PRIVACY POLICY — The PlatformVersion: v3.1 — Operator & Licensing Edition
Operator / Licensing / Brand ScopeOperator / Data Controller:
3-102-938509 S.R.L. (Costa Rica)
Registered address: Costa Rica, San José, San José, Mata Redonda, Sabana Oeste, 12 Avenue 90 Street, ERP Lawyers.
Contact: help@yon.market
Licensing: The Platform operates under a license issued by the Anjouan Offshore Finance Authority (Gaming Division), an autonomous island of the Union of the Comoros (License No.: NUMBER WILL BE ADDED LATER).
Brand scope: These Terms apply to all products and services under the yon prediction market trademark, logos, and domains; collectively referred to herein as “the Platform.”
1. Scope & OverviewExplains how personal data is collected, used, shared, and protected across the Platform’s websites and apps. Complements the Terms & Conditions.
By using the Platform or creating an account, you consent to the collection and processing of your personal and technical data as described in this Policy. This Policy applies to all users, visitors, and third parties interacting with the Platform.
2. Legal Basis & Nature of ServiceThe Platform is peer‑to‑peer and skill‑based. Processing relies on: contract performance (account/operations), legitimate interests (security, fraud prevention, analytics, product improvement), legal obligations (AML/KYC), and consent (where required).
3. Data Controller & ContactData Controller: 3‑102‑938509 S.R.L. (operating as yon prediction market)
Registered address: Costa Rica, San José, Mata Redonda, Sabana Oeste, 12 avenue 90 street, ERP Lawyers.
Contact: help@yon.market
4. Not a Financial ServiceThe Platform is not a financial services provider, broker, or exchange and does not offer binary options, CFDs, futures, securities, tokens, or cryptoassets. Internal features such as Coins are non‑monetary and used solely for in‑app utilities.
5. Data We Collect• Account & Identity — name, display name, email, phone (OTP verification), OAuth sign‑in via Google/Apple (with explicit authorization; under‑18 blocked) Google/Apple ID linkage, optional profile data (bio, avatar).
• KYC Verification — identity verification is performed exclusively by a third‑party provider (Didit.me). The Platform does not store KYC document images or sensitive ID documents.
• Authentication & Contact — login identifiers, OTP records, device identifiers when provided.
• Payment & Transaction — payment metadata as needed by PSPs, deposits, withdrawals, transaction history, commissions, and bonuses.
• Device/Browser & Fingerprint — fingerprint signals collected via third‑party provider(s) (e.g., FingerprintJS) for fraud prevention and account security. The Platform retains only verification/assessment flags; raw data remains with the provider.
• Usage & Market Activity — market participation, trades, predictions, in‑app purchases (Coins), timestamps, logs, and metrics (e.g., Brier score).
• Support & Communications — support tickets, emails, attachments.
• Technical & Risk Data (pre‑registration) — limited technical or behavioral data (IP, device type, browser signature, referral) collected before account creation for fraud screening.
6. Use of Data• To provide and operate the Platform, manage accounts, process transactions, and resolve markets.
• Fraud detection, AML/KYC screening, sanctions and PEP checks, transaction monitoring, and SAR filings.
• Identity verification through Didit.me and device fingerprinting via third‑party providers.
• Customer support, dispute resolution, regulatory cooperation, and legal compliance.
• Personalization, analytics, and improvement of product mechanics and user experience.
• Bonus/rewards administration (Coins, promotions).
• Safety and abuse prevention (bot detection, multi‑accounting, misuse).
7. Legal Basis for ProcessingThe Platform processes personal data under the following lawful bases:
• **Contract performance** — to provide the Platform and fulfill user requests.
• **Legal obligations** — AML/KYC, sanctions screening, and record‑keeping compliance.
• **Legitimate interests** — maintaining Platform integrity, preventing fraud, improving functionality.
• **User consent** — by registering or using the Platform, you consent to processing of personal and technical data for purposes described here.
- 8.Processors & Transfers
Processors for KYC (Didit.me), fraud prevention, incl. fingerprints (FingerprintJS), hosting (AWS/GCP/Azure), analytics, payments operate under DPAs. International transfers may occur with safeguards in line with AOFA and international standards.
9. Disclosure to Regulators and Law EnforcementThe Platform may disclose personal or technical data to the Anjouan Offshore Finance Authority (AOFA) or other competent authorities where legally required for supervision, compliance audits, or investigations. The Platform cooperates with payment providers and partners for lawful fraud prevention and dispute resolution.
10. Cookies, SDKs & FingerprintsCookies and SDKs for necessary functions, security, analytics/measurement. Device fingerprints strictly for anti‑fraud, security, and UX improvement under legitimate interests; not for advertising/behavioral profiling. See Cookie & Tracking Policy for choices/consent.
11. Analytics and Product ImprovementThe Platform collects and analyzes both internal and third‑party analytics data to improve performance, usability, and predictive mechanics. This includes anonymized or aggregated event data, device metrics, feature usage, and behavior trends. By using the Platform, you consent to collection and processing of such analytics and to the Platform’s use of systems deemed necessary for improvement and security.
12. RetentionRetention depends on data type and purpose. AML/KYC records: typically 5 years or as required by law. Account and transaction data: 1–5 years. Fingerprint and fraud‑related results: up to 24 months. Anonymous analytics may be retained indefinitely. Didit.me stores KYC documents per its own policy; The Platform does not store such images.
Retention practices comply with AOFA and AML standards and are periodically reviewed to ensure compliance with regulatory and business requirements. After expiry, data is securely deleted or anonymized.
13. User RightsAccess, correction, deletion (limited by AML retention), objection/restriction, withdrawal of consent. Data export available via help@yon.market.
14. Security & Anti‑PhishingEncryption in transit/at rest; access controls; backups; incident response. The Platform never requests credentials/payment data outside official domains/channels. Report phishing to help@yon.market.
15. Account Deletion & App DistributionAccount deletion in‑app and via website; some data retained for AML/KYC. App distributed via official stores and, where permitted, via official website.
16. Visual PersonalizationPredefined avatars/skins only; no uploads. Visuals are neutral, non‑ideological.
17. Marketing & CommunicationsEmails/SMS/push/messaging for account, security, promotions, product updates. Users may manage non‑essential preferences; essential notices cannot be fully disabled.
18. Changes & ContactPolicy may be updated; continued use = acceptance. Contact: help@yon.market.
Approved October 28, 2025 by 3-102-938509 S.R.L. / Compliance Department.