Privacy Policy & Terms of Service

Lyoworld.org is operated as a nonprofit public welfare project sponsored by LYOMAC TECHNOLOGY LTD. For data protection inquiries, contact our Data Protection Officer at [email protected].

We collect only the minimum data necessary to provide our services:

• Account Information: Email address, username, preferred language
• Expert Certification: Company/institution email, LinkedIn URL, ORCID ID, ResearchGate URL, years of experience, domain expertise (only for expert applicants)
• Usage Data: Content contributions (questions, answers, articles), voting records, credit history
• Donation Data: Transaction records processed through PayPal (we do not store payment card details)

We do not collect: phone numbers, physical addresses, government IDs, or any data beyond what is listed above.

• Provide and maintain platform services
• Verify expert credentials through automated AI review
• Send essential communications (registration verification, donation receipts, security alerts)
• Generate anonymized platform statistics
• Comply with legal obligations

We will never sell, rent, or share your personal data with third parties for commercial purposes.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate personal data
• Right to Erasure: Request deletion of your account and personal data
• Right to Data Portability: Export your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, use the quick action buttons above or contact [email protected]. We will respond within 30 days.

We implement industry-standard security measures including:

• End-to-end encryption for data transmission (TLS 1.3)
• Encrypted storage for sensitive personal data
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Daily automated backups with 7-year retention

In compliance with the UK Product Security and Telecommunications Infrastructure Act:

• No universal default passwords are used
• Users must set unique strong passwords (minimum 8 characters with letters, numbers, and special characters)
• Automatic weak password detection and notification
• Security vulnerability reporting mechanism available

We use only essential cookies required for platform functionality (authentication, language preference). We do not use tracking cookies, advertising cookies, or any third-party analytics cookies beyond our self-hosted analytics solution.

• Active accounts: Data retained while account is active
• Deleted accounts: Personal data removed within 30 days; anonymized contributions (public answers, articles) retained
• Compliance audit logs: Retained for 7 years as required by regulatory standards
• Donation records: Retained for 7 years for tax compliance