Privacy Policy

Tsing Link Technology Limited is the data controller for sinomdb.com. You can contact us about privacy matters at [email protected] or by mail at Room 2-309, 2/F, Chungking Mansion, 36 Nathan Road, Tsim Sha Tsui, Hong Kong SAR.

For GDPR Article 27 matters, our appointed EU representative is DataRep, The Cube, Monkstown Farm, Monkstown, Co. Dublin, A94 F8P4, Ireland. The dedicated contact page will be updated once the DataRep account is activated.

• Data controller: Tsing Link Technology Limited
• Privacy contact: [email protected]
• EU representative: DataRep, The Cube, Monkstown Farm, Monkstown, Co. Dublin, A94 F8P4, Ireland

We collect personal data only for specific and legitimate purposes. Depending on how you use the service, this may include account registration details, subscription status, payment tokens, support messages, analytics activity, ad attribution data, affiliate tracking data, and special-category VIP health information.

Health information submitted through the VIP consultation flow is treated as a special category of personal data under GDPR Article 9 and is processed only after you provide explicit, separate consent through the VIP Health Data Supplemental Agreement.

• Google display name and email address collected through Google OAuth sign-in on a contract-performance basis
• Email address and encrypted password hash collected for email/password registration on a contract-performance basis
• Subscription tier, membership status, and payment tokens processed to perform the service contract
• Page views, clicks, session behaviour, and ad attribution signals processed on the basis of user consent
• Affiliate tracking data processed under legitimate interests for fraud prevention
• VIP health-related information processed only with explicit consent

We engage third-party processors to provide infrastructure, payments, analytics, communications, consent management, and marketing services. These providers process personal data only under appropriate contractual and security controls, except where they act as an independent controller under their own terms.

Our processor roster can change over time. When material changes occur, we update this Policy and notify registered users by email.

• Cloudflare, Inc. (USA) for CDN, DDoS protection, and network security using IP address and request metadata
• ClickFunnels / Etison LLC (USA) for landing pages and email automation using name, email, and opt-in preferences
• Resend (USA) for transactional emails using email address and notification content
• Google LLC for GA4, GTM, and Google Ads using behavioural data and ad conversion signals
• Meta Platforms, Inc. and TikTok Inc. for retargeting and conversion tracking after user consent
• Paddle.com Market Limited (Ireland), Stripe, Inc. (USA), and PayPal Holdings, Inc. (USA) for payment processing
• Tapfiliate / Post Affiliate Pro for affiliate tracking, AI-assisted processing tools for ticket summarisation, and CookieYes for consent management

Our servers are located in Los Angeles, United States. If you access the service from the European Union or another region, your personal data may be transferred to and processed in the United States and Hong Kong.

We rely on Standard Contractual Clauses, applicable adequacy decisions or certification frameworks, and processor agreements with transfer safeguards to support lawful international data transfers.

• EU transfers to US-based servers and processors rely on SCCs under GDPR Article 46
• We also rely on adequacy decisions or equivalent certification frameworks where available
• Major processors such as Google, Meta, and Cloudflare maintain transfer mechanisms covering EU data subjects

We retain personal data only for as long as needed for the purposes described in this Policy or as required by law. Account data is deleted automatically after the retention period associated with the relevant membership tier unless a legal hold or dispute requires longer storage.

When an account is deleted, personal data is purged on the applicable schedule, while anonymised analytics without personal identifiers may be retained indefinitely.

• Pro Member account data: 1 year after subscription termination
• VIP Member account data: 2 years after subscription termination, or earlier upon request where applicable
• VIP health-related consultation data: 2 years after termination or earlier upon consent withdrawal
• Payment records: 7 years to satisfy Hong Kong tax and accounting requirements
• Support ticket content without health data is deleted with the related account data schedule

You may exercise privacy rights through your account dashboard or by emailing [email protected]. We respond to verified requests within 30 days, or faster where a shorter statutory deadline applies.

European Union residents may also lodge a complaint with the data protection authority in their Member State.

• Right of access, including a machine-readable export
• Right to rectification of inaccurate or incomplete data
• Right to erasure subject to retention obligations
• Right to data portability, right to object, and right to withdraw consent
• Right to lodge a complaint with a supervisory authority

We send promotional communications only to users who have given explicit, separate opt-in consent through an unchecked checkbox that is independent from Terms of Service acceptance.

You can withdraw marketing consent at any time through the unsubscribe link in marketing emails or by updating your account dashboard preferences. Transactional messages such as billing alerts and password resets do not require separate marketing consent.

We use cookies and similar tracking technologies on sinomdb.com, and CookieYes manages our consent experience. Strictly necessary cookies support core website functionality, while analytics and marketing cookies require user consent.

For users in the European Union, analytics and marketing cookies are disabled by default until consent is provided. Cookie preferences can be updated later through the site's cookie settings panel.

• Strictly Necessary cookies for session management and security do not require consent
• Analytics cookies such as GA4 and GTM require consent
• Marketing cookies such as Google Ads, Facebook Pixel, and TikTok Pixel require consent
• CookieYes stores consent records and cookie preferences

California residents may request disclosure of the categories and specific pieces of personal information collected in the previous 12 months, request deletion subject to exceptions, and exercise related non-discrimination protections.

To submit a CCPA request, email [email protected] with the subject line "CCPA Privacy Request".

• Right to know what personal information we collected in the last 12 months
• Right to delete personal information subject to statutory exceptions
• We do not sell your personal information to third parties.
• Right to non-discrimination for exercising CCPA rights

The service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.

If we learn that a minor has provided personal data, we will delete it promptly. If you believe a minor has registered, please notify [email protected].

We use technical and organisational safeguards to protect personal data against unauthorised access, loss, and disclosure. These measures include encrypted transmission, password hashing, access controls, and encrypted storage for VIP health-related consultation data.

No transmission or storage method is completely secure, but we maintain industry-standard protections and continuously review our safeguards.

• TLS/HTTPS for encrypted data transmission
• Hashed password storage
• Access controls limited to authorised personnel
• Encrypted storage for VIP health-related consultation data

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email at least 30 days before the changes take effect.

The latest version remains available at sinomdb.com/privacy, and continued use of the service after the effective date of an update constitutes acceptance of the revised Policy.