PRIVACY POLICY

1.1 This Privacy Policy applies to the User's access and use of HeyCyan (hereinafter referred to as “Platform”), as well as to the use of (which includes any participation in) the Services.

1.2 This Privacy Policy is incorporated as part of the Terms of Services, accessible at www.qlifesnap.com.

1.3 The User's privacy is important to HeyCyan, and HeyCyan has adopted this Privacy Policy to inform the User of how HeyCyan as the Data Controller collect, process, use and disclose the User's Personal Data derived from the User's access and use of the Platform and the Services.

1.4 If the User has any questions about this Privacy Policy, or if the User wishes to access, update or correct the User's Personal Data or withdraw the User's consent to the use, collection and disclosure of the User's Personal Data in accordance with this Privacy Policy, please email HeyCyan's DPO at privacy@heycyan.com

1.5 Certain terms apply to Users in certain jurisdictions, as set out in the Schedules to this Privacy Policy. Users in such jurisdictions agree that such additional terms are incorporated into and form part of this Privacy Policy.

2.1 In this Privacy Policy, unless the context otherwise requires, the following general definitions apply:

• (a) "Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of the Platform and the Services.
• (b) "Data Protection Laws" means applicable laws and regulations relating to the use and/or processing of personally identifiable information and data and privacy.
• (c) "Personal Data" means:
  1. data, whether true or not, about an individual who can be identified:
     1. from that data; or
     2. from that data and other information to which HeyCyan has or are likely to have access; and
  2. any data that is analogous to the foregoing, as defined in Data Protection Laws.
• (d) "Purposes" means the purposes for which HeyCyan collects the User's Personal Data as set out in this Privacy Policy.

2.2 Except as otherwise defined above, capitalised terms in this Privacy Policy have the same meanings as those given in the Terms of Service.

2.3 Unless otherwise stated, this Privacy Policy does not cover any collection, use or disclosure by third-parties, including through any applications, websites, products or services that HeyCyan does not control or own.

3.1 HeyCyan may collect and process the following Personal Data pertaining to the User when the User:

• (a) uses the Platform and/or any of the Services (including but not limited to off-Platform interactions such as onboarding launch surveys via third-party service providers);
• (b) register for any participation in any of the Services; and/or
• (c) contact or engage with HeyCyan for any of the Purposes.

3.2 In connection with the User's use of the Platform or the Services, HeyCyan may collect the following Personal Data from the User:

• (a) When you use the Platform, you may provide your email address, phone number, username, user profile picture, password, account type and registration channel to register an account.
• (b) To comply with legal obligations and to protect the rights of users/minors and determine whether your age meets the usage criteria, you may provide your date of birth.
• (c) To provide you with the audio recording and transcription feature on the Platform, we may collect your record data, including Audio record, transcribed text, other information related to your recordings (e.g. date, ID, type, duration, start time, upload time, end time, original language, and language translated into).
• (d) To provide you with related product feature on the Platform, we may collect the information about your headphone habit settings, including settings on display address, enable dictation, distinguish speakers, enable subtitles, automatic recording.
• (e) To help you add location information to your audio records when the records are created and enable you to know the specific location where the recording was completed, we may automatically collect your location (the latitude and longitude).
• (f) To determine the country or region you reside in and provide you with localized services, we may collect your IP address.
• (g) When you access and use the Platform, we may collect the duration and frequency of your headphone usage, device information when you connect the headphones (including phone brand, model), to detect bugs and conduct data statistics to refining products; we may collect the information about your use of the headphone, the information about your use of the Platform (including App version, duration of transcription usage, the frequency of using to-do/summary/translation features, start dates and end dates of subscription) to detect bugs, record the feature usage and conduct data statistics to refining products; and you may provide your log messages to us for detecting bugs.
• (h) To diagnose issues and provide you with after-sales service, we may need to collect information about the problems you report.
• (i) To facilitate and complete in-earphone recharge transactions, we will collect your order transaction ID.

3.3 In connection with the Services, and to the extent permitted by applicable laws (including Data Protection Laws), HeyCyan may also be collecting from sources other than the User, the User's Personal Data, for one or more of the Purposes, and thereafter using, disclosing and/or processing such Personal Data for one or more of the Purposes.

3.4 HeyCyan may combine information it receives from other sources with information the User gives to HeyCyan and information HeyCyan collect on the User. HeyCyan may use this information and the combined information for the Purposes (depending on the types of information HeyCyan receives). If the User suspects that any of the User's Personal Data has not been lawfully disclosed to HeyCyan, please contact HeyCyan (details are set out in clause 1.4 of this Privacy Policy).

3.5 Other than as stated in this Privacy Policy, HeyCyan does not collect or process any other Personal Data.

3.6 HeyCyan may hold the User's Personal Data on servers in Singapore and/or any other territories as HeyCyan sees fit from time to time.

3.7 HeyCyan shall only retain the User's Personal Data for so long as it is necessary. Such Personal Data may be archived for as long as the purpose for the said Personal Data still exists. HeyCyan will put in place measures such that the User's Personal Data in HeyCyan's possession or under HeyCyan's control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which the User's Personal Data was collected is no longer being served by the retention of such Personal Data; and (ii) retention is no longer necessary for any other legal or business purposes.

4.1 The purposes for which User's Personal Data may be used by HeyCyan in and outside Singapore shall include:

• (a) to enable you to register an account to access and use the Platform;
• (b) to comply with legal obligations and to protect the rights of users/minors and determine whether your age meets the usage criteria;
• (c) to provide you with the audio recording and transcription feature on the Platform;
• (d) to help you add location information to your audio records when the records are created and enable you to know the specific location where the recording was completed;
• (e) to determine the country or region you reside in and provide you with localized services;
• (f) to detect bugs and conduct data statistics to refining products;
• (g) purposes directly related or incidental to the above.

4.2 HeyCyan may collect, use, disclose or process the User's Personal Data for other purposes that do not appear in this Privacy Policy. However, HeyCyan will notify the User of such other purposes at or before the time of obtaining the User's consent, unless processing of the User's Personal Data without the User's consent is permitted by Data Protection Laws.

4.3 HeyCyan's legal basis to process and use the Personal Data of Users as the Data Controller is where:

• (a) Users have given their consent for one or more specific purposes (such as the Purposes).
• (b) Data Protection Laws permit a Data Controller to process Personal Data until the User objects to such processing (also known as opting-out), without having to rely on consent or any other legal basis. Note that this does not apply, whenever the processing of Personal Data is subject to the General Data Protection Regulation governing the Personal Data of Users from the European Union.
• (c) Processing and use of Personal Data is necessary for:
  1. the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  2. for any services in relation to the provision of the Platform or Services to the User, including payment processing, account administration and after sales support;
  3. the establishment, exercise or defence of legal claims or proceedings;
  4. compliance with a legal and regulatory obligation to which the Data Controller is subject.
• (d) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• (e) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third-party.
• (f) Where otherwise permitted or not prohibited under Data Protection Laws.

5.1 HeyCyan may need to disclose the User's Personal Data to trusted third-parties, whether located within or outside Singapore, for one or more of the Purposes, as such third-parties, would be processing your Personal Data for one or more of the above Purposes ("Third-Party Processors"). In this regard, the User hereby acknowledges, agrees and consents that HeyCyan is permitted to disclose the User's Personal Data to such Third-Party Processors (whether located within or outside Singapore) for one or more of the above Purposes and for the Third-Party Processors to subsequently collect, use, disclose and/or process the User's Personal Data for one or more of the above Purposes. Without limiting the generality of the foregoing, such Third-Party Processors include:

• (a) any of HeyCyan's agents, contractors or third-party service providers that process or will be processing the User's Personal Data on HeyCyan's behalf including but not limited to those which provide payment processing, account administration, after sales support or other services to HeyCyan;
• (b) HeyCyan's professional advisers, for example, HeyCyan's auditors and lawyers, as well as HeyCyan's insurers;
• (c) third-parties to whom disclosure by HeyCyan is for one or more of the Purposes and such third-parties would in turn be collecting and processing the User's Personal Data for one or more of the Purposes;
• (d) any actual or proposed assignee or transferee of the business of HeyCyan, or a merged entity in the event HeyCyan is merged to create the said merged entity.

5.2 Where HeyCyan discloses the User's Personal Data, HeyCyan will do so only in accordance with Data Protection Laws. This includes taking steps to ensure the security and privacy of the User's Personal Data, and where required, it will be subject to contractual terms ensuring the security and protection of any Personal Data under any sub-processor or data intermediary, whether within or outside of Singapore.

6.1 The User should only provide HeyCyan with Personal Data of third-parties where expressly permitted by HeyCyan. Should the User provide HeyCyan with Personal Data of any individual other than the User, the User represents, undertakes and warrants to HeyCyan that:

• (a) for any Personal Data of individuals that the User discloses to HeyCyan, HeyCyan would have prior to disclosing such Personal Data to HeyCyan obtained consent from the individuals whose Personal Data are being disclosed, to:
  1. permit the User to disclose the individuals' Personal Data to HeyCyan for the Purposes;
  2. permit the User to collect, use, disclose and/or process the individuals' Personal Data for the Purposes;
• (b) at HeyCyan's request, the User will use such form(s) or document(s) provided by HeyCyan in obtaining such consents from the individuals in question (for the avoidance of doubt, HeyCyan is under no obligation to you to create any such form(s) or document(s));
• (c) any Personal Data of individuals that the User discloses to HeyCyan are accurate; and
• (d) for any Personal Data of individuals that the User discloses to HeyCyan, that the User is validly acting on behalf of such individuals and that the User has the authority of such individuals to provide their Personal Data to HeyCyan and for HeyCyan to collect, use, disclose and process such Personal Data for the Purposes.

6.2 Should the User provide HeyCyan with Personal Data of the User's child or children, the User confirms, declares and agrees that the User is the parent and/or legal guardian of such child/children, and that HeyCyan may collect, use and/or disclose the User's child's or children's Personal Data for the Purposes and in the manner as set out in this Privacy Policy.

In principle, we will collect your Personal Information in the countries/regions where you use our products/services. As we operate globally and maintain servers in a number of locations worldwide, your Personal Information will be stored or processed on servers in Singapore, which means may be processed on servers located outside of the country or jurisdiction venue where you use our products/services. Regardless of where your Personal Information is processed, we apply the same protections described in this policy. And if necessary to provide sales and warranty service, and to optimize products/services, we may need to transfer your Personal Information to a HeyCyan branch, third-party service provider, or other business partners outside your jurisdiction, we promise to strictly abide by relevant applicable laws and implement security measures that meet local requirements to ensure that all such transfers meet the requirements of local applicable data protection laws.

8.1 All Personal Data the User has provided to HeyCyan is stored in a cloud-based environment which is highly secure, scalable, and redundant by design. Where HeyCyan has given the User (or where the User has chosen) a password which enables the User to access certain parts of the Platform, the User is responsible for keeping this password confidential. The User should not share a password with any other person. Regular patching and security upgrades are performed on the infrastructure components. All publicly accessible endpoints are protected using data encryption security protocols and are enabled with intrusion detection and DDoS protection.

8.2 Data encryption is enabled for storage of data. Direct access to the data storage system is strictly prohibited. Data in flight is always encrypted using HTTPS/SSL/TLS protocols. Logging of PII data, passwords, financial information and other business critical data in log files is strictly prohibited.

8.3 HeyCyan shall do its best to protect the User's information, but cannot guarantee the security of the User's Personal Data transmitted on the Platform; any transmission is at the User's own risk and the User agrees not to hold HeyCyan responsible for any breach of security while accessing the internet that is out of HeyCyan's control.

8.4 In the event of a breach of the confidentiality or security of the User's information, HeyCyan shall reasonably attempt to notify the User as necessary so that the User can take the appropriate protective steps. Unless the User indicates otherwise, HeyCyan may notify the User under such circumstances using the User's most current email address on record.

9.1 The Platform uses cookies to distinguish the various Users of the Platform. This helps HeyCyan provide the User with the best experience when browsing the Platform and also allows HeyCyan to improve the Platform. By continuing to browse the Platform, the User is hereby agreeing to HeyCyan's use of cookies.

9.2 A cookie is a small file of letters and numbers that HeyCyan stores on the User's browser or on the User's device. Cookies contain that is transferred to the User's device.

9.3 HeyCyan uses the following cookies:

• (a) Strictly necessary cookies. These are cookies that are required for the operation of the Platform. They include, for example, cookies that enable HeyCyan to log into secure areas of the Platform, use a shopping cart or make use of e-billing services.
• (b) Analytical/performance cookies. These cookies allow HeyCyan to recognise and count the number of Users and to see how Users navigate the Platform. This helps HeyCyan improve the manner by which the Platform is operated, including ensuring that Users are able to conveniently access their required resource and/or service.
• (c) Functionality cookies. These are used to recognise the User when the User returns to the Platform. This enables HeyCyan to personalise its content to the User, to greet the User by name and remember the User's preferences (for example, the User's choice of language or region).

9.4 Please note that third-parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which HeyCyan has no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

9.5 The User blocks cookies by activating the setting on the User's browser that allows the User to refuse the setting of all or some cookies. However, if the User uses browser settings to block all cookies (including essential cookies) the User may not be able to access all or parts of the Platform.

When the User uses the Platform or the Services, they may be directed to other third-party sites outside of their control. This may include links from advertisers, sponsors, and partners that may use HeyCyan's logo. Such third parties may treat the User's personal data in accordance with their own privacy policy and the User's direct agreement with them. HeyCyan is not responsible for any third-party use of personal data where they were provided by the User to such third party. The User is solely responsible for their legal relationship with any such third parties.

11.1 If the User has any questions about the processing of the User's Personal Data or about this Privacy Policy, if the User does not accept an amended Privacy Policy, if the User wishes to withdraw any consent the User has given HeyCyan at any time, or if the User wishes to update or have access to the User's Personal Data, the User is welcome to contact HeyCyan through the contact details listed at clause 1.4 of this Privacy Policy.

11.2 The User has the right to access and/or correct any Personal Data that HeyCyan hold about the User, subject to exceptions under the law. This right can be exercised at any time by contacting HeyCyan through the contact details listed at clause 1.4 of this Privacy Policy. HeyCyan will need enough information from the User in order to ascertain the User's identity as well as the nature of the User's request, so as to be able to deal with the User's request. All requests for correction or for access to the User's Personal Data must be in writing. HeyCyan will endeavour to respond to the User's request within 30 days, and if that is not possible, HeyCyan will inform the User of the time by which HeyCyan will respond to the User.

11.3 HeyCyan may be prevented by law from complying with any request that the User may make. HeyCyan may also decline any request that the User may make if the law permits HeyCyan to do so.

11.4 In many circumstances, HeyCyan need to use the User's Personal Data in order for HeyCyan to enable the User's use of the Platform and the Services. If the User does not provide HeyCyan with the required Personal Data, or if the User does not accept an amended Privacy Policy or withdraw the User's consent to HeyCyan's use and/or disclosure of the User's Personal Data for the Purposes, it may not be possible for HeyCyan to continue to enable the User's use of the Platform and the Services.

11.5 HeyCyan may charge the User with a fee for responding to the User's request for access to the User's Personal Data which HeyCyan holds, or for information about the ways in which HeyCyan has (or may have) used the User's Personal Data. If a fee is to be charged, HeyCyan will inform the User of the amount beforehand and respond to the User's request after payment is received.

11.6 HeyCyan is fully committed to protecting the User's Personal Data and ensuring that the User is able to enjoy all the rights granted to the User in relation to the User's Personal Data under Data Protection Laws. Nothing in this Privacy Policy should be construed as limiting any of the User's rights prescribed for under Data Protection Laws.

12.1 HeyCyan reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page and possibly within the Platform and/or, as far as technically and legally feasible, sending a notice to Users via any contact information available to HeyCyan. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. It is strongly recommended to review the Platform and this Privacy Policy periodically for updates.

12.2 Should the changes affect the processing activities performed on the basis of the User's consent, HeyCyan shall collect consent from the User, where required.

For users in EU, Canada, Japan and US, in the event of any inconsistency or conflict between the General Terms of the Privacy Policy (the “General Terms”) and SCHEDULE - Privacy Policy for EU, and Special Terms for Canada and Japan and US (the “Schedules”), the provisions of the Schedules shall prevail.