优云API 优云API / Legal and Compliance
Home Models Legal and Compliance
简体中文 繁體中文 English Français 日本語 Русский Tiếng Việt

Legal and Compliance

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Data Processing Agreement
  • Refund Policy

Youyun API Data Processing Agreement

Last updated: July 3, 2026

This Data Processing Agreement (hereinafter referred to as "this Agreement") applies when enterprises, developers, or other customers (hereinafter referred to as "Customer" or "you") use Youyun API (hereinafter referred to as "this platform" or "we") to process API requests, console operations, and related services containing personal information, business data, code, text, images, files, Prompts, or other data.

This Agreement supplements the Terms of Service and the Privacy Policy. If this Agreement conflicts with the Terms of Service or the Privacy Policy, this Agreement prevails for matters involving data processing entrusted by the Customer.

1. Role Allocation

For data independently submitted, uploaded, transmitted, or processed by the Customer through API calls, the Customer usually acts as the personal information processor, data controller, or similar role, deciding the processing purpose, processing method, data source, legality basis, and notice to data subjects.

When this platform provides API gateway, model calls, billing, logs, risk control, and technical support according to Customer instructions, it usually acts as an entrusted processor, data processor, or similar role.

For data necessary for this platform's own operations, such as account registration, top-up, accounting, security risk control, customer support, dispute handling, and compliance audit, we may process related information as an independent personal information processor.

2. Processing Purposes

We process Customer data only for the following purposes:

  • Providing API gateway, model calls, request forwarding, and response return
  • Performing Token statistics, multiplier calculation, fee deduction, bill display, and call records
  • Performing rate limiting, risk control, security protection, anomaly detection, and attack defense
  • Providing troubleshooting, customer support, tickets, technical support, and dispute handling
  • Fulfilling laws and regulations, regulatory requirements, and lawful requests from judicial or administrative authorities
  • Other purposes separately authorized by the Customer or permitted by applicable law

We will not actively use Customer data for purposes unrelated to the above.

We will not use Prompts, context, code, images, files, or model output bodies submitted by Customers through APIs for model training, user profiling, advertising, marketing, or purposes unrelated to this Agreement. Unless the Customer actively submits related content through customer support, tickets, email, or other support channels, or laws, regulations, or regulatory requirements provide otherwise, we will not persistently store context bodies or model output bodies from Customer API calls.

Safety checks, sensitive-content identification, or upstream model provider interception are real-time processing steps in model calls and service risk control. Except for necessary call metadata, error codes, interception status, and security logs, we will not persistently store checked or intercepted Customer API request bodies, context bodies, or model output bodies.

3. Types of Data Processed

Depending on Customer usage, Customer data may include:

  • API request content: Prompts, context, code, text, images, files, parameters, and other inputs. Such content is only temporarily processed during request forwarding and response return and is not saved as persistent logs
  • API output content: model responses, generated content, error information, and return metadata. Except for necessary error status and return metadata, model output bodies are not saved as persistent logs
  • Call metadata: model name, request time, request path, Token usage, fees, group, multiplier, status code, error code, IP, User-Agent, request ID
  • Account and permission data: user ID, API Key, group, role, quota, balance, risk-control status
  • Ticket and support data: issue descriptions, screenshots, logs, communication records, and processing results

Customers should not submit personal sensitive information unrelated to the service, unauthorized personal information, state secrets, trade secrets, export-controlled data, or other restricted data through this platform.

4. Customer Responsibilities

Customers must ensure:

  • They have a lawful processing basis and necessary authorization for data submitted to this platform
  • They have provided notice to data subjects and obtained necessary consent or satisfied another lawful basis according to law
  • Submitted data, usage scenarios, model calls, and output usage comply with applicable laws and regulations and third-party rules
  • They do not process illegal, infringing, unauthorized, excessively collected, or business-purpose-unrelated data through this platform
  • They conduct necessary human review of model outputs, especially in high-risk scenarios or scenarios affecting personal rights and interests
  • They properly safeguard accounts, API Keys, keys, access tokens, and client environments

Customers are responsible for liabilities caused by unlawful Customer data sources, authorization, notice, usage scenarios, instructions, or output usage.

5. Processing Obligations of This Platform

We will process Customer data according to the Customer's lawful, clear, and reasonable instructions, and take reasonable security measures to protect data, including:

  • Access control and permission management
  • Transmission encryption and necessary storage protection
  • Log auditing and anomaly monitoring
  • Necessary confidentiality constraints for employees and service providers
  • Minimization of processing and access within the necessary scope
  • Security incident response and vulnerability remediation

If we believe a Customer instruction may violate laws and regulations, third-party rules, or platform security requirements, we have the right to refuse execution, require the Customer to correct it, suspend processing, or take necessary risk-control measures.

6. Subprocessors and Third-party Services

To provide services, we may use the following types of subprocessors or third-party services:

  • Upstream model providers or API service providers
  • Cloud servers, object storage, databases, CDN, WAF, and security verification providers
  • Payment, SMS, email, logging, monitoring, customer support, and ticket providers
  • Compliance, audit, legal, or dispute-resolution related service providers

We will provide relevant data to subprocessors within the necessary scope and require them to process data according to the purposes of this Agreement and reasonable security requirements.

7. Cross-border Processing

The Customer understands and agrees that some model services, upstream APIs, cloud infrastructure, or security services may be located outside your jurisdiction. To complete model calls actively initiated by the Customer, return results, perform billing, troubleshoot, or provide security protection, we may need to transmit request content and necessary call metadata to corresponding service providers for processing.

Such transfer is only used to complete the service request actively initiated by the Customer. It does not mean we will persistently store API call bodies, nor does it mean we will use the Customer's Prompt, context, code, images, files, or model output body for model training, advertising, marketing, or other unrelated purposes.

The Customer should assess cross-border transfer according to the laws and regulations applicable to itself, and complete necessary notice, consent, contracts, filings, assessments, or other compliance procedures. The Customer should not submit state secrets, trade secrets, unauthorized personal information, personal sensitive information, data subject to confidentiality obligations, or other data that should not be transferred across borders. The Customer is responsible for leaks, disputes, complaints, penalties, or losses caused by actively submitting the above data, failing to obtain necessary authorization, or failing to fulfill its own notification, consent, confidentiality, and compliance review obligations, unless laws and regulations provide otherwise. We will provide necessary assistance within a reasonable scope.

8. Data Retention and Deletion

We retain necessary account, accounting, call metadata, and security logs for the period necessary to provide services, perform billing, risk control, troubleshooting, dispute handling, and compliance audit. We will not persistently store the Prompt, context, code, images, files, or model output body from Customer API calls, unless the Customer actively submits them to support channels such as customer support, tickets, or email, or laws, regulations, or regulatory requirements provide otherwise.

Customers may delete API Keys, clear account configurations, or submit deletion requests according to platform functions. After service termination, we will delete or anonymize Customer data within a reasonable period according to laws and regulations, finance and tax, security audit, dispute resolution, and backup recovery requirements.

Data in backup systems may be deleted with delay within the backup cycle due to technical limitations, but we will restrict access and clear it after the backup expires.

9. Security Incidents

If an incident that may affect Customer data security occurs, we will notify affected Customers in a timely manner after confirming the incident in accordance with applicable laws and regulations, and provide information such as incident type, possible impact, measures taken or planned, and recommended measures Customers can take.

Customers should cooperate in troubleshooting, loss mitigation, and notification obligations in a timely manner. If a security incident is caused by Customer account leakage, key leakage, misconfiguration, illegal calls, or third-party clients, the Customer should bear corresponding responsibility.

10. Data Subject Requests

If a data subject submits a request to query, correct, delete, withdraw consent, copy, or exercise other rights regarding Customer data, the Customer is responsible for responding. We will assist the Customer in handling related requests within a reasonable scope, but may require the Customer to provide request background, identity verification results, and specific processing instructions.

11. Audit and Compliance Assistance

Without affecting this platform's security, trade secrets, rights and interests of other customers, and system stability, we may provide Customers with reasonable compliance explanations, security measure summaries, processing flow explanations, or other necessary materials.

If the Customer requests an on-site audit or deep review, it should provide advance written notice and bear reasonable costs incurred. We have the right to replace on-site audits with third-party audit reports, security statements, or equivalent materials.

12. Limitation of Liability

Unless mandatory provisions of laws and regulations provide otherwise, neither party shall be liable for indirect losses, loss of profits, business interruption, data loss, goodwill loss, third-party claims, or punitive damages.

Our liability cap under this Agreement is subject to the limitation of liability clause in the Terms of Service.

13. Agreement Termination

When the Customer stops using this platform, cancels the account, the service terminates, or the Terms of Service terminate, this Agreement terminates accordingly, except for confidentiality, data deletion, limitation of liability, dispute resolution, and clauses that should continue to be effective according to law.

14. Contact

  • Brand: Youyun API
  • Website: https://yycode.net
  • Contact: [email protected]
On this page
Youyun API Data Processing Agreement1. Role Allocation2. Processing Purposes3. Types of Data Processed4. Customer Responsibilities5. Processing Obligations of This Platform6. Subprocessors and Third-party Services7. Cross-border Processing8. Data Retention and Deletion9. Security Incidents10. Data Subject Requests11. Audit and Compliance Assistance12. Limitation of Liability13. Agreement Termination14. Contact