YavioYavio
Book a call
Back to Home

Privacy Policy

Last Updated: December 01, 2025

1. Introduction

This Privacy Policy ("Policy") explains how Yavio GmbH ("Yavio", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit yavio.ai, use app.yavio.io, or otherwise interact with our products and services (together, the "Services").

Yavio is a software platform that allows users to build, manage, and monitor Apps that can be executed inside large language model interfaces. We are committed to processing personal data in accordance with applicable data protection laws, in particular the EU General Data Protection Regulation ("GDPR").

By using the Services, you acknowledge this Policy. If you do not agree, you should not use the Services. This Policy is part of and incorporates our Terms of Service.

2. Data Controller and Contact

The data controller for the Services is:

Yavio GmbH

Maria-Goeppert-Str. 1

23562 Lübeck

Germany

Email (all privacy requests): contact@yavio.ai

If you have questions about this Policy or our data practices, contact us at the above address.

3. Definitions

  • "Personal data" means any information relating to an identified or identifiable natural person. Examples include name, email address, IP address, user ID, and usage data that can be linked to a person.
  • "Customer Data" means content and data you submit or generate when using the Services, such as prompts, configurations, app definitions, and workspace logs.
  • "Service Data" means operational and technical data processed to operate and secure the Services, such as usage metrics, logs, and performance data that are usually pseudonymized or aggregated.

4. Information We Collect

4.1 Information You Provide

We collect personal data you provide directly, for example when you:

  • create an account on app.yavio.io,
  • subscribe to a Free or Pro plan,
  • purchase Credits for usage of Apps in ChatGPT or other LLM interfaces,
  • communicate with us via email or support channels.

This may include:

  • Name and contact details (such as name and email address)
  • Account information (username, password, settings)
  • Billing information handled by our payment processor (we do not store full card numbers)
  • Workspace and project information (app names, configurations, prompts, metadata)

4.2 Information Collected Automatically

When you use the Services, we automatically collect technical information such as IP address and approximate location, browser type and version, operating system and device information, access timestamps, pages or features used, and error logs or performance metrics. This Service Data helps us operate, secure, and improve the Services.

4.3 Information from Third Parties

We may receive limited information from third party services you connect to Yavio, such as payment processors for billing status, LLM providers for usage metrics, or analytics and monitoring services. We only process the minimum information needed to provide and improve the Services.

5. How We Use Your Information

5.1 To Provide and Operate the Services

We process personal data to fulfill our contract with you (Art. 6(1)(b) GDPR), including creating and managing accounts, providing Free and Pro plans, enabling Apps to run in LLM interfaces, processing payments for plans and Credits, and offering customer support.

5.2 To Improve and Secure the Services

Based on legitimate interests (Art. 6(1)(f) GDPR) we monitor performance, detect fraud or abuse, analyze usage patterns, and generate aggregated statistics. Where possible we use pseudonymized or aggregated data.

5.3 To Communicate With You

We send important service messages, security alerts, and information about changes to the Terms or this Policy. We may also send product updates and limited marketing communications where permitted (Art. 6(1)(b) and 6(1)(f) GDPR). You can opt out of non essential marketing emails at any time.

5.4 To Comply With Legal Obligations

We process data as required by law (Art. 6(1)(c) GDPR), including accounting, tax, record keeping, responding to lawful requests, and complying with export control or sanctions rules.

5.5 Based on Your Consent

In specific cases we rely on consent (Art. 6(1)(a) GDPR), for example for non essential cookies or certain marketing communications. You can withdraw consent at any time with future effect.

6. Yavio Apps, LLM Providers, and Credits

Yavio enables you to build Apps that can be executed inside large language model environments such as ChatGPT. When an App runs in one of these interfaces, prompts, parameters, and related data may be processed by Yavio and by the relevant LLM provider (for example OpenAI) to execute the App. We record usage events and metadata to calculate Credit consumption and provide usage analytics.

External LLM providers process your data under their own privacy policies, which you should review separately.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on yavio.ai and app.yavio.io to operate core functionality (such as login sessions), analyze usage, enhance performance, and remember preferences. Where required by law, we obtain consent for non essential cookies and provide options to manage preferences. You can also adjust browser settings, though disabling certain cookies may impact functionality.

8. How We Share Your Information

We do not sell personal data. We may share information with:

  • Service providers and processors (hosting, payment, analytics, monitoring, email delivery)
  • LLM and AI providers processing prompts when Apps run in their environments
  • Professional advisors such as lawyers or auditors where necessary
  • Authorities where required by law or to protect our rights or the rights of others

Service providers must handle personal data according to applicable law and our instructions.

9. International Data Transfers

Our servers and some service providers may be located outside your country, including outside the European Economic Area (EEA), the United Kingdom, or Switzerland. Where personal data is transferred to countries without an adequacy decision, we use safeguards such as Standard Contractual Clauses and additional contractual or technical measures. Contact us if you need more information about these safeguards.

10. Security

We take reasonable technical and organizational measures to protect personal data, including TLS encryption in transit, access controls, authentication, regular backups, monitoring, and limiting access to authorized personnel.

No system is perfectly secure. If we become aware of a personal data breach likely to result in a high risk to you, we will notify you and relevant authorities when required by law.

11. Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law. Account data is kept for the duration of your account and a reasonable period thereafter. Billing and transaction data are stored for statutory tax and commercial retention periods. Log and Service Data are kept for limited periods needed for security, troubleshooting, and analytics. When data is no longer required, we delete or anonymize it.

12. Your Rights

Depending on your jurisdiction (including the EEA, UK, and Switzerland), you may have the following rights:

  • Right of access to learn whether we process your personal data and to obtain a copy
  • Right to rectification of inaccurate or incomplete personal data
  • Right to erasure of personal data in certain circumstances
  • Right to restriction of processing in certain circumstances
  • Right to data portability to receive personal data in a structured, commonly used format
  • Right to object to processing based on legitimate interests or to direct marketing
  • Right to withdraw consent where processing is based on consent

To exercise these rights, contact us at contact@yavio.ai. We may need to verify your identity before responding. You also have the right to lodge a complaint with a supervisory authority where you live, work, or believe a violation occurred.

13. Children

The Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If we learn that we collected personal data from a child, we will delete it. Please contact us if you believe a child provided personal data.

14. Communications

We may send transactional or administrative messages necessary for the Services (for example security alerts or billing notices). We may also send optional product news and marketing communications where permitted by law and your preferences. You can opt out of marketing emails at any time using the unsubscribe link or by contacting contact@yavio.ai. Transactional messages are required for the Services.

15. Changes to this Policy

We may update this Policy from time to time to reflect changes in our Services, legal requirements, or data practices. We indicate the latest update date at the top of this Policy and may provide additional notice for material changes. Continuing to use the Services after changes take effect means you accept the updated Policy.

16. Contact

If you have questions, requests, or concerns about this Policy or our data practices, contact us at:

Yavio GmbH

Maria-Goeppert-Str. 1

23562 Lübeck

Germany

Email: contact@yavio.ai