Privacy Policy

PRIVACY POLICY
yeek.ai
Last Updated: 23 May 2026 | Version 1.0
Company
Ecommerce Commodities Pty Ltd
Trading As
Yeek.ai
ACN
621 646 053
Address
Level 1, 457-459 Elizabeth St, Surry Hills, NSW 2010, Australia
Contact Email
info@yeek.ai
Website
https://yeek.ai

Key Facts at a Glance
We are an Australian-registered company and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We also comply with the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, Brazil's LGPD, and other applicable data protection laws.
We collect only the personal information necessary to provide our services.
We do not sell your personal information.
You have the right to access, correct, and in many cases delete your personal information.
We use industry-standard security measures to protect your data.
For questions or to exercise your privacy rights, contact us at info@yeek.ai.

Table of Contents

1. Introduction
   Ecommerce Commodities Pty Ltd (ACN 621 646 053), operating as Yeek.ai ("Yeek.ai", "we", "our", or "us"), is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with our website, platform, mobile applications, and related services (collectively, the "Services").
   This Privacy Policy applies to all users of our Services, including visitors to our website, registered account holders, customers, and any other individual whose personal information we process. It applies regardless of where you are located in the world.
   By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with this policy, please do not use our Services.
   This policy should be read alongside our Terms of Service and any other agreements you have entered into with us.

2. Who We Are and How to Contact Us
   Yeek.ai is operated by Ecommerce Commodities Pty Ltd, a company incorporated in Australia. We act as the data controller (or equivalent under applicable law) for personal information processed in connection with our Services.

Legal Entity
Ecommerce Commodities Pty Ltd
ACN
621 646 053
Registered Address
Level 1, 457-459 Elizabeth St, Surry Hills, NSW 2010, Australia
Privacy Contact
info@yeek.ai
Website
https://yeek.ai

For all privacy-related enquiries, requests, or complaints, please contact us at info@yeek.ai. We aim to respond to all enquiries within 30 days.
If you are located in the European Economic Area (EEA) or the United Kingdom and believe we process your personal data subject to GDPR or UK GDPR, you may also have the right to lodge a complaint with your local supervisory authority.

3. Information We Collect
   We collect personal information in several ways depending on how you interact with our Services. The types of information we may collect include:
   3.1 Information You Provide Directly
   Account registration information: name, email address, username, and password.
   Profile information: profile photo, biography, preferences, and other information you choose to provide.
   Payment and billing information: credit or debit card details, billing address, and transaction history. Payment card data is processed by our PCI-DSS compliant payment processors and is not stored on our servers.
   Communications: messages, feedback, support requests, survey responses, and any other content you send to us.
   Identity verification information: where required by law or for fraud prevention, government-issued identification documents.
   Business information: if you use our Services as a business, company name, ABN/ACN or equivalent, business address, and details of authorised representatives.
   3.2 Information Collected Automatically
   When you use our Services, we automatically collect certain information about your device and usage, including:
   Device identifiers: IP address, device type, operating system, browser type and version, and unique device identifiers.
   Usage data: pages visited, features used, links clicked, time spent on pages, referring URLs, and search queries.
   Log data: server logs including your IP address, access times, hardware and software information, and crash reports.
   Location data: general geographic location inferred from your IP address. We do not collect precise GPS location without your express consent.
   Cookies and tracking data: information collected through cookies, web beacons, pixels, and similar technologies. See Section 10 (Cookies and Tracking Technologies) for more detail.
   3.3 Information From Third Parties
   We may receive personal information about you from third parties, including:
   Social media platforms and single sign-on providers (e.g., Google, Facebook, Apple) if you connect your account or use social login features.
   Payment processors, fraud prevention services, and identity verification providers.
   Analytics providers who help us understand how our Services are used.
   Advertising partners and referral sources.
   Publicly available sources, including public registers, social media profiles, and news sources, to the extent permitted by applicable law.
   3.4 Sensitive Information
   We generally do not seek to collect sensitive personal information (such as health information, racial or ethnic origin, religious beliefs, sexual orientation, or criminal records). Where the collection of such information is incidental or necessary for a specific service, we will seek your explicit consent and handle such information with enhanced care in accordance with applicable law.

4. How We Use Your Personal Information
   We use the personal information we collect for the following purposes:
   4.1 Providing and Improving Our Services
   To create and manage your account and provide you with access to our Services.
   To process transactions and send related confirmations, receipts, and invoices.
   To personalise your experience and deliver content and product offerings relevant to your interests.
   To develop new features, products, and services, and to improve existing ones.
   To monitor and analyse usage trends and to maintain the technical performance and security of our Services.
   4.2 Communications
   To send you service-related communications, including account notifications, security alerts, and administrative messages.
   To respond to your enquiries, comments, and support requests.
   To send you marketing communications about our products, services, and promotions, where you have consented or where we have a legitimate interest or legal basis to do so. You can opt out at any time (see Section 9).
   4.3 Legal and Compliance Purposes
   To comply with applicable laws, regulations, legal processes, and government requests.
   To enforce our Terms of Service and other agreements.
   To detect, investigate, prevent, and address fraud, security incidents, and other harmful, unauthorised, or illegal activity.
   To protect the rights, property, and safety of Yeek.ai, our users, and the public.
   To keep records and meet our tax, accounting, and audit obligations.
   4.4 Business Operations
   To conduct business planning, reporting, and forecasting.
   To evaluate and carry out mergers, acquisitions, restructurings, or other business transactions.
   To seek legal, financial, or professional advice.

5. Legal Basis for Processing (GDPR / UK GDPR)
   If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:
   5.1 Performance of a Contract
   Processing is necessary to enter into or perform a contract with you, including to provide you with our Services, to process payments, and to manage your account.
   5.2 Legitimate Interests
   Processing is necessary for our legitimate interests or those of third parties, where those interests are not overridden by your data protection rights. These interests include:
   Improving, personalising, and securing our Services.
   Preventing fraud and misuse.
   Marketing our Services to existing customers where permitted.
   Conducting business analysis and planning.
   5.3 Compliance with Legal Obligations
   Processing is necessary to comply with a legal obligation to which we are subject, such as tax laws, financial regulations, or court orders.
   5.4 Consent
   Where we rely on consent as a legal basis, we will ask for your explicit consent at the time of collection. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
   5.5 Vital Interests
   In rare circumstances, we may process personal data to protect your vital interests or those of another person, for example in a medical emergency.

6. Sharing and Disclosure of Personal Information
   We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your personal information in the following circumstances:
   6.1 Service Providers
   We engage trusted third-party service providers to perform functions on our behalf, including:
   Cloud hosting and infrastructure providers.
   Payment processors and financial institutions.
   Email, SMS, and communication platform providers.
   Customer relationship management (CRM) and helpdesk providers.
   Analytics and performance monitoring tools.
   Identity verification and fraud prevention services.
   Marketing and advertising platforms.
   These providers are contractually bound to process your personal information only for the purposes we specify and in accordance with applicable data protection law.
   6.2 Business Transfers
   In the event of a merger, acquisition, restructuring, sale of assets, insolvency, or other business transaction, your personal information may be disclosed to prospective or actual buyers, sellers, or business partners, subject to appropriate confidentiality obligations.
   6.3 Legal Compliance and Protection
   We may disclose your personal information where we reasonably believe disclosure is necessary to:
   Comply with any applicable law, regulation, legal process, or enforceable government request.
   Enforce or protect our legal rights, including investigation of potential violations.
   Detect, prevent, or address fraud, security, or technical issues.
   Protect the safety, rights, or property of Yeek.ai, our users, or the public.
   6.4 With Your Consent
   We may disclose your personal information to third parties where you have given your explicit consent for us to do so.
   6.5 Aggregated or De-identified Data
   We may share aggregated or de-identified data that cannot reasonably be used to identify you. Such data is not personal information and is not subject to this policy.

7. International Transfers of Personal Information
   Yeek.ai operates globally and may transfer your personal information to countries other than the country in which you reside, including to Australia, the United States, and other jurisdictions where our service providers operate. These countries may have different data protection laws from those in your home country.
   Where we transfer personal information from the EEA, UK, or Switzerland, we do so in accordance with applicable data protection law and rely on appropriate safeguards, including:
   Adequacy decisions by the European Commission or UK government.
   Standard Contractual Clauses (SCCs) approved by the relevant authority.
   Binding Corporate Rules where applicable.
   Other lawful transfer mechanisms under applicable law.
   Transfers of personal information from Australia to overseas recipients are conducted in accordance with Australian Privacy Principle 8 (APP 8). By using our Services, you consent to international transfers of your personal information subject to the protections described in this policy.
   You may request a copy of the safeguards we use for international transfers by contacting us at info@yeek.ai.

8. Data Retention
   We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary depending on the type of information and applicable legal requirements.
   Data Type
   Typical Retention
   Basis
   Account and profile data
   Duration of account + 7 years after closure
   Legal obligation; fraud prevention
   Transaction and payment records
   7 years from transaction date
   Tax and financial legislation
   Customer support records
   3 years from last interaction
   Legitimate interest; dispute resolution
   Marketing preferences
   Until opt-out or account closure
   Consent
   Server and access logs
   Up to 12 months
   Security; legitimate interest
   Cookies and analytics data
   See Section 10
   Consent / legitimate interest
   Legal hold data
   Duration of legal proceedings
   Legal obligation

When personal information is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.

9. Your Privacy Rights
   Depending on where you are located, you may have certain rights in relation to your personal information. We honour these rights for all users regardless of location, to the extent practicable. To exercise any of these rights, please contact us at info@yeek.ai.
   9.1 Rights Under Australian Privacy Law (All Users)
   Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles:
   Access: You may request access to the personal information we hold about you.
   Correction: You may request correction of personal information that is inaccurate, out of date, incomplete, or misleading.
   Complaints: You may make a complaint if you believe we have breached the APPs. We will investigate and respond within 30 days. If unresolved, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
   Anonymity: Where practicable and lawful, you may interact with us anonymously or using a pseudonym.
   9.2 Rights Under GDPR / UK GDPR (EEA and UK Residents)
   If you are located in the EEA or UK, you have the following rights:
   Right of Access: To obtain a copy of your personal data and information about how it is processed.
   Right to Rectification: To have inaccurate personal data corrected and incomplete data completed.
   Right to Erasure ("Right to be Forgotten"): To request deletion of your personal data in certain circumstances.
   Right to Restriction of Processing: To restrict how we process your data in certain circumstances.
   Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
   Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.
   Rights Related to Automated Decision-Making: Not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.
   Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent.
   You also have the right to lodge a complaint with your national data protection supervisory authority.
   9.3 Rights Under California Law (CCPA / CPRA)
   If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
   Right to Know: To request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
   Right to Delete: To request deletion of personal information we have collected from you, subject to certain exceptions.
   Right to Correct: To request correction of inaccurate personal information.
   Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioural advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
   Right to Limit Use of Sensitive Personal Information: To limit our use of sensitive personal information to the purposes permitted by the CPRA.
   Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
   To exercise your California rights, contact us at info@yeek.ai. We will verify your identity before processing your request. You may also designate an authorised agent to make requests on your behalf.
   We collect the following categories of personal information from California residents: identifiers; commercial information; internet or other electronic network activity information; and inferences drawn from the above. We collect this information for the business and commercial purposes described in Section 4.
   9.4 Rights Under Canada's PIPEDA
   If you are a Canadian resident, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):
   Right to Access: To request access to personal information we hold about you.
   Right to Correct: To challenge the accuracy and completeness of your personal information and have it amended.
   Right to Withdraw Consent: To withdraw consent to the collection, use, or disclosure of your personal information, subject to legal and contractual restrictions.
   Right to Complain: To complain to the Office of the Privacy Commissioner of Canada if you believe we have handled your information contrary to PIPEDA.
   9.5 Rights Under Brazil's LGPD
   If you are a resident of Brazil, you have rights under the Lei Geral de Protecao de Dados (LGPD), including:
   Confirmation that we process your personal data.
   Access to your personal data.
   Correction of incomplete, inaccurate, or out-of-date data.
   Anonymisation, blocking, or deletion of unnecessary or excessive data.
   Portability of your data to another service or product provider.
   Deletion of personal data processed with your consent.
   Information about entities with which we share data.
   Information about your right to deny or withdraw consent and the consequences of doing so.
   Objection to processing where not compliant with the LGPD.
   Review of decisions made solely by automated means that affect your interests.
   9.6 How to Exercise Your Rights
   To exercise any of the rights described above, please submit a request to info@yeek.ai. Please include your full name, the email address associated with your account, your location/jurisdiction, and a description of the right you wish to exercise. We will respond within the timeframe required by applicable law (generally 30 days, with the possibility of extension in complex cases). We may need to verify your identity before responding to certain requests. We will not charge a fee for reasonable requests but may charge for manifestly unfounded or excessive requests where permitted by law.

10. Cookies and Tracking Technologies
    10.1 What Are Cookies?
    Cookies are small text files placed on your device when you visit a website. We also use similar technologies such as web beacons, pixels, local storage, and session replay tools. Collectively, we refer to these as "cookies" in this section.
    10.2 Types of Cookies We Use
    Cookie Type
    Purpose
    Basis
    Strictly Necessary
    Enable core functionality such as authentication, security, and access to secure areas. Cannot be disabled.
    Essential for service delivery
    Functional / Preference
    Remember your preferences and settings (e.g., language, region).
    Legitimate interest / Consent
    Analytics / Performance
    Help us understand how our Services are used and measure their effectiveness (e.g., Google Analytics).
    Consent
    Marketing / Advertising
    Track visits across websites to deliver relevant advertisements and measure campaign effectiveness.
    Consent

10.3 Managing Cookies
When you first visit our website, we will ask for your consent to use non-essential cookies through a cookie consent banner. You can also manage your cookie preferences at any time through our cookie settings tool. Most web browsers also allow you to control cookies through their settings. Please note that disabling certain cookies may affect your ability to use some features of our Services.
For information about how to manage cookies in your browser, visit your browser's help documentation or resources such as www.allaboutcookies.org.
10.4 Do Not Track
Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not wish to be tracked. Our Services do not currently respond to DNT signals, but you can use our cookie settings to limit tracking.

11. Direct Marketing and Opt-Out
    We may send you marketing communications about our products, services, offers, and events by email, SMS, push notification, or other channels where we have your consent or a legitimate basis to do so. Each marketing communication we send will include an easy way to opt out (such as an "unsubscribe" link).
    You can opt out of marketing communications at any time by:
    Clicking the "Unsubscribe" link in any marketing email.
    Updating your notification preferences in your account settings.
    Contacting us directly at info@yeek.ai.
    Please note that even after opting out of marketing communications, you will still receive transactional and service-related communications necessary to the operation of your account.
    We comply with the Spam Act 2003 (Cth) (Australia), the CAN-SPAM Act (USA), Canada's Anti-Spam Legislation (CASL), the Privacy and Electronic Communications Regulations (PECR) (UK/EU), and other applicable anti-spam laws.

12. Children's Privacy
    Our Services are not directed to children under the age of 16 (or such higher age as required by applicable law in your jurisdiction). We do not knowingly collect personal information from children without appropriate parental or guardian consent.
    If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at info@yeek.ai and we will take steps to delete that information promptly.
    In jurisdictions where the age of consent for data processing is higher than 16 (for example, 18 in certain countries), we apply the higher age requirement for residents of those jurisdictions.

13. Data Security
    We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:
    Encryption of data in transit using TLS (Transport Layer Security).
    Encryption of sensitive data at rest.
    Access controls and authentication requirements for our systems.
    Regular security assessments, penetration testing, and vulnerability scanning.
    Staff training on data protection and information security.
    Incident response procedures for detecting and responding to data breaches.
    Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information.
    In the event of a data breach that is likely to result in a risk to your rights and freedoms or otherwise meets the threshold for notification under applicable law, we will notify you and the relevant regulatory authorities as required by law. In Australia, we comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). In the EEA and UK, we comply with the GDPR/UK GDPR requirement to notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach.

14. Third-Party Websites and Services
    Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Services.
    We are also not responsible for the privacy practices of social media platforms or other services through which you may choose to interact with us or share content about our Services.

15. Automated Decision-Making and Profiling
    We may use automated processing and profiling to personalise your experience, detect fraud, and improve our Services. Where automated processing produces decisions that have a legal or similarly significant effect on you, we will:
    Inform you that such automated processing is taking place.
    Provide you with information about the logic involved and the significance of the processing.
    Offer you the right to request human review of such decisions.
    You may contact us at info@yeek.ai to request information about any automated decision-making that has affected you or to request human review.

16. Region-Specific Provisions
    16.1 Australia
    We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Our Privacy Policy has been prepared to comply with the APPs. If you have a complaint about how we have handled your personal information, you may contact us at info@yeek.ai. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
    16.2 European Economic Area and United Kingdom
    For personal data processed subject to GDPR or UK GDPR, we act as data controller. We maintain records of processing activities as required by Article 30 of the GDPR. Where required, we carry out Data Protection Impact Assessments (DPIAs). We rely on the legal bases described in Section 5. You have the rights described in Section 9.2 and may lodge complaints with your local supervisory authority.
    16.3 United States
    In addition to the California rights described in Section 9.3, residents of other US states may have privacy rights under state law (including Virginia, Colorado, Connecticut, Texas, and others). We endeavour to honour equivalent rights to all US residents. We do not sell personal information as defined under applicable US state privacy laws.
    16.4 Canada
    We comply with PIPEDA and, where applicable, substantially similar provincial legislation (including Quebec's Law 25). Quebec residents have additional rights, including the right to be informed of the use of technology that identifies, locates, or profiles them.
    16.5 Brazil
    For personal data processed subject to the LGPD, we act as data controller (controlador). Our legal bases for processing are equivalent to those described in Section 5. You have the rights described in Section 9.5. You may direct data protection enquiries or complaints to us at info@yeek.ai.
    16.6 Asia-Pacific
    We comply with applicable data protection laws in the Asia-Pacific region, including Singapore's Personal Data Protection Act (PDPA), New Zealand's Privacy Act 2020, South Korea's Personal Information Protection Act (PIPA), Japan's Act on Protection of Personal Information (APPI), and other applicable laws. Residents of these jurisdictions may exercise equivalent rights to those described in Section 9.

17. Changes to This Privacy Policy
    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:
    Posting a prominent notice on our website or within our Services.
    Sending an email to the address associated with your account.
    Updating the "Last Updated" date at the top of this policy.
    We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy, to the extent permitted by applicable law. Where required by law, we will seek your consent before making material changes.

18. Contact Us
    If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact us:

Email
info@yeek.ai
Company
Ecommerce Commodities Pty Ltd (Trading as Yeek.ai)
ACN
621 646 053
Postal Address
Level 1, 457-459 Elizabeth St, Surry Hills, NSW 2010, Australia
Response Time
We aim to respond within 30 days of receiving your request.

If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
If you are located in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

Ecommerce Commodities Pty Ltd | ACN 621 646 053
Level 1, 457-459 Elizabeth St, Surry Hills, NSW 2010, Australia
info@yeek.ai | https://yeek.ai