Privacy Policy

Last updated: March 11, 2026

1. Introduction

Yealo ("we," "our," or "us") operates the yealo.app website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We respect your privacy and are committed to protecting the personal data you share with us. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and password when you create an account.
  • Event Data: Event names, dates, descriptions, and settings you configure.
  • Media Content: Photos, videos, and audio files uploaded by you or your event guests.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full credit card number.
  • Communications: Messages you send us through our contact page or support channels.

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns.
  • Log Data: IP address, access times, and referring URLs.
  • Cookies: We use essential cookies for authentication and session management. Non-essential cookies (analytics, advertising) are only used with your explicit consent.

2.3 Guest-Uploaded Content

When guests upload photos or media to your event, we collect the media files and basic metadata (upload time, file type). Guests are not required to create an account. Guest uploads are associated with the event, not with individual guest identities.

3. How We Use Your Information

  • To provide, operate, and maintain the Service.
  • To process events, media uploads, and gallery sharing.
  • To process payments and manage subscriptions.
  • To send transactional emails (account confirmation, event notifications, receipts).
  • To provide AI-powered features (photo generation, face recognition) when you opt into them.
  • To improve and optimize the Service based on usage patterns.
  • To display relevant advertisements on free-tier events (with your consent).
  • To detect and prevent fraud, abuse, and security incidents.

4. Advertising

Free-tier events may display advertisements from third-party ad networks (such as Google AdSense). These ads are only shown after you have provided explicit cookie consent. Paid-tier events never display advertisements.

Third-party ad networks may use cookies and similar technologies to serve ads based on your browsing activity. You can opt out of personalized advertising at any time through your cookie preferences or by visiting the ad network's opt-out page.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Service Providers: Supabase (database hosting), Vercel (web hosting), Stripe (payments), ImageKit (image delivery), Twilio (SMS), and cloud storage providers.
  • Ad Partners: Google AdSense and other ad networks (free tier only, with consent).
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.
  • Event Guests: When you share your event link, guests can view the gallery and photos you've made visible.

6. Data Retention

We retain your account data for as long as your account is active. Event data and media are retained according to your tier's storage window (14 days to 1 year for active access, plus cold storage periods). After retention periods expire, data is permanently deleted.

You can request deletion of your account and all associated data at any time by contacting us.

7. Your Rights (GDPR & CCPA)

Depending on your location, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw cookie/advertising consent at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@yealo.app.

8. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core functionality. These do not require consent.
  • Analytics Cookies: Help us understand how the Service is used. Require your consent.
  • Advertising Cookies: Used by ad partners to serve relevant ads on free-tier events. Require your consent.

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encrypted storage, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure.

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@yealo.app
Website: yealo.app/contact