Privacy Policy

1. Introduction and Scope

Yellow Tail Investment Enterprise, LLC (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of every individual who interacts with our website, application, AI system, and related services (collectively, the “Platform”).

This Privacy Policy tells you what personal information we collect, how we use it, when we share it, and how we keep it safe. It applies to everyone who uses the Platform, wherever they are, and reflects our obligations under:

The General Data Protection Regulation (GDPR) — European Union & EEA
The UK General Data Protection Regulation (UK GDPR)
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — USA
The Digital Personal Data Protection Act, 2023 (DPDPA) — India
The Personal Data Protection Act (PDPA) — Singapore
The Personal Data Protection Act 2010 (PDPA) — Malaysia
The Data Privacy Act of 2012 (Republic Act 10173) — Philippines

2. Data Controller

Under applicable data protection law, the data controller for your personal information is:

Yellow Tail Investment Enterprise, LLC

[Registered Address]

Email: [Insert Data Protection Contact Email]

3. Categories of Personal Data Collected

3.1 Data You Provide Directly

Identity data: first name, last name, username, or similar identifiers;
Contact data: email address, postal address, telephone number;
Account data: login credentials, account preferences and settings;
Payment data: billing details processed through our payment providers;
AI Interaction data: text Inputs you send to the AI coaching system;
Communications: messages, feedback, or support requests you send us.

3.2 Data Collected Automatically

Technical data: IP address, browser type and version, operating system, device identifiers;
Usage data: pages viewed, features used, session duration, click paths;
Location data: a rough sense of where you are, based on your IP address;
Cookie and tracking data: as described in our Cookie Policy.

3.3 Data from Third Parties

Authentication data from social sign-in providers (if applicable);
Analytics data from third-party tools and service providers.

4. Purposes and Legal Bases for Processing

We only process your personal data when we have a valid legal reason to. The table below sets out what we use it for and why:

Purpose	Data Used	Legal Basis
Providing and operating the Platform	Identity, Account, Technical	Contract performance
Personalizing AI responses	AI Interaction data, Account	Contract performance / Consent
Improving AI system performance	Anonymized AI Inputs	Legitimate interests
Security and fraud prevention	Technical, Usage	Legitimate interests
Legal compliance	Any relevant data	Legal obligation
Marketing communications (opt-in)	Identity, Contact	Consent
Analytics and performance monitoring	Usage, Technical	Legitimate interests

5. AI System — Data Processing Transparency

Given the AI-driven nature of our Platform, we provide additional transparency regarding how your interactions with the AI are processed:

What you type into the AI is stored and processed to generate responses and make the system better over time;
The AI may use your past interactions to tailor responses within your session or account;
Where possible, data is anonymized or aggregated before it goes into any system improvements;
We don’t use your personal Inputs to train publicly available models;
Please don’t share sensitive personal data with the AI — things like health details, financial information, or anything legally sensitive.

6. Data Sharing and Disclosure

We don’t sell your personal data. In limited circumstances, we may share it with:

6.1 Service Providers

Third-party vendors who help us run the Platform, including hosting, analytics, payment processing, and customer support. Every service provider we work with is bound by a data processing agreement.

6.2 Legal and Regulatory Authorities

Where required by law, court order, or regulatory authority. We will notify you where legally permitted to do so.

6.3 Business Transfers

If we go through a merger, acquisition, or sale of assets, your data may be part of what transfers. We’d notify you if that happens.

6.4 With Your Consent

Where you have expressly authorized specific disclosures.

7. International Data Transfers

Since we operate globally, your data may be processed in countries other than your own — including the United States — where data protection rules may differ from those where you live.

When that happens, we put appropriate protections in place, including:

Standard Contractual Clauses, as approved by relevant regulators;
Binding corporate rules where applicable;
Compliance with local data transfer rules wherever they apply.

8. Your Rights as a Data Subject

Depending on where you live, you may have some or all of the following rights:

Right of Access: Ask for a copy of personal data we hold about you;
Right to Rectification: Ask us to fix anything that’s inaccurate or incomplete;
Right to Erasure: Ask us to delete your personal data in certain situations;
Right to Restriction: Ask us to pause or limit how we use your data;
Right to Data Portability: Get your data in a structured, portable format you can use elsewhere;
Right to Object: Push back on how we use your data where we rely on legitimate interests or for direct marketing;
Right to Withdraw Consent: Change your mind at any time when your consent is what we’re relying on;
Right Not to Be Subject to Automated Decisions: Ask for a human to review decisions made about you automatically.

To use any of these rights, get in touch at [Insert Contact Email]. We’ll respond within the timeframe required by the law that applies to you.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Retention periods are determined by:

The nature and purpose of the data;
Applicable statutory retention requirements;
Active account status and user engagement.

Upon expiry of applicable retention periods, data is securely deleted or anonymized.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

Encryption of data in transit and at rest;
Access controls and authentication requirements;
Regular security assessments and monitoring;
Staff training on data protection obligations.

While we take reasonable precautions, no electronic system can guarantee absolute security. Users are encouraged to maintain strong passwords and protect their account credentials.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies as described in our separate Cookie Policy. You may manage cookie preferences through your browser settings or through our consent management tool.

12. Children’s Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete such information promptly.

13. Jurisdiction-Specific Provisions

13.1 European Union / EEA (GDPR)

If EU or EEA data protection law applies to you, you can raise a complaint with your local supervisory authority.

13.2 United Kingdom (UK GDPR)

UK residents can raise concerns with the Information Commissioner’s Office (ICO).

13.3 California, USA (CCPA/CPRA)

California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information.

13.4 India (DPDPA 2023)

Indian users have rights to access, correction, erasure, and grievance redressal as provided under the Digital Personal Data Protection Act, 2023.

13.5 Singapore, Malaysia, Philippines

Users in these jurisdictions have rights consistent with local data protection legislation, including access, correction, and withdrawal of consent.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to users via the Platform or by email. Continued use of the Platform following any update constitutes your acceptance of the revised policy.