Privacy Policy

Local-first privacy commitments for YAAA.app, accounts, licensing, support, and optional online services.

Legal review notice

This page is written as production-ready website copy, but it is not legal advice. YAAA should have counsel review jurisdiction-specific obligations before relying on it as a final policy.

Summary

YAAA is designed around a local-first model: applets and workflows you create are intended to live and run on your own machine or infrastructure by default. The website and licensing portal do not need your private project files, generated app source, business documents, scripts, or automation output to create or run local applets.

Some features may use online services when you choose them, such as account licensing, update checks, AI providers, support requests, payment processing, or API integrations. Those boundaries should be visible, documented, and configurable where practical.

Information we collect

  • Account and licensing data: email address, password hash, license records, device activation metadata, support status, and portal audit records.
  • Device activation data: a hashed device fingerprint, device label you provide, IP address, user agent, timestamps, license status, and activation/deactivation history.
  • Support communications: messages you send, contact details, and files you intentionally provide for troubleshooting.
  • Basic website operations data: server logs, security events, cookie/session data, and analytics only if enabled and disclosed.

What stays local by default

Your local workflows, local files, generated applets, logs, prompts, scripts, and output remain under your control unless you intentionally connect an external service, publish or sync them, submit them for support, or configure a team deployment that sends data elsewhere.

YAAA should not require uploading private business processes or local project work to a hosted builder merely to run a generated applet.

How we use information

We use collected information to provide the website, authenticate portal accounts, validate licenses, manage device limits, support customers, investigate abuse or security incidents, improve documentation, and meet legal or contractual obligations.

Sharing and processors

We do not sell personal information. We may share limited data with service providers that help operate hosting, email, payments, security monitoring, support, or analytics; when required by law; during a business transfer; or with your consent. Optional third-party AI or API providers process data only when a workflow is configured to use them.

Security and retention

Portal passwords are stored as password hashes. License keys should be stored server-side as keyed hashes, not raw keys. Sessions, CSRF tokens, rate limiting, prepared database statements, HTTPS, and audit logs are used where implemented. No system can guarantee perfect security; keep your own machine, secrets, package managers, and applet dependencies patched.

We retain account, license, audit, and support records as long as needed for the service, security, accounting, dispute resolution, and legal compliance. You may request deletion where applicable, but some records may need to be retained for legitimate business or legal reasons.

Your choices and rights

You can avoid sending local project data by keeping applets local and not attaching private files to support requests. Depending on your jurisdiction, you may request access, correction, deletion, export, or restriction of certain personal data. Contact us through the support page to make a request.

Cookies

The portal uses necessary session cookies for authentication and CSRF protection. Additional analytics or marketing cookies should not be enabled without appropriate notice and controls.

Changes and contact

We may update this policy as YAAA evolves. Material changes should be reflected on this page. Questions? Contact YAAA support.

Last updated: June 2026