Last Updated: 06/23/2026
Effective Date: 06/23/2026
Thank you for visiting our website at https://myusay.com/ (this “Website”), developed and operated by Fison Health Co., Limited ("we," "us," or "our"). For the purposes of this Privacy Policy (this “Policy”), we are responsible for deciding how and for what purpose your personal information is processed when you visit the website. We take your personal information and privacy protection very seriously and will safeguard your personal information and privacy strictly in accordance with applicable laws and regulations of Macao.
This Policy explains how we collect, use, store, share, and protect your personal information, and outlines the rights to which you are entitled. Please carefully read and understand all the contents of this Policy before visiting the Website. Important contents that might materially affect your personal information and privacy rights have been highlighted in bold for your attention.
Table of Contents
- I. What Personal Data We Collect and How We Use It
- II. What Legal Basis We Rely On for Processing Personal Data
- III. How We Disclose and Transfer Personal Data
- IV. How We Retain Personal Data
- V. What Rights You Have
- VI. How We Protect Personal Data
- VII. How We Protect Personal Data of Minors
- VIII. Updates to This Policy
- IX. How to Contact Us
I. What Personal Data We Collect and How We Use It
Please note that we will only collect your personal data for the purposes and within the scope outlined in this Policy in compliance with applicable laws and regulations. In handling your personal data, we are committed to maintaining your trust in us and strictly adhere to the principles of Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use, Disclosure, and Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance. Our collection of your personal data is reasonably necessary and proportionate to provide the core services in the Website.
To provide you with excellent user experience and comprehensive personal data and privacy protection, we will collect and use your personal data as follows.
1. Device Data
1.1 To ensure the proper functioning, security, and management of your device and account, we collect certain technical and operational data related to the device itself. This data is essential for core functionalities such as device pairing, software updates, and troubleshooting.
1.2 The collection of this device data is based on the necessity for the performance of our contract with you to provide the core device service. It enables us to:
- Facilitate the initial setup, secure pairing, and ongoing operation of your website.
- Use unique device identifiers to help protect your account from unauthorized access and fraudulent activities.
- Deliver necessary firmware updates and diagnose technical issues to improve your experience.
- Link the physical device to your digital account for personalized data management.
1.3 The device data fields we collect include: IP address, browser type and version, operating system, and device identifiers.
This data is typically collected automatically when you set up and use the device. It is stored securely and is essential for the basic functionality of our Website.
1.4 To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 1.3.
- Sensitive data: IP address, and device identifiers.
2. Behavioral Data
2.1 To ensure the optimal functionality, security, and continuous improvement of our services, we collect certain user interaction data related to your browsing activities on our platform. This data is essential for core functionalities such as personalizing your experience, maintaining service security, and enhancing the overall usability and content relevance of our website.
2.2 The collection of this interaction data is based on the necessity for the performance of our contract with you to provide a personalized and secure service. It enables us to:
- Understand user preferences and behavior patterns to tailor content, recommendations, and interface layout;
- Monitor and analyze user engagement to identify and troubleshoot usability issues, thereby improving website performance and design;
- Detect and prevent potential security threats, fraudulent activities, and automated bot traffic by analyzing behavioral anomalies;
- Measure the effectiveness of our content and features to drive informed decisions for service development.
2.3 The specific interaction data fields we collect include: browsing history, click-through behavior, time spent on pages, search query keywords.
This data is typically collected automatically through technical means such as event listeners in web code, browser APIs, and local storage mechanisms as you interact with our website. It is stored securely and is integral to providing a functional, adaptive, and secure user experience.
2.4 To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 2.3.
- Sensitive data: search query keywords.
3. Subscriptions and Payments
3.1 To ensure the secure operation, identity verification, and fulfillment of contractual obligations, we collect certain account, transactional, and communication data that you provide directly to us. This data is fundamental for core services such as account creation, order processing, payment verification, customer support, and service delivery.
3.2 The collection of this data is based on the necessity for the performance of our contract with you, as well as our legitimate interests in providing secure and efficient services. It enables us to:
- Create and manage your user account, authenticate your identity, and secure access to our services.
- Process your transactions, arrange for the delivery of purchased goods or services, and handle any related refunds or disputes.
- Provide personalized customer support and maintain a record of our communications for quality assurance and dispute resolution.
- Facilitate user-generated content, such as product reviews, to enhance the community experience and inform other users.
3.3 The specific data fields we collect in this category include: email, password, payment, and billing account details (including Paypal, Shopify Payments, Apple Pay, Google Pay, and credit card information), shipping/delivery address, billing address, recipient's name, email verification code, SMS or mobile verification code, chat logs or communication records with customer service personnel, email correspondence, product reviews and comments, order history, shopping cart contents, records of refunds.
3.4 This data is typically provided by you voluntarily during registration, checkout, or when interacting with our support teams. It is stored securely and is essential for the basic functionality, security, and fulfillment of the services you request. To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 3.3.
- Sensitive data: above all data in section 3.3.
4. Location Data
4.1 To ensure the security of our services, prevent fraudulent activities, and comply with regional legal and regulatory requirements, we automatically collect your IP address and derive an approximate geographic location from it. This data is essential for core functionalities such as access control, content localization, and security threat analysis.
4.2 The collection of this data is based on our legitimate interests in securing our platform and providing a localized user experience, as well as the necessity to comply with applicable laws in different jurisdictions. It enables us to:
- Enhance Security and Prevent Fraud: Detect and prevent unauthorized access, account takeover attempts, and other fraudulent activities by identifying logins or transactions originating from anomalous or high-risk geographic locations.
- Provide Localized Content and Services: Automatically display the website in the appropriate language, show region-specific pricing and promotions, and ensure compliance with local content regulations.
- Optimize Network Performance: Assist in routing requests to the nearest server or content delivery network (CDN) node to improve page load times and service reliability.
- Fulfill Legal and Tax Obligations: Determine the applicable tax jurisdiction (e.g., for sales tax/VAT) and comply with data sovereignty or other regional legal requirements.
4.3 The specific data fields we collect in this category include: approximate geographic location derived from IP address.
4.4 This data is collected automatically through technical means when you interact with our website. We typically utilize third-party IP geolocation databases or APIs to perform the translation from IP address to geographic information. The data is stored securely and is integral to providing a secure, compliant, and optimized user experience. To provide our service, the data processing is summarized as follows:
- Mandatory data: above all data in section 4.3.
- Sensitive data: above all data in section 4.3.
5. Service Optimization
You acknowledge and agree that, on the condition that the information is processed using secure encryption technology, de-identified, and cannot be used to re-identify any specific individual, we may use the information that you provide while using the Website, as well as corresponding model-generated replies and feedback, for model training and algorithm iteration. This allows us to continuously adjust and optimize the model’s performance in order to provide you with services of higher quality. If you do not wish us to use such information for model training and optimization, you may contact us using the contact information disclosed in Section IX of this Privacy Policy.
6. Customer Service
To provide you with better customer services, we will collect the complaint and feedback information that you provide (including text and images), information you provide when contacting our customer service team via email at cs@myusay.com, and information you send to us when participating in surveys, contests, or promotional activities, such as your name, contact details, and messages.
II. What Legal Basis We Rely On for Processing Personal Data
1. Legal Basis for Processing Personal Data
1.1 Consent
We process your personal data when you have provided unambiguous consent. You have the right to withdraw such consent at any time.
1.2 Performance of Contract
We process your personal data where necessary for the performance of a contract to which you are a party, or to take pre-contractual measures at your request.
1.3 Legal Obligations
We process your personal data in order to fulfill our legal duties and obligations under applicable laws and regulations and requirements from administrative authorities or courts. For example, consumer rights protection, product recalls, or safety requirements.
1.4 Protection of Legitimate Rights
We process your personal data for pursuing our legitimate interests or those of third party recipients of the data, except where such interests are overridden by your own fundamental rights and freedoms.
2. Legal Basis for Processing Sensitive Data
2.1 Express Consent
We process your sensitive data when you have given explicit consent for such processing.
2.2 Legal Claims
We process your sensitive data where necessary for the establishment, exercise, or defense of legal claims and is limited strictly to that purpose.
III. How We Disclose and Transfer Personal Data
1. No Sale or Disclosure for Secondary Purposes. We do not sell your personal data. We collect, use, and disclose your personal data solely for the purposes of providing, maintaining, and improving the functions and services of the Website. We will not use or disclose your information for any secondary purposes without your express consent, unless required or permitted by law.
2. Disclosure to Service Providers for Necessary Processing. To provide core functionalities of the Website, we engage third-party service providers to provide necessary services on our behalf. To that end, we transfer your personal data with these service providers for processing. All these service providers are contractually prohibited from using your data for any purpose other than providing their designated services and must employ robust technical safeguards to ensure your privacy. The disclosures fall into the following seven categories:
- 2.1 E-commerce SaaS Platform and Infrastructure Services: We utilize Shopify as our e-commerce platform provider to host our online store, process secure payments, manage order fulfillment, and protect against fraudulent transactions, ensuring a seamless and secure shopping experience for you.
- 2.2 Cloud Storage and Technical Infrastructure: We utilize cloud service providers located in Hong Kong for data storage, data hosting, and security optimization. These providers act as service providers and are prohibited from using your data for any purpose other than providing these infrastructure services.
- 2.3 Payment Processing Services: When you make a subscription through the Website, your payment data are processed by authorized third‑party payment service providers (e.g., Google Pay, Apple Pay, and PayPal). We do not store the details of your bank account or payment account data. Such data are directly processed by the payment service providers under applicable laws and regulations.
- 2.4 Verification Code and CAPTCHA Services: To protect your account security and prevent automated bot attacks, we use third-party services to deliver email/SMS verification codes and provide CAPTCHA challenges during login or registration.
- 2.5 Customer Support Services: We employ third-party platforms to manage our help desk, live chat, and email communications, ensuring your inquiries and technical issues are resolved efficiently.
- 2.6 Web Analytics Services: We use analytics service providers to collect information about how you interact with our website. This data helps us understand user behavior, optimize our site performance, and improve the user experience of our wearable products.
- 2.7 Advertisement Services: We collaborate with advertising service providers to deliver relevant marketing content and measure the effectiveness of our promotional campaigns based on your interactions with our site.
Details regarding our third‑party suppliers, types of personal data to be shared, purposes of sharing, and other relevant information are set out in the table below:
| Third‑Party Suppliers | Representative Providers | Services Provided | Types Of Personal Data Shared | Purpose Of Sharing |
|---|---|---|---|---|
| Shopify Inc. | Shopify Inc. | Cloud hosting, secure checkout, payment processing, order/inventory management, fraud prevention, and e-commerce infrastructure tools for online website operations | Customer names, contact details, shipping/billing addresses, payment transaction records, IP addresses, and device/browsing behavior data | To process payments, fulfill and ship orders, detect fraud, ensure website security, and maintain core store functionality |
| Third-party account login platforms | Google LLC, Apple Inc., Meta Platforms, Inc. (Facebook Login) | Third-party identity verification and social media login | Account information, device information, usage data | To support user login via third-party accounts, synchronize user preferences, and enable cross-device synchronization |
| Third-party payment service providers | Stripe, PayPal, Shop Pay | Payment processing service | Name, bank account number, expiration date, and CVV, email address, billing address, transaction amount, IP address, device information/token | To facilitate subscription and purchases, and complete transactions |
| Third-party SMS service provider | Twilio, Attentive, Klaviyo SMS | SMS sending services | Mobile phone number, SMS content, account information | To send verification codes (during user login/register) and notifications to users |
| Third-party email service provider | Klaviyo, SendGrid, Mailchimp | Email sending services | Email address, email content, account information | To send verification codes (during user login/register), notifications and marketing emails to users |
| Third-party customer support service provider | Zendesk, Gorgias, Intercom | Customer support services | Email address, cookies, browsing behavior, conversion events, behavioral data, purchase history | To perform customer service support |
| Third-party web analytics service provider | Google Analytics, Microsoft Clarity, Hotjar | Web analytics services | IP address, cookies, behavioral data, device information | To conduct website traffic analysis and user behavior analysis |
| Third-party advertisement service provider | Meta Platforms, Inc., Google Ads, TikTok | Advertisement services | Name, email, communication records | To conduct ad delivery and remarketing and ad performance tracking |
For additional question or information, please email us at data_protect@myusay.com.
3. Disclosure Required or Permitted by Law. If we sincerely believe that disclosing personal data is reasonably necessary and proportionate to achieve any of the following purposes, we will disclose your personal data to third parties only in the following circumstances:
3.1 In compliance with any applicable laws, regulations, court orders or judgments, or law enforcement demands. We will share information about the number and types of governmental requests we receive through public reports.
3.2 Enforcing applicable terms of use, including investigating possible violations.
3.3 Monitoring, preventing, or otherwise addressing fraud, security, or technical issues.
3.4 Protecting the personal or proprietary safety of you, ourselves, or the public from harm.
4. Transfer of Personal Data Outside the Macao SAR. To provide the core functions of the Website, we may transfer your personal data, including sensitive data, to third-party service providers as listed in “2. Disclosure to Service Providers for Necessary Processing” above. Some of the service providers are located outside of Macao. Thus, your personal data may be transferred to, stored, or processed in jurisdictions outside Macao (including in Hong Kong). In accordance with Articles 19 and 20 of Law No. 8/2005 (Personal Data Protection Act, the “PDPA”), we ensure that such transfers are conducted based on your explicit consent, the necessity for the performance of our contract with you, or other legal bases permitted by law. We implement stringent contractual and security measures with our overseas recipients to ensure your data receives a level of protection equivalent to that required under Macao law. Where required, we will notify or obtain prior authorization from the Personal Data Protection Bureau (PDPB) for such transfers.
IV. How We Retain Personal Data
1. Data Storage
To ensure the security of your personal data and provide stable and efficient services, your personal data is stored and hosted in cloud infrastructure located in Hong Kong. We implement administrative, technical, and physical safeguards designed to protect this information in accordance with the applicable cybersecurity standards.
2. Retention Period
We will retain your personal data only for as long as is necessary to provide you with the services of the Website. Once the retention period exceeds what is necessary, or when you request deletion of your personal data, deregister your account, or when your personal data is no longer used for the intended purpose of collection, we will delete or permanently anonymize your personal data, unless otherwise required by applicable laws and regulations.
The retention period for cookies data provided to third-party suppliers is as follows:
| Third‑Party Suppliers | Representative Providers | Retention Period |
|---|---|---|
| Shopify Inc. | Shopify Inc. | Account/order data retained during the customer relationship and as required by applicable law; related cookies generally persist from session duration up to 2 years |
| Third-party account login platforms | Google LLC, Apple Inc., Meta Platforms, Inc. (Facebook Login) | Authentication/session data generally retained during the active session; certain identifiers may persist for up to 1 year |
| Third-party payment service providers | Stripe, PayPal, Shop Pay | Transaction-related records retained in accordance with financial/legal obligations; related cookies may persist from session duration up to 2 years depending on the provider |
| Third-party SMS service provider | Twilio, Attentive, Klaviyo SMS | Messaging metadata and related identifiers generally retained according to provider operational requirements; cookies may persist for up to 1 year |
| Third-party email service provider | Klaviyo, SendGrid, Mailchimp | Marketing identifiers and analytics-related cookies generally retained for up to 2 years |
| Third-party customer support service provider | Zendesk, Gorgias, Intercom | Support records retained according to contractual/legal obligations; cookies may persist from session duration up to 2 years |
| Third-party web analytics service provider | Google Analytics, Microsoft Clarity, Hotjar | Representative cookie retention periods include: _ga (2 years), _gid (24 hours), _clck (1 year), _clsk (24 hours) |
| Third-party advertisement service provider | Meta Platforms, Inc., Google Ads, TikTok | Representative cookie retention periods include: _fbp (90 days), _gcl_au (90 days), _ttp (up to 13 months) |
For data provided to third parties, please directly refer to the privacy policy of the third party. For example, please refer to Shopify’s Cookie Policy at https://www.shopify.com/zh/legal/cookies.
For other data (such as users’ personal information, order data, etc.), it is currently stored on the company's relevant servers and will be retained in accordance with legal and regulatory requirements.
V. What Rights You Have
We respect the statutory rights to which you are entitled under the applicable laws and regulations, and we are committed to ensuring that you can exercise your rights conveniently.
1. What Rights You Have
1.1 Right to Information
You have the right to be informed, at the time of collection, about our identity, the specific purposes of processing your personal data, the categories of recipients who may see your personal data, and the voluntary or mandatory nature of providing your data.
1.2 Right to Access
You have the right to obtain confirmation from us as to whether your personal data is being processed. You may request a copy of your personal data in an intelligible form, as well as information regarding the source of the data and the logic involved in any automated processing.
1.3 Right to Rectification and Erasure
You have the right to request the correction, completion, or deletion of any personal data that is inaccurate, incomplete, or processed in a manner that does not comply with Macao law. We typically ensure your right to erasure through the following two methods:
- Unbind your smart wearable: Deletes temporarily stored personal data from the device and the Website.
- Canceling your account: Deletes all of your personal data on our server.
1.4 Right to Object
General Objection: On lawful and serious grounds relating to your specific situation, you may object to the processing of your personal data.
Direct Marketing: You have the absolute right to object, free of charge and at any time, to the use of your personal data for direct marketing or commercial prospecting.
1.5 Right not to be subject to automated individual decisions
You have the right not to be subject to a decision that produces legal effects concerning you or significantly affects you, based solely on the automated processing of data intended to evaluate certain personal aspects.
1.6 Right to Withdraw Consent
You have the right to withdraw your consent to our collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions and reasonable notice. When you withdraw consent, we will cease collecting and processing new data from you, and you may also choose to have the personal data previously collected from you deleted. Withdrawal of consent does not affect the lawfulness and legitimacy of our processing based on consent before the withdrawal. However, please note that withdrawing consent may result in difficulties or limitations in using certain functions of the Website.
1.7 Right to Data Portability
You have the right to receive a copy of the specific pieces of personal data that we have collected about you. We will deliver the information in a structured, commonly used, and machine‑readable format. You have the right to transmit this data to another business or entity without hindrance at your choice.
1.8 Right to Legal Remedies
If you have reason to believe that your rights have been infringed, we encourage you to contact our Data Protection Officer at data_protect@myusay.com to provide us with a 30-day notice to cure. You also have the right to seek remedies through the following channels:
- 1.8.1 Administrative Complaints: You may file a complaint with the Personal Data Protection Bureau (PDPB).
- 1.8.2 Right to Compensation: You have the right to sue for damages resulting from an unlawful processing operation or any act that infringes upon the provisions of the PDPA.
- 1.8.3 Arbitration: If you suffer losses or damages of other kinds due to our violation of applicable laws and regulations, pursuant to our Terms of Use, you have the right to submit the matter to the Shenzhen Court of International Arbitration for arbitration against us.
2. How to Exercise Your Rights
You may exercise your rights to access and correct your personal data via account settings of the Website. You may also submit rights requests via our “Help & Feedback” page of the Website (where you may upload supporting text or images and provide an email address to receive our feedback), or by emailing us at data_protect@myusay.com. To protect the security of your data, please provide sufficient information for us to verify your identity when making a request. Generally, we will provide a substantive response within 30 days after receiving a verifiable request, unless an extension is permitted by law. However, please note that we may refuse a request if we cannot verify your identity, if the request conflicts with a legal obligation (such as a court order), or if fulfilling the request would infringe upon the rights or safety of others.
VI. How We Protect Personal Data
1. Data Protection Measures
We attach great emphasis to the security of your personal data and privacy. To this end, we adopt measures including, but not limited to:
- 1.1 Technical Measures: We will implement security measures such as anonymizing or pseudonymizing personal data, strict access controls, and the use of encryption technologies to protect the data we process.
- 1.2 Internal Controls: We will provide regular confidentiality training for employees, and limit access to, and processing of, your personal data to authorized personnel only.
- 1.3 Third‑party Cooperation: We will ensure through contracts and other reasonable measures that the data processing activities of all service providers should comply with applicable legal requirements.
- 1.4 Authoritative Regulation: We are subject to supervision by applicable regulatory authorities and continuously assess the adequacy of our data protection measures to ensure the legal and industry standards be met.
2. Data Breach
We maintain reasonable administrative, technical, and physical security measures, including encryption and access controls, to protect your personal data. In the event of a security breach involving your personal data, we will comply with applicable laws and regulations, including notifying the relevant regulatory authority and the affected users without undue delay in compliance with applicable laws and regulations of the relevant jurisdiction. Furthermore, we will make every reasonably possible effort to patch vulnerabilities or attacks that could lead to data breaches, in order to avoid any adverse impact on your personal rights and interests.
VII. How We Protect Personal Data of Minors
We apply heightened protections for the personal data and privacy of minors. THE WEBSITE IS INTENDED FOR ADULTS ONLY, AND NOT INTENDED FOR MINORS UNDER THE AGE OF 18. We do not knowingly provide services to, or collect personal data from, minors under the age of 18. For users under the age of 18: We require a parent or legal guardian to provide affirmative, verifiable consent before we collect, use, or disclose any personal data.
If we become aware that we have collected personal data from a minor under 18 without parental consent, we will take immediate steps to delete that information from our server. For any question or request, please contact us at data_protect@myusay.com to request its deletion.
VIII. Updates to This Policy
To provide you with better services, the Website may be updated from time to time due to changes on our operations, technologies, or applicable laws and regulations. We will revise this Policy accordingly, and such revisions shall form part of this Policy and have the same effect as the current version.
The updated version of the Policy will be published in the Website and marked with an “Effective Date.” If there are material changes, we will notify you in a prominent manner (e.g., push notification, pop‑up window, or email).
IX. How to Contact Us
If you have any questions, comments, or complaints regarding this Privacy Policy, please contact our Data Protection Officer (DPO) using the following contact details:
Data Protection Officer: Kaelly Wei
Address: RM 503, 5/F, Hang Seng Castle Peak Road Building, 339 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong, China
Email: data_protect@myusay.com
Phone: +852 69597886
Fison Health Co., Limited