Gokyo

Privacy Policy

Effective Date: January 17, 2025

Introduction

Gokyo AI Inc. ("Gokyo," "we," "our," or "us") respects and is committed to protecting your privacy. This Privacy Policy sets forth the manner in which we collect, use, maintain, and disclose information collected from users ("User," "you," or "your") of our Gokyo.ai platform and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree to these terms, please do not access or use the Service.

Legal Basis for Data Processing

We collect and process your information based on one or more of the following legal grounds:

  • Performance of Contract: Processing necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
  • Legitimate Interests: Processing necessary for our legitimate interests, provided that such interests are not overridden by your interests, rights, or freedoms.
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.
  • Consent: Where you have given consent to the processing of your personal data for one or more specific purposes.

Information We Collect

Account Information

When you create an account with Gokyo.ai, we collect your email address and account credentials. This information is necessary to create and maintain your account and provide you with access to our Service.

Usage Information

We collect information about how you interact with our Service, including:

  • Features and functions accessed
  • User preferences and settings
  • Usage patterns and frequency
  • Performance data

This information helps us understand how users engage with our platform, enabling us to improve functionality and user experience.

Cookie Information

We employ cookies and similar tracking technologies to enhance your experience with our Service. These technologies allow us to:

  • Remember your preferences
  • Understand navigation patterns
  • Improve the overall functionality of our Service

You may manage your cookie preferences through your browser settings. However, please note that disabling certain cookies may limit your ability to use some features of the Service.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Provision of Service

We process your personal information to create and manage your account, authenticate your identity when you log in, and deliver the core features and functionalities of our AI brand tracking platform. This processing is necessary for the performance of our contract with you and to provide the service you have requested.

Service Improvement

We analyze user behavior, preferences, and feedback to identify areas where our platform can be enhanced. This includes studying how users interact with different features, which helps us prioritize improvements and develop new capabilities that better serve your brand tracking needs. This processing is based on our legitimate interest in improving our services for all users.

Analytics and Performance

We monitor and analyze usage patterns and performance metrics to ensure our platform operates efficiently and effectively. This includes generating statistical information about user engagement, feature adoption, and system performance. Such processing helps us identify and address technical issues promptly and optimize the overall user experience. This processing is based on our legitimate interest in maintaining and improving the quality of our services.

Communication

We use your email address to respond to your inquiries, provide customer support, and send service-related notifications, such as account updates, feature releases, scheduled maintenance, or important changes to our terms or policies. These communications are essential to our service provision and are not marketing in nature. This processing is necessary for the performance of our contract with you and our legitimate interest in providing effective support.

Security and Protection

We use information about how you interact with our platform to detect unusual activities that may indicate fraud or unauthorized access attempts. This helps us protect your account, our platform, and other users from security threats and address technical issues that may affect performance or functionality. This processing is based on our legitimate interest in ensuring the security and integrity of our service.

Disclosure of Your Information

No Third-Party Sharing

We do not sell, rent, trade, or otherwise share your personal information with third parties for their marketing or commercial purposes.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) or when we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, user information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

Data Security

We implement reasonable and appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secured Servers: Our infrastructure utilizes industry-standard security protocols and is hosted in secure data centers with physical access restrictions.

  • Data Encryption: We employ encryption technologies for data in transit (using TLS/SSL protocols) and at rest to protect sensitive information.

  • Regular Security Assessments: We conduct periodic security assessments, vulnerability scanning, and penetration testing to identify and address potential security weaknesses.

  • Access Controls and Authentication: We implement strict access controls, including multi-factor authentication, role-based permissions, and the principle of least privilege to ensure only authorized personnel can access personal data.

  • Secure Development Practices: We follow secure coding practices during software development and regularly update our systems with the latest security patches.

  • Employee Training: We provide regular security awareness training to our staff to ensure they understand their responsibilities in protecting user data.

  • Incident Response Plan: We maintain a comprehensive incident response plan to quickly address any potential data security incidents or breaches.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable laws.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of our ongoing relationship with you
  • Our legal obligations
  • Applicable statute of limitations
  • Ongoing or potential disputes
  • The impact on our business operations

When we no longer require your personal information, we will securely delete or anonymize it in accordance with our data retention policies.

8. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information:

8.1 Access and Control

You can access and update your personal information directly through your Gokyo.ai account settings.

Data Subject Rights

You may have the right to exercise certain privacy rights related to your personal information. Depending on your jurisdiction, these rights may include:

  • Right to Access: You can request information about the personal data we hold about you and how it is being processed. Upon verification of your identity, we will provide you with a copy of your personal information in an electronic format.

  • Right to Rectification: If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to request correction. We will promptly update your information upon verification.

  • Right to Erasure: Under certain circumstances, you may request the deletion of your personal information. We will comply with this request unless there is a legal requirement to retain certain information, such as for tax or accounting purposes, or to complete pending transactions.

  • Right to Restriction: You may request that we temporarily or permanently stop processing certain elements of your personal information when: you contest the accuracy of your data, the processing is unlawful, we no longer need the information but you require it for legal claims, or you've objected to processing while we verify legitimate grounds.

  • Right to Data Portability: You may request to receive your personal information in a structured, commonly used, and machine-readable format and to transmit this data to another service provider where technically feasible.

  • Right to Object: You can object to our processing of your personal information based on legitimate interests, including profiling. We will comply with such requests unless we have compelling legitimate grounds that override your interests or rights, or if the processing is needed for legal claims.

  • Right to Withdraw Consent: Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing based on your consent before its withdrawal.

To exercise any of these rights, please contact us using the information provided in Section 14 (Contact Us). We will respond to all legitimate requests within 30 days, or inform you if additional time is required.

International Data Transfers

Your information may be stored and processed in Canada or other countries where we or our service providers maintain facilities. By using our Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than those of your country.

When we transfer personal information from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of protection, we employ appropriate safeguards, such as standard contractual clauses approved by the relevant authorities.

Compliance with Privacy Regulations

General Data Protection Regulation (GDPR)

For users in the European Economic Area (EEA), we act as the data controller for your personal information. We process your data in accordance with GDPR requirements and respect your rights as outlined in Section 8.

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

California residents have specific rights regarding their personal information under the CCPA and CPRA. For more information about these rights and how to exercise them, please contact us.

Personal Information Protection and Electronic Documents Act (PIPEDA) and BC Personal Information Protection Act (PIPA)

As a Canadian company based in British Columbia, we comply with both federal and provincial privacy legislation. This includes:

  • PIPEDA: Canada's federal private sector privacy law that sets the ground rules for how businesses must handle personal information in the course of commercial activity.

  • PIPA: British Columbia's provincial privacy legislation that regulates the collection, use, and disclosure of personal information by private sector organizations within the province.

We adhere to the following principles under these laws:

  • Accountability: We are responsible for the personal information under our control and have designated individuals who are accountable for our compliance with these principles.

  • Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.

  • Consent: We obtain informed consent for the collection, use, and disclosure of personal information, except where inappropriate or where permitted by law.

  • Limiting Collection: We limit the collection of personal information to that which is necessary for the purposes identified. Information is collected by fair and lawful means.

  • Limiting Use, Disclosure, and Retention: We do not use or disclose personal information for purposes other than those for which it was collected, except with consent or as required by law. We retain personal information only as long as necessary for the fulfillment of those purposes.

  • Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.

  • Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.

  • Openness: We make information about our policies and practices relating to the management of personal information readily available.

  • Individual Access: Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to that information. Individuals have the ability to challenge the accuracy and completeness of the information and have it amended as appropriate.

  • Challenging Compliance: Individuals may challenge our compliance with the above principles by contacting the designated individuals accountable for our compliance.

Children's Privacy

Our Service is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13 years of age. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe we might have any information from or about a child under 13, please contact us immediately.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this Privacy Policy periodically, and especially before you provide any information. This Privacy Policy was last updated on the date indicated at the beginning of this document. Your continued use of the Service after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of British Columbia, Canada, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located within the Province of British Columbia.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Gokyo AI Inc.
[Street Address]
[City, British Columbia, Postal Code]
Canada

Email: [privacy@gokyo.ai]
Phone: [Phone Number]

You may also contact our Privacy Officer directly at [privacy.officer@gokyo.ai]

AI Processing and Brand Tracking

AI Technology Use

Gokyo.ai utilizes artificial intelligence and machine learning technologies to provide brand tracking and analytical services. You should be aware of the following aspects of our AI processing:

  • Data Analysis: Our AI systems analyze brand data from permitted sources to provide insights and tracking capabilities.

  • Automated Processing: Some features of our Service involve automated processing and analysis of data to generate reports, identify patterns, and deliver tracking results.

  • Algorithm Transparency: While our specific algorithms are proprietary, we are committed to providing general information about how our AI systems process data and generate results.

  • Human Oversight: Our AI systems operate under human oversight to ensure quality, accuracy, and ethical use of technology.

15.2 Third-Party Service Providers

While we do not share your personal information with third parties for their own commercial purposes, we may engage trusted third-party service providers to assist us in operating our platform and providing our services. These service providers include:

  • Cloud Infrastructure Providers: For secure hosting of our platform and storage of data.

  • Analytics Providers: To help us understand usage patterns and improve our Service.

  • Email Service Providers: To facilitate service-related communications.

All third-party service providers are contractually obligated to use your information solely for providing services to us and to maintain appropriate security measures to protect your data.

15.3 Data Localization

Your personal information is primarily stored and processed in Canada. Specifically:

  • Our primary data centers are located in Canada.

  • We prioritize Canadian service providers where feasible.

  • In cases where data may be processed outside of Canada (such as through globally distributed cloud services), we ensure appropriate safeguards are in place to protect your information in accordance with Canadian privacy laws.

15.4 Cookie and Tracking Technology Details

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for the basic functionality of our Service (session management, authentication).

  • Preference Cookies: Remember your settings and preferences to enhance your experience.

  • Analytics Cookies: Help us understand how visitors interact with our Service, allowing us to improve functionality and performance.

  • Performance Cookies: Collect information about how you use our Service to help us enhance its functionality.

Most cookies we use are session cookies that expire when you close your browser. Persistent cookies remain on your device for a set period or until manually deleted. You can manage cookie preferences through your browser settings.

Regarding Do Not Track (DNT) signals: We respect user choice and make reasonable efforts to recognize and respond to DNT signals. However, some third-party components we use may not fully respond to DNT signals.

16. Additional Rights and Protections

16.1 Data Breach Notification

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information, we will:

  • Notify affected users without undue delay, typically within 72 hours of becoming aware of the breach, where feasible.

  • Provide information about the nature of the breach, the categories and approximate number of data records concerned, the likely consequences, and measures taken or proposed to address the breach.

  • Notify relevant regulatory authorities as required by applicable law.

16.2 Marketing Communications

We may occasionally send you information about service updates, new features, or improvements that we believe may be of interest to you. With respect to such communications:

  • All marketing communications will include an easy option to opt-out or unsubscribe.

  • You may opt-out of receiving marketing communications at any time by:

    • Clicking the "unsubscribe" link in any marketing email
    • Updating your communication preferences in your account settings
    • Contacting us directly using the information in Section 14

  • We will not sell or rent your email address or contact information to third parties for marketing purposes.

16.3 In-App Privacy Controls

Our platform provides several in-app privacy controls that allow you to:

  • Manage your profile information and visibility settings
  • Control which data is used for analytics and service improvement
  • Review your account activity and usage history
  • Download a copy of your personal information
  • Delete your account and associated data

These controls can be found in the account settings section of the Gokyo.ai platform.