logotype
FAQ Sign In

Privacy Policy

Last updated: 12 September 2025

1. Introduction

Welcome to https://openn.me (the "Site"), operated by Unikorn Marketing Media Limited ("Openn," "Company," "we," "our," or "us").

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Site, the mobile application, and all related services (the "Platform" or "Services").

By using the Platform, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Who We Are

Unikorn Marketing Media Limited is a company incorporated under the laws of Hong Kong, registered under number 76916986, with its headquarters at: Office 4, 10/F., Kwan Chart Tower, No. 6 Tonnochy Road, Wan Chai, Hong Kong.

Openn acts as:

  • Data Controller for personal data it collects directly (e.g., registration, account, payment tokens).
  • Data Processor for files uploaded by Providers that may contain personal data. In this case, the Provider remains the Data Controller.

We comply with the Hong Kong Personal Data (Privacy) Ordinance (PDPO) and, where applicable, the EU General Data Protection Regulation (GDPR) and other global privacy laws.

3. Categories of Data We Collect

The personal data we collect depends on how you use the Platform. Some information is required only from certain users (for example, Providers may need to provide verification documents), and not all users are required to provide all of the information listed below.

3.1 Data You Provide to Us

  • Name
  • Email address
  • Date of birth
  • Government-issued photo ID
  • Uploaded content
  • Information submitted through registration, contact, or feedback forms

We do not collect physical addresses, phone numbers or payment card details.

3.2 Automatically Collected Data

When you use the Platform, we may collect:

  • IP address
  • Cookies and similar technologies
  • Browser type, operating system, language, device model, screen resolution
  • Access timestamps (without detailed user activity logs)

3.3 Data We Receive from Third Parties

  • Payment processors: we receive payment tokens or confirmation of transactions (we do not store payment card details)
  • Social login providers (e.g., Google, Facebook): if you choose to log in through a third-party account, we may receive information such as your name, email address, and profile picture, depending on your privacy settings with that provider

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience, analyze traffic, and support advertising. The types of cookies we use include:

  • Essential cookies: necessary for Platform operation and security.
  • Preference cookies: save user settings such as language preferences and login state.
  • Analytics cookies: help us understand how the Platform is performing and improve its technical quality. These cookies may collect technical information such as browser type, operating system, or device characteristics. We do not use analytics cookies to track behavioral data such as specific pages viewed, clicks, or time spent.
  • Marketing cookies: track user behavior to enable retargeting ads.

Technologies we use include, but are not limited to:

  • Google Analytics, which provides data on site usage and behavior.
  • Meta Pixel, used for ad targeting and conversion tracking.

You can manage your cookie preferences through your browser settings or via our cookie banner.

5. Purpose and Legal Basis for Data Processing

We process your personal data only when we have a valid legal basis under applicable laws, including GDPR, PDPO, the California Consumer Privacy Act (CCPA/CPRA), and other relevant privacy laws.

We use your data for the following purposes:

  • To provide and operate the Services (account setup, file uploads/downloads, payments)
  • To verify identity and prevent fraud (including Provider photo ID checks)
  • To respond to support requests and communicate with users
  • To process payments (through third-party providers)
  • To analyze performance and improve functionality
  • To send marketing messages and newsletters
  • To deliver advertising and measure its effectiveness
  • To meet legal, financial, and other regulatory obligations

Legal bases (under GDPR and similar laws):

  • Contractual necessity: to provide the Services you request
  • Consent: for marketing communications, advertising, and non-essential cookies
  • Legitimate interests: for analytics, personalization, and fraud prevention
  • Legal obligation: to comply with laws, financial regulations, and enforcement requests

6. Third Parties and Data Sharing

We do not sell your personal data. However, to operate the Platform and deliver our Services, we may share your personal data with trusted third-party service providers. These include, for example:

  • Analytics and advertising providers (to measure performance and support advertising campaigns)
  • Email and communication platforms (to send service messages and marketing, where permitted)
  • Payment service providers (to process secure payments and payouts)
  • Cloud hosting and infrastructure services (to store data securely and maintain reliable operations)
  • Customer relationship management (CRM) and support systems (to manage accounts and respond to inquiries)
  • Identity verification and fraud prevention providers (for Provider verification and security purposes)

All service providers are contractually required to implement appropriate technical and organizational measures to protect your personal data, to process it only for the purposes we specify, and to comply with applicable data protection laws.

7. International Data Transfers

Your personal data may be stored and processed in countries other than the one in which you reside. This means that information may be transferred to, and maintained on, servers located outside your home jurisdiction — including to countries that may not provide the same level of data protection as those in the Hong Kong Special Administrative Region, the European Union, or the European Economic Area.

Our Platform is currently hosted on Amazon Web Services (AWS), which provides secure cloud infrastructure. Depending on your location, your data may therefore be processed in one or more of AWS's global data centers.

Whenever we transfer your personal data internationally, we take steps to ensure it remains protected in line with applicable data protection laws:

  • Standard Contractual Clauses (SCCs): For transfers from the EU/EEA or the UK to third countries, we rely on SCCs approved by the European Commission or UK Information Commissioner.
  • Equivalent legal safeguards: In other regions, we use comparable legal instruments or contractual protections to ensure an adequate level of data protection.
  • Organizational and technical safeguards: We apply strict contractual controls with service providers, limit access to personal data, and implement security measures such as encryption and monitoring.
  • Other lawful bases: In limited cases, international transfers may also be based on your explicit consent, the performance of a contract, or other lawful grounds permitted by relevant laws.

8. Privacy Rights by Region

Your privacy rights may vary depending on where you live. We will respect and honor these rights in accordance with applicable data protection laws.

In general, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your personal data.
  • Restriction of processing: ask us to temporarily limit how we use your data.
  • Data portability: receive your data in a structured, commonly used, and machine-readable format.
  • Object to processing: object to the use of your data for certain purposes (such as marketing) where we rely on legitimate interests.
  • Withdraw consent: revoke your consent at any time, for example for marketing communications.
  • Opt out of marketing: unsubscribe from newsletters or promotional messages.

Regional notes:

  • European Union / UK: You have the full set of rights described above under the GDPR/UK GDPR, and you may also lodge a complaint with your local data protection authority.
  • Hong Kong (PDPO): You have the right to access and correct your personal data, and to opt out of direct marketing. We will not use your data for direct marketing without your consent, and we will honor any opt-out request.
  • United States (CCPA/CPRA and similar laws): Residents of California and certain other states have the right to know what personal data we collect, request deletion or correction, opt out of the "sale" or "sharing" of data for targeted advertising (we do not sell personal data for money), and limit the use of sensitive personal information.
  • Brazil (LGPD): You have rights to confirm, access, correct, delete, or transfer your personal data, and to withdraw consent at any time.

How to exercise your rights:
You can submit a request by emailing us at privacy@openn.me. We will respond within the timeframes required by law (typically within 30 days).

9. Children's Privacy

Our Platform is intended for individuals aged 18 years and older, or the minimum age of full legal capacity in your jurisdiction.

If we become aware that we have collected personal data from a child below the applicable age threshold without verified parental consent, we will delete such data without delay.

Parents or guardians who believe their child has provided personal data to us should contact us immediately using the details provided in Section 14 (Contact Us).

10. Data Storage and Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to meet legal, regulatory, or contractual requirements. Once data is no longer needed, we will anonymize, archive, or delete it in a secure manner.

In particular:

  • Account data: stored for the lifetime of your account and deleted upon account closure, unless retention is required for legal or regulatory purposes.
  • Payment data: we do not store payment card details. Only payment tokens and transaction confirmations provided by payment processors are retained, for as long as necessary to complete transactions and meet accounting/legal obligations.
  • Uploaded files: retained until you delete them or until your account is closed.
  • Technical data: such as IP addresses and device information, is retained only for operational, security, and troubleshooting purposes and kept for a limited period.
  • Verification documents: such as government-issued ID for Providers, are stored only as long as required for verification, fraud prevention, or compliance with applicable financial and regulatory obligations.

We may retain certain information for a longer period where required by law, such as for tax, accounting, fraud prevention, or to comply with civil and commercial statute of limitations.

Backups: We perform regular encrypted backups to protect against accidental loss or corruption of data. Backups are retained for a limited retention cycle and are securely stored with restricted access. Data contained in backups is permanently deleted when the backup is overwritten or reaches the end of its retention period.

11. Data Security

We are committed to safeguarding your personal data and take appropriate technical and organizational measures to protect it against unauthorized access, loss, misuse, disclosure, alteration, or destruction. While no system is completely secure, we take all reasonable steps to ensure a high level of protection.

Our security measures include, but are not limited to:

  • Encryption in transit and at rest: All data is protected using SSL/HTTPS protocols during transmission and is stored in encrypted databases.
  • Account protection: We offer two-factor authentication (2FA) to enhance login security and protect against unauthorized account access.
  • Access controls: Personal data is accessible only to authorized personnel who require it to perform their duties, and staff are subject to strict confidentiality obligations.
  • System monitoring: We maintain access logs and monitor systems for suspicious activity or unauthorized access attempts.
  • Data backups: Regular backups are performed to ensure resilience and data recovery in case of system failure.
  • Testing and audits: We conduct periodic security audits, vulnerability assessments, and penetration testing to identify and address potential risks.

Data Breach Policy

We maintain a formal incident response plan to handle personal data breaches. If a breach occurs, we will:

  • Promptly investigate and assess the scope and potential impact.
  • Take immediate steps to contain the incident and mitigate any risks.
  • Notify affected individuals without undue delay where there is a high risk to their rights and freedoms.
  • Notify the relevant supervisory authority (where required by law, e.g., under the GDPR) within the legally mandated timeframes.
  • Keep records of all security incidents and responses in accordance with applicable data protection laws.

12. Automated Processing and AI

We use a combination of artificial intelligence (AI) tools and human review to moderate content uploaded to the Platform. This helps us detect prohibited material, enforce our Terms and Conditions, and maintain a safe environment for users.

  • Scope of AI moderation: Uploaded files may be scanned automatically for illegal, harmful, or non-compliant content (such as explicit material, abusive content, or intellectual property violations).
  • Human oversight: All moderation decisions that may materially affect your rights (such as restricting content or suspending an account) are subject to review by our moderation team. We do not rely on AI alone to take actions that could significantly impact you.
  • No fully automated decision-making: We do not engage in decision-making that is based solely on automated processing, including profiling, that produces legal effects or similarly significant consequences for users, within the meaning of the GDPR, PDPO, or similar laws.
  • Transparency and fairness: If your content is flagged by AI moderation, you will be notified of the outcome and, where applicable, given an opportunity to appeal or request human review.
  • Purpose limitation: AI moderation is used strictly for compliance, security, and trust & safety purposes. It is not used for profiling you as a user, nor for automated marketing or credit-scoring decisions.

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with the new effective date. Continued use of the Services means acceptance of the revised policy.

14. Contact Us

For questions, requests, or concerns regarding this Privacy Policy, please contact us at:

Unikorn Marketing Media Limited
Office 4, 10/F., Kwan Chart Tower,
No. 6 Tonnochy Road, Wan Chai, Hong Kong
Email: privacy@openn.me