Terms, Privacy, and Data Protection Policy for Yatabase.com (Including GDPR, APPI, and CCPA Compliance)
Last Updated: July 19, 2025

Terms and Conditions

By accessing or using the Yatabase.com website, platform, and services ("the Service"), you agree to be bound by the following Terms and Conditions. If you do not agree to these Terms, please discontinue use of the Service.

1. Use of the Service
You must be at least 18 years old to use the Service. You agree not to use the Service for any unlawful purpose or in violation of any applicable laws. Surveys generated by Yatabase are automated and must be reviewed and customized by you to suit legal and regulatory requirements.

2. Data Protection Compliance
Yatabase complies with major global privacy regulations, including:

• General Data Protection Regulation (GDPR – EU)

• Act on the Protection of Personal Information (APPI – Japan)

• California Consumer Privacy Act (CCPA – United States)

• Other applicable privacy laws

3. Contact Information

• DPO – Naveen Amblee, naveen.amblee@yatabase.com

• EU Representative – Jean-Malik Dumas, jean-malik.dumas@yatabase.com

• Japan Representative – Ryoji Ito, ryoji.ito@yatabase.com

• Privacy Team – privacy@yatabase.com

4. Legal Basis for Processing
We process personal data based on:

• Contractual necessity

• Legitimate interests (with safeguards)

• User consent

• Legal obligations

5. Your Privacy Rights
You have the right to:

• Access, correct, delete, or restrict your data

• Object to processing or withdraw consent

• Request data portability

• Protection from automated decisions with legal effects

To exercise your rights, email privacy@yatabase.com. We respond within:

• 30 days (GDPR)

• Reasonable time (APPI)

• 45–90 days (CCPA)

We do not discriminate against users who exercise their privacy rights under CCPA.

6. Security Measures
We implement strong security controls including:

• Industry-standard encryption in transit (TLS 1.3)

• Cloud provider encryption at rest (AWS, MongoDB)

• bcrypt password hashing with salt

• Multi-factor authentication (MFA) - available on request for Enterprise customers

• Role-based access control (RBAC) - available on request for Enterprise customers

• Regular security audits and backups

7. Data Retention

• Account data: 7 years after closure

• Form responses: 3 years

• Technical logs: 1 year

• Payment data: 7 years (financial compliance)

8. Termination of Access
We reserve the right to suspend or terminate access for violations of these Terms or applicable laws.

9. Limitation of Liability
The Service is provided "as is" without warranties. Yatabase is not liable for indirect or consequential damages. Liability is limited to the amount paid in the prior 12 months.

10. Governing Law and Jurisdiction
These Terms are governed by Dutch law. Disputes will be resolved in Amsterdam, Netherlands, unless otherwise required by applicable law.

Privacy Policy

This Privacy Policy explains what personal data we collect, how we use it, and how we protect your rights.

1. What We Collect

• Account info: name, email, company, role

• Form data: surveys and responses

• Technical data: IP, device, browser, usage

• Payments: securely processed by Stripe

• Communications: support requests, messages

2. How We Use It

• To provide and manage your account and services

• To power form generation and AI analysis (never used to train models)

• To improve security, features, and functionality

• To fulfill legal and regulatory obligations

3. Data Sharing
We do not sell or rent your data. We only share data with authorized processors under strict DPAs:

• AWS, OpenAI, Anthropic, Stripe, Scalegrid, Weaviate, Cloudflare, Mailtrap

4. International Transfers
We transfer data internationally using Standard Contractual Clauses (SCCs) and require all vendors to hold SOC 2, ISO 27001, or equivalent certifications.

5. Cookie and Tracking Practices

• Essential cookies: required for core functionality

• Analytics cookies: used only with consent

• Fonts: self-hosted to avoid tracking

• Manage preferences via your browser settings

6. Children’s Privacy
Our Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe this has occurred, contact us immediately.

7. Your Privacy Rights
As outlined above, users have rights to access, correct, delete, restrict, and port their data, and may object to processing or withdraw consent. CCPA users also have the right to know, opt-out, and be free from discrimination.

8. Supervisory Authority
Our lead data protection authority is the Dutch Data Protection Authority. EU users may contact their local authority as listed on edpb.europa.eu.

9. Final Notes
By continuing to use Yatabase, you accept this Privacy Policy. You may contact privacy@yatabase.com at any time with privacy or legal concerns.