Privacy
Privacy Policy
Last updated: June 7, 2026
1. Overview
This Privacy Policy explains how yoou.io collects, uses, stores, shares, and protects personal information when you visit the website, create an account, use the dashboard, connect integrations, request password resets, use AI tools, or subscribe to the service.
2. Information we collect
We may collect account information such as name, email, password hash, Google OAuth identifiers, phone number, company name, VAT or tax ID, billing/contact address, user role, trial and subscription status, customer IDs, payment status, workspace preferences, cookie choices, API key previews, encrypted API keys, analysis history, project data, prompts, uploaded or described designs, generated metadata, usage logs, IP-derived abuse-prevention signals, device/browser metadata, and support communications.
3. How we use information
We use information to provide the service, authenticate users, create and secure accounts, process password resets, operate trials and subscriptions, generate SEO and AI output, save projects, detect abuse, rate-limit requests, prevent fraud, provide support, send service emails, maintain security, analyze product reliability, comply with law, and improve yoou.io.
4. Legal bases for processing
Where GDPR or similar laws apply, we process personal information under one or more legal bases: performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, consent where required for optional cookies or marketing, and your direction when you connect third-party services or submit content for AI processing.
5. Yoou AI, private keys, and generated output
If you connect a personal Yoou AI route key, yoou.io encrypts it at rest and uses it only to send requests you initiate. Prompts, design descriptions, images, metadata, and related context may be sent to the selected third-party AI service so it can return output. That service's own terms and privacy policy may also apply.
6. Authentication, email, billing, and infrastructure providers
We may share necessary data with service providers such as Google OAuth for sign-in, Resend for transactional email, Stripe and PayPal for checkout and subscription events, hosting and database providers, cache providers, monitoring tools, and the optional market intelligence service used for marketplace insights. These providers process information only as needed to support yoou.io and their own legal obligations.
7. Cookies and local storage
Required cookies and local storage support authentication, security, account preferences, cookie consent, and basic app behavior. You can manage browser cookies in your browser settings; blocking required cookies may prevent login or dashboard access.
8. Password reset and security
Password reset tokens are stored as hashes and expire after 1 hour. Passwords are hashed before storage. API keys and payment secrets are encrypted at rest. We use rate limiting, access controls, webhook verification, and abuse-prevention checks, but no internet service can be guaranteed to be perfectly secure.
9. Retention
We keep personal information for as long as needed to provide the service, maintain your account, comply with legal and tax obligations, resolve disputes, enforce agreements, prevent abuse, and preserve security logs. You may request deletion, subject to legal, billing, security, fraud-prevention, and backup-retention limits.
10. International transfers
yoou.io and its providers may process data in countries other than your own. Where required, we rely on appropriate safeguards such as contractual commitments, provider data processing terms, and other lawful transfer mechanisms.
11. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, receive a portable copy of your data, withdraw consent, opt out of sale or sharing where applicable, limit the use of sensitive personal information, and avoid discrimination for exercising privacy rights. We may need to verify your identity before fulfilling requests.
12. California privacy notice
For California residents, categories of personal information collected may include identifiers, customer records, commercial information, internet or network activity, geolocation approximations from IP where applicable, professional or business information, inferences from product usage, and sensitive information such as account credentials or payment-related identifiers. yoou.io does not intentionally sell personal information. If a future feature involves sale or sharing as defined by California law, we will provide the required notices and opt-out methods.
13. Children
yoou.io is intended for adults and business users. It is not intended for children under 13 or for anyone under the age required to create a binding account in their jurisdiction.
14. Changes
We may update this Privacy Policy as the product, providers, laws, or business operations change. Material updates will be reflected by the updated date and, where appropriate, by in-app or email notice.
15. Contact
To request access, correction, deletion, portability, or other privacy support, contact the privacy/support address published in the yoou.io account area, checkout materials, or production website footer.