Privacy Policy
1. Who We Are
Yourside is a personal assistant web application, currently trading as a sole trader.
Website: https://yourside.app
Email: privacy@yourside.app
For the purposes of UK GDPR and the Data Protection Act 2018, Yourside is the data controller responsible for your personal data.
2. What Data We Collect
2.1 Account Data
When you create an account, we collect:
- Full name
- Email address
- Password (stored as a secure hash — we never see your plain-text password)
- Date of birth (optional)
- UK postcode (optional)
2.2 Documents You Upload
You may upload documents such as PDFs, Word files, and spreadsheets. These are stored securely and are only accessible to you. We do not read, analyse, or share your documents without your explicit instruction.
2.3 Usage Data
- Calendar entries, goals, notes, and dates you create
- IP address (used for rate limiting and security — not stored long-term)
- Device type and browser (for technical support purposes)
2.4 Payment Data
We use Stripe to process payments. We never store your full card details. Stripe stores payment information under PCI-DSS standards.
2.5 AI Interaction Data
When you use the AI Sidekick, your messages and document content are sent to Anthropic's Claude API. We do not use your data to train AI models.
3. How We Use Your Data
| Processing Activity | Legal Basis |
|---|---|
| Providing the service | Performance of a contract (Article 6(1)(b)) |
| Processing payments | Performance of a contract (Article 6(1)(b)) |
| Sending renewal alerts | Legitimate interests (Article 6(1)(f)) |
| Security and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Legal obligations | Legal obligation (Article 6(1)(c)) |
4. Data Sharing
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (US) | Database & auth | All user data (encrypted at rest) |
| Stripe (US) | Payments | Email, subscription details |
| Anthropic (US) | AI processing | Messages & document content (AI users only) |
| Resend (US) | Email delivery | Email address, OTP codes |
| Vercel (US) | Hosting | Request logs, IP addresses |
We never sell your data, share your documents with other users, or use your data for advertising.
Data transfers to the US are made under Standard Contractual Clauses (SCCs) approved by the ICO.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion, then 30 days |
| Documents | Until deleted by user or account deletion |
| Calendar & goals | Until deleted by user or account deletion |
| OTP codes | 1 hour (auto-deleted) |
| Payment records | 7 years (UK legal requirement) |
| Server logs | 30 days |
6. Your Rights (UK GDPR)
- Right of Access — request a copy of your data
- Right to Rectification — correct inaccurate data via Settings → Profile
- Right to Erasure — request account and data deletion
- Right to Data Portability — request a data export
- Right to Object — object to processing based on legitimate interests
- Right to Withdraw Consent — e.g. disable push notifications in Settings
To exercise any right, email privacy@yourside.app. We respond within 30 days. You can also complain to the ICO at ico.org.uk or call 0303 123 1113.
7. Security
- All data transmitted over HTTPS with HSTS
- Database encrypted at rest (AES-256)
- Row Level Security — users can only access their own data
- Passwords stored as cryptographic hashes
- Session tokens in httpOnly cookies
- API rate limiting on all endpoints
8. Cookies
We use only essential cookies — no analytics, advertising, or tracking cookies.
| Cookie | Type | Purpose |
|---|---|---|
ys_at | Essential — httpOnly | Session access token (7 days) |
ys_rt | Essential — httpOnly | Session refresh token (7 days) |
9. Children's Privacy
Yourside is not directed at children under 13. If you believe we have collected data from a child, contact privacy@yourside.app.
10. Changes
We will notify you of significant changes by email or in-app notification. Continued use constitutes acceptance.
11. Contact
Email: privacy@yourside.app
Website: https://yourside.app
ICO: ico.org.uk | 0303 123 1113