caKao Privacy Policy
Effective Date: Aug 1, 2025
Last Updated: Aug 1, 2025
1. Introduction and Scope
caKao Inc., a corporation incorporated under the laws of Singapore ("caKao," "Company," "we," "us," or "our"), is committed to protecting and respecting your privacy rights by applicable data protection laws and regulations. This comprehensive Privacy Policy ("Policy") governs the collection, use, processing, storage, transfer, and disclosure of personal information obtained through your use of our AI-powered health and wellness platform, mobile application, and related services (collectively, the "Platform" or "Services").
This Policy applies to all users of our Platform, including visitors, registered users, and subscribers, regardless of their geographic location or method of access. By accessing, downloading, installing, or using our Platform in any capacity, you acknowledge that you have read, understood, and expressly consent to the data practices described in this Policy.
1.1 Legal Basis for Processing
Our processing of personal data is based on one or more of the following legal grounds:
Consent: Where you have provided explicit consent for specific processing activities
Contract Performance: Processing is necessary to perform our contractual obligations to you
Legitimate Interests: Processing necessary for our legitimate business interests, provided such interests do not override your fundamental rights and freedoms
Legal Compliance: Processing required to comply with applicable legal obligations
Vital Interests: Processing necessary to protect your vital interests or those of another person
1.2 Controller and Data Protection Officer
caKao Inc. acts as the data controller for personal information processed through our Platform. For data protection inquiries, you may contact our designated Data Protection Officer at: dpo@cakao.ai
2. Categories of Information We Collect
2.1 Account and Authentication Data
When you create an account through our integrated Single Sign-On (SSO) infrastructure utilizing Apple ID or Google authentication services, we collect and process:
Identity Information:
Unique user identifiers generated by authentication providers
Display names and profile information shared by your chosen authentication service
Account creation timestamps and authentication logs
Profile Data:
Age information is required for algorithmic personalization
Weight measurements for metabolic calculations
Height data for comprehensive health analytics
Gender information for tailored recommendations
Activity level assessments and fitness goals
Time zone and location preferences for scheduling
2.2 Health and Wellness Information
Our AI algorithms collect and analyze comprehensive health-related data to deliver personalized insights:
Nutritional Data:
Meal photographs and visual food content analysis
Caloric intake estimates and nutritional breakdowns
Macronutrient distribution (proteins, carbohydrates, fats, fiber)
Meal timing patterns and eating schedules
Food preferences and aversion profiles
Physical Activity Information:
Exercise types, duration, and intensity levels
Caloric expenditure calculations and metabolic data
Workout routines and fitness program adherence
Performance metrics and progress tracking
2.3 Technical and Usage Data
We automatically collect technical information to ensure Platform functionality and security:
Device Information:
Screen resolution and display characteristics
Hardware identifiers and device fingerprints
Network connectivity type and signal strength
Application Data:
Application version and build information
Feature usage patterns and interaction analytics
Session duration and frequency of use
Navigation paths and user flow analysis
Error logs and crash reports
Performance metrics and response times
Push notification preferences and delivery status
Network and Location Data:
IP addresses and geographic location indicators
Connection timestamps and session logs
Network performance and latency measurements
Time zone and locale settings
2.4 Visual and Media Content
All visual content processed through our Platform undergoes sophisticated handling:
Image Processing:
Original meal photographs captured through our camera interface
Processed image data for food recognition and analysis
Computer vision metadata and classification results
Image quality assessments and enhancement data
Cropping coordinates and region-of-interest selections
Color analysis and visual characteristics
Portion size estimations and scaling factors
Content Security:
Encrypted image storage with advanced cryptographic protocols
Access logs and viewing history for visual content
Sharing permissions and distribution controls
Retention timestamps and deletion schedules
3. Methods of Data Collection
3.1 Direct Collection
We collect information directly from you through:
Account registration and profile setup processes
Manual data entry through the Platform interfaces
File uploads and content submissions
Customer support interactions
Subscription and payment processes
3.2 Automatic Collection
Our Platform automatically collects certain information through:
Analytics tools and performance monitoring systems
Error logging and diagnostic reporting mechanisms
Usage analytics and behavioral tracking systems
Security monitoring and fraud detection systems
3.3 Third-Party Sources
We may receive information from external sources, including:
Authentication providers (Apple, Google)
Payment processors and billing services
Analytics and marketing service providers
Data enrichment and verification services
Public databases and regulatory sources
4. Purposes and Legal Basis for Processing
4.1 Primary Platform Functions
AI-Powered Personalization and Recommendations:
Processing health and wellness data to generate personalized caloric intake recommendations
Analyzing nutritional patterns to provide intelligent meal suggestions
Computing metabolic expenditure based on activity levels and biometric data
Delivering adaptive fitness guidance aligned with individual goals and capabilities
Creating customized wellness plans based on user preferences and health objectives
Generating predictive insights for health trend analysis and goal achievement
Food Recognition and Analysis:
Processing meal photographs through computer vision algorithms
Identifying food items, ingredients, and nutritional components
Estimating portion sizes and caloric content
Providing nutritional breakdowns and dietary insights
Tracking eating patterns and meal timing analysis
Platform Operations and Functionality:
Maintaining user accounts and authentication systems
Processing subscription management and billing operations
Providing customer support and technical assistance
Ensuring Platform security and preventing unauthorized access
Delivering push notifications
Synchronizing data across multiple devices and platforms
4.2 Analytics and Improvement
Product Development and Enhancement:
Analyzing user behavior patterns to improve Platform functionality
Conducting A/B testing for feature optimization and user experience enhancement
Identifying usage trends and popular features for development prioritization
Measuring Platform performance and identifying areas for improvement
Developing new AI models and algorithmic capabilities
Enhancing user interface design and navigation flows
Research and Development:
Conducting anonymized research on health and wellness trends
Developing improved machine learning models for better predictions
Analyzing aggregated data for industry insights and benchmarking
Collaborating with research institutions on health-related studies
Publishing anonymized research findings for scientific advancement
4.3 Business Operations
Marketing and Communication:
Sending promotional materials and product updates (with consent)
Personalizing marketing content based on user preferences
Measuring marketing campaign effectiveness and engagement
Conducting market research and user satisfaction surveys
Managing affiliate and partnership programs
Legal and Regulatory Compliance:
Complying with applicable data protection and privacy laws
Responding to legal requests and regulatory inquiries
Maintaining records for audit and compliance purposes
Implementing security measures and breach notification procedures
Protecting intellectual property rights and preventing fraud
5. Data Sharing and Disclosure Practices
5.1 Service Providers and Vendors
We engage carefully vetted third-party service providers to support Platform operations:
Cloud Infrastructure Providers:
Data hosting and storage services with enterprise-grade security
Content delivery networks for optimal Platform performance
Backup and disaster recovery services
Database management and optimization services
Analytics and Performance Services:
User behavior analytics and Platform usage measurement
Performance monitoring and error tracking services
A/B testing platforms for feature optimization
Marketing analytics and campaign measurement tools
Payment and Billing Services:
Subscription management and recurring billing systems
Payment processing through Apple's secure infrastructure
Fraud detection and prevention services
Tax calculation and compliance services
Communication Services:
Push notification delivery systems
Survey and feedback collection tools
All service providers are bound by contractual obligations to maintain the confidentiality and security of your personal information and are prohibited from using your data for their purposes.
5.2 Business Transfers and Corporate Transactions
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of the business transaction. We will provide notice of any such transfer and any choices you may have regarding your personal information.
5.3 Legal Requirements and Protection
We may disclose your personal information when required or permitted by law:
Legal Process:
Compliance with court orders, subpoenas, and legal proceedings
Response to lawful requests from government agencies and regulatory bodies
Cooperation with law enforcement investigations
Compliance with tax reporting and regulatory requirements
Safety and Security:
Protection of our rights, property, and legitimate business interests
Prevention of fraud, abuse, and unauthorized access
Investigation of potential violations of our Terms of Service
Protection of the safety and security of users and third parties
5.4 Anonymized and Aggregated Data
We may share anonymized, aggregated, or de-identified information that cannot reasonably be used to identify you:
Research and Analytics:
Industry reports and trend analysis
Academic research collaborations
Public health studies and initiatives
Technology development and innovation projects
Business Intelligence:
Market research and competitive analysis
Product development and feature planning
Partnership and collaboration opportunities
Investment and funding activities
6. Data Security and Protection Measures
6.1 Technical Safeguards
We implement comprehensive security measures to protect your personal information:
Encryption and Cryptographic Protection:
Military-grade AES-256 encryption for data at rest
TLS 1.3 encryption for all data transmissions
End-to-end encryption for sensitive communications
Advanced key management and rotation protocols
Cryptographic hashing for password protection
Access Controls and Authentication:
Multi-factor authentication for administrative access
Role-based access controls with the principle of least privilege
Regular access reviews and permission audits
Secure API authentication and authorization mechanisms
Session management and timeout controls
Infrastructure Security:
Secure cloud hosting with enterprise-grade providers
Network firewalls and intrusion detection systems
Regular security scanning and vulnerability assessments
Automated threat detection and response systems
Secure backup and disaster recovery procedures
6.2 Organizational Safeguards
Compliance and Auditing:
Regular security audits and penetration testing
Compliance assessments and certification maintenance
Third-party security evaluations and validations
Continuous monitoring and improvement programs
Documentation and record-keeping procedures
Incident Response:
24/7 security monitoring and alerting systems
Rapid incident detection and containment procedures
Forensic analysis and root cause investigation capabilities
User notification and regulatory reporting protocols
Post-incident review and improvement processes
6.3 Data Retention and Deletion
Retention Principles: We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
Retention Periods:
Account information: Retained while your account is active and for up to 7 years after deletion for legal compliance
Health and wellness data: Retained for up to 5 years after last Platform use for AI model improvement
Technical logs: Retained for up to 2 years for security and performance analysis
Support communications: Retained for up to 3 years for quality assurance and training
Secure Deletion: When retention periods expire or upon valid deletion requests, we employ secure deletion methods including cryptographic erasure, overwriting, and physical destruction of storage media.
7. Your Privacy Rights and Controls
7.1 Access and Transparency Rights
Right to Access: You have the right to request information about:
Categories of personal information we collect and process
Specific pieces of personal information we maintain about you
Sources from which we collected your personal information
Business purposes for collecting and sharing your information
Third parties with whom we share your personal information
Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format for transfer to another service provider, subject to technical feasibility and legal restrictions.
7.2 Correction and Update Rights
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your Platform account settings, or contact us for assistance with corrections.
Profile Management: Our Platform provides comprehensive tools for managing your personal information:
Account settings for updating profile information
Privacy controls for managing data sharing preferences
Communication preferences for marketing and notifications
Data download tools for accessing your information
7.3 Deletion and Restriction Rights
Right to Erasure (Right to be Forgotten): You may request deletion of your personal information under certain circumstances:
The information is no longer necessary for the original purposes
You withdraw consent, and no other legal basis exists
Your information has been unlawfully processed
Deletion is required for compliance with legal obligations
Right to Restrict Processing: You may request that we limit our processing of your personal information in certain situations:
You contest the accuracy of the information
Processing is unlawful, but you prefer restriction over deletion
We no longer need the information, but you require it for legal claims
You object to processing pending verification of legitimate grounds
Account Deletion: You may delete your account at any time through our advanced settings management interface. Upon deletion:
Your account will be immediately deactivated
Personal information will be deleted by our retention policies
Some information may be retained for legal compliance and legitimate business purposes
Anonymized data may be retained for research and development purposes
7.4 Objection and Opt-Out Rights
Right to Object: You have the right to object to the processing of your personal information based on legitimate interests, including:
Direct marketing and promotional communications
Profiling for marketing purposes
Processing for research and development activities
Automated decision-making processes
Marketing Opt-Out: You can opt out of marketing communications through:
Unsubscribe links in email communications
Direct contact with our support team
Third-party marketing preference centers
7.5 Exercising Your Rights
To exercise any of your privacy rights, please contact us using the information provided in the Contact section. We will respond to your request within the timeframes required by applicable law, typically within 30 days.
Verification Requirements: To protect your privacy and security, we may need to verify your identity before processing certain requests. This may include:
Confirming your account credentials
Requesting additional identification documents
Using multi-factor authentication
Confirming details about your Platform usage
8. International Data Transfers and Cross-Border Processing
8.1 Global Operations
As a technology company with global infrastructure and user base, your personal information may be transferred to, processed, and stored in countries outside your country of residence, including Singapore, the United States, and other jurisdictions where our service providers operate.
8.2 Transfer Safeguards
We ensure appropriate safeguards are in place for international data transfers:
Adequacy Decisions: We transfer data to countries that have been deemed to provide adequate protection by relevant data protection authorities.
Standard Contractual Clauses: For transfers to countries without adequacy decisions, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant authorities.
Additional Safeguards: We implement supplementary technical and organizational measures to ensure the security of international data transfers:
Enhanced encryption for cross-border data transmission
Strict data localization controls where required
Regular assessments of transfer risks and safeguards
Contractual commitments from international service providers
8.3 Data Localization Compliance
Where applicable law requires data localization or imposes restrictions on international transfers, we maintain compliance through:
Local data processing and storage infrastructure
Regional service provider arrangements
Jurisdiction-specific privacy controls
Compliance monitoring and reporting systems
9. Children's Privacy Protection
9.1 Age Restrictions
Our Platform is not intended for use by children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.
9.2 Parental Consent Requirements
For users between the ages of 13 and 18 (or the age of majority in their jurisdiction), we require:
Explicit parental consent before account creation
Parental notification of our privacy practices
Ongoing parental rights to access and control their child's information
Special protections for sensitive health information
9.3 Discovery and Deletion
If we discover that we have collected personal information from a child under 13 without proper consent:
We will immediately cease processing the information
The account and associated data will be promptly deleted
Parents will be notified of the collection and deletion
We will implement additional safeguards to prevent future occurrences
10. California Privacy Rights (CCPA/CPRA)
10.1 California Consumer Rights
California residents have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know:
Categories and specific pieces of personal information collected
Categories of sources from which information is collected
Business purposes for collecting and selling personal information
Categories of third parties with whom information is shared
Right to Delete: Request deletion of personal information, subject to certain exceptions for legal compliance, security, and legitimate business purposes.
Right to Opt-Out: Opt out of the sale or sharing of personal information for targeted advertising purposes.
Right to Correct: Request correction of inaccurate personal information maintained by the business.
Right to Limit Use of Sensitive Personal Information: Request limitation of use and disclosure of sensitive personal information to necessary business purposes.
10.2 Non-Discrimination
We do not discriminate against California consumers who exercise their privacy rights by:
Denying goods or services
Charging different prices or rates
Providing different levels or quality of services
Suggesting different prices or service levels
10.3 Authorized Agents
California residents may designate an authorized agent to submit privacy requests on their behalf. We may require:
Proof of the agent's authorization
Verification of the consumer's identity
Direct confirmation from the consumer of the agent's authority
11. European Privacy Rights (GDPR)
11.1 Legal Basis for Processing
For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process personal data based on:
Consent: Explicit consent for specific processing activities, marketing communications, and optional features.
Contract Performance: Processing is necessary to provide Platform services and fulfill our contractual obligations.
Legitimate Interests: Processing for business operations, security, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
Legal Compliance: Processing required to comply with applicable laws and regulations.
11.2 Additional Rights
European users have additional rights under the General Data Protection Regulation (GDPR):
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Lodge a Complaint: You have the right to complain with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.
Automated Decision-Making: You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.
11.3 Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities and implement appropriate measures to mitigate identified risks.
12. Other Jurisdictional Privacy Rights
12.1 Brazil (LGPD)
For users in Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD) and provide rights including:
Confirmation of processing and access to data
Correction of incomplete or inaccurate data
Anonymization, blocking, or deletion of data
Portability of data to another service provider
Information about public and private entities with whom data is shared
12.2 Canada (PIPEDA)
For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provide:
Access to personal information and correction rights
Withdrawal of consent for certain processing activities
Complaint procedures through the Privacy Commissioner of Canada
12.3 Australia (Privacy Act)
For Australian users, we comply with the Privacy Act 1988 and Australian Privacy Principles (APPs), providing:
Access to personal information and correction rights
Notification of data breaches affecting user privacy
Complaint procedures through the Office of the Australian Information Commissioner
13. Data Breach Notification and Response
13.1 Breach Detection and Assessment
We maintain comprehensive systems for detecting and assessing potential data breaches:
Continuous monitoring and threat detection systems
Automated alerting for suspicious activities
Regular security assessments and penetration testing
Employee training on breach identification and reporting
13.2 Incident Response Procedures
Upon detection of a potential breach, we implement our incident response plan:
Immediate Response (0-24 hours):
Containment and mitigation of the breach
Assessment of scope and potential impact
Preservation of evidence for investigation
Initial stakeholder notification
Investigation Phase (24-72 hours):
Forensic analysis and root cause determination
Impact assessment and affected user identification
Documentation and evidence collection
Coordination with law enforcement, if necessary
Notification and Remediation (72 hours+):
Regulatory notification as required by applicable law
User notification for high-risk breaches
Implementation of additional security measures
Ongoing monitoring and support for affected users
13.3 User Notification
We will notify affected users of data breaches that pose a high risk to their rights and freedoms:
Direct notification via email or in-app messaging
Clear description of the nature and scope of the breach
Information about potential consequences and recommended actions
Details of measures taken to address the breach
Contact information for additional questions or support
14. Third-Party Integrations and Links
14.1 Authentication Services
Our Platform integrates with third-party authentication providers:
Apple ID Integration:
Governed by Apple's Privacy Policy and Terms of Service
Limited data sharing based on user-selected preferences
Secure OAuth 2.0 authentication protocols
Option to hide email address from caKao
Google Account Integration:
Governed by Google's Privacy Policy and Terms of Service
Scope-limited access to basic profile information
Secure authentication with minimal data collection
User control over shared information
14.2 Payment Processing
Subscription and payment processing are handled by Apple's App Store:
All payment information is processed by Apple
caKao does not have access to payment card details
Billing inquiries should be directed to Apple Support
Refund policies are governed by Apple's terms
14.3 External Links and Services
Our Platform may contain links to external websites and services:
Third-party privacy policies govern data collection on external sites
We are not responsible for external privacy practices
Users should review privacy policies before sharing information
Links do not constitute endorsement of external services
15. Marketing and Communications
15.1 Types of Communications
We may send various types of communications based on your preferences:
Transactional Communications:
Account notifications and security alerts
Subscription and billing confirmations
Platform updates and maintenance notices
Customer support responses
Marketing Communications:
Product updates and new feature announcements
Promotional offers and special discounts
Health and wellness tips and content
Survey requests and feedback opportunities
15.2 Consent and Opt-Out
Email Marketing:
Explicit opt-in consent is required for promotional emails
Clear unsubscribe options in all marketing communications
Immediate processing of opt-out requests
Preference management for different types of content
Push Notifications:
Device-level permission controls
In-app notification preferences and settings
Granular control over notification types
Immediate effect of preference changes
15.3 Personalization
We may personalize marketing communications based on:
Platform usage patterns and preferences
Health and wellness goals and interests
Subscription status and feature usage
Geographic location and time zone
All personalization respects your privacy settings and communication preferences.
16. Business-to-Business Services
16.1 Enterprise and Research Partnerships
We may offer specialized services to healthcare providers, research institutions, and corporate wellness programs:
Aggregated Analytics:
De-identified population health insights
Wellness trend analysis and reporting
Benchmarking and comparative analytics
Custom research and data analysis services
API and Integration Services:
Secure data integration with healthcare systems
Custom reporting and dashboard solutions
Compliance-focused data sharing arrangements
White-label and co-branded platform options
16.2 Data Protection for B2B Services
All business-to-business services maintain strict data protection standards:
Separate data processing agreements and contracts
Enhanced security measures for sensitive health data
Regular compliance audits and assessments
Strict access controls and monitoring
17. Artificial Intelligence and Automated Processing
17.1 AI Systems and Decision-Making
Our Platform employs sophisticated AI systems for various purposes:
Computer Vision and Image Recognition:
Automated food identification and nutritional analysis
Portion size estimation and caloric calculation
Ingredient recognition and allergen detection
Meal quality assessment and recommendations
Predictive Analytics:
Personalized health and wellness recommendations
Goal achievement probability and timeline estimation
Risk assessment for health-related outcomes
Behavioral pattern analysis and intervention suggestions
Machine Learning Optimization:
Continuous improvement of recommendation accuracy
Personalization algorithm enhancement
User experience optimization and customization
Platform performance and efficiency improvements
17.2 Human Oversight and Intervention
While our AI systems operate with high accuracy, we maintain human oversight:
Regular algorithm auditing and bias testing
Human review of high-impact decisions
User feedback integration and correction mechanisms
Manual override capabilities for automated processes
17.3 Transparency and Explainability
We strive to provide transparency about our AI systems:
General explanations of how our algorithms work
Information about the data used for training and improvement
User controls for automated processing preferences
Feedback mechanisms for algorithm improvement
18. Data Innovation and Research
18.1 Research and Development
We research to advance health and wellness technology:
Internal Research:
Algorithm improvement and optimization studies
User behavior and engagement analysis
Platform effectiveness and outcome measurement
Technology innovation and development projects
External Collaborations:
Academic research partnerships and studies
Healthcare industry collaborations
Public health research initiatives
Technology advancement consortia
18.2 Research Data Protection
All research activities maintain strict privacy protections:
De-identification and anonymization of research data
Institutional Review Board (IRB) approval for human subjects research
Informed consent for research participation
Secure data sharing agreements with research partners
18.3 Innovation Benefits
Our research activities benefit users through:
Improved algorithm accuracy and personalization
Enhanced platform features and capabilities
Better health outcomes and user experiences
Advancement of digital health technology
19. Compliance and Certifications
19.1 Industry Standards and Certifications
We maintain compliance with relevant industry standards:
Information Security:
ISO 27001 Information Security Management
SOC 2 Type II Security and Availability
NIST Cybersecurity Framework alignment
Regular third-party security assessments
Healthcare Standards:
HIPAA-level security controls (where applicable)
FDA guidance for digital health tools
Healthcare data interoperability standards
Clinical research good practices
Privacy and Data Protection:
Privacy by Design and Default principles
Data minimization and purpose limitation
Consent management and user control systems
Cross-border data transfer safeguards
19.2 Regular Audits and Assessments
We conduct regular compliance evaluations:
Annual privacy impact assessments
Quarterly security audits and penetration testing
Ongoing vendor and partner compliance reviews
Regular legal and regulatory compliance updates
19.3 Continuous Improvement
Our compliance program includes:
Regular policy and procedure updates
Employee training and awareness programs
Industry best practice adoption
Stakeholder feedback integration
20. Contact Information and Data Protection Contacts
20.1 General Privacy Inquiries
For general privacy questions, concerns, or requests, please contact us:
Email: team@cakao.ai
Subject Line: Privacy Inquiry - [Your Request Type]
Response Time: We respond to privacy inquiries within 5 business days and provide substantive responses within 30 days as required by applicable law.
20.2 Data Protection Officer
Our designated Data Protection Officer handles complex privacy matters:
Email: team@cakao.ai
Responsibilities:
Privacy impact assessments and compliance oversight
Data breach response coordination
Cross-border transfer compliance
Regulatory relationship management
20.3 User Rights Requests
To exercise your privacy rights, please use our dedicated portal:
Email: team@cakao.ai
Required Information:
Full name and account email address
Specific right you wish to exercise
Relevant details about your request
Identity verification information (as needed)
20.4 Security Incident Reporting
To report security concerns or potential data breaches:
Email: team@cakao.ai
Phone: [Emergency Security Hotline - Available 24/7]
20.5 Customer Support
For general Platform support and account assistance:
Email: team@cakao.ai
In-App Support: Available through Platform settings
20.6 Corporate Information
caKao Inc.
Corporate Headquarters:
One-North district
Singapore
20.7 Regulatory Contacts
For users in specific jurisdictions, you may also contact relevant data protection authorities:
European Union: Your local Data Protection Authority
United Kingdom: Information Commissioner's Office (ICO)
California: California Attorney General's Office
Canada: Office of the Privacy Commissioner of Canada
Australia: Office of the Australian Information Commissioner
21. Policy Updates and Change Management
21.1 Policy Review and Updates
We regularly review and update this Privacy Policy to ensure:
Compliance with evolving legal requirements
Reflection of new Platform features and capabilities
Incorporation of user feedback and industry best practices
Alignment with organizational changes and business developments
21.2 Material Changes
Material changes to this Policy include:
Changes to the types of personal information collected
New purposes for processing personal information
Changes to data sharing or disclosure practices
Modifications to user rights or procedures
Changes to data retention periods or deletion practices
21.3 Notification Procedures
We will notify users of material changes through:
Direct Notification:
Email notifications to registered users
In-app notifications and alerts
Account dashboard notifications
Push notifications (where enabled)
Public Notice:
Updates to our website at www.cakao.ai/privacy
Social media announcements
Platform release notes and change logs
Public blog posts and communications
21.4 Effective Date and Transition
New Policy Effective Date: Material changes take effect 30 days after notification, allowing users sufficient time to review changes and exercise their rights.
Transition Period:
Users may opt out or delete their accounts before changes take effect
Existing data processing continues under the previous terms during the transition
New features or processing activities require explicit consent
Legacy users maintain grandfathered rights where applicable
Version Control: We maintain historical versions of our Privacy Policy for reference:
Previous versions available at www.cakao.ai/privacy/archive
Change logs documenting specific modifications
Effective dates and transition timelines
User communication records and notifications
22. Emergency Procedures and Crisis Management
22.1 Platform Discontinuation
In the unlikely event of Platform discontinuation, we will:
User Notification (90 days minimum):
Email notifications to all registered users
In-app notifications and dashboard alerts
Website announcements and public communications
Social media notifications and press releases
Data Export and Transfer:
Comprehensive data export tools and procedures
Assistance with data transfer to alternative platforms
Extended data retention period for user access
Secure data destruction timelines and procedures
Service Wind-Down:
Gradual feature deprecation with advance notice
Continued customer support during the transition period
Account closure assistance and final billing reconciliation
Legacy access for data retrieval and export
22.2 Emergency Data Access
In emergencies affecting user safety or public health:
Limited Emergency Processing:
Processing may occur without typical consent requirements
Strict limitation to emergency purposes only
Immediate cessation once emergency conditions end
Documentation and audit trail of emergency processing
Legal and Regulatory Coordination:
Cooperation with public health authorities
Compliance with emergency legal requirements
Transparent reporting of emergency processing activities
Post-emergency review and improvement procedures
22.3 Business Continuity
Our business continuity planning includes:
Redundant data processing and storage systems
Alternative service delivery mechanisms
Emergency communication procedures
Vendor and partner contingency arrangements
23. Specific Regional Compliance
23.1 Asia-Pacific Region
Singapore Personal Data Protection Act (PDPA):
Consent management for collection, use, and disclosure
Purpose limitation and notification requirements
Data breach notification to authorities and individuals
Do Not Call Registry compliance for marketing
Australian Privacy Principles (APPs):
Open and transparent privacy policy requirements
Data quality and security safeguards
Individual access and correction rights
Notifiable data breach obligations
Japan Personal Information Protection Act (PIPA):
Lawful basis for processing personal information
Cross-border transfer restrictions and safeguards
Individual rights and complaint procedures
Consent requirements for sensitive information
23.2 European Union and United Kingdom
GDPR Article 30 Records: We maintain comprehensive records of processing activities, including:
Purposes of processing and legal basis
Categories of data subjects and personal data
Recipients and international transfers
Retention periods and security measures
UK Data Protection Act 2018:
Compliance with UK GDPR requirements
Information Commissioner's Office (ICO) guidance
Lawful basis assessment and documentation
Special category data protection measures
Brexit Transition Compliance:
Separate UK adequacy assessment compliance
UK-specific data transfer mechanisms
Dual compliance with EU and UK requirements
Regular monitoring of regulatory changes
23.3 Americas Region
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA):
Meaningful consent requirements
Individual access and correction rights
Breach notification to the Privacy Commissioner
Cross-border transfer accountability
Mexican Federal Law on Protection of Personal Data (LFPDPPP):
Privacy notice requirements and consent management
Individual rights (ARCO rights) procedures
Data transfer impact assessments
National Institute transparency obligations
Brazilian Lei Geral de Proteção de Dados (LGPD):
Lawful basis for processing activities
Data subject rights and response procedures
Data Protection Impact Assessment requirements
National Data Protection Authority (ANPD) compliance
24. Conclusion and Commitment
24.1 Our Privacy Commitment
At caKao, privacy is not just a legal requirement; it is a fundamental principle that guides every aspect of our Platform development and operations. We are committed to:
Continuous Improvement:
Regular assessment and enhancement of privacy practices
Integration of emerging privacy technologies and best practices
Responsive adaptation to user feedback and concerns
Proactive compliance with evolving regulatory requirements
Transparent communication about our privacy practices and changes
User Empowerment:
Meaningful control over personal information and privacy settings
Clear, accessible information about our data practices
Responsive customer support for privacy-related inquiries
Regular education and awareness about privacy rights and options
Advocacy for user privacy rights in industry and policy discussions
Innovation with Privacy:
Privacy-by-design approach to all Platform development
Investment in privacy-enhancing technologies and solutions
Collaboration with privacy experts and advocacy organizations
Research and development of privacy-preserving AI and analytics
Leadership in responsible data stewardship and digital ethics
24.2 Long-Term Vision
We envision a future where:
Users have complete transparency and control over their personal information
AI technology enhances human health and wellness while protecting privacy
Digital platforms serve users' best interests with trust and accountability
Privacy protection enables rather than hinders technological innovation
Global privacy standards create consistent protection for all users
24.3 Ongoing Dialogue
We welcome feedback, questions, and suggestions about our privacy practices:
Regular user surveys and feedback collection
Privacy advisory group and community engagement
Academic and industry collaboration on privacy research
Public consultation on significant privacy policy changes
Transparent reporting on privacy metrics and improvements
Legal Disclaimer: This Privacy Policy is governed by the laws of Singapore and forms part of our comprehensive legal framework for Platform operations. In the event of any conflict between this Policy and applicable law, the requirements of applicable law shall prevail. This Policy does not create any contractual rights or legal obligations beyond those required by applicable privacy and data protection laws.
Language and Translation: This Privacy Policy was originally drafted in English. Translations into other languages are provided for convenience only. In case of any discrepancy between the English version and any translation, the English version shall prevail.
Contact for Legal and Compliance Matters: For legal, compliance, or regulatory inquiries related to this Privacy Policy, please contact our Legal Department at team@cakao.ai.