日本語 EN

This Privacy Policy applies to Yahoo developer app related services provided by Shanghai Huanchuangyu Technology Co., Ltd. We process personal data with transparency, data minimization, and security controls.

1. Scope and Roles

Depending on context, end users are data subjects, partners/customers may act as controllers, and we act as a service provider processing data within authorized scope.

2. Categories of Data We Collect

  • Yahoo account identifiers, such as Yahoo UID/subject identifiers;
  • Basic profile fields, such as display name, avatar, and email (subject to granted scope);
  • Security and operations data, including login time, IP, device metadata, error logs, and audit logs;
  • Support records submitted via email (for example deletion/revocation requests).

3. Purposes of Processing

  • Yahoo OAuth sign-in, account linking, and identity verification;
  • Account security, abuse prevention, and anomaly detection;
  • Customer support, troubleshooting, and compliance audit support;
  • Legal, contractual, and regulatory obligations.

4. Permission Scope and Data Minimization

We request only business-required Yahoo OAuth scopes, typically openid, profile, and email. If additional sensitive scopes are needed in the future, we will update this policy and provide notice first.

5. Yahoo API Data Retention and Deletion

  • Yahoo API profile fields are used for session handling, diagnostics, and consistency checks, and retained for no longer than 24 hours before deletion or anonymization;
  • During active account linking, we may retain required Yahoo UID and OAuth tokens (access/refresh tokens) to maintain sign-in continuity;
  • After authorization revocation or unlink requests, tokens are disabled within 24 hours and associated data is deleted or anonymized within a reasonable period (typically no more than 30 days);
  • Security audit logs are retained for 90 days for incident investigation and compliance evidence.

6. Data Sharing and Subprocessors

  • We do not sell, rent, or trade personal data;
  • Data is shared only with vetted subprocessors necessary for service delivery, under confidentiality and security obligations;
  • We may disclose data when required by applicable law or regulatory process.

7. Security Measures

  • Encryption in transit: HTTPS/TLS 1.2+;
  • Encryption at rest: AES-256 or equivalent;
  • Access controls: RBAC least privilege, MFA for privileged access, auditable logs;
  • Incident response: documented identification, containment, remediation, review, and notification process.

8. User Rights and Requests

Users may request access, correction, export, deletion, or revocation handling by contacting support@hcytechsoft.com. We process requests after identity verification.

9. Children

This service is intended for business/adult use and is not directed to children.

10. Policy Updates

We may update this policy due to legal or business changes. The latest version and effective date are published on this page.