What we keep, and why.

Yo is operated by Yo Bio Pty Ltd (ABN 00 000 000 000), a company registered in Australia, with its registered office at PO Box 1234, Sydney NSW 2000, Australia.

For anything privacy-related, contact privacy@yo.bio. For general support, hello@yo.bio is the right address.

Account data

• Name, email, handle, and avatar URL.
• For Google sign-in: the email and (if you allow it) profile image returned by Google. We do not see your Google password.
• For magic-link sign-in: nothing beyond your email and the one-time token we generate.

Your pages

• Every link, social handle, product, image, and piece of copy you add to your page.
• Any custom domain you point at us (we store the hostname; SSL is handled at the edge).

Analytics

• Page views, link clicks, and other event types. Each event is keyed to the page (yours) — we don't build profiles of individual visitors.
• We derive country and rough device class (mobile / tablet / desktop) from the user-agent and a privacy-friendly IP lookup; the IP itself is hashed with a server-side pepper before storage, never kept raw.

Audience captures (Pro and Business)

• When a visitor hands over their email through an opt-in block, we store the email, the page it came from, and an explicit record of consent.
• Consent is the lawful basis. The visitor can ask you, or us, to remove their record at any time.

Payments

• When you upgrade, Stripe processes the payment. We see a Stripe customer ID, a subscription ID, the plan you bought, and invoice metadata. We never see card numbers.

Support tickets & audit log

• If you contact support, we keep the conversation history while the account exists.
• For accountability we keep an audit log of meaningful administrative actions (plan changes, account holds, support impersonation), with a hashed actor ID and timestamp.

We use your information for specific, named purposes — not the wishy-washy “to improve the service” that legal pages often hide behind.

• Run your account. Sign you in, render your pages, track who owns what.
• Send transactional email. Magic-link sign-ins, receipts, security notices, and the like — through Resend.
• Process payments. Stripe handles the card; we just record the outcome.
• Show you analytics on your own pages. Aggregate event counts, top links, audience signups.
• Keep the platform safe. Detect abuse, block brute-force sign-in attempts, prevent impersonation of handles.
• Comply with the law. Tax records (7 years for invoices, AU rules), responses to lawful requests.

We do not sell, rent, or barter your data, ever. We do not show third-party ads on your page. We do not let third parties read your audience emails.

If you're in the EEA / UK, every processing operation maps to one of the lawful bases in Article 6 of the GDPR:

• Contract. Running your account, taking your payment, serving your page.
• Legitimate interest. Security, anti-abuse, and the page-level analytics you use to run your business.
• Consent. Audience captures and any marketing email from us. You can withdraw consent at any time without losing access to the service.
• Legal obligation. Tax records, responses to lawful requests.

We rely on a small set of trusted vendors to run the service. Each is bound by their own contractual privacy commitments to us, and we've checked them.

• Vercel — hosting + edge, global.
• Neon — managed Postgres database (data is encrypted at rest).
• Stripe — payments and billing surface, EU + US regions.
• Resend — transactional email (magic links, receipts, security notices).
• Google — OAuth sign-in for the people who choose it.
• Unsplash— image CDN for our preset backgrounds. We don't share your account data with Unsplash; your browser fetches images directly.

When we add a new sub-processor we'll update this list. If you're on a Business plan with a data processing addendum, we'll also email you in advance.

• Active accounts. As long as you have an account. Delete the account → 30-day soft-delete window, then hard purge.
• Inactive free accounts. 24 months of inactivity triggers an email warning; another 30 days without a sign-in and we delete the account.
• Invoices and payment records. 7 years (AU tax law).
• Audit log. 2 years from the action, unless a specific record is part of an open compliance matter.
• Analytics events. 13 months at full granularity, then aggregated indefinitely.

Security is a moving target; here are the practices we hold ourselves to.

• TLS in transit, AES-256 at rest at the database provider.
• No passwords stored — sign-in is either Google OAuth or one-time email links. Sessions are short-lived JWTs in http-only cookies.
• IP addresses are hashed with a server-side pepper before being persisted to the resolve-miss and analytics tables.
• All administrative actions (plan grants, comps, impersonation) are audited. Support agents can only impersonate with a reason, and the session is bounded.

If you think you've found a vulnerability, privacy@yo.bio is the right address — we'll get back to you within 72 hours.

Our infrastructure is global. Personal data may be processed in Australia (where we're based), the United States, and the European Union (where Vercel, Neon, Stripe, and Resend operate regions). When data leaves the EEA or UK, the transfer is covered by the relevant Standard Contractual Clauses our sub-processors maintain.

Regardless of where you live, you can ask us to do any of the following. Email privacy@yo.bio and we'll respond within 30 days.

• Access — a copy of everything we hold about your account, in a portable format.
• Rectification— fix anything that's wrong.
• Erasure— delete your account. Some records (invoices, audit log) we're legally required to keep for a defined period.
• Restriction — pause certain processing while we sort something out.
• Objection — say no to processing based on legitimate interest.
• Portability — get your data in a machine- readable format you can take elsewhere.

For EU residents, you also have the right to lodge a complaint with your local Data Protection Authority. For AU residents, that authority is the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Yo is not directed at people under 16. If you become aware that a child has signed up, contact privacy@yo.bio and we'll remove the account.

When the substance of this page changes, we'll update the “last updated” date at the top and, for material changes, email every active account. Cosmetic edits don't trigger a notification.