本隐私政策说明 YBBCloud 如何收集、使用、共享、保存、保护和删除个人信息及来自 Facebook、TikTok、LinkedIn、Google 等平台的授权数据。本页面无需登录即可访问,供用户、客户、广告平台审核人员和公众查看。
1. 适用范围与角色
本政策适用于您访问或使用 YBBCloud CRM、广告线索同步、表单、客户管理、报表分析、API、Webhook 及第三方平台集成功能的情形。对于企业客户导入、录入或授权同步的客户和线索数据,企业客户通常为数据控制者或个人信息处理者,YBBCloud 按客户指示作为服务提供方处理数据;对于账户、安全、计费、客服和网站访问数据,YBBCloud 可能作为独立处理方处理。
2. 我们收集的信息
2.1 您直接提供的信息
- 账户与企业信息:姓名、邮箱、手机号、用户名、企业名称、部门、角色、权限和登录凭证的加密信息。
- 客户与线索信息:姓名、联系方式、公司、职位、国家/地区、询盘内容、表单字段、标签、分配记录、跟进记录和备注。
- 支持与沟通信息:您通过邮件、表单、客服或其他渠道提交的问题、反馈、附件和处理记录。
2.2 第三方平台授权数据
经您授权后,我们可能通过 Facebook/Meta、TikTok、LinkedIn、Google 等平台接口获取必要数据,包括广告账户、主页、表单、广告系列、广告组、素材、基础报表、线索表单提交数据、平台账户 ID、授权状态、访问令牌、刷新令牌、令牌有效期和同步日志。具体字段取决于您的授权范围、平台接口和业务配置。
2.3 自动收集的信息
- 设备与日志信息:IP 地址、浏览器、设备、操作系统、访问时间、请求 URL、错误日志、操作日志和安全审计日志。
- Cookie 与类似技术:用于登录状态、安全防护、语言偏好、基础统计和功能体验。
3. 使用目的与法律依据
- 提供、维护和改进 CRM、线索同步、客户跟进、报表分析、权限管理和营销协作功能。
- 按照您的授权从第三方平台同步广告线索和相关业务数据。
- 验证身份、管理权限、保护账户安全、防止欺诈、滥用、未授权访问和违反平台政策的行为。
- 响应咨询、技术支持、数据访问、更正、导出、撤回授权或删除请求。
- 履行合同、遵守法律法规、监管要求、审计要求和第三方平台政策。
我们处理信息的依据可能包括履行合同、取得同意、遵守法定义务、保护合法权益、保障网络与服务安全,以及在适用法律允许范围内的合理商业需要。
4. 平台数据使用限制
对于来自 Facebook、TikTok、LinkedIn、Google 等平台的数据,我们遵循最小必要、目的限制、授权使用和安全保护原则:
- 仅用于您授权的 CRM、线索管理、广告分析、客户跟进、数据同步和业务运营目的。
- 不会出售平台数据,不会将平台数据用于未经授权的广告定向、画像、数据经纪、信用评估或与授权目的无关的用途。
- 不会将平台数据转让给无关第三方,除非获得授权、为提供服务所必需、根据法律要求或平台政策允许。
- 不会尝试重新识别已匿名化或聚合化的数据,也不会规避平台用户选择或权限限制。
- 当平台政策要求删除、限制使用、停止处理或证明合规时,我们将按要求执行并协助客户完成必要流程。
5. 信息共享与受托处理
我们不会出售您的个人信息。我们可能在必要范围内共享或委托处理信息:
- 云服务器、数据库、邮件、短信、安全监控、日志、客服和技术支持等服务提供商。
- 您授权连接的第三方平台,用于完成授权验证、接口调用、数据同步或撤销授权。
- 根据法律法规、法院命令、监管要求、平台审核、安全事件处理或保护用户和公众权益而披露。
- 在企业合并、收购、资产转让或重组时,在符合法律要求和保密义务的前提下转移。
我们要求受托服务商仅按我们的指示处理数据,并采取合理的保密和安全措施。
6. 保存期限与删除
- 我们仅在实现本政策所述目的、履行合同、遵守法律法规、解决争议、安全审计或满足平台政策所需期间保存信息。
- 访问令牌、同步日志和平台数据仅在业务需要、授权状态、平台政策和安全要求范围内保存。
- 您可请求删除账号数据、客户数据、线索数据或第三方平台授权数据。我们将在验证身份和权限后,在合理期限内处理。
- 如果法律、监管、审计、争议解决、安全防护或平台政策要求保留部分记录,我们会限制继续使用,并在保留期届满后删除或匿名化。
7. 您的权利与选择
根据适用法律,您可能享有访问、复制、更正、删除、限制处理、撤回同意、注销账户、数据导出、解释说明和投诉等权利。您也可以通过 Facebook、TikTok、LinkedIn、Google 的授权管理页面撤销应用授权。撤销授权可能导致相关同步功能不可用,但不影响撤销前基于合法依据进行的处理。
8. Cookie 与类似技术
我们使用必要 Cookie 维持登录、安全防护、语言偏好和核心功能,也可能使用基础统计信息改进服务。您可以通过浏览器设置管理 Cookie,但禁用必要 Cookie 可能影响登录、授权和核心功能。
9. 数据安全
我们采取访问控制、权限隔离、加密传输、令牌保护、日志审计、备份、最小权限、异常监控和安全管理措施保护信息。但互联网环境无法保证绝对安全,您也应妥善保护账号、密码、API 密钥和第三方授权凭证。
10. 跨境传输
由于第三方平台、云服务、技术支持或业务运营可能位于不同国家/地区,您的信息可能被传输、存储或处理至您所在地区以外。我们会根据适用法律和平台政策采取合理措施,例如合同约束、访问控制、数据最小化和安全保护。
11. 儿童隐私
本服务面向企业用户,不面向未成年人。我们不会故意收集未成年人的个人信息。如您认为我们误收集了未成年人信息,请联系我们删除。
12. 政策更新与联系方式
我们可能因法律法规、平台政策或服务变化更新本政策。重大变更将通过页面公告、系统通知或其他合理方式提示。如需访问、更正、导出、撤回授权或删除数据,或对本政策有疑问,请联系 info@ybbis.com,邮件主题建议填写“数据删除请求”或“Privacy Request”。
This Privacy Policy explains how YBBCloud collects, uses, shares, retains, protects, and deletes personal information and authorized data from Facebook, TikTok, LinkedIn, Google, and similar platforms. This page is publicly accessible without login for users, customers, platform reviewers, and the public.
1. Scope and Roles
This Policy applies when you use YBBCloud CRM, advertising lead synchronization, forms, customer management, reporting, APIs, webhooks, and third-party integrations. For customer and lead data imported, entered, or authorized by business customers, the customer is generally the controller or personal information processor, and YBBCloud processes data as a service provider according to customer instructions. For account, security, billing, support, and website access data, YBBCloud may act as an independent processor.
2. Information We Collect
2.1 Information You Provide
- Account and business information: name, email, phone number, username, company, department, role, permissions, and encrypted login credentials.
- Customer and lead information: name, contact details, company, job title, country/region, inquiry content, form fields, tags, assignment records, follow-up records, and notes.
- Support and communications: questions, feedback, attachments, and support records submitted by email, forms, customer service, or other channels.
2.2 Authorized Platform Data
With your authorization, we may retrieve necessary data through APIs from Facebook/Meta, TikTok, LinkedIn, Google, and similar platforms, including ad accounts, pages, forms, campaigns, ad groups, creatives, basic reports, lead form submissions, platform account IDs, authorization status, access tokens, refresh tokens, token expiration, and synchronization logs. Exact fields depend on your authorization scope, platform APIs, and business configuration.
2.3 Automatically Collected Information
- Device and log information: IP address, browser, device, operating system, access time, request URL, error logs, operation logs, and security audit logs.
- Cookies and similar technologies: used for login status, security protection, language preferences, basic analytics, and functionality.
3. Purposes and Legal Bases
- To provide, maintain, and improve CRM, lead synchronization, customer follow-up, reporting, permission management, and marketing collaboration features.
- To synchronize advertising leads and related business data from third-party platforms based on your authorization.
- To authenticate users, manage permissions, protect accounts, and prevent fraud, abuse, unauthorized access, and platform policy violations.
- To respond to inquiries, support requests, access, correction, export, authorization withdrawal, or deletion requests.
- To perform contracts and comply with laws, regulations, audits, and third-party platform policies.
Our legal bases may include contract performance, consent, legal obligations, legitimate interests, service and network security, and reasonable business needs permitted by applicable law.
4. Platform Data Use Restrictions
For data from Facebook, TikTok, LinkedIn, Google, and similar platforms, we follow data minimization, purpose limitation, authorized use, and security protection principles:
- We use platform data only for authorized CRM, lead management, advertising analytics, customer follow-up, data synchronization, and business operations.
- We do not sell platform data or use it for unauthorized ad targeting, profiling, data brokerage, credit evaluation, or unrelated purposes.
- We do not transfer platform data to unrelated third parties unless authorized, necessary to provide the Service, required by law, or permitted by platform policies.
- We do not attempt to re-identify anonymized or aggregated data or bypass platform user choices or permission limits.
- When platform policies require deletion, restricted use, cessation of processing, or compliance evidence, we will comply and assist customers with necessary procedures.
5. Sharing and Service Providers
We do not sell your personal information. We may share or entrust processing of information only as necessary with:
- Cloud hosting, database, email, SMS, security monitoring, logging, customer support, and technical service providers.
- Third-party platforms you authorize for authorization verification, API calls, data synchronization, or authorization revocation.
- Authorities, courts, regulators, platform reviewers, or relevant parties when required by law, platform review, security incident handling, or protection of users and the public.
- Parties involved in a merger, acquisition, asset transfer, or restructuring, subject to legal requirements and confidentiality obligations.
We require service providers to process data only according to our instructions and to use reasonable confidentiality and security measures.
6. Retention and Deletion
- We retain information only as long as necessary for the purposes described in this Policy, contract performance, legal compliance, dispute resolution, security audits, or platform policy requirements.
- Access tokens, synchronization logs, and platform data are retained only as needed for business purposes, authorization status, platform policies, and security requirements.
- You may request deletion of account data, customer data, lead data, or third-party platform authorization data. After verifying identity and authority, we will process valid requests within a reasonable period.
- If records must be retained for legal, regulatory, audit, dispute, security, or platform policy reasons, we will restrict further use and delete or anonymize them after the retention period expires.
7. Your Rights and Choices
Depending on applicable law, you may have rights to access, copy, correct, delete, restrict processing, withdraw consent, close accounts, export data, receive explanations, and lodge complaints. You may also revoke app authorization through Facebook, TikTok, LinkedIn, or Google authorization settings. Revocation may disable related synchronization but does not affect prior lawful processing.
8. Cookies and Similar Technologies
We use necessary cookies for login, security, language preferences, and core features, and may use basic analytics to improve the Service. You can manage cookies through browser settings, but disabling necessary cookies may affect login, authorization, and core functions.
9. Data Security
We use access controls, permission isolation, encrypted transmission, token protection, logging, backups, least privilege, anomaly monitoring, and security management measures. No internet environment is absolutely secure, and you should also protect your account, password, API keys, and platform credentials.
10. International Transfers
Because third-party platforms, cloud services, technical support, or business operations may be located in different countries or regions, your information may be transferred to, stored in, or processed outside your region. We take reasonable measures under applicable laws and platform policies, such as contractual safeguards, access controls, data minimization, and security protections.
11. Children’s Privacy
The Service is intended for business users and is not directed to children. We do not knowingly collect children’s personal information. If you believe we have collected such information, please contact us for deletion.
12. Updates and Contact
We may update this Policy due to changes in laws, platform policies, or the Service. Material changes will be communicated through page notices, system notifications, or other reasonable means. To access, correct, export, withdraw authorization, or delete data, or if you have questions, contact info@ybbis.com. We recommend using the subject “Data Deletion Request” or “Privacy Request”.