Effective Date: Jul 19, 2025
Terms, Privacy, and Data Protection Policy for Yatabase.com (Including GDPR, APPI, and CCPA Compliance)
Last Updated: July 19, 2025
Terms and Conditions
By accessing or using the Yatabase.com website, platform, and services ("the Service"), you agree to be bound by the following Terms and Conditions. If you do not agree to these Terms, please discontinue use of the Service.
1. Use of the Service
You must be at least 18 years old to use the Service. You agree not to use the Service for any unlawful purpose or in violation of any applicable laws. Surveys generated by Yatabase are automated and must be reviewed and customized by you to suit legal and regulatory requirements.
2. Data Protection Compliance
Yatabase complies with major global privacy regulations, including:
General Data Protection Regulation (GDPR – EU)
Act on the Protection of Personal Information (APPI – Japan)
California Consumer Privacy Act (CCPA – United States)
Other applicable privacy laws
3. Contact Information
DPO – Naveen Amblee, naveen.amblee@yatabase.com
EU Representative – Jean-Malik Dumas, jean-malik.dumas@yatabase.com
Japan Representative – Ryoji Ito, ryoji.ito@yatabase.com
Privacy Team – privacy@yatabase.com
4. Legal Basis for Processing
We process personal data based on:
Contractual necessity
Legitimate interests (with safeguards)
User consent
Legal obligations
5. Your Privacy Rights
You have the right to:
Access, correct, delete, or restrict your data
Object to processing or withdraw consent
Request data portability
Protection from automated decisions with legal effects
To exercise your rights, email privacy@yatabase.com. We respond within:
30 days (GDPR)
Reasonable time (APPI)
45–90 days (CCPA)
We do not discriminate against users who exercise their privacy rights under CCPA.
6. Security Measures
We implement strong security controls including:
Industry-standard encryption in transit (TLS 1.3)
Cloud provider encryption at rest (AWS, MongoDB)
bcrypt password hashing with salt
Multi-factor authentication (MFA) - available on request for Enterprise customers
Role-based access control (RBAC) - available on request for Enterprise customers
Regular security audits and backups
7. Data Retention
Account data: 7 years after closure
Form responses: 3 years
Technical logs: 1 year
Payment data: 7 years (financial compliance)
8. Termination of Access
We reserve the right to suspend or terminate access for violations of these Terms or applicable laws.
9. Limitation of Liability
The Service is provided "as is" without warranties. Yatabase is not liable for indirect or consequential damages. Liability is limited to the amount paid in the prior 12 months.
10. Governing Law and Jurisdiction
These Terms are governed by Dutch law. Disputes will be resolved in Amsterdam, Netherlands, unless otherwise required by applicable law.
Privacy Policy
This Privacy Policy explains what personal data we collect, how we use it, and how we protect your rights.
1. What We Collect
Account info: name, email, company, role
Form data: surveys and responses
Technical data: IP, device, browser, usage
Payments: securely processed by Stripe
Communications: support requests, messages
2. How We Use It
To provide and manage your account and services
To power form generation and AI analysis (never used to train models)
To improve security, features, and functionality
To fulfill legal and regulatory obligations
3. Data Sharing
We do not sell or rent your data. We only share data with authorized processors under strict DPAs:
AWS, OpenAI, Anthropic, Stripe, Scalegrid, Weaviate, Cloudflare, Mailtrap
4. International Transfers
We transfer data internationally using Standard Contractual Clauses (SCCs) and require all vendors to hold SOC 2, ISO 27001, or equivalent certifications.
5. Cookie and Tracking Practices
Essential cookies: required for core functionality
Analytics cookies: used only with consent
Fonts: self-hosted to avoid tracking
Manage preferences via your browser settings
6. Children’s Privacy
Our Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe this has occurred, contact us immediately.
7. Your Privacy Rights
As outlined above, users have rights to access, correct, delete, restrict, and port their data, and may object to processing or withdraw consent. CCPA users also have the right to know, opt-out, and be free from discrimination.
8. Supervisory Authority
Our lead data protection authority is the Dutch Data Protection Authority. EU users may contact their local authority as listed on edpb.europa.eu.
9. Final Notes
By continuing to use Yatabase, you accept this Privacy Policy. You may contact privacy@yatabase.com at any time with privacy or legal concerns.