Privacy Policy

Last updated: June 26, 2026 · See also Terms of Service · User guide

1. Who we are

Yisun Spark is operated by Chongqing Yisun Technology Co., Ltd. and provides flash pop-up engagement tools (lucky draw, wish wall, live voting, and related SaaS features) for IP owners, tourism boards, brands, markets, and event organizers. Official site: yisun.cloud.

This service does not fulfill prizes or handle offline transactions between organizers and participants. Organizers pay us only for software access.

2. Where your data is stored

Business data (organizer accounts, event settings, interaction records, payment orders, etc.) is stored and processed on servers located in the United States, using cloud infrastructure selected by the operator. We do not intentionally move business databases outside that region for storage or processing.

DNS, email delivery, payment processing, AI copy assistance, and optional content moderation may use third-party providers. That does not mean your core business database is relocated. If storage location changes, we will update this policy.

3. Information we collect

We collect only what is needed to run the service. Under U.S. privacy frameworks, this may include:

• Identifiers — login email, organizer/brand name, optional address, required phone number, password (stored as a hash).
• Commercial information — subscription plan, payment order records (processed by our payment provider; we do not store full card numbers).
• Internet or network activity — IP address and timestamps in security logs (see Sections 4–5); anonymous visitor_key in browser session for anti-abuse.
• User-generated content — wish-wall nicknames and messages, vote choices, draw results, event titles and rules you publish.

4. Organizer accounts (registered users)

• Why we collect it — account sign-in and email verification, displaying your brand on event pages, plan and interaction quota management, support, fraud prevention, and legal compliance when required.
• IP address on sign-up / login — we log your IP address and time of access in account records and server logs to protect accounts, detect unusual sign-ins, and resolve disputes. It is not shown publicly, not used for cross-site advertising, and not sold. See Section 5.
• Email verification — after registration we send an activation link (and a welcome message after activation). Publishing events or purchasing a plan requires a verified email. Links expire after 48 hours and can be resent.
• AI copy assist — if you use “AI fill copy,” event titles and similar text may be sent to the configured AI provider. If content moderation is enabled, public copy may also be reviewed by automated rules on our servers.

5. Event participants (no account required)

Participants can join by scanning a QR code or opening a link without registering. We follow data minimization: we do not collect participant phone numbers, government IDs, home addresses, or email addresses.

• Anonymous identifier — a random visitor_key in the browser session limits daily draws and enforces one vote per person per event. It does not directly identify an individual.
• Security logs (may include IP) — when someone draws, posts a wish, or votes, our servers may log the IP address (when available), timestamp, and event ID in operational logs only. IP addresses are not written into wish text, vote choices, or draw results, and are not shown to organizers or other participants. We use them for anti-fraud, abuse prevention, and security. We do not use them for targeted advertising and do not sell them. Retention: Section 6.
• Lucky draw — result and time, linked to the anonymous identifier.
• Wish wall — optional nickname (default “Guest,” max 20 characters), wish text (max 80 characters), optional emoji; content is publicly displayed.
• Live vote — selected option and time; one vote per person per event.
• Participants must tap “Agree and continue” before submitting. Wishes and nicknames are validated on our servers.
• Prize rules and disclosures are written by the organizer; we do not certify their legal compliance.
• We do not sell participant data and do not use it for cross-context behavioral advertising.

6. Retention: business records vs. security logs

• Interaction records (no IP) — draw results, wishes, votes, timestamps, event IDs, and visitor_key. Kept while the event runs and as needed for disputes; deleted or anonymized when an organizer deletes their account (except where law requires retention).
• Operational / security logs (may include IP) — organizer logins, event publishing, payments, and participant interactions. Used for troubleshooting, fraud prevention, and lawful requests.
• Account email logs — verification and billing-related messages sent to organizers (not participant emails).

Security logs are stored in the United States and are not sold. We generally retain them for at least 12 months, then delete or aggregate them unless a longer period is required by law.

7. How we use and share information

• Service providers — hosting, email, payments (e.g. LianLian Global, PayPal), and optional AI or moderation vendors process data on our behalf under contract.
• Organizers — see interaction content you submit (wishes, votes, draw outcomes) on their dashboard; they do not receive participant IP addresses from us.
• Legal — we may disclose information if required by law or to protect rights, safety, and security.
• No sale of personal information — we do not sell personal information as defined under the California Consumer Privacy Act (CCPA/CPRA). We do not “share” personal information for cross-context behavioral advertising.

8. Security

• Business data is protected with HTTPS and access controls on infrastructure in the United States.
• Sensitive configuration (mail, payments, API keys) is stored securely on the server; organizers do not access deployment secrets.
• Report abuse: info@yisuncloud.com (also in the site footer).

9. Your privacy rights (U.S.)

Organizer accounts

• Access / correction / deletion — email info@yisuncloud.com or use Settings · Delete account. Deletion requires email confirmation; after deletion, event links stop working and related data is deleted or anonymized (minimal logs may be kept where required by law).

Event participants

• Wishes are public. To remove a message, contact the event organizer or email us at info@yisuncloud.com with the event name and approximate content/time. For illegal or infringing content, use info@yisuncloud.com.
• Clearing cookies resets the anonymous identifier but does not delete wishes or votes already submitted.

California and other state residents

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with privacy laws may have additional rights to know, access, correct, delete, and opt out of certain processing. Because we do not sell personal information, there is no separate “Do Not Sell or Share” toggle — your request is already our default practice. To exercise rights, email info@yisuncloud.com with “Privacy request” in the subject. We will verify your request and respond within the time required by applicable law. You may designate an authorized agent where permitted.

10. Children

This service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact info@yisuncloud.com and we will delete it promptly.

11. Changes

We may update this policy. The “Last updated” date at the top will change when we do. Continued use after an update means you accept the revised policy.

12. Contact us

Email: info@yisuncloud.com
Abuse reports: info@yisuncloud.com
Operator: Chongqing Yisun Technology Co., Ltd.
Website: yisun.cloud