Privacy Policy
Yorba takes your privacy seriously. We’ve done our best to keep our Privacy Policy straightforward, and hope you read it all.
Please note that a lot of this information is provided within Yorba itself. For example, when you’re given the option to connect your inbox so that we can search it to find Accounts for you, we spell out exactly what we’re gonna look at and why. But still; we hope you read this.
From time to time, we may make minor changes to this policy – not because we’re changing our practices or ethics, but because we’re perpetually expanding and refining our services and might need to add language that covers new stuff. Whenever we make any ‘real’ change (as opposed to something trivial like a typo correction), we’ll note it under “Policy Updates”.
Effective date: May 11, 2024
-
May 2024 - We added more details to the end of the “Personal data we collect” section so you can see the sophisticated ways we keep your data safe.
October 2022– We completely rewrote the policy with much more straightforward language, in the hopes that people without spare time and a legal degree might actually read it. -
Here’s a list of the moments and functions that involve Yorba receiving your personal data (by which we mean any data that can identify or be used to identify an individual) directly from you.
We’re using the word “collect” as a catch-all to mean interact with or use in some way.
—————When you sign up for Yorba:
What we collect:
–Your first and last name
–Your email addressWhy we collect it:
–So that you can create an account unique to your identity
–So that we can verify your identity
–So that we can contact youWhen you log in to Yorba and/or browse our website:
What we collect:
–Device/IP data (i.e. Device ID, domain server, type of device/operating system/browser used)
–Web analytics (i.e. statistics re: the interaction between Yorba and your device/browser)
–Geolocation data (i.e. IP address-based location info)Why we collect it:
–We aggregate and analyze this data in order to improve the performance of our services. We have no interest in individuals and do not track specific IPs.
–This might fairly be considered non-personal data, but we’re erring on the side of transparency and mentioning it here. In the wrong hands, “anonymous” data isn’t always anonymous – which is one of several reasons why we’ll never sell such data to a third party.
When scanning for Accounts that charge you fees (i.e. paid subscriptions):What we collect:
–Name of banking institution(s) that you ask us to search
–Name on the bank account(s) that you ask us to search
–Information about financial transactions that may indicate the existence of any Account(s)Why we collect it:
–It’s one of the automated ways we find your Accounts – specifically, the ones that charge you a fee
When scanning your inbox(es) for Accounts associated with your email address(es):What we collect:
–The names and domain names of email senders that may represent Accounts, and the frequency with which they are sent and opened
–“Unsubscribe” links (from emails sent via automated mailing list)Why we collect it:
–To help you track which organizations demonstrably possess your personal information
–To help you identify the Accounts/organizations these emails originate from
–To provide you statistics re: which mailing lists you actually interact with (vs. the ones that seem to just be clogging your inbox with crap)
–So Yorba can provide you a convenient li’l “Unsubscribe” button and spare you the hassle of digging through your inbox to manually find each link one at a time
When you voluntarily provide us with personal info (e.g. by contacting us or filling out a feedback text box):What we collect
–Whatever you want to tell usWhy we collect it
–To address whatever you’re telling us about—————
And here are instances in which we might receive your personal data from a source other than you.
When you contact customer support
We may use a third party vendor to help provide customer support. They’ll pass along any info they’ve received from you that Yorba may need to know in order to resolve whatever issue you’re dealing with. That info might include personal data.When you search for Accounts that are publicly associated with you
Your personal data might turn up in publicly available search results, and/or be provided by trusted open source tools like haveibeenpwned.com.When you (knowingly, voluntarily) connect services to Yorba in order to scan them for Accounts
In some cases, technically we’re receiving some of the relevant personal data from your email providers and/or banks (as opposed to ‘directly’ from you). But in any case, this only happens with your explicit permission.And lastly, here are a handful of other reasons we might collect the personal data described above:
–To be able to provide customer support
–To comply with local laws and regulations, some of which have data retention requirements
–To prevent fraud and whatnot
–To resolve disputes, collect fees, represent our legal rights, and other stuff like thatWe will not collect other types of Personal Data, or use the Personal Data we collected for materially different, unrelated or incompatible purposes, without providing you notice.
Remember, any data we do collect from you is encrypted at the storage level using AES256--that’s a fancy way of saying Google can’t read the data stored on Google Cloud.
Not only is your data is protected in the database (at rest) but also in transit. This means that we secure all communications between Yorba Members and the Google Front End (GFE) using Transport Layer Security.
So that’s all to say that we have extensive security procedures in place to protect both the confidentiality and the security of your data. -
We may create aggregated, de-identified or anonymized data (e.g. by removing or eschewing info that makes the data personally identifiable to any particular user), in order use such data and/or potentially share it with third parties for practical business reasons like:
–Analyzing, building, and improving our Services (e.g. bug fixes and optimization)
–Promoting our business (and/or gaining insight on how to do so more effectively)In any case, we will not share data in any manner that could identify you. This is important to us and we endeavor to err on the side of caution, even when doing so inconvenient. We will once again link this NY Times article on the dangers of getting too complacent with supposedly “anonymous” data, to reassure you that we always have this stuff in mind.
-
We do not sell your personal information to third parties. Full stop.
We do sometimes need to disclose your data to certain service providers when it’s necessary to perform essential tasks. In keeping with our respect for your privacy and security, we endeavor in all cases to prioritize service providers whose values align with our own.
A technical note: our database, like many others, is hosted on a third party cloud service. So, even certain things like our analytics infrastructure, which we built directly within our own platform using open source tools for the explicit purpose of not having to send our users’ personal data to any outside organization, technically entail ‘sharing data with a third party’ solely because that info gets processed in the cloud.
Here are entities with whom and/or reasons for which data may be shared:
Service Providers
–Hosting, technology and communication providers.
–Payment providers, or other similar fulfillment services
–Security and fraud prevention consultants.
–Support and customer service vendors.Parties You Authorize, Access or Authenticate
–Third parties that aid in the public scan of your digital footprint (with whom we will only share your email address)Legal obligations and such
–We may have to share Personal Data if doing so is necessary for legal obligations like those mentioned earlierBusiness transfers
–If we undergo a merger, acquisition, bankruptcy, etc. in which a third party assumes control of our business**, said third party would also assume control of data in our possession. In such an event, we’ll give you a reasonable heads up before any policies change.**NOTE: as a Public Benefit Corporation, Yorba cannot pursue the sale of some or all of our business to any third party whose values and intentions don’t align with our own. Enshrining legal protection for our core principles is one of the main reasons we incorporated as a PBC.
-
First, please note that our Services support “Do Not Track” requests sent from your browser.
Naturally, we benefit from people not using ad blockers and such, since that results in us getting better analytics to inform the way we improve Yorba – but using them for general internet purposes is a good idea and we won’t take it personally. We recommend the Privacy Badger browser extension.
We may judiciously use cookies to power, inform, or improve our services. You can decide whether or not to accept Cookies through your internet browser’s settings. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website or use the app.We use the following types of Cookies:
–Essential Cookies are required for providing you with features or services that you have requested. Disabling these Cookies may make certain features and services unavailable. They have nothing to do with marketing and such.
–Functional Cookies are used to record and maintain your choices and settings. We only use these on the app, and only to provide you the option of being ‘remembered’ instead of having to log in every time.
–Performance/Analytical Cookies allow us to understand how people are actually using our app and website (e.g. which pages users spend the most time on). We use that data to inform changes, improvements, and other strategic decisions: for example, if we launch a new feature, and performance data from cookies shows us that nobody is using it, we’ll know that we need to take a better look at that new feature. We do not sell any of this data to third parties. -
We put a lot of effort into the security of your account, your Personal Data, and any other data we hold in our records, but you should also help protect your data by choosing a strong password, limiting access to your device and browser, and signing out when you’re not using Yorba. Please be aware that no method of transmitting data over the internet or storing data is perfectly secure.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. If you choose to close your Yorba account, we’ll delete any associated personal data. Our policies regarding data deletion are fully CCPA-compliant, even if you’re not in California.
We’ll only retain Personal Data beyond the deletion of your account if doing so is necessary to comply with our legal obligations, resolve disputes, or collect fees owed, or otherwise comply with applicable laws, rules or regulations.
We may further retain non-personal information in an anonymous or aggregated form, but only because we wouldn’t have any way of knowing that it’s you.
-
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We comply with the “Right to Know” provisions of the CCPA, even for users outside of California. Visit Section C of this page on the official CA government website for details on how that works.
Naturally, we’ll require proof that you are in fact the person whose data you’re inquiring about. There are certain things, like the specifics of your bank account info, that for security reasons we legally can’t disclose — but we can confirm if we indeed possess it.
We endeavor to respond to Valid Requests within 45 days of receipt, free of charge (unless your request is excessive, repetitive, weirdly unclear, or “manifestly unfounded”). If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
–Email us at: support@yorba.co
–Call us at: +1 646.397.9012
–Submit a form at https://www.yorba.co/contact -
If you’re under 16 years old, please don’t use Yorba. Children under the age of 16 are not permitted to use the Services nor provide us with any Personal Data without the consent of a parent or guardian.
-
An important (but fully optional) way Yorba finds your accounts is by searching your inbox for metadata indicative of accounts that are associated with your email address.
re: Gmail inboxes – Yorba's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. -
Transfers of Personal Data
The Services are hosted and operated in the United States (“U.S.”) through Yorba and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Yorba in the U.S. and will be hosted on U.S. servers, and you acknowledge that Yorba may transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses, as required by applicable law. -
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:
https://www.yorba.co/
Call us at: +1 646.397.9012
Email us at: support@yorba.co
Submit a form at this address: https://www.yorba.co/contact
PO Box 23003 | New York, New York 10023 | United States
Want to take more control of your digital footprint?
Join Yorba today.