Privacy Policy

1. Who we are

Auspex Intelligence Limited (incorporated in Hong Kong) is the data user under the Personal Data (Privacy) Ordinance (Cap. 486) and the personal information handler under the PRC Personal Information Protection Law in respect of personal data collected through yude.io and yude.hk. This statement is our Personal Information Collection Statement (PICS) and Privacy Policy Statement (PPS) for the purposes of Data Protection Principles 1(3) and 5.

2. What we collect

We collect the following personal data directly from you. Required fields are marked OBLIGATORY; if you choose not to supply them we cannot provide the service and we will refund a payment that has already been made.

• Mother's date of birth — OBLIGATORY.
• Father's date of birth — OBLIGATORY.
• Mother's time of birth (時辰 / two-hour precision) — VOLUNTARY; omitting this reduces analytical precision but does not block the analysis.
• Father's time of birth (時辰 / two-hour precision) — VOLUNTARY.
• Email address, which identifies your account and receives transactional messages — OBLIGATORY.
• Account password — OBLIGATORY; stored only as a salted hash, never in plain text.
• Name on the contact form, if you use it — VOLUNTARY.

3. How we use your data

We use your personal data for two purposes only: to operate your account and authenticate your access, and to compute the BaZi (四柱八字) structures of candidate dates in the next three years and present the resulting interactive calendar to you. We do not use your personal data for marketing, profiling, training of machine-learning models, sale to third parties, or any other purpose. If we ever wish to use your personal data for a new purpose we will obtain your prescribed consent under PDPO DPP3 and your separate consent under PIPL Article 23 before doing so.

4. Sensitivity of birth data

Date and time of birth are not enumerated as "sensitive personal information" under Article 28 of the PRC Personal Information Protection Law (which lists biometrics, religious belief, specific identity, medical health, financial accounts, whereabouts, and the personal information of minors under 14). We nevertheless process this data only for the specified purposes stated above, only where it is necessary, and under strict protective measures, as Article 28 also requires for sensitive personal information. We do not collect biometric, financial-account, location, or medical data of any kind.

5. Who we share your data with

We disclose your personal data only to the following classes of transferees, each under a written processor agreement:

• Stripe Payments Europe, Ltd. and its affiliates, which process your payment and may receive your email, IP address, payment-card details (which never reach our servers) and transaction metadata in their capacity as a separate data controller for payment processing and fraud prevention — see stripe.com/privacy;
• Vercel Inc., which hosts yude.io and processes server access logs as our data processor;
• Alibaba Cloud (Hong Kong) Limited, which hosts the yude.hk Mainland-facing mirror as our data processor.

We do not sell personal data.

6. Cross-border transfers (for users in Mainland China)

When you submit personal data through yude.hk it is stored on Alibaba Cloud (Hong Kong) Limited servers physically located in the Hong Kong SAR. Because the Hong Kong SAR is outside the borders of the Mainland for the purposes of PIPL Articles 38/39, this constitutes a cross-border transfer. Before you submit your data, we ask you to give a separate, explicit consent (a dedicated checkbox, not bundled with our terms-of-service checkbox) to this transfer, having been informed:

1. the overseas recipient is Auspex Intelligence Limited (Hong Kong);
2. contact method: contact@yude.io;
3. purpose: operating your account and generating your BaZi-based date analyses;
4. categories: parents' date and time of birth, email, account credentials;
5. how to exercise your PIPL rights: by emailing contact@yude.io, to which we will respond in a timely manner per PIPL Articles 45–47.

7. Cookies and browser storage

yude.io and yude.hk do not set analytics, advertising, fingerprinting, or behavioural-tracking cookies. The only client-side storage we use is:

• a first-party authentication cookie (or equivalent token) that keeps you signed in to your account — strictly necessary for the service and not used for tracking;
• sessionStorage, to remember the alpha passcode you entered for the current browser session (cleared when you close the tab);
• localStorage under the key yude-theme, to remember your dark/light theme preference.

The Stripe checkout, when opened, may set cookies under its own domain for fraud prevention; those cookies are governed by Stripe's own policy at stripe.com/privacy.

8. How long we keep your data

We apply two retention periods.

• Your account data (email address, password hash) and the birth data you input are retained for as long as your account remains active, so that you can return to the tool at any time. When you ask us to delete your account, or otherwise exercise your erasure rights, we erase this data from our primary database and from the next routine backup cycle, in accordance with PDPO Section 26 and PIPL Article 47.
• Transaction records (order ID, amount, timestamp, your email address, Stripe payment ID) are retained for 7 years from the end of the relevant fiscal year, as required for Hong Kong tax records under Section 51C of the Inland Revenue Ordinance. After 7 years, transaction records are also erased.

9. Children

Yude is a paid tool for adult parents in the conception-planning window and is not intended for or directed at minors. By using Yude you confirm that you are at least 18 years of age. We do not knowingly collect personal information from any person under 18. If we learn that we have inadvertently collected the personal information of a person under 18 we will erase it under PDPO Section 26 without delay. For the avoidance of doubt under PIPL Article 31, we do not knowingly process the personal information of minors under 14; if such processing were to occur it would require the separate consent of the parent or guardian and the formulation of special handling rules, neither of which is currently in place.

10. Your rights and how to exercise them

You have the right to:

• request access to the personal data we hold about you;
• request correction of inaccurate personal data;
• request deletion of your account and the personal data associated with it, under PIPL Article 47 (Mainland users) or our PDPO Section 26 erasure undertaking (Hong Kong and other users);
• withdraw consent at any time, after which we will stop processing your personal data for the consented purpose.

To exercise any of these rights, email contact@yude.io. We will acknowledge your request within 5 working days. For Hong Kong data access requests we will substantively respond within 40 days of receipt, which is the statutory deadline under PDPO Section 19(1). For Mainland users we will respond in a timely manner as required by PIPL Articles 45–47.

11. Security

We take all practicable steps to protect your personal data against unauthorised or accidental access, processing, erasure, loss, or use, as required by PDPO Data Protection Principle 4. These steps include TLS-in-transit for all traffic to yude.io and yude.hk, encryption-at-rest for the database, salted password hashing, restriction of production-data access to named employees on a least-privilege basis, and processor agreements with Stripe, Vercel, and Alibaba Cloud (Hong Kong). We do not represent that the internet or email transmission is ever fully secure, and we encourage you to choose what information you send to us by email accordingly.

12. Contact and Data Protection

Privacy queries, data subject access and correction requests, and complaints should be directed to: Auspex Intelligence Limited, attention: Data Protection Officer, contact@yude.io. PIPL Article 52 requires PI handlers above a CAC-set volume threshold (currently more than 1,000,000 individuals, per the CAC Personal Information Protection Compliance Audit Management Measures effective 1 May 2025) to appoint a person in charge of personal information protection. We are below that threshold during alpha, but we have nevertheless designated an internal individual to handle PDPO and PIPL matters.

13. Changes to this policy

We may update this Privacy Policy from time to time. The current version is identified by the "Last updated" date at the top of this page. If we make a material change we will email it to account holders.