LegalPrivacy Policy
Privacy Policy
Effective date: July 1, 2026
1. Our privacy philosophy
YugaLabsAI ("YugaLabsAI", "we", "us", or "our") builds software on a simple principle: we should know as little about you as technically possible. Our products are architected so that artificial intelligence runs on your device, your content stays on your device, and our business does not depend on collecting, profiling, or selling personal information.
This Privacy Policy explains what limited information we do collect when you use our website (https://yugalabsai.com) and our products (including the AI SMS App and the AI Resume Builder, together the "Services"), how we use it, and the rights and choices you have.
2. Information we collect
We collect information in three narrow categories:
Information you provide directly
- Contact communications. If you email us or use our contact form, we receive your name, email address, and the contents of your message. We use this solely to respond to you.
- Early access and feedback submissions. If you request early access or send product feedback, we store the details you choose to share.
Information created within our products
- Your content stays local. Messages in the AI SMS App and documents in the AI Resume Builder are stored on your device, encrypted at rest where hardware support allows. We do not transmit, read, or store this content on our servers.
- Optional encrypted backups. If you explicitly enable backup, your data is end-to-end encrypted on your device before upload to your own cloud storage account. We cannot decrypt these backups.
Information collected automatically
- Basic technical logs. Our website host records standard server logs (IP address, browser type, pages visited, timestamps) for security and operational purposes.
- Crash and diagnostic data. If enabled, anonymised crash reports help us fix defects. These never include message content, resume content, contact details, or phone numbers.
3. Account information
Our products are designed to work without an account. Where an optional account or sign-in is offered (for example, connecting your own cloud storage for encrypted backups), we receive only the minimum identifiers required to provide that feature — typically an email address and an authentication token issued by your chosen provider.
We never receive or store your passwords for third-party services; sign-in is handled directly by the provider using industry-standard OAuth.
4. Device information
Our apps may read limited device characteristics — such as manufacturer, OS version, and available memory — locally on your device to adapt performance, guide battery-optimisation setup, and tune on-device AI models. This information is processed on the device and is not transmitted to us unless it forms part of an anonymised crash report you have allowed.
The AI SMS App requires SMS and contacts permissions to function as a messaging app. These permissions are used exclusively to deliver messaging features on your device; message content and contact data are never uploaded to our servers.
5. Cookies and similar technologies
Our website uses only strictly necessary cookies, if any, to remember basic preferences (such as a theme setting). We do not use advertising cookies, cross-site tracking cookies, or fingerprinting techniques.
Because we avoid non-essential cookies, most visitors will not see a cookie consent banner — there is simply nothing to consent to. If this ever changes, we will ask for consent first and update this policy.
6. Analytics
If we use analytics, we use privacy-preserving, aggregate measurement (for example, page-view counts and country-level statistics) without building individual profiles. Specifically, we do not:
- Track you across other websites or apps;
- Sell or share analytics data with advertisers;
- Include message content, resume content, or contact details in any analytics event;
- Use analytics identifiers that persist across our products.
7. Third-party services
We work with a small number of service providers strictly to operate the Services — for example, website hosting and, where you opt in, the cloud storage provider you choose for encrypted backups. These providers process data only on our instructions or under your direct relationship with them.
When you enable an optional integration (such as backup to your own cloud drive), your use of that provider is also governed by their privacy policy. We request the narrowest permission scopes available — for instance, access only to files our app itself creates.
We never sell personal information to anyone, and we never share it with data brokers.
8. How we use information
We use the limited information we collect to:
- Provide, maintain, and improve the Services;
- Respond to your questions, requests, and feedback;
- Diagnose crashes and fix defects;
- Protect the security and integrity of the Services;
- Comply with legal obligations.
We do not use your personal information for advertising, and we do not use your content to train AI models — ours or anyone else's.
9. Security practices
Security is architectural, not aspirational. Our practices include:
- Encryption at rest for local data, using hardware-backed keys on supported devices;
- End-to-end encryption for optional backups — data is encrypted before it leaves your device with keys we never hold;
- Encryption in transit (TLS) for all network communication;
- Least-privilege design — each feature requests only the permissions it needs, when it needs them;
- Minimal data surface — the most effective way to protect data is not to collect it.
No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.
10. Data retention
Content you create in our products lives on your device and remains under your control — deleting it in the app, or uninstalling the app, removes it. For the limited data we do hold:
- Support emails are retained for up to 24 months so we can follow up on ongoing issues, then deleted;
- Server logs are retained for up to 90 days for security purposes;
- Crash reports are retained for up to 12 months in anonymised form.
We may retain information longer where required by law, or in anonymised, aggregated form that no longer identifies you.
11. Children's privacy
Our Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the European Union), and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at [email protected] and we will delete it promptly.
12. International users and data transfers
We serve users worldwide. Because our products keep content on your device, most of your data never crosses a border at all. Where limited information (such as a support email) is processed in another country, we apply appropriate safeguards — including standard contractual clauses where required — and handle it in accordance with this policy regardless of where it is processed.
13. Your rights and choices
Wherever you live, we extend the same core rights to you:
- Access — ask what personal information we hold about you;
- Correction — ask us to fix inaccurate information;
- Deletion — ask us to delete your personal information;
- Portability — receive a copy of information you provided in a usable format;
- Objection & restriction — object to or restrict certain processing;
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email [email protected]. We respond within 30 days and never discriminate against you for exercising your rights.
14. GDPR (European Economic Area, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, we process personal data under the following legal bases:
- Performance of a contract — to provide the Services you request;
- Legitimate interests — to secure and improve the Services in ways that do not override your rights;
- Consent — for optional features such as backups and diagnostics, which you may withdraw at any time;
- Legal obligation — where processing is required by law.
You also have the right to lodge a complaint with your local supervisory authority. We would appreciate the chance to address your concern first at [email protected].
15. CCPA/CPRA (California)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you specific rights, including the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information.
We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We have not done so in the preceding 12 months. We also do not use or disclose sensitive personal information for purposes requiring a right to limit under the CPRA.
California residents may exercise their rights by emailing [email protected], directly or through an authorised agent.
16. Changes to this policy
We may update this Privacy Policy as our Services evolve or as the law requires. When we make material changes, we will update the effective date above and provide reasonable notice — for example, a notice on our website or within the apps. Continued use of the Services after changes take effect constitutes acceptance of the revised policy.
17. Contact us
Questions, concerns, or requests about privacy are always welcome:
- Privacy requests: [email protected]
- General contact: [email protected]