Privacy Policy

Last Updated: November 30, 2024

1. Introduction

Yomu-AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and web services.

This policy complies with the General Data Protection Regulation (GDPR) and Quebec's Law 25 (An Act to modernize legislative provisions as regards the protection of personal information).

2. Data Controller

Responsible Person: As designated under GDPR Article 30 and Quebec Law 25

Contact Email: privacy@yomu-ai.com

3. Information We Collect

3.1 Personal Information

• Email Address: Collected during account registration for authentication and communication purposes
• Payment Information: Processed securely through Stripe (we do not store complete payment card details)
• Usage Data: Translation count, subscription tier, referral activity

3.2 Technical Information

• Authentication Tokens: Temporary session tokens for secure access
• API Request Data: Images submitted for translation (processed and not permanently stored)
• Browser Data: Extension version, browser type (for compatibility purposes)

3.3 Information We Do NOT Collect

• We do not track your browsing history
• We do not store translated images permanently
• We do not collect location data beyond what is inherent in your IP address

4. Legal Basis for Processing (GDPR Article 6)

We process your personal information based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our translation services
• Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities
• Legitimate Interests (Art. 6(1)(f)): For service improvement, fraud prevention, and security
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations

5. How We Use Your Information

• Service Delivery: To provide image translation services through Google Gemini API
• Account Management: To manage your subscription, quota limits, and billing
• Communication: To send service-related notifications and respond to inquiries
• Improvement: To analyze usage patterns and improve our services
• Compliance: To detect fraud and ensure compliance with our Terms of Service

6. Data Processors and Third-Party Services

We work with the following third-party data processors, all of which are GDPR-compliant:

6.1 Supabase (Database & Authentication)

• Purpose: User authentication, account data storage
• Data Stored: Email, subscription details, usage statistics, referral codes
• Location: Data centers in the United States (with EU Standard Contractual Clauses)
• Website: supabase.com/privacy

6.2 Stripe (Payment Processing)

• Purpose: Subscription billing and payment processing
• Data Processed: Payment card information, billing address, transaction history
• Location: Global infrastructure (GDPR-compliant)
• Website: stripe.com/privacy

6.3 Railway (Hosting)

• Purpose: Application hosting and infrastructure
• Data Processed: Server logs, API requests (temporary)
• Location: United States
• Website: railway.app/legal/privacy

6.4 Google Gemini API (AI Translation)

• Purpose: Image text detection and translation processing
• Data Processed: Submitted images (processed transiently, not stored by Google per API terms)
• Location: Google Cloud infrastructure (GDPR-compliant)
• Website: policies.google.com/privacy

7. Data Retention

• Account Information: Retained while your account is active and for 90 days after deletion request
• Transaction Records: Retained for 7 years for legal and tax compliance
• Translated Images: Not permanently stored; processed ephemerally and discarded immediately
• Usage Logs: Aggregated and anonymized after 12 months

8. Your Rights (GDPR & Quebec Law 25)

You have the following rights regarding your personal information:

8.1 GDPR Rights (for EU/EEA residents)

• Right to Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where applicable)

8.2 Quebec Law 25 Rights (for Quebec residents)

• Right to Information: Know what personal information we hold and how it's used
• Right to Access: Access your personal information within 30 days of request
• Right to Rectification: Correct inaccurate personal information
• Right to De-indexing: Request that your information be de-indexed from search results
• Right to Portability: Receive your data in a structured, commonly used format

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@yomu-ai.com. We will respond within 30 days as required by law.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS/SSL
• Authentication: Secure authentication via Supabase with industry-standard protocols
• Access Controls: Strict access limitations to personal data
• Regular Audits: Periodic security assessments and updates

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) and Quebec, including the United States. We ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs) with our data processors
• Compliance with GDPR adequacy decisions
• Additional safeguards as required by Quebec Law 25

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for material changes)

Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Email: privacy@yomu-ai.com
Response Time: Within 30 days

14. Supervisory Authority

If you are located in the EU/EEA or Quebec and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local supervisory authority:

• EU/EEA Residents: Contact your national Data Protection Authority
• Quebec Residents: Commission d'accès à l'information du Québec (www.cai.gouv.qc.ca)