
10.1 Governing Law
The formation, validity, interpretation, performance, and dispute resolution of this Privacy Policy shall be governed by and construed in accordance with the laws of Hong Kong.
10.2 Dispute Resolution
In the event of any dispute arising from this Policy, we encourage you to first contact us to seek an amicable resolution. If a satisfactory solution cannot be reached, and particularly if you believe our data processing activities have infringed upon your legal rights, you agree that such disputes shall be submitted to the jurisdiction of the competent courts in the location where Hong Kong Said Technology Co., Limited is incorporated.