Last Updated: 06/23/2026
Effective Date: 06/23/2026
Thank you for visiting our website at https://myusay.com/ (this “Website”), developed and operated by Fison Health Co., Limited ("we," "us," or "our"). For the purposes of this Privacy Policy (this “Policy”), we are responsible for deciding how and for what purpose your personal information is processed when you visit the website. We take your personal information and privacy protection very seriously and will safeguard your personal information and privacy strictly in accordance with applicable laws and regulations of the United States.
This Policy explains how we collect, use, store, share, and protect your personal information, and outlines the rights to which you are entitled. Please carefully read and understand all the contents of this Policy before visiting the Website. Important contents that might materially affect your personal information and privacy rights have been highlighted in bold for your attention.
Table of Contents
- I. What Personal Information We Collect and How We Use It
- II. How We Share and Disclose Personal Information
- III. How We Retain Personal Information
- IV. What Rights You Have
- V. How We Protect Personal Information
- VI. How We Protect Personal Information of Minors
- VII. Updates to This Policy
- VIII. How to Contact Us
I. What Personal Information We Collect and How We Use It
Please note that we will only collect your personal information for the purposes and within the scope outlined in this Policy in compliance with applicable laws and regulations of the United States. In handling your personal information, we are committed to maintaining your trust in us and strictly adhere to the principles of purpose limitation, data minimization, storage limitation, reasonable security, transparency and accountability, etc. Our collection of your personal information is reasonably necessary and proportionate to provide the core services on the Website.
To provide you with excellent user experience and comprehensive personal information and privacy protection, we will collect and use your personal information as follows:
1. Device Data
1.1 To ensure the proper functioning, security, and management of your device and account, we collect certain technical and operational data related to the device itself. This data is essential for core functionalities such as device pairing, software updates, and troubleshooting.
1.2 The collection of this device data is based on the necessity for the performance of our contract with you to provide the core device service. It enables us to:
- Facilitate the initial setup, secure pairing, and ongoing operation of your website.
- Use unique device identifiers to help protect your account from unauthorized access and fraudulent activities.
- Deliver necessary firmware updates and diagnose technical issues to improve your experience.
- Link the physical device to your digital account for personalized data management.
1.3 The device data fields we collect include: IP address, browser type and version, operating system, and device identifiers.
This data is typically collected automatically when you set up and use the device. It is stored securely and is essential for the basic functionality of our Website.
1.4 To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 1.3.
- Sensitive personal information: IP address, and device identifiers.
2. Behavioral Data
2.1 To ensure the optimal functionality, security, and continuous improvement of our services, we collect certain user interaction data related to your browsing activities on our platform. This data is essential for core functionalities such as personalizing your experience, maintaining service security, and enhancing the overall usability and content relevance of our website.
2.2 The collection of this interaction data is based on the necessity for the performance of our contract with you to provide a personalized and secure service. It enables us to:
- Understand user preferences and behavior patterns to tailor content, recommendations, and interface layout;
- Monitor and analyze user engagement to identify and troubleshoot usability issues, thereby improving website performance and design;
- Detect and prevent potential security threats, fraudulent activities, and automated bot traffic by analyzing behavioral anomalies;
- Measure the effectiveness of our content and features to drive informed decisions for service development.
2.3 The specific interaction data fields we collect include: browsing history, click-through behavior, time spent on pages, search query keywords.
This data is typically collected automatically through technical means such as event listeners in web code, browser APIs, and local storage mechanisms as you interact with our website. It is stored securely and is integral to providing a functional, adaptive, and secure user experience.
2.4 To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 2.3.
- Sensitive personal information: search query keywords.
3. Subscriptions and Payments
3.1 To ensure the secure operation, identity verification, and fulfillment of contractual obligations, we collect certain account, transactional, and communication data that you provide directly to us. This data is fundamental for core services such as account creation, order processing, payment verification, customer support, and service delivery.
3.2 The collection of this data is based on the necessity for the performance of our contract with you, as well as our legitimate interests in providing secure and efficient services. It enables us to:
- Create and manage your user account, authenticate your identity, and secure access to our services.
- Process your transactions, arrange for the delivery of purchased goods or services, and handle any related refunds or disputes.
- Provide personalized customer support and maintain a record of our communications for quality assurance and dispute resolution.
- Facilitate user-generated content, such as product reviews, to enhance the community experience and inform other users.
3.3 The specific data fields we collect in this category include: email, password, payment, and billing account details (including Paypal, Shopify Payments, Apple Pay, Google Pay, and credit card information), shipping/delivery address, billing address, recipient's name, email verification code, SMS or mobile verification code, chat logs or communication records with customer service personnel, email correspondence, product reviews and comments, order history, shopping cart contents, records of refunds.
3.4 This data is typically provided by you voluntarily during registration, checkout, or when interacting with our support teams. It is stored securely and is essential for the basic functionality, security, and fulfillment of the services you request. To provide our service, the data you need to provide is summarized as follows:
- Mandatory data: above all data in section 3.3.
- Sensitive personal information: above all data in section 3.3.
4. Location Data
4.1 To ensure the security of our services, prevent fraudulent activities, and comply with regional legal and regulatory requirements, we automatically collect your IP address and derive an approximate geographic location from it. This data is essential for core functionalities such as access control, content localization, and security threat analysis.
4.2 The collection of this data is based on our legitimate interests in securing our platform and providing a localized user experience, as well as the necessity to comply with applicable laws in different jurisdictions. It enables us to:
- Enhance Security and Prevent Fraud: Detect and prevent unauthorized access, account takeover attempts, and other fraudulent activities by identifying logins or transactions originating from anomalous or high-risk geographic locations.
- Provide Localized Content and Services: Automatically display the website in the appropriate language, show region-specific pricing and promotions, and ensure compliance with local content regulations.
- Optimize Network Performance: Assist in routing requests to the nearest server or content delivery network (CDN) node to improve page load times and service reliability.
- Fulfill Legal and Tax Obligations: Determine the applicable tax jurisdiction (e.g., for sales tax/VAT) and comply with data sovereignty or other regional legal requirements.
4.3 The specific data fields we collect in this category include: approximate geographic location derived from IP address.
4.4 This data is collected automatically through technical means when you interact with our website. We typically utilize third-party IP geolocation databases or APIs to perform the translation from IP address to geographic information. The data is stored securely and is integral to providing a secure, compliant, and optimized user experience. To provide our service, the data processing is summarized as follows:
- Mandatory data: above all data in section 4.3.
- Sensitive personal information: above all data in section 4.3.
5. Service Optimization
You acknowledge and agree that, on the condition that the information is processed using secure encryption technology, de-identified, and cannot be used to re-identify any specific individual, we may use the information that you provide while using the Website, as well as corresponding model-generated replies and feedback, for model training and algorithm iteration. This allows us to continuously adjust and optimize the model’s performance in order to provide you with services of higher quality. If you do not wish us to use such information for model training and optimization, you may contact us using the contact information disclosed in Section VIII of this Privacy Policy.
6. Customer Service
To provide you with better customer services, we will collect the complaint and feedback information that you provide (including text and images), information you provide when contacting our customer service team via email at cs@myusay.com, and information you send to us when participating in surveys, contests, or promotional activities, such as your name, contact details, and messages.
II. How We Share and Disclose Personal Information
1. No Sale or Sharing. We do not sell your personal information for monetary or other valuable consideration as defined under Section 1798.140(ad) of California Civil Code, or share your personal information as defined under Section 1798.140(ah) of California Civil Code.
2. Disclosure to Service Providers. To provide core functionalities of the Website, we engage service providers to provide necessary services on our behalf. To that end, we share your personal information with these service providers. All these service providers are contractually prohibited from using your data for any purpose other than providing their designated services and must employ robust technical safeguards to ensure your privacy. These service providers do not fall within the scope of "third party" under Section 1798.140(ai) of California Civil Code, and such disclosure does not constitute "Share" under Section 1798.140(ah) of California Civil Code. The disclosures fall into the following seven categories:
- 2.1 E-commerce SaaS Platform and Infrastructure Services: We utilize Shopify as our e-commerce platform provider to host our online store, process secure payments, manage order fulfillment, and protect against fraudulent transactions, ensuring a seamless and secure shopping experience for you.
- 2.2 Cloud Storage and Technical Infrastructure: We utilize cloud service providers located in Germany for data storage, data hosting, and security optimization. These providers act as service providers and are prohibited from using your data for any purpose other than providing these infrastructure services.
- 2.3 Payment Processing Services: When you make a subscription through the Website, your payment data are processed by authorized third‑party payment service providers (e.g., Google Pay, Apple Pay, and PayPal). We do not store the details of your bank account or payment account data. Such data are directly processed by the payment service providers under applicable laws and regulations.
- 2.4 Verification Code and CAPTCHA Services: To protect your account security and prevent automated bot attacks, we use third-party services to deliver email/SMS verification codes and provide CAPTCHA challenges during login or registration.
- 2.5 Customer Support Services: We employ third-party platforms to manage our help desk, live chat, and email communications, ensuring your inquiries and technical issues are resolved efficiently.
- 2.6 Web Analytics Services: We use analytics service providers to collect information about how you interact with our website. This data helps us understand user behavior, optimize our site performance, and improve the user experience of our wearable products.
- 2.7 Advertisement Services: We collaborate with advertising service providers to deliver relevant marketing content and measure the effectiveness of our promotional campaigns based on your interactions with our site.
Details regarding our third‑party suppliers, types of personal data to be shared, purposes of sharing, and other relevant information are set out in the table below:
| Third‑Party Suppliers | Representative Providers | Services Provided | Types Of Personal Data Shared | Purpose Of Sharing |
|---|---|---|---|---|
| Shopify Inc. | Shopify Inc. | Cloud hosting, secure checkout, payment processing, order/inventory management, fraud prevention, and e-commerce infrastructure tools for online website operations | Customer names, contact details, shipping/billing addresses, payment transaction records, IP addresses, and device/browsing behavior data | To process payments, fulfill and ship orders, detect fraud, ensure website security, and maintain core store functionality |
| Third-party account login platforms | Google LLC, Apple Inc., Meta Platforms, Inc. (Facebook Login) | Third-party identity verification and social media login | Account information, device information, usage data | To support user login via third-party accounts, synchronize user preferences, and enable cross-device synchronization |
| Third-party payment service providers | Stripe, PayPal, Shop Pay | Payment processing service | Name, bank account number, expiration date, and CVV, email address, billing address, transaction amount, IP address, device information/token | To facilitate subscription and purchases, and complete transactions |
| Third-party SMS service provider | Twilio, Attentive, Klaviyo SMS | SMS sending services | Mobile phone number, SMS content, account information | To send verification codes (during user login/register) and notifications to users |
| Third-party email service provider | Klaviyo, SendGrid, Mailchimp | Email sending services | Email address, email content, account information | To send verification codes (during user login/register), notifications and marketing emails to users |
| Third-party customer support service provider | Zendesk, Gorgias, Intercom | Customer support services | Email address, cookies, browsing behavior, conversion events, behavioral data, purchase history | To perform customer service support |
| Third-party web analytics service provider | Google Analytics, Microsoft Clarity, Hotjar | Web analytics services | IP address, cookies, behavioral data, device information | To conduct website traffic analysis and user behavior analysis |
| Third-party advertisement service provider | Meta Platforms, Inc., Google Ads, TikTok | Advertisement services | Name, email, communication records | To conduct ad delivery and remarketing and ad performance tracking |
For additional question or information, please email us at data_protect@myusay.com.
3. Disclosure Required or Permitted by Law. If we sincerely believe that disclosing personal information is reasonably necessary and proportionate to achieve any of the following purposes, we will disclose your personal information to third parties only in the following circumstances:
3.1 In compliance with any applicable laws, regulations, court orders or judgments, or law enforcement demands. We will share information about the number and types of governmental requests we receive through public reports.
3.2 Enforcing applicable terms of use, including investigating possible violations.
3.3 Monitoring, preventing, or otherwise addressing fraud, security, or technical issues.
3.4 Protecting the personal or proprietary safety of you, ourselves, or the public from harm.
III. How We Retain Personal Information
1. Data Storage
To ensure the security of your personal information and provide stable and efficient services, your personal information is stored and hosted in cloud infrastructure located in Germany. We implement administrative, technical, and physical safeguards designed to protect this information in accordance with the applicable cybersecurity standards.
2. Retention Period
We will retain your personal information only for as long as is necessary to provide you with the services of the Website. Once the retention period exceeds what is necessary, or when you request deletion of your personal information, deregister your account, or when your personal information is no longer used for the intended purpose of collection, we will delete or permanently anonymize your personal information, unless otherwise required by applicable laws and regulations.
The retention period for cookies data provided to third-party suppliers is as follows:
| Third‑Party Suppliers | Representative Providers | Retention Period |
|---|---|---|
| Shopify Inc. | Shopify Inc. | Account/order data retained during the customer relationship and as required by applicable law; related cookies generally persist from session duration up to 2 years |
| Third-party account login platforms | Google LLC, Apple Inc., Meta Platforms, Inc. (Facebook Login) | Authentication/session data generally retained during the active session; certain identifiers may persist for up to 1 year |
| Third-party payment service providers | Stripe, PayPal, Shop Pay | Transaction-related records retained in accordance with financial/legal obligations; related cookies may persist from session duration up to 2 years depending on the provider |
| Third-party SMS service provider | Twilio, Attentive, Klaviyo SMS | Messaging metadata and related identifiers generally retained according to provider operational requirements; cookies may persist for up to 1 year |
| Third-party email service provider | Klaviyo, SendGrid, Mailchimp | Marketing identifiers and analytics-related cookies generally retained for up to 2 years |
| Third-party customer support service provider | Zendesk, Gorgias, Intercom | Support records retained according to contractual/legal obligations; cookies may persist from session duration up to 2 years |
| Third-party web analytics service provider | Google Analytics, Microsoft Clarity, Hotjar | Representative cookie retention periods include: _ga (2 years), _gid (24 hours), _clck (1 year), _clsk (24 hours) |
| Third-party advertisement service provider | Meta Platforms, Inc., Google Ads, TikTok | Representative cookie retention periods include: _fbp (90 days), _gcl_au (90 days), _ttp (up to 13 months) |
For data provided to third parties, please directly refer to the privacy policy of the third party. For example, please refer to Shopify’s Cookie Policy at https://www.shopify.com/zh/legal/cookies.
For other data (such as users’ personal information, order data, etc.), it is currently stored on the company's relevant servers and will be retained in accordance with legal and regulatory requirements.
IV. What Rights You Have
We respect the statutory rights to which you are entitled under the applicable laws and regulations of the United States, and we are committed to ensuring that you can exercise your rights conveniently.
1. What Rights You Have
1.1 Right to Access Your Personal Information
You have the right to ascertain whether we have collected or processed your personal information, and to access, within reasonable limits, what personal information about you we have collected or processed, including the categories and specific pieces of personal information collected from you, the categories of collection sources, our purposes of processing, and the categories of third party recipients. Some of the information can be accessed directly via account settings of the Website.
1.2 Right to Correct Your Personal Information
You have the right to request that we correct any inaccurate, incomplete, outdated, or misleading personal information maintained by us. Some information, such as basic profile details, can be corrected directly via account settings of the Website.
1.3 Right to Delete Your Personal Information
You have the right to request that we delete your personal information from our records, and notify any service providers or contractors to delete your personal information from their records. Unless we have a legitimate legal basis not to delete it, or are under a legal obligation to retain the data, we will act in accordance with your request. We typically ensure your right to deletion through the following two methods:
- 1.3.1 Unbind your smart wearable: Deletes temporarily stored personal information from the device and the Website.
- 1.3.2 Canceling your account: Deletes all of your personal information on our server.
1.4 Right to Know What Personal Information is Sold or Shared and to Whom
You have the right to request that we disclose to you: (1) the categories of personal information that we collected about you, (2) the categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared, and (3) the categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
1.5 Right to Opt Out of Sale or Sharing of Personal Information
You have the right to direct us not to sell or share your personal information at any time under California Civil Code. While we share your personal information to service providers as listed in “II. How We Share and Disclose Personal Information” only to provide core services in the Website, we do not "sell" or "share" your personal information as defined under Section 1798.140 of California Civil Code. Therefore, you are in a state of default "opt out." Currently, we do not respond to GPC signals as an opt-out of sale or sharing.
1.6 Right to Limit Use and Disclosure of Sensitive Personal Information
You have the right to direct us to limit our use and disclosure of your sensitive personal information to only what is necessary to perform the services reasonably expected by an average consumer in the Website. You may exercise this right at any time by clicking the “Your Privacy Choices” link. Once we receive and verify your request, we will, as soon as feasibly possible and no later than 15 business days, stop using and disclosing your sensitive information for any purposes other than those strictly necessary to provide our core services. We will further notify and instruct all service providers with whom we have shared such information to similarly limit their processing.
1.7 Right to Data Portability
You have the right to receive a copy of the specific pieces of personal information that we have collected about you. We will deliver the information in a structured, commonly used, and machine‑readable format that is easily understandable to the average consumer, and to the extent technically feasible. You have the right to transmit this data to another business or entity without hindrance at your choice.
1.8 Right of No Retaliation Following Opt Out or Exercise of Other Rights
You have the right not to be discriminated against by us in any way for exercising any of the personal information rights or privacy rights set out in this Policy or under any applicable laws and regulations. This means we will not deny you services available, charge you different prices, or provide a lower quality of service because you chose to delete, correct, limit the sharing of your personal information, or otherwise exercise your rights.
At the same time, please note that certain personal information is technically necessary to provide specific features of the Website. If you choose not to provide such information, we will be objectively unable to provide the relevant functions or services. For example, if you refuse to provide third‑party account information, you will not be able to register or log in using such third‑party account; if you refuse our collection of your health and exercise data, we will be unable to generate AI general wellness insights.
1.9 Right to Legal Remedies
If you have reason to believe that your rights have been infringed, we encourage you to contact our Privacy Officer at data_protect@myusay.com to provide us with a 30-day notice to cure. You also have the right to seek remedies through the following channels:
- 1.9.1 Complaint to Regulatory Authorities in Your State: For example, if you reside in California, you may file a complaint with the California Privacy Protection Agency (CPPA), or the California Attorney General (OAG).
- 1.9.2 Right to Sue for Data Breaches: Under Section 1798.150 of California Civil Code, you may have a private right of action for statutory damages if a security breach occurs due to our failure to maintain reasonable security.
- 1.9.3 Arbitration: If you suffer losses or damages of other kinds due to our violation of applicable laws and regulations, pursuant to our Terms of Use, you have the right to submit the matter to the Shenzhen Court of International Arbitration for arbitration against us.
2. How to Exercise Your Rights
You may exercise your rights to access and correct your personal information via account settings of the Website. To exercise your right to limit use and disclosure of sensitive personal information, and your rights regarding automated decision-making technology, please visit our “Your Privacy Choices” portal.
Alternatively, you may submit rights requests via our “Help & Feedback” page of the Website (where you may upload supporting text or images and provide an email address to receive our feedback), or by emailing us at data_protect@myusay.com. To protect the security of your data, please provide sufficient information for us to verify your identity when making a request. Generally, we will provide a substantive response within 15 business days after receiving a verifiable request. However, please note that we may refuse a request if we cannot verify your identity, if the request conflicts with a legal obligation (such as a court order), or if fulfilling the request would infringe upon the rights or safety of others.
V. How We Protect Personal Information
1. Data Protection Measures
We attach great emphasis to the security of your personal information and privacy. To this end, we adopt measures including, but not limited to:
- 1.1 Technical Measures: We will implement security measures such as anonymizing or pseudonymizing personal information, strict access controls, and the use of encryption technologies to protect the data we process.
- 1.2 Internal Controls: We will provide regular confidentiality training for employees, and limit access to, and processing of, your personal information to authorized personnel only.
- 1.3 Third‑party Cooperation: We will ensure through contracts and other reasonable measures that the data processing activities of all service providers should comply with applicable legal requirements.
- 1.4 Authoritative Regulation: We are subject to supervision by applicable regulatory authorities and continuously assess the adequacy of our data protection measures to ensure the legal and industry standards be met.
2. Data Breach
We maintain reasonable administrative, technical, and physical security measures, including encryption and access controls, to protect your personal information. In the event of a security breach involving your unencrypted personal information, we will comply with applicable laws and regulations, including notifying the relevant regulatory authority and the affected users without undue delay in compliance with applicable laws and regulations of the relevant jurisdiction. Furthermore, we will make every reasonably possible effort to patch vulnerabilities or attacks that could lead to data breaches, in order to avoid any adverse impact on your personal rights and interests.
VI. How We Protect Personal Information of Minors
We apply heightened protections for the personal information and privacy of minors. THE WEBSITE IS INTENDED FOR ADULTS ONLY, AND NOT INTENDED FOR MINORS UNDER THE AGE OF 18. We do not knowingly provide services to, or collect personal information from, minors under the age of 16.
- For users under the age of 13: We require a parent or legal guardian to provide affirmative, verifiable consent before we collect, use, or disclose any personal information.
- For users at least 13 but under the age of 16: We will not sell or share your personal information unless you provide us with explicit, affirmative “opt-in” authorization.
If we become aware that we have collected personal information from a child under 13 without parental consent, or from a minor under 16 without their opt-in consent (where required), we will take immediate steps to delete that information from our server. For any question or request, please contact us at data_protect@myusay.com to request its deletion.
VII. Updates to This Policy
To provide you with better services, the Website may be updated from time to time due to changes on our operations, technologies, or applicable laws and regulations. We will revise this Policy accordingly, and such revisions shall form part of this Policy and have the same effect as the current version.
The updated version of the Policy will be published in the Website and marked with an “Effective Date.” If there are material changes, we will notify you in a prominent manner (e.g., push notification, pop‑up window, or email).
VIII. How to Contact Us
If you have any questions, comments, or complaints regarding this Privacy Policy, please contact our Data Protection Officer (DPO) using the following contact details:
Data Protection Officer: Kaelly Wei
Address: RM 503, 5/F, Hang Seng Castle Peak Road Building, 339 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong, China
Email: data_protect@myusay.com
Phone: +852 69597886
Fison Health Co., Limited