Privacy Policy

Last Updated: 2025-11-16

Effective Date: Upon Launch

1. Introduction

This Privacy Policy explains how Yayr ("we", "us", "our") collects, uses, and protects your personal information when you use our mobile application.

Our Commitment:

  • We collect only what's necessary for the app to function
  • We never sell your data
  • You control your data - request access or deletion anytime
  • Your lists and items belong to you

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Email address (for authentication)
  • Display name (optional, for list sharing)
  • Password (encrypted, we cannot see it)

Content You Create:

  • List names and descriptions
  • List items and notes
  • Completion status
  • Achievement markers
  • Due dates

Sharing & Collaboration:

  • Email addresses of people you invite to lists
  • Membership status in shared lists
  • Reactions and celebrations you send

2.2 Automatically Collected Information

Usage Data:

  • App interactions (which features you use)
  • Error logs and crash reports (to fix bugs)
  • Performance metrics (to improve app speed)

Device Information:

  • Device type and OS version
  • App version
  • Timezone (for due date features)

We Do NOT Collect:

  • Location data
  • Contacts from your device
  • Photos or camera access
  • Microphone access
  • Any data from other apps

3. How We Use Your Information

Primary Uses:

1. Provide Core Features

  • Sync lists across your devices
  • Share lists with other users
  • Send notifications for updates
  • Display achievements and celebrations

2. Improve the App

  • Fix bugs and crashes
  • Optimize performance
  • Develop new features
  • Understand which features are most valuable

3. Customer Support

  • Respond to your questions
  • Troubleshoot issues
  • Process refund requests

4. Business Operations

  • Process subscription payments
  • Prevent fraud and abuse
  • Comply with legal obligations

We Do NOT:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your lists with anyone except people you invite
  • Train AI models on your content

4. How We Share Your Information

With Your Permission:

  • List collaborators - People you invite can see the list you shared
  • Family sharing - Family subscription members can access shared lists

Service Providers (Required for App Function):

  • Supabase (Database & Authentication) - Stores your data securely
  • RevenueCat (Subscriptions) - Processes premium subscriptions
  • Sentry (Error Tracking) - Helps us fix crashes
  • AWS/CloudFront (Hosting) - Delivers the app

All service providers:

  • Sign data processing agreements
  • Meet GDPR/CCPA standards
  • Use encryption in transit and at rest

Legal Requirements:

We may disclose information if required by:

  • Court order or subpoena
  • Legal process
  • Protection of rights or safety

We Will NOT:

  • Sell or rent your data
  • Share for marketing purposes
  • Provide to data brokers

5. Data Storage and Security

Where Data is Stored:

  • Primary: EU servers (Supabase EU region)
  • Backups: EU regions only
  • No US data transfer (unless you're a US user)

Security Measures:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Password hashing: bcrypt with salt
  • Database security: Row-Level Security (RLS) policies
  • API security: JWT authentication
  • Regular security audits

Data Retention:

  • Active accounts: Data retained while account is active
  • Deleted accounts: Data deleted within 30 days
  • Backups: Purged from backups within 90 days
  • Legal holds: Retained only as required by law

6. Your Rights (GDPR/CCPA)

You Have the Right To:

1. Access Your Data

  • Request a copy of all data we have about you
  • Receive in portable format (JSON export)
  • Response time: Within 30 days

2. Correct Your Data

  • Update your email or display name in Settings
  • Edit or delete lists and items anytime

3. Delete Your Data

  • Delete your account in Settings → Account → Delete Account
  • All data removed within 30 days
  • Backups purged within 90 days

4. Export Your Data

  • Contact privacy@yayr.app to request a data export
  • Receive JSON file with all lists and items
  • We will provide this within 30 days (GDPR requirement)

5. Opt-Out of Communications

  • Disable notifications in Settings → Notifications
  • Unsubscribe from emails via link in email
  • Marketing emails (if any) have one-click unsubscribe

6. Object to Processing

  • Contact us to object to specific uses
  • We'll respond within 30 days

7. Withdraw Consent

  • Delete account to withdraw all consent
  • Disable specific features in Settings

How to Exercise Rights:

  • Email: privacy@yayr.app for all data requests
  • Account deletion: Settings → Account → Delete Account (in-app)
  • Response time: Within 30 days (GDPR requirement)

7. Children's Privacy

Yayr is not intended for children under 13 (or 16 in EU).

  • We do not knowingly collect data from children
  • If we discover child data, we delete it immediately
  • Parents: Contact privacy@yayr.app if you believe your child used Yayr

8. International Users

EU Users (GDPR):

  • Data stored in EU
  • GDPR rights fully supported
  • Data processing agreement available on request

California Users (CCPA):

  • CCPA rights fully supported
  • Do Not Sell: We don't sell data (never have, never will)
  • Request data or deletion: privacy@yayr.app

UK Users (UK GDPR):

  • UK GDPR compliance
  • Data stored in EU/UK
  • ICO registration: Required if processing personal data

Other Regions:

  • Data may be stored in EU or US
  • Same privacy protections apply
  • Contact us for specific questions

9. Cookies and Tracking

What We Use:

  • Essential cookies: Authentication, session management (required for app to work)
  • Analytics: Aggregate usage statistics (no personal identification)
  • Performance: Error tracking, crash reports

What We DON'T Use:

  • Advertising cookies
  • Third-party tracking cookies
  • Cross-site tracking
  • Fingerprinting

Control:

  • You cannot disable essential cookies (app won't work)
  • You can disable analytics in Settings → Privacy → Usage Data

10. Changes to This Policy

When We Update:

  • We'll notify you via email (30 days notice)
  • In-app notification on next launch
  • "Last Updated" date at top of policy

Your Options:

  • Continue using (acceptance of new policy)
  • Delete account before effective date (if you disagree)

11. Contact Us

Privacy Questions:

  • Email: support@yayr.app
  • We aim to respond promptly

Data Requests:

  • Email: support@yayr.app with subject "Data Request"
  • Include: Account email, type of request
  • Response: Within 30 days (GDPR requirement)

Complaints:

  • Email: support@yayr.app
  • If unsatisfied, contact supervisory authority:
    • UK: Information Commissioner's Office (ICO)
    • EU: Your country's data protection authority
    • US: Your state attorney general

Company Details:

  • Gwinva Limited
  • 12 East Close, Helston, Cornwall, TR13 8LG
  • Company Registration Number: 16854456
  • ICO Registration: ZC044445

12. Legal Basis for Processing (GDPR)

Data Type Legal Basis Purpose
Email, Password Contract Performance Provide account & sync
Lists, Items Contract Performance Core app functionality
Usage Data Legitimate Interest Improve app, fix bugs
Payment Data Contract Performance Process subscriptions
Marketing Emails Consent Send product updates (opt-in only)
Back to Home