DIGITAL COACH PRIVACY NOTICE.
Version date: 11 December 2024
Yellow Dot Group Ltd, trading as Yellow Dot (“Yellow Dot,” “we,” “our,” or “us”) makes coaching affordable and accessible so that everyone can be coached professionally and personally. Trust and confidentiality are the foundations of the coaching relationship. Your privacy is therefore extremely important to us, and we are committed to protecting your personal data. This Digital Coach Privacy Notice (“Privacy Notice“) outlines how we collect, use, share, and secure your data as you engage with our digital coaching services and platform (“Coaching Platform”).
Please note that this Privacy Notice specifically addresses privacy practices related to our coaching services and the use of our Coaching Platform. It does not cover general privacy practices, such as information collected through our website (see here for more information).
1. Key Information about Us
Who we are: Yellow Dot Group Ltd is the entity in charge of your personal data.
Contact us: If you have any questions or concerns about this Privacy Notice, or any other enquires, please reach out to us at support@yellowdot.ai.
2. Data We Collect from You
We collect various types of personal data depending on how you interact with our Coaching Platform:
Identity Data: This includes your first name, last name, preferred name, username, or similar identifiers that help us recognise you.
Profile Data: This encompasses your username and password, as well as any feedback and surveys you complete.
Contact Data: This includes your email address and telephone numbers to maintain communication.
Usage Data: We gather data on how you use our Coaching Platform and services, including the features you engage with.
Interaction Data: This refers to your inputs and the responses generated from your interactions, questions, and feedback during coaching sessions on our Coaching Platform.
Voice Data: We may collect voice inputs during your interactions. This data is used to allow you to speak with our Coaching Platform and is transcribed into Interaction Data to allow our services to process. It is not used for identification purposes.
Technical Data: This includes information such as your Internet Protocol (IP) address, browser type, and operating system to improve your experience on our platform.
Marketing Communications Data: Preferences regarding marketing materials and how we communicate with you.
3. How We Use Your Personal Data
We will only use your personal data in the following ways, in accordance with data protection laws:
To Fulfil Our Contract: We need your personal data to set you up as a new user and manage your account.
For Our Legitimate Interests: We analyse how users engage with our Services so we can improve them. “Legitimate interests” refers to our business’ interests in effectively managing our operations and delivering the best services to you.
To Comply with Legal Obligations: We will process your personal data to meet any legal requirements.
With Your Consent: In cases where your consent is necessary, such as for processing beyond legitimate interests – including certain AI-based functionalities – or sending marketing communications or newsletters, you will always have the option to opt out. Your consent will be obtained where required by law to ensure you are informed and have control over how your data is used.
Voice Data Processing: We may collect and process Voice Data to allow you to speak with our Coaching Platform. You will be informed of this processing every time you start a coaching session. You can stop using the Voice Data features at any time and request the deletion of your Voice Data by contacting us at support@yellowdot.ai.
Storage and Use of Interaction Data: We store Interaction Data to allow you to access transcripts from previous sessions. This historical data enables you to revisit your discussions for your on-going personal development, and your coach to recall your preferences and interactions to provide personalised coaching. You can request the deletion of your Interaction Data at any time.
Training Our AI: To provide you with a coaching experience now and in the future as you develop, we need to train the AI models underpinning our Services. We do this based on your interactions and feedback, which include information such as your coaching goals, responses to prompts, and any insights you choose to share. This process is analogous to how human coaches learn from their experiences, allowing the AI to offer increasingly relevant insights.
Anonymisation of Interaction Data: All interaction transcripts generated during your use of our Services are fully anonymised, meaning all personal data is removed before being used for any training purposes. This protects your identity and ensures your privacy while allowing us to improve our AI systems.
De-identification of Feedback: When you provide feedback on your interaction, coaching session, or our Services, this information is processed in a de-identified manner. It means that this feedback does not retain any association with your personal data or account, safeguarding your anonymity.
Sensitive Personal Data: We kindly ask that you refrain from inputting sensitive personal data into our Coaching Platform. Sensitive personal data includes information such as your racial or ethnic origin, political opinions, religious beliefs, health information, or any other data that may be classified as sensitive under applicable laws. If you accidentally provide such information, please contact us immediately for assistance.
4. How We Respect Your Privacy with AI
Yellow Dot aims to adhere to the principles of the EU AI Act, which emphasises user safety, privacy, and the respect of fundamental rights. Here are the mechanisms we have implemented to ensure compliance from a privacy perspective:
Risk Assessment: We conduct regular risk assessments to evaluate how our AI models operate and ensure they remain within acceptable risk thresholds, particularly concerning user data privacy.
Data Protection by Design and Default: We embed data protection principles into the design of our AI system. This means that from the outset privacy implications are considered, and user data is handled with care.
Transparency Measures: We are committed to being transparent about how our AI operates. Users are informed about the nature of the data collected and how it is utilised in generating insights and prompts. This includes clarity that the AI does not replace human judgment and provides supportive insights rather than prescriptive advice.
Human Oversight: While our AI provides automated insights, there is a framework for human oversight to ensure that the outputs are reasonable and to provide additional context when necessary.
Regular Audits: We perform routine audits on our AI systems and their deployment in our services to verify compliance with established privacy standards and the EU AI Act.
5. Transparency of AI Processes
We want you to understand how our AI works:
AI-Driven Insights: Our Coaching Platform utilises Artificial Intelligence (AI) to offer you a supportive coaching experience. Our AI models analyse the data you provide and your interactions, generating insights and prompts intended to facilitate your coaching discussions.
Limitations of AI: It is important to recognise that our AI does not replace human judgment or expertise. While it aims to provide relevant insights, there may be instances where the AI models make mistakes. The insights generated should be critically evaluated, and you are encouraged to utilise these insights in ways that align with your individual circumstances and objectives. Ultimately, the control over your coaching journey lies with you; the decisions you make and the actions you take are solely yours.
For further information, please see our How we use AI guide.
6. Sharing Your Personal Data
Your personal data may be shared with trusted external third parties for specific purposes.
External Third Parties: We collaborate with selected partners, such as Google and OpenAI, to enhance our offerings. We ensure that these third parties handle your personal data under strict privacy regulations and agreements, ensuring its protection while enhancing the functionality of our services.
Google Cloud Platform (GCP): As a data processor, GCP provides cloud storage, computing services, and voice transcription services necessary for the operation of our Coaching Platform. GCP processes your personal data on our behalf and does not control how your data is used. It implements stringent security measures to protect your information and adheres to privacy standards in data handling.
OpenAI: When we use OpenAI’s services, it acts as a data processor, facilitating AI-driven features within our Coaching Platform. OpenAI processes personal data to deliver insights based on your interactions and may be used for voice transcription services. OpenAI implements robust data protection measures and respects user privacy in compliance with relevant regulations.
RunPod: Our AI models require the use of high-performance graphics processing units (GPUs) to process data and generate the responses to your interactions at high speed. RunPod acts as a data processor on our behalf and does not control how your data is used. RunPod implement the strictest security measures to protect the privacy and security of the data it processes.
PlayHT: When required, these services give our Digital Coach a voice based on the responses generated by our AI engines. To facilitate the voice generation, PlayHT acts as a data processor. PlayHT meets industry standard requirements to protect all data.
Pinecone: We use a database technology which is essential for our AI engines to be able to create and use a knowledge base. Pinecone provides the database service and acts as a data processor. Pinecone implements the highest standard of security and adheres to the strictest policies to ensure privacy.
CCPA Compliance: In adherence to the California Consumer Privacy Act (CCPA), we never sell your personal data. We prioritise your privacy and ensure that third-party service providers act only according to our instructions and comply with applicable laws.
7. Marketing Communications
We want to keep you updated and connected to our digital coaching community. We will send you updates and information about our new products and services, upcoming events, promotions, or news via email or push notifications.
Consent Requirement: Where required by law, we will only send you marketing information if you consent to us doing so at the time you provide us with your personal data. This means you will have the opportunity to opt in to receive valuable insights and updates tailored for your professional development.
Opting Out: If you decide that you no longer wish to receive marketing communications, you can opt out at any time by following the unsubscribe instructions contained in each promotional email we send you.
Continued Communication: Even if you opt out of marketing communications, we will still contact you via email regarding the provision of our Services and to respond to your enquiries.
Data Retention for Marketing: If you ask us to delete your data or remove you from our marketing lists, and we are required to fulfil your request, we will retain basic information necessary to identify you and prevent further unwanted processing.
8. Data Security
Your personal data security is a priority for us, and we have strong measures in place to ensure it’s protected:
Access Controls: We limit data access to authorised staff only, ensuring that your personal information remains confidential and secure.
Data Encryption: Any sensitive data you share is encrypted during transmission over the internet and when stored in our databases. This helps keep your information safe from unauthorised access.
Regular Security Audits: We frequently review our security systems and practices to ensure your data remains protected against threats and vulnerabilities.
9. Data Retention
We retain your personal data only for as long as it is necessary:
Identity and Contact Data: We keep these details for up to six years after you stop using our services to comply with legal requirements.
Technical and Usage Data: This information is held for no more than 12 months after you last interacted with us, ensuring we maintain our platform’s integrity and security during this time.
Profile and Interaction Data: While you are actively using our services, we retain this data. Anonymised versions are kept indefinitely to help improve our AI systems, and they no longer include your personal identifiers.
Marketing Data: This is retained until you decide to opt out of marketing communications or when it no longer serves its purpose, with regular reviews to ensure relevance.
10. International Transfers
Yellow Dot operates on a global scale, and sometimes this means transferring your data outside the UK or EU. Different regions may have varying data protection standards. To protect your data, especially if you’re in the EU, we use:
Standard Contractual Clauses: These are pre-approved legal mechanisms that help ensure your personal data receives the same level of protection even when transferred internationally.
We consistently review our data transfer practices to ensure robust protection and compliance with necessary legal requirements.
11. Your Rights
Your rights concerning your personal data depend on your country of residence. If you are based in the UK or EU, you have the following important rights under the General Data Protection Regulation (GDPR):
UK and EU Residents
Right of Access: You are entitled to ask for a copy of the personal data we hold about you, as well as information on how it is being used. This helps ensure transparency and understanding of our data practices.
Right to Rectification: Should your data be inaccurate or incomplete, you have the right to request that we correct it. We will also update any third parties with whom we have shared your data, where necessary.
Right to Erasure: You have the right to request the deletion of your personal data in specific situations, such as when it is no longer needed for its original purpose or when you withdraw your consent. We will also notify relevant third parties about your request.
Right to Restrict Processing: You can ask us to limit the processing of your data under certain conditions, such as if you are questioning the accuracy of the data. We will inform you if and when any restrictions on processing are lifted.
Right to Data Portability: You have the ability to receive your personal data in a structured, commonly used format, allowing you to transfer it to another service provider if desired.
Right to Object: If you disagree with our processing of your data based on our legitimate interests, you can object, particularly concerning direct marketing.
Rights Regarding Automated Decision-Making: You have the right not to be subject to decisions made solely on automated processing, including profiling, unless necessary for entering into, or performance of, a contract, or you have given explicit consent.
Right to Withdraw Consent: You can withdraw your consent for data processing at any time. Please note that this will not affect the legality of any processing conducted before your consent was withdrawn.
Right to Lodge a Complaint: If you have any concerns about our privacy practices, you can reach out to the Information Commissioner’s Office (ICO) in the UK or your local data protection authority within the EU.
If you wish to exercise any of these rights or need further information, please contact us at support@yellowdot.ai.
12. Cookies
Our website uses cookies to improve user experience. Cookies are small files stored on your device that help us remember your preferences and understand how you use our services. You can manage your cookie settings through your web browser or choose to accept or decline cookies when visiting our site. Please refer to our Cookie Policy for more detailed information.
13. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, for operational reasons, or to meet new legal or regulatory requirements. When such changes occur, we will notify you by posting a notice on our website or sending you an email, so you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.