Privacy Policy

Privacy Policy

Effective Date: June 12, 2026

1. Introduction

YukiSoftware OÜ ("we") is committed to a privacy-first architecture. This policy describes how we handle your data when you use the Yuki App.

2. Data Minimization & Redaction

  • On-Device/In-Transit Redaction: When processing your data (e.g., emails), we aim to redact sensitive personal identifiers (such as full bodies of personal correspondence) that are not required for the specific insight being generated.
  • Insight-Only Storage: We do not permanently store your raw email bodies. We only store the Derived Insights (e.g., "Flight to Paris on Jan 20" or "Spotify Subscription: $9.99"). Once the insight is extracted, the raw source data is discarded from our processing cache.

3. Information We Collect

  • Account Data (always collected): When you sign in with Google, we receive only your name, email address, and profile picture (the standard openid email profile scopes). When you sign in with Apple, we receive your full name and email (or a relay address if you choose to hide your real one).
  • Google API Data (OPTIONAL — opt-in via "Connect Gmail & Calendar"): The scopes below are not requested at sign-in. You can use Yuki without granting any of them — calendar and email-derived features will simply show empty states. To enable them, tap "Connect Gmail & Calendar" on the post-signup screen, or any time later from Profile > Connect Gmail & Calendar. You can disconnect at any time from the same screen, which immediately revokes our access tokens.
    • Gmail (Read — gmail.readonly): We access your Gmail inbox in read-only mode to automatically extract structured insights such as travel itineraries, financial transactions (receipts, invoices, subscriptions), and delivery tracking updates.
    • Gmail (Send — gmail.send): The Day Organizer's "Focus Zone" feature displays priority emails that need your attention, along with AI-suggested quick replies. When you tap a quick reply, the app sends the reply on your behalf using the Gmail API. Emails are only sent when you explicitly initiate the action — the app never sends emails automatically or without your knowledge.
    • Google Calendar (calendar): We read your calendar events to display them in the Day Organizer and write events to help you organize auto-detected commitments (e.g., flights, hotel check-ins).
    • Google Contacts (contacts.readonly): We access your contacts in read-only mode to display upcoming birthday and anniversary reminders on the Home dashboard. Contact data is stored securely in our database and never shared with third parties.
    • Location: During onboarding, we request your location to personalize your experience (e.g., setting your home city). Location data is stored in your profile and is never shared with third parties. You can update or remove it at any time in your profile settings.
  • Usage Data: Anonymous crash logs and performance metrics via Sentry (mobile + web), PostHog (mobile only), and Microsoft Clarity (website only — heatmaps and session recordings for layout improvement).
  • Group Data: If you create or join a Group (see Section 4C), you voluntarily share certain data with other group members, including shared tasks, task assignments, expense details (amounts, categories, splits), poll responses, grocery lists, comments, and optionally your calendar events. Your email address is shared with group members via the invitation process.
  • Device & Notification Data: We store your device push notification token (via Expo Push Notifications) to deliver real-time alerts for task reminders, group activity, and email-arrival notifications. We also collect a Firebase App Check attestation token to verify that requests originate from a genuine installation of the App. You can disable push notifications at any time through your device settings.
  • Grocery & Shopping List Data: If you use the grocery list feature, we store your list items, categories, quantities, and check-off status. Grocery lists created within a Group are visible to all group members and may include item assignments to specific members.
  • Support Chat Data: When you use the in-app support chat, we store your messages, AI responses, and any replies from human support agents. This data is linked to your account and stored in our database. If your conversation is escalated to a human agent, the chat history is shared with our support platform, HelpScout (see Section 6).
  • Third-Party Data Enrichment:
    • Weather: For trip and travel features, we fetch weather forecasts for your trip destinations from the Open-Meteo API. Weather data is cached temporarily on our servers and on your device. Only geographic coordinates are transmitted; no personal data is sent.
    • Flight Data: For detected flight bookings, we may query the AirLabs API to retrieve supplementary real-time flight information such as gate numbers, terminal assignments, and delay status. Only flight numbers and dates are transmitted.
  • Imported Calendar Files: You may import events by sharing .ics (iCalendar) files with the App. The App reads the file contents to create calendar entries; the raw file is not permanently stored.
  • Clipboard Access: The grocery list feature allows you to copy your shopping list to your device clipboard for sharing outside the App. Clipboard data is accessed only when you explicitly initiate the copy action and is not transmitted to our servers.
  • AI Processing: Some features (e.g., AI Quick-Add, summaries, and parsing of text, receipts, and statements) send the relevant input to a third-party AI/cloud provider to generate results. We send only the data needed for the feature and do not sell your data; your inputs are not used to train third-party models. See Section 5 (AI/ML Processing Disclosure) and Section 6 (Third-Party Sub-Processors) for details.
  • Camera / Receipt & Document Scanning (OCR): When you scan a receipt or document with your camera, the image is processed (on-device and/or via our processing pipeline / OCR provider) to extract structured details such as merchant, amount, and date. We store the extracted details; raw images are not retained beyond what is needed to process them.
  • Statement Import: When you import a bank or card statement, the file is processed to extract transactions. We store the extracted transactions, not the original statement file beyond processing.
  • Travel Documents: If you store travel documents (e.g., boarding passes, tickets, visas, hotel confirmations), this information is personal data stored securely in your account, visible only to you (and group members if you share a trip), and is never sold or shared with third parties for their own use.

4. How We Use Your Data

We use Google API data exclusively to provide the app's core features:

  • Extracting travel, finance, and delivery insights from emails
  • Sending quick replies from the Day Organizer (only when you explicitly initiate the action)
  • Displaying calendar events and creating new events for detected trips
  • Showing birthday and anniversary reminders from contacts

We do not use Google API data for advertising, market research, or any purpose unrelated to providing the app's functionality.

A. Automated Task Creation

The App may automatically create tasks based on actionable information extracted from your emails, such as payment due dates, flight check-in reminders, subscription renewals, trial expiration dates, and delivery pickup deadlines. These tasks are created locally in your account and are not shared unless you are part of a Group. You can disable this feature at any time via Profile > Privacy & Data > Auto-Create Tasks from Emails.

B. Record Enrichment

When follow-up emails arrive regarding an existing record (e.g., a flight cancellation after a booking confirmation, a refund after a purchase, or a delivery status update), the App automatically enriches the original record with the updated information. This ensures your data stays current. When the App is uncertain about the nature of an update, it uses hedging language (e.g., "Probably cancelled — best to confirm with airline directly"). Enrichment includes updating booking statuses (confirmed, cancelled, delayed, rescheduled), recording refund transactions with negative amounts, and adjusting or cancelling related auto-created tasks.

C. Groups

Groups allow you to collaborate with family, friends, roommates, or coparenting partners. When you create or join a Group:

  • Shared Data: Tasks (including assignments to specific members), expenses (amounts, categories, payer, split details), settlements, poll questions and votes, grocery lists (items, categories, assignments, check-off status), comments, and activity history are visible to all active group members.
  • Calendar Sharing (Opt-In): You may choose to share your calendar events with the group. This is disabled by default and requires explicit opt-in.
  • Email Disclosure: When you invite someone to a group, their email address is stored in the invitation record. Group members can see the display names and avatars of other members.
  • Activity Logging: Actions within a group (tasks created, expenses added, members joined) are logged in a shared activity feed visible to all members.
  • Removal: When a member is removed from a group or leaves voluntarily, they immediately lose access to all group data. Historical activity records (e.g., "Alice added an expense") remain visible to other members.
  • Data Isolation: Your personal data (emails, individual financial records, private tasks) is never shared with group members. Only data you explicitly create within the Group context is visible to other members.
  • Delegated Tasks: Group members can delegate tasks to people outside the group via a secure, unique link. The delegated recipient can view and complete only the specific task shared with them — no account or login is required. No other group or personal data is accessible through these links.
  • Birthday & Special Day Wishes: The App provides a feature to send birthday or anniversary wishes to your contacts. When you initiate a wish, the App deep-links to your preferred messaging app (WhatsApp, SMS, Telegram, or Email) with a pre-filled greeting message. The message is sent through the third-party messaging platform, not through Yuki servers. We do not store or transmit the content of these messages.

5. AI/ML Processing Disclosure

We use third-party language models for five purposes: (a) parsing unstructured email text into structured data (flight numbers, amounts, tracking IDs, booking statuses, refund details), (b) generating draft trip itineraries when you use the Plan-a-Trip feature, (c) creating individual records (tasks, reminders, occasions, transactions, subscriptions, grocery lists) when you use the AI Quick-Add feature, (d) powering the Yuki AI in-app conversational assistant that lets you ask questions about your records and perform actions (create/update/delete tasks, expenses, trips, etc.) via natural language, and (e) generating responses in the in-app Support chat. To keep AI features available even when one provider is degraded, requests flow through a fallback chain across multiple providers (see Section 6). This processing:

  • Is performed solely to provide the app's core features
  • Does not involve training or improving AI/ML models with your data
  • Uses provider APIs with data processing agreements that prohibit model training on customer data
  • Email parsing only sends the minimum text needed for classification (subject lines, relevant snippets — not full email bodies)
  • Trip planning only sends the prompt you type, the trip window you select, and a brief summary of your existing trips/items in that window. Your email contents are never shared with the trip-planning AI.
  • Quick-Add only sends the short prompt you type and the current date. No emails, contacts, or other personal records are shared with the Quick-Add AI; it returns a structured payload that we then write to the relevant table on your behalf.
  • Yuki AI Assistant: When you chat with Yuki AI, the model receives your message, recent conversation history, and your timezone. To answer questions or perform actions you request, the model may call internal "tools" that read or write specific records on your behalf — but only the records relevant to your current request, and only within your own account. The model never sees raw email bodies, never accesses other users' data, and only writes/updates records when your request makes the intent clear. Conversation history is stored in your account and can be cleared via Profile > Privacy & Data.
  • Support Chat: When you use the in-app Support chat, your messages are sent to the AI to generate a draft response. If you escalate to a human agent, your conversation history is forwarded to HelpScout (see Section 6) for our team to respond.

6. Third-Party Sub-Processors

To provide the Service, we utilize specific third-party infrastructure:

  • OpenAI (US): Email text parsing into structured insights, Yuki AI conversational assistant, AI Quick-Add, AI response generation for the in-app Support chat, and primary provider for AI trip itinerary generation. Data is not used to train their models.
  • Anthropic (US, accessed via Google Cloud Vertex AI in europe-west1): Fallback provider for AI trip itinerary generation. Data is not used to train their models.
  • Google Cloud Platform (EU): Backend API services hosted on Cloud Run in europe-west1; also hosts the Vertex AI inference endpoints used for AI trip itinerary generation (Anthropic Claude and Google Gemini models). Data is not used to train models.
  • Supabase (AWS): Secure database hosting for User Profile and Derived Insights.
  • RevenueCat (US): Subscription status and entitlement checks.
  • Paddle.com (UK): Merchant of Record for web-only subscription purchases made at yukihq.com. Processes payment information (card details, billing address) and handles VAT/GST collection. Your payment credentials are stored by Paddle, not by us. Paddle's privacy policy applies to payment data they process. Paddle is not available inside the iOS or Android apps — in-app purchases on iOS go exclusively through Apple's In-App Purchase system, and on Android exclusively through Google Play Billing, in compliance with Apple App Store and Google Play policies.
  • Sentry (US): Error tracking and crash reporting (no PII transmitted).
  • HelpScout (US): Human support agent platform. When your support conversation is escalated to a human agent, your conversation history (messages, issue type, and account email) is shared with HelpScout to enable our support team to respond. HelpScout's privacy policy applies to data processed on their platform.
  • PostHog (EU): Anonymous product analytics — mobile app only.
  • Cloudflare (US/EU): Hosts the public website (yukihq.com) and documentation site (docs.yukihq.com). Cloudflare Web Analytics provides anonymous, cookieless traffic measurement for marketing-site pages.
  • Microsoft Clarity (US/EU): Privacy-friendly heatmaps and session recordings for the public website and docs site. Used to understand how visitors interact with landing pages and improve layout. Clarity does not collect personal data; sensitive form fields are masked by default. Configured in cookieless mode.
  • AppsFlyer (US): Install attribution and campaign measurement. Collects IDFA (with your consent via iOS App Tracking Transparency prompt) solely for measuring install sources. No personal data is shared for advertising purposes.
  • Open-Meteo: Weather forecast data for trip destinations. No personal data is transmitted; only geographic coordinates are sent.
  • AirLabs: Real-time flight status enrichment (gate, terminal, delay). Only flight numbers and dates are transmitted.
  • Firebase / Google (US): App Check device attestation to prevent API abuse. No personal data is collected beyond the attestation token.

7. Cookies & Tracking Technologies

  • Website (yukihq.com) & Docs (docs.yukihq.com): Two complementary analytics tools, both privacy-friendly: Cloudflare Web Analytics for cookieless traffic measurement (pageviews, sources, top pages), and Microsoft Clarity for heatmaps and session recordings to improve layout. Clarity is configured in cookieless mode and automatically masks form inputs. No third-party advertising cookies or cross-site trackers are used on either site.
  • Mobile App: The Yuki mobile app does not use cookies. PostHog analytics data is stored locally on your device using file-based persistence. You can opt out of analytics tracking at any time via Profile > Privacy & Data > Analytics Tracking.
  • Sentry (Crash Reporting): Sentry is classified as an essential service for application stability and does not collect personally identifiable information. It operates regardless of analytics preferences.
  • Install Attribution (AppsFlyer): On iOS, the App displays the system App Tracking Transparency (ATT) prompt before initializing AppsFlyer. If you allow tracking, AppsFlyer collects your IDFA solely to measure which campaigns led to app installs. If you deny tracking, no device identifier is collected. AppsFlyer does not serve ads, build advertising profiles, or perform cross-app tracking. You can additionally opt out of analytics in Profile > Privacy & Data.
  • No Advertising Tracking: Yuki does not use any third-party advertising cookies, retargeting pixels, or cross-site tracking technologies.

8. Google API Services User Data Policy

Yuki's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • No Sale of Data: We never sell, rent, or trade your personal data or Google API data.
  • No Advertising: We do not use your data for advertising, retargeting, or interest-based profiling.
  • No Human Access: Humans do not read your emails. Automated systems process email text solely for feature delivery.
  • No AI/ML Training: Your Google data is never used to develop, train, or improve AI/ML models, whether ours or third-party.
  • Minimum Necessary Scopes: We request only the scopes required for the features you use (gmail.readonly, gmail.send, calendar, contacts.readonly).

9. Data Retention & Deletion

  • Derived insights are retained as long as your account is active.
  • Raw email content is discarded immediately after processing; it is never stored.
  • Google API tokens are encrypted at rest using AES-256-GCM. On account deletion, we call Google's revocation endpoint with your refresh token, which terminates the entire OAuth grant — all access and refresh tokens, all scopes, all sessions — not just the short-lived access token. You can verify Yuki has been removed from the list of authorised apps at myaccount.google.com/permissions. You can also revoke at any time without deleting your account by tapping Disconnect in Profile > Connect Gmail & Calendar; we immediately call Google's token revocation endpoint and clear our stored copy.
  • Group data lifecycle on account deletion: in groups with other members, your activity log entries are deleted (other members no longer see "Alice added a task" entries authored by you). Tasks and expenses you created or paid for remain for accounting continuity but are anonymized — your user ID is removed from expense splits, your name and avatar are scrubbed from activity metadata, and your reference is cleared from any task you owned or were assigned to. Groups where you were the sole member are hard-deleted along with all their content.
  • Support chat retention: In-app Support chat threads (your messages + AI/agent responses) are anonymized but retained for up to 5 years after account deletion for fraud prevention and dispute defense, on the basis of our legitimate interest under GDPR Article 6(1)(f). The link to your identity (user_id) is removed; remaining content cannot be tied back to you. You can request earlier deletion by emailing [email protected].
  • You may delete your account at any time via Profile > Privacy & Data > Delete Account. Deletion is immediate and permanent: confirming the action runs the full erasure described in this section in a single transaction (cascade across all data tables, drop of your auth row, anonymization of activity in shared groups).
  • Subscription handling on deletion:
    • Paddle (web-only) subscriptions: Paddle is the Merchant of Record for purchases made at yukihq.com only; it is not used inside the iOS or Android apps. For users who subscribed on the web, the Paddle subscription is automatically cancelled server-side before the data cascade runs, so you don't accrue further charges. If the cancellation call fails (rare — network or Paddle outage), the account deletion is aborted so you are never left in a "data deleted but still being billed" state.
    • App Store and Google Play subscriptions: Apple and Google policy prohibits third-party apps from cancelling store subscriptions on your behalf. To prevent accidental data deletion while billing continues, the app performs a pre-flight check: if an active App Store or Play Store subscription is detected, deletion is blocked and you are directed to cancel the subscription first in Settings > [Your Name] > Subscriptions (iOS) or Play Store > Account > Payments & subscriptions > Subscriptions (Android). Only once the store subscription is cancelled does the in-app deletion proceed.
  • Manual deletion requests can be sent to [email protected] and will be processed within 30 days.

10. Your Rights (GDPR & Global)

As an Estonian company, we uphold your rights under the General Data Protection Regulation (GDPR) regardless of your location:

  • Right to Access: Request copies of the personal data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): Delete your account and all data via the app or by contacting us.
  • Right to Data Portability: Request a copy of your structured data by contacting [email protected].
  • Right to Rectification: Correct inaccurate personal data within the App or by contacting us.
  • Right to Restriction: Request limitation of how we use your data.

11. Data Transfer & Location

The structured metadata required to run the service is primarily hosted on secure servers located in the European Union (GCP europe-west1) and the United States (Supabase). By using Yuki, you consent to the storage and transfer of your metadata to these locations.

12. Regional Compliance

  • EU / UK (GDPR): We adhere to GDPR principles. Our lawful basis for processing is contract fulfillment and, where applicable, consent.
  • India (DPDP Act): We comply with the DPDP Act, aligning with the duties of a Data Fiduciary.
  • US (CCPA): California residents have the right to know, delete, and opt-out. We do not sell personal information.
  • Brazil (LGPD): We comply with Brazil's General Data Protection Law regarding consent, data subject rights, and cross-border transfers.
  • Rest of World: We apply the highest standard of protection defined in this policy globally.

13. Data Controller

YukiSoftware OÜ Registry Code: 17417945 Harju maakond, Tallinn, Kesklinna linnaosa, Uus-Sadama tn 21-207, 10120 Estonia, European Union Email: [email protected]

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Estonia and the applicable laws of the European Union, including the General Data Protection Regulation (GDPR). Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Harju County, Tallinn, Estonia.

15. Changes

We may update this policy to reflect changes in our practices or features. Material changes will be communicated via in-app notification. Continued use after changes constitutes acceptance.