TIMEWIN躺盈
Subscribe

Privacy Policy

Version v2.0 · Effective 2026-05-15

This Privacy Policy describes how YANGYUN MANAGEMENT LIMITED (BVI, “we”, “us”) collects, uses, shares, and protects your personal information when you subscribe to or visit Sunday Letter at timewin.co.

1. Information we collect

1.1 You actively provide

  • Email address (for letter delivery and account login)
  • Payment information — full card number / expiry / CVV are processed and stored by Airwallex in a PCI-DSS compliant environment; we only receive subscription status and payment-result callbacks, never the full card number
  • Wallet address when paying by stablecoin (already public on-chain; used to identify your payment)
  • Content of any email you send to support@timewin.co

1.2 Automatically collected

  • Access logs: timestamp, page URL, User-Agent, IP range (anonymized to geo level)
  • Vercel Analytics: aggregate page-view data without identifying individuals; no advertising
  • Risk-control fields from payment provider: Airwallex may collect device fingerprint, IP, etc. during a transaction for fraud prevention. See Airwallex’s own Privacy Policy

1.3 What we do not collect

  • Your legal name (unless you voluntarily share it)
  • Government ID, passport, social security number
  • Your brokerage password, API key, or any account control
  • Your portfolio data (unless you voluntarily email it to us)

2. How we use your information

  • Deliver the subscription (sending the letter and the portfolio PDF to your inbox)
  • Account login and subscription-state management
  • Payment processing, renewal reminders, refund execution
  • Customer support (replying to your inquiries)
  • Compliance with legal obligations (AML, tax, lawful regulatory requests)
  • Service improvement based on aggregated, anonymized usage data

We do not use your email for advertising. We do not sell or rent your email to third-party marketers.

3. Third-party services disclosure

To deliver the service, we use the following third-party providers. Relevant data may be passed to them:

  • Airwallex (payment processing) — handles card / debit / Apple Pay / Google Pay transactions; stores your card-sensitive data in a PCI-DSS environment; we do not access full card numbers
  • Email service provider (one of Mailchimp / Buttondown / ConvertKit, TBD) — sends letter and system emails; sees your email address and message content
  • Vercel (website & log hosting + basic analytics)
  • Cloudflare (CDN and basic DDoS protection; sees request-level logs)
  • Blockchain networks (when receiving stablecoin payments; on-chain records are public)
  • FV Bank / licensed bank (corporate account receipts and disbursements)

Each of these providers has its own privacy policy. We share with each only the minimum data needed for their function.

4. Cookies & local storage

  • Language-preference cookie: stores your zh / en choice; lifetime 1 year
  • Login-session cookie (once available): keeps you signed in
  • localStorage: temporarily stores form state (e.g. notify-list email); never leaves your browser
  • We do not use advertising cookies, Google Analytics, Facebook Pixel, or any cross-site tracking

5. Retention

  • During subscription: retained as needed
  • After cancellation / refund: email and payment records retained for 7 years (tax, accounting, AML); other data anonymized within 90 days
  • Access logs: 90-day rolling window
  • Customer-support emails: 3 years

6. Your rights

You have the following rights regarding your personal information:

  • Access / export: receive a copy of the personal information we hold about you
  • Rectification: request corrections of inaccurate or incomplete information
  • Deletion: request deletion of your information (subject to legal retention in §5)
  • Withdraw consent: unsubscribe from emails; you may still browse the website
  • Object: object to specific uses of your information

To exercise any of these rights, email support@timewin.co. We respond within 30 days.

7. Security

  • TLS 1.2+ encryption in transit
  • Sensitive fields encrypted at rest
  • Admin access requires strong passwords + 2FA
  • Employee access on a least-privilege basis
  • Regular review of access permissions and logs

Although we take reasonable technical and organizational measures, no internet transmission is 100% secure. In the event of a data breach affecting you, we will notify you by email within 72 hours of becoming aware and describe remedial actions.

8. Cross-border data transfer

Our servers and third-party providers reside in multiple jurisdictions (US, EU, Singapore, Hong Kong, etc.). By subscribing, you agree that your information may be transferred to and processed in those jurisdictions. Our contracts with each provider include data-protection provisions comparable to the laws of your jurisdiction.

9. Children’s privacy

The service is intended for adults aged 18 and above. We do not knowingly collect personal information from minors. If you discover that we have collected information from a minor, please contact us to delete it.

10. Changes to this policy

This Privacy Policy may be updated. Material changes will be notified by email at least 14 calendar days in advance. Continued use of the service constitutes acceptance.

11. Contact

Privacy questions: support@timewin.co