Privacy Policy
Last updated 6 May 2026. UK GDPR, EU GDPR and CCPA aligned. We process configuration metadata only — never employee personal data.
1. Who we are
Yoetz.ai ("we", "us", "our") is the controller of the small amount of personal data we collect about account holders, and the processor of the Configuration Data our customers connect to the Service. Contact: privacy@yoetz.ai.
2. What we collect
Account data: name, work email, job title, company, country, account type, login timestamps, billing identifiers from Stripe (we never store full card numbers). Connection data: HR platform tenant URL, integration system user identifier, encrypted credentials. Configuration data: read-only metadata describing the structure of the connected tenant — security groups, business processes, calculated fields, integration definitions. Usage data: page views, feature usage, IP-derived country, device/browser metadata, support ticket content.
3. What we explicitly do NOT collect
We do not collect, transmit, store or process: worker personal records, candidate records, dependents, payroll amounts, compensation history, performance reviews, time-off balances, social security or national identifier numbers, bank account numbers, or any free-text employee comments. The connection guides, ISU permission set and rate limits are designed so that a malicious or compromised Yoetz.ai cannot extract this data from your tenant.
4. Lawful bases (UK GDPR / EU GDPR)
Contract: to provide the Service you signed up for. Legitimate interests: securing the platform, preventing abuse, improving the product based on aggregated usage. Legal obligation: tax, accounting and lawful requests. Consent: optional analytics cookies (where applicable).
5. How we secure your data
Encryption at rest using AES-256-GCM for credentials. TLS 1.3 in transit. Row-level security on every customer-owned table — your account can never read another customer's rows, enforced at the database layer. Per-tenant credential isolation. Service-role keys are server-only and never bundled into client code. Hardened CI/CD with secret scanning. Quarterly internal access reviews.
6. AI processing & subprocessors
Executive summaries and remediation explanations are produced by third-party LLM providers via the Lovable AI Gateway. Currently this includes Anthropic Claude and Google Gemini. We send only de-identified Configuration Data and finding metadata — never employee PII. Subprocessor list (current): Supabase (database & auth), Stripe (billing), Cloudflare (edge runtime & DDoS), Anthropic and Google (AI inference). The current list is published at request to privacy@yoetz.ai and we will give 30 days' notice before adding a subprocessor that processes Configuration Data.
7. Retention
Account data: lifetime of the account plus 90 days. Configuration Data and scan results: lifetime of the subscription plus 90 days, then permanently deleted. Encrypted credentials: until you disconnect the tenant — disconnection deletes them immediately and irreversibly. Billing records: as long as required by tax law (typically 7 years). Audit logs (DPA acceptance, support ticket history): 7 years.
8. International transfers
Our primary infrastructure is in the EU and UK. Where data is transferred outside the UK or EEA (for example to Stripe, Anthropic or Google in the United States) we rely on the UK International Data Transfer Addendum and EU Standard Contractual Clauses with each subprocessor.
9. Your rights
Under the UK GDPR, EU GDPR and California Consumer Privacy Act you have the right to: access your personal data, correct it, request erasure, restrict or object to processing, port your data, and (for California residents) opt out of any "sale" or "sharing" of personal information — note that we do not sell or share personal information for cross-context behavioural advertising. To exercise any right, email privacy@yoetz.ai. We respond within 30 days and never charge a fee.
10. Children
The Service is not directed to anyone under 16. We do not knowingly collect personal data from children.
11. Cookies
We use only strictly-necessary cookies to operate authentication and security. Optional analytics, where used, are first-party only and respect your cookie banner choice. See our Cookie Policy for details.
12. Breach notification
In the event of a personal data breach affecting Configuration Data or account data, we will notify the affected customer's primary administrator without undue delay and within 72 hours of becoming aware, as required by Article 33 GDPR.
13. Changes
Material changes to this policy will be announced 30 days in advance by email and an in-product banner.
14. Contact / DPO
Privacy questions: privacy@yoetz.ai. Data Protection Officer: dpo@yoetz.ai. Postal: Yoetz.ai Limited, registered office on file with Companies House.