GNS Learning Gamenoodlesoup

GNSAI Data Protection Policy
資料保護政策

Effective Date: January 1, 2026 | 生效日期:2026年1月1日

核心原則

GNSAI 是由 遊戲湯麵有限公司 所提供的產品。我們致力於保護您託付給我們人工智能平台的數據之私隱和安全。本 資料保護政策闡述了我們如何根據香港《個人資料(私隱)條例》(第486章)(「私隱條例」)收集、使用、儲存和保障數據。

以下是 GNSAI 資料保護政策的重點摘要。請注意,此摘要僅為方便用戶快速了解政策內容,我們強烈建議您在使用我們的服務前詳細閱讀完整政策。(完整版政策僅提供英文版本。)

  • 我們的核心營運原則是「機構閉環數據 — 為機構收集的數據只會保留在該機構內」
  • 您的數據不會用於任何 AI 模型訓練,亦不會成為任何訓練數據庫的一部分。
  • 所有數據存取均以必要知情為原則,並僅限於為您提供 GNSAI 服務所需的範圍內。
  • 我們使用的所有雲端 AI 服務(包括但不限於大型語言模型推論服務、資料庫、伺服器)均遵循本資料保護政策所述的相同原則。
  • 有關管轄您個人資料政策的更多詳情,請參閱我們機構的私隱政策:https://gamenoodlesoup.com/privacy

Core Principles

At GNSAI, a product by Gamenoodlesoup Limited, a company incorporated in the Hong Kong Special Administrative Region, we are committed to protecting the privacy and security of the data you entrust to our artificial intelligence platform. This AI-Specific Data Protection Policy outlines how we collect, use, store, and safeguard data in compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO").

Below are the highlights of our Data Protection Policy with regards to GNSAI. Please note that this is just a convenience for users to have a brief understanding of the policy, and you are strongly advised to review the whole policy before using our services.

  • Our core operational principle remains data collected for an organisation remains within that organisation.
  • Your data will not be used in any kinds of AI model training or be included in any parts of a training dataset for any kinds of services.
  • All data access to your data is on a need-to-know basis and will be strictly controlled to the extent of providing quality services to you only.
  • All cloud AI services (including but not limited to large language model inference services, database, servers) we use will adhere to the same principles as outlined in this Data Protection Policy.
  • Please also make reference to our Privacy Policy for more details regarding the policy governing your personal information at https://gamenoodlesoup.com/privacy

Full Data Protection Policy

1. Scope of Policy

This policy is an addendum to the Privacy Policy that encompasses all services provided by Gamenoodlesoup Limited, for which can be accessed at https://gamenoodlesoup.com/privacy. This Data Protection Policy will supersede the general Privacy Policy for where the purposes of the terms did overlap.

This policy applies to all users of the GNSAI services (including but not limited to GNSAI Platform at https://chat.ai.gns.hk, GNSAI Maths https://maths.ai.gns.hk, GNSAI Flow https://flow.ai.gns.hk, and the accompanying GNSAI mobile applications), published by Gamenoodlesoup and under the domain name of ai.gns.hk.

It governs the treatment of personal data and organisational data processed by our AI models, including text inputs, generated outputs, user interactions, and system metadata.

2. Organisational Data Boundary Principle

Our foundational privacy commitment is strict data isolation.

  • Data Isolation: All data inputted, processed, and generated by users belonging to a specific organisation on the GNSAI platform is strictly segregated and remains securely within that organisation's defined environment.
  • No Cross-organisational Sharing: Data from one organisation will never be shared with, accessible to, or used to train AI models for any other organisation or external entity.
  • Model Training: Your organisational data is not used to train our base AI models for general use. Any customized model training or fine-tuning utilizing your data is restricted to your organisation's exclusive instance and benefit.

3. Exceptions for Maintenance and Debugging

While we strictly enforce organisational data boundaries, limited access by authorised GNSAI personnel may be required for essential platform operations.

  • System Maintenance: Our engineering team may access system logs and anonymized usage metrics to monitor platform health, ensure uptime, and perform necessary updates.
  • Debugging and Support: In the event of a technical issue or user-reported error, authorized personnel may temporarily access specific data instances to diagnose and resolve the problem.
  • Strict Controls: This access is heavily restricted, logged, and granted only on a need-to-know basis to personnel bound by strict confidentiality agreements. Data accessed for debugging will not be retained longer than necessary to resolve the issue.

4. Data Security Measures

We employ robust technical and organisational security measures to protect your data against unauthorized or accidental access, processing, erasure, loss, or use.

  • Encryption: Data is encrypted both in transit and at rest.
  • Access Controls: We utilize multi-factor authentication, role-based access control (RBAC), and regular security audits to ensure only authorized users within your organisation can access your data.

5. Data Retention and Account Deletion

We do not keep personal data longer than is necessary to fulfill the purpose for which it is used. Your organisation retains full control over its data lifecycle under the following terms:

  • Active Accounts: Data is retained as long as your organisation maintains an active account with GNSAI.
  • 180-Day Inactivity Deletion: Organisations that remain completely inactive for a period of 180 consecutive days will be subject to automatic deletion. Upon this deletion, all associated organisational data, user inputs, and customised models will be securely and permanently erased from our systems. (Completely inactive organisation means the organisation is not under an active paid plan, not in a trial and not being actively engaged with our sales personnel.)
  • Voluntary Deletion: Upon written request or account termination, we will securely delete all organisational data in accordance with our internal data destruction protocols.

6. User Rights

As a data subject, you possess specific rights regarding your personal information:

  • Data Access and Correction: You have the right to request access to your personal data held by us, and to request a correction if you consider the data to be inaccurate.
  • Processing Timeframes: We are committed to responding to valid Data Access Requests and Data Correction Requests within 30 days of receipt.
  • Direct Marketing: We will not use your personal data for direct marketing purposes without your explicit and informed consent.

7. User Responsibilities

Organisations using GNSAI act as "Data Users" for the personal data they input into the platform. You are responsible for managing access permissions within your workspace, ensuring that the data you collect and input is obtained lawfully, and complying with your own obligations or other applicable data privacy laws.

8. Changes to This Policy

We may update this Data Protection Policy periodically to reflect changes in technology or legal requirements. We will notify organisations of any material changes via email or an in-platform announcement prior to the changes taking effect.

9. Contact Us

To exercise your data access or correction rights, or if you have any questions regarding this policy, please contact our Data Protection Officer at legal@gamenoodlesoup.com