Privacy Policy

Last updated: 7 June 2026  ·  Effective immediately
This Privacy Policy applies to all users of Yourside. By using our service, you agree to the collection and use of information as described in this policy. Yourside is the data controller under UK GDPR.

1. Who We Are

Yourside is a personal assistant web application, currently trading as a sole trader.

Website: https://yourside.app
Email: privacy@yourside.app

For the purposes of UK GDPR and the Data Protection Act 2018, Yourside is the data controller responsible for your personal data.

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

2.2 Documents You Upload

You may upload documents such as PDFs, Word files, and spreadsheets. These are stored securely and are only accessible to you. We do not read, analyse, or share your documents without your explicit instruction.

2.3 Usage Data

2.4 Payment Data

We use Stripe to process payments. We never store your full card details. Stripe stores payment information under PCI-DSS standards.

2.5 AI Interaction Data

When you use the AI Sidekick, your messages and document content are sent to Anthropic's Claude API. We do not use your data to train AI models.

3. How We Use Your Data

Processing ActivityLegal Basis
Providing the servicePerformance of a contract (Article 6(1)(b))
Processing paymentsPerformance of a contract (Article 6(1)(b))
Sending renewal alertsLegitimate interests (Article 6(1)(f))
Security and fraud preventionLegitimate interests (Article 6(1)(f))
Legal obligationsLegal obligation (Article 6(1)(c))

4. Data Sharing

ProviderPurposeData Shared
Supabase (US)Database & authAll user data (encrypted at rest)
Stripe (US)PaymentsEmail, subscription details
Anthropic (US)AI processingMessages & document content (AI users only)
Resend (US)Email deliveryEmail address, OTP codes
Vercel (US)HostingRequest logs, IP addresses

We never sell your data, share your documents with other users, or use your data for advertising.

Data transfers to the US are made under Standard Contractual Clauses (SCCs) approved by the ICO.

5. Data Retention

Data TypeRetention Period
Account & profile dataUntil account deletion, then 30 days
DocumentsUntil deleted by user or account deletion
Calendar & goalsUntil deleted by user or account deletion
OTP codes1 hour (auto-deleted)
Payment records7 years (UK legal requirement)
Server logs30 days

6. Your Rights (UK GDPR)

To exercise any right, email privacy@yourside.app. We respond within 30 days. You can also complain to the ICO at ico.org.uk or call 0303 123 1113.

7. Security

8. Cookies

We use only essential cookies — no analytics, advertising, or tracking cookies.

CookieTypePurpose
ys_atEssential — httpOnlySession access token (7 days)
ys_rtEssential — httpOnlySession refresh token (7 days)

9. Children's Privacy

Yourside is not directed at children under 13. If you believe we have collected data from a child, contact privacy@yourside.app.

10. Changes

We will notify you of significant changes by email or in-app notification. Continued use constitutes acceptance.

11. Contact

Email: privacy@yourside.app
Website: https://yourside.app
ICO: ico.org.uk  |  0303 123 1113